GingerRobot

Sounds like you need to look into AJAX. It will allow you to load content from the database and display it on the screen without reloading the whole page. There's an FAQ here that will show you the general idea, though it is done without a database. Perhaps starting with a search for AJAX tutorials would be best.

As has been mentioned, we're not here to write things for you for free.

I can't see how that would work. At some point, something would be sent to the server. The bot can just do that bit. Aside from that, do you really want to completely block all non-javascript users?

Personally, i wouldn't call something which relies on a javascript function 'javascript independant', but yeah.

I suggest you grab the live HTTP headers extension for firefox. It'll show you exactly what's being send to the server when you make the request yourself, so you'll be able to reproduce that with your cURL request.

This is basically the same approach as a token system - when the form is loaded, a token is set in a hidden field and also set as a session. When the form is submitted, these values are checked. An automated script will probably direct straight to the action of the form, so it doesn't have the token set. This can quite easily be defeated with cURL. Therefore, your approach could be too. However, i guess it's an interesting approach. Any bot would have to be altered specifically for your site.

What exactly are you trying to secure against? Brute-force password attacks? I seriously doubt that would be viable given the delay in requesting a page. If you're really worried, then you could set the required number of failed login attemps quite high. If someone fails to log in, say, 10 times in a minute, they probably don't deserve to go on your site anyway.

I was surprised to see that about a 3rd of people are still using IE6. WTF is that about?

I assume that means you're actively flushing your output? If you read the section in the manual and the user-contributed notes, you'll see that some browsers have their own buffers so don't show anything until a certain amount of data has been recieved. You'll have to fool them with some whitespace.

If you're updating a table, you can implode the array and use an IN clause to save you time.

Riiiiiiiiiiight.

1.) What version are you running with your development server? That might help us narrow down the problem. 2.) So you get a completely blank screen? Do you have display_errors turned on in your php.ini? If not, do so. Changing error_reporting to E_ALL might help us narrow down the problem too.

I really don't think anything is as clear-cut as that.

Well, assuming there's never any more than two levels to your structure (e.g. there couldn't be a sub category of a sub category), then it's just a case of ordering by the categories, then the sub categories. You then just have to keep track of what was the category/sub category last time your loop was run. If it's different, show the new category. If it's not, don't. Something like this: <?php $prevcat = ''; $prevsubcat = ''; $sql = "SELECT * FROM tbl ORDER BY category,subcategory"; $result = mysql_query($sql) or trigger_error(mysql_error(),E_USER_ERROR); while($row = mysql_fetch_assoc($result){ $cat = $row['category']; $subcat = $row['subcategory']; $item = $row['item']; if($cat != $prevcat{ echo $cat.'<br />'; echo $subcat.'<br />';//if the category has changed, we also want to show the new subcat }elseif($subcat != $prevsubcat){ echo $subcat.'<br />'; } echo $item.'<br />' } ?>

maverick3d: Any chance you can tell us what happens with the above? Do you get an error message? What's the output? What's the expected output? Errr, why's that then?

As long as you salt, either should be fine for your purposes. Both are hashes, not an encryption method. Therefore, they cannot be decrypted. Rainbow tables can be used to do a reverse lookup, however. This is why you need your salt. Salting (the process of putting extra characters in a password before hashing) will make pre-computed rainbow tables useless. To give an answer, SHA1 is probably more secure. It produces a longer hash and is also less likely to produce collisions.

Well, select the value from your database, and concatenate with the string: $id = $row['id'];//for example, if this is your field $str = 'abc'; echo $str.$id;

Sounds like you're after javascript, not php. Google javascript alert boxes.

substr() is your friend: <?php function truncate($str,$maxlength=50){ $length = strlen($str); if($length < $maxlength){ return $str; } $str = substr($str,0,$maxlength).'...'; return $str; } $str = 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aliquam pellentesque aliquam neque. Aenean pretium congue quam. Nulla facilisi. Ut bibendum dignissim enim. Ut egestas turpis eget nunc. Donec gravida suscipit massa. Aliquam placerat ante ut quam. Vestibulum nec lectus at risus pulvinar interdum. Quisque convallis gravida nibh. Nullam a dolor. Maecenas urna justo, posuere ut, sodales ac, rhoncus sit amet, est. Proin mi. Donec ut arcu porttitor nisi imperdiet tempus. Curabitur consectetuer lorem non eros.'; echo truncate($str); ?>

No, you cannot create a function which has already been created. Looks to me like all you need is a little logic. Something along the lines of having the 3rd parameter as optional. If it's been set, then do the stuff that's in your second function declaration; if not's not been set, then don't.# edit: e.g: <?php function myfunction ($foo,$bar=FALSE){ //do something with $foo; if($bar==TRUE){ // if $bar has been set, then do something different. } } myfunction('some value'); //only do the first part myfunction('some value',TRUE);//also do second part ?>

Try: <?php $date = "07-07-2008"; echo date('l',strtotime($date));//using l will save you the stack of if statements -- it returns the day for you. ?>

If possible, just place it outside the document root. I would imagine that if you're able to set up a cron job on your server/hosting you should have access above the document root.

That's really the point of the hidden field protection though, isn't it? Seeing as a normal user wouldn't see the field, they wouldn't fill it it. The bot does 'see' the field so fills it in so you know it's a bot. There are issues though. This type of protection idea is becoming more common so i would be surprised if newer bots don't check to see which fields are hidden and then don't fill those in. Though im no expert, i would also imagine there would be problems with accessibility. I wonder wether or not screen readers would ignore the hidden field?

You appear to be doing your inserting before you check to see if the variables are set. You should also use the isset() function to see if the variables are set: if (isset($_POST['customer_id']) && isset($_POST['customer_name']) && isset($_POST['customer_email']) && isset($_POST['npassword']) && isset($_POST['vnewpass'])) { // sanitize $customerid = mysql_real_escape_string($_POST['customer_id']); $custname = mysql_real_escape_string($_POST['customer_name']); $customeremail = mysql_real_escape_string($_POST['customer_email']); $npassword = mysql_real_escape_string($_POST['npassword']); $vnewpass = mysql_real_escape_string($_POST['vnewpass']); $insertnewcustsql ="insert into 'customer' values ($customerid , $custname , $customeremail , $vnewpass)"; mysql_query($insertnewcustsql) or trigger_error(mysql_error()); //you didn't execute your query either. I assume you meant to

IMO, a certain level of forum etiquette is required for helping to occur. If a post is too difficult to understand due to poor posting habits, how can one expect to either help or be helped? Furthermore, poor forum etiquette can prevent others from being helped. For example, posting in a wrong forum means mods/admins have to spend time moving said posts rather than people able to help someone. I've said before with this kind of question that i personally believe there's no such thing as altruism. Nobody does anything that will help somebody else without gaining something from it themselves. As you've said, not everybody says thank you. Therefore, the helper must be gaining something else other than the 'satisfaction' of having someone tell them that they've been helpful. The most obvious one is that most people don't require a thank you to know that they might have helped. They therefore gain something because, regardless of any thank you, they know they have helped someone. As CV mentioned, there is also the gain that comes with explaining something. Until you can explain a concept to someone else, i would say you havn't fully understood that concept. By helping someone, you can proove to youself that you have fully understood something. By helping you also expose yourself to other ideas and problems which you may not otherwise have encountered. Hell, I may spend some time helping as i'm bored. My reward is therefore an aleviation of this boredom.