ShogunWarrior

Ah, very good. Go team!

As they could with a $_POST,$_REQUEST or AJAX request, it is up to him to implement security.

I would take the $_GEt part out of the SQL for clarity. <?php require_once("db.php"); $id = mysql_escape_string( $_GET['id'] ); $sql = "DELETE FROM news WHERE id='$id'"; mysql_query($sql); echo "Success!!"; ?>

When you are getting something from a URL you get it by name like so: $id = $_GET['id']; or if the URL was ?name=value $var = $_GET['name']; Have a look at the PHP manual about the get and post superglobals, very useful for most projects.

AFAIK copy() will try to get a real system file, it will not request the page. You will need to include the library and process in-page.

If you can then think about pre-splitting the files and saving them (to prevent runtime image processing) or at least caching the files.

This is a dilemma I am having aswell, as I imagine many have. True, life is short and you should enjoy whatever you do. However, just looking at the Dodge Viper SRT-10 yesterday made me know I don't want to work to get by, I want to make enough to have fun. Granted, it is easier said than done but there are still hard choices ahead which could make or break those dreams. The bottom line is that if you don't like sysadmin-ing then don't do it. I would do a job I less liked for better pay, but NOT one that I didn't like at all (except for crazy money).

Yes, add an index. As long as space isn't a concern adding appropriate indexes can be very advantageous.

Hmm, not sure. PS: The default case will always be chosen, I.E. in your select it will never get to the process option. switch($_POST['recover']){ default: include 'lostpsw.php'; break; case "recover": recover_pw($_POST['email_address']); break; } Should be: switch($_POST['recover']){ case "recover": { recover_pw($_POST['email_address']); break; } default: { include 'lostpsw.php'; break; } }

If it was me I would not use the username as the user key, I would as an integer user ID. This is more indexable and generally more normalized. Maybe think about periodically archiving older rows to an archive table(s) to improve efficiency. AFAIK speed will be a problem because MySQL must lock/re-index the table each time a user views a profile, which is often.

I've done freelance work for quite a few different people (some businesses, some individuals) and the worst part for a programmer or designer is that there is a lot of managing involved - which you have to do. A project which should take 30 hours can easily take 2 or 3 weeks if the client doesn't get back to email, goes away, is indecisive etc. no matter how determined and hard-working you are. Recently I have been working in a networks company that don't create or sell software. What's great is I am an on-hand programmer which means I get to learn new technologies and 3rd-party products all the time, the company pays for books/online courses and because they are not a software company they do not know how long it _should_ take. (That being said I do deliver _fast_) Basically if you can manage and promote yourself try freelancing, but if you can get a good in-house job, do.

Programming languages have something called scope which distates how long variables live and how you can access them. Because of PHP's structure if you create a variable anywhere in the page it is available down through the rest of the page. However, there is function scope which means that the variables in a function exist only inside the function and variables outside it are not involved. So, your function: function resetCounter() { $counter = 0; } Creates the variable $counter inside the function but does nothing else. What you need to do is tell PHP that you want to use a global variable inside the function and then set it to 0: function resetCounter() { global $counter; $counter = 0; } I hope that rather detailed explanation helps.

This is the key: Warning: Unknown(): open_basedir restriction in effect. File(/home/.mccoy/wamboldt/ictonentertainment.com/wamboldt/index.php) is not within the allowed path(s): (/dh/web/phpmyadmin:/tmp:/dh/solidclient:/usr/local/lib/php:/home/icton:/home/.mccoy/icton) in Unknown on line 0

Of course it is possible, but only if you have direct access to the code, as you do here. Sure anyone can read your mail if they can get into your house - same thing - exactly the same

I've often used an "authenticated" function that checks authentication. Like if( is_auth( $user, GP_EDIT | GP_DELETE ) ) Then, your function could check the flags passed to see if the user is authenticated. The above can produce a very pluggable system. For instance, inside the is_auth function you could have it call auth_hook which would be an optional function would could override the authentication. This would be useful for instance if you were plugging in to an external product's user database or if you wanted to set up a demo version. Alternatively, Nameless's method is very nice because it is the most simplified and it uses memorable function names.

array_rand

In reference to your initial question the reason XML doesn't have caching headers/tags defined is because it is an abstract description language, it was not designed specifically for the web. Also, XML is content-level, so things such as Authentication/Caching/etc. are left up to the server/client to figure out AFAIK. I think the Apache solution if the appropriate and best one.

From the look of it, the message is saying the website is being attacked.

There are two main ID3 versions, ID3 and ID3v2. While alot of files use v2, many still use the v1 so for backwards-compatability you should probably implement both. Here is the ID3v2 spec: http://www.id3.org/id3v2.4.0-structure You would need to understand and implement that to parse/edit ID3 tags.

Look up the ID3/ID3 v2 Specification. AFAIK you just look for "TAG" in the last 128 bytes of the MP3 file.

Ok, firstly either don't wrap the variable names at all or use a single character. (I quite like PHP's use of $) The dots aren't a good choice and they and using two is overkill. What you do is when you find the variable character such as $ you set some sort of flag to tell your parser you are reading a variable name, then you keep reading characters until you find a non-variable character such as a space. So, $somevar = (that); will start at $, gobble up somevar, stop and then you can record the data on the right side of the equals. Parsing is not extremely difficult but still if you look at any interpreter such as Zend I am willing to bet there is a hefty amount of code behind code parsing!

The function http_digest_parse is NOT a built-in function, it was just a function the PHP.net example-writer wrote to clean up their example code. Here it is: // function to parse the http auth header function http_digest_parse($txt) { // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); preg_match_all('@(\w+)=(?[\'"])([^\2]+)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3] ? $m[3] : $m[4]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } If the function returned 1 then it is probably successful. http://us3.php.net/features.http-auth

Instead of moving the uploaded file to a permanent location, you read it from where it was uploaded to: For your file input file use the code: <?php $filename = $_FILES['file']['tmp_name']; $handle = fopen($filename, "rb"); $contents = fread($handle, filesize($filename)); echo $contents; fclose($handle); ?>

round($number)

Use readfile