MiWi

I definitely agree the earlier you learn about security the better. The big issue I've noticed is that for a lot of people. More commonly with those that are self taught. They learn how to code from sites such as w3schools, or misc sites where to begin. The example may use a deprecated feature in an insecure manner. Security is definitely big, but not always apparent.

First of all you're using the mysql extension which is deprecated so I'd look into changing to mysqli at a minimum. That said. Code aside, from what I read. $hiwu doesn't exist when you do the header redirect. When you do the redirect you need to pass through a value for finalmsj, then on the next page take action based off of that value. For example, set header to finalmsj.php?finalmsj=somedata Then in finalmsj.php page have logic to detect if finalmsj is somedata do ... Also your if statements are wrong. if($finalmsj = $hiwa) There you would be setting $finalmsj to $hiwa. When checking if a variable matches another you'd use two == if($finalmsj == $hiwa)

Only difference I see is different share numbers from page to page. looks the same otherwise.

Without knowing the contents of your AJAX_URL file I can't say. You are sending the data off now, but I can't tell what your query looks like.

As said, there really isn't a perfect answer. In general though, IP alone is not an ideal solution. Entire companies, schools, libraries, etc.. may share the same external address. In most cases i've just used cookies for small scripts. Unless the user had to be logged in to vote and from there you can use other methods.

function AutoPost() { $.ajax({ type: "POST", url: "<?php echo AJAX_URL; ?>", data: $('#lastviewer').serialize(), success: function(data) { $("#lastviewer").html(data) ; } }); } Post the updated code you're using now. Try code tags as it makes it easier to read. In general though as said, you were not specifying the data to send over. Also are you trying to put this code in the template file, wysiwyg editor, etc..?

New member to this forum. However, I've been working with PHP/MySQL for a couple years. Looking to learn some new things as well as contribute when possible.