gizmola

You need to check the mysql error log for the server. There are some things I find curious, like why your userid value is so large for this insert, as well as the format of the birthday column. Just to begin with however, I would check the diskspace situation for the server, and make sure that the volume/partition etc. is not out of diskspace. If this is innodb it could also be that the innodb tablespace is out of space. These are all just guesses.

Add a WHERE clause with the 2 criteria you need to be concerned about: WHERE AVG(PRICE) > 10 AND PAPERBACK = 'Y'

Look into GROUP BY. In your case you want to have groupings by TYPE. Once you GROUP BY you can use summary functions like AVG(). I don't really understand the question for Part 2? Is this homework or a test?

Ahh, probably I should have suggested you try telnet. That's probably the best way to verify that you don't have a socket level issue. I have had nothing but problems with selinux and lamp servers, and I always disable it. If it is indeed turned on, then I'd suggest disabling it and doing a quick test to see if your script works ok against port 8080. Disabling all outbound client connections to any port other than port 80 is ridiculous behavior, and not something you ought to have to work around. This blog post covers what you need to know: http://tweakandtune.blogspot.com/2009/03/centos-disable-selinux.html

Yeah this is pretty much what I've seen as well. It very much depends on the business, as many times there are a lot of things you need to change about the way your products or services are presented from one country or market to the next. For those sites that basically just want a translation, they can use these standards based formats to pass files back and forth to translation services. I will throw in for the record that I've heard good things about Zend_Translate from ZF as an alternative to gettext.

They are great devices, but they aren't cheap. I'm not entirely current, but just a quick look I saw people selling the FAS2020 with 6TB of storage running at around $9k. As far as I know the FAS2020 is the entry level device. Netapps basically implement RAID-6, support multiple protocols and have all sorts of incredible features like being able to do snapshots. If you're doing this work for a company, it might be something that is financially viable, as the reliability of those things is awesome, and Netapp support is outstanding.

Your original code was better structured. mysql_affected_rows() isn't a catchall error function, it will work when you actually execute a valid query. Your original code checked that, but you've restructured things now, so that it's hard to tell what is going on. How about going back to: $q = "DELETE FROM `stocklist` WHERE `Stock Number`='".$rec."'"; $res = mysql_query($q, $link) or die (mysql_error()); $anymatches = mysql_affected_rows($res); if ($anymatches == 0) die ('Sorry, but we can not find an entry to match your query '); echo 'Entry has been deleted! '; mysql_close($link); In general, this points out a good practice to get into. -When you're trying to get something to work, don't refactor at the same time. Get the code working, THEN refactor. You are busy attempting to do both things at the same time, which leads to confusion.

mysql_num_rows only works for SELECT statements. You need to check: http://www.php.net/manual/en/function.mysql-affected-rows.php

If the file is being returned from a script it could be that there are things going on that aren't obvious like redirects. Have you tried watching what is going on using firebug or similar tool? Is it setting any cookies, that might be required, perhaps for a session? There could also be a check for user agent? With curl you can make your server act as if it was a browser and support any of those requirements.

Based on what you are planning to use it for, sha1 or md5 would be fine. The concerns that people have with those algorithms concern the uses of hashes for passwords, and that is not a problem for your application, at least from the information you provided.

If you want to talk about really big sites, one of their biggest issues is scalability, so the code would be different. In terms of sessions, by default php sessions are file based. That doesn't work for a big site that is employing a cluster of web servers, so there's invariably an alternate session storage mechanism, where the session data is being stored in a database or memcache, or possibly a big nfs mounted netapp. From there you have a number of issues: password and seesion id sniffing in shared networks, insecure configurations that allow session files to be read off the server, session fixation exploits, and cookie based exploits. The reason there's no one right answer, is that the amount of security people need tends to directly relate to the type of site it is. Many community sites forgo ssl, not because they don't know that passwords are sent cleartext, but rather that the computational cost and overhead of using it would require more hardware than they can afford to invest in. Twitter and Facebook, have both struggled with scalability, and while they offer https, they don't take any technical steps to insure that people use it. When you look at something like firesheep, all that did was once again remind people that if you're on a shared network (in most cases public wifi) that your data is sniffable, and it's not unlikely that somebody could be sitting a table over with a sniffer looking at the data you're sending. In terms of sessions, well the session is a token that represents your login. It's not suppossed to be guessable (by default it's an md5() hash that's not predictable, although you can change it). That session id gets put in a cookie, so your browser is sending it with every packet. Needless to say, if I can sniff your traffic, I can get access to that session_id, set a bogus cookie, and at that point, the site in question will react as if I am you. One thing you can do to mitigate this issue is to require reathauthentication and to regenerate the session id anytime there's a request to "escalate privilege". The basic idea there is that you might be able to masquerade as me, but as long as you can't change my password or become superadmin, it's not as bad a situation as it might be. The same ideas are involved in combatting session fixation attacks. You also want to configure PHP so that it does not allow the session id to be passed as a url param or post variable. Last but not least, these issues cease to be a problem if you implement https.

"Better" would only represent an opinion. The most popular, and hence the ones with the largest market are Joomla, Drupal and Wordpress. Wordpress is a "blog" but the distinction between blog and cms is not that large. The CMS's all have free templates. There are also large markets from relatively inexpensive templates with a lot of nice features, and complete administration consoles. Zend framework isn't a CMS so it doesn't come with templates. FWIW, the main phpfreaks page, as well as the flingbits.com website were both built using the Zend Framework and the templates are clean and easy to understand. However, people often will substitute alternative template engines like Smarty. This is easy to do with a framework, whereas with a CMS you typically have to use what they provide and doing an sort of substitution is not very feasible.

Without seeing some code, Revraz has offered the same general advice that I would.

MTA configuration on the server could be broken, or you could have an error in your code, or it's also quite likely that your email is getting delivered, but it's being spam filtered.

The basic idea is the same regardless of operating system. They all have schedulers that allow you to run batch jobs. MySQL does not have a built in scheduler to do this for you. What operating system are you running the webserver/mysql on? With that said, deleting people because they have an expired subscription is a bad design. Your subscription table should have fromDate and toDate columns, and your code should simply check that the person has an active subscription. If not, then just don't deliver the service/login or whatever you're securing. Ostensibly, you'll try and get former subscribers to renew, which is pretty hard to do if you went and deleted them from the database, to say nothing of the loss of any associated history/ accounting data, etc.

At the risk of pointing out the obvious, one script gets its input from a POST (the problem one) and the one that works gets its input from a GET. Is your flash movie form.loadVariables() call would need to specify "POST" as the method.

The purpose of the escape functions is to escape characters that are delimiters in SQL. This is very clear if you read the page describing what it does. It is not a 'SQL removal tool'. With that said, let's assume that I have this query: INSERT INTO mytbl (notes) VALUES ('$somevar'); If $somevar = 'DROP TABLE mytbl' this does not matter in the least -- storing a string that contains SQL does not cause it to be executed. SQL injections are either a batch character followed by some rogue SQL, or a partial string that gets interpolated into a string that is getting passed to a mysql_query() or similar function, and in the interpolation process changes the original intention of the developer. The best solution to that is to use mysqli and prepared statements, which are impervious to these injections. Just for the record, mysql_query cannot be used to batch multiple queries, so that's not something you have to worry about with mysql. Other databases like mssql and oracle that do allow for batched queries, need to have the batch character removed as part of the process of protecting against SQL injections.

You need to use an alternative package like http://pear.php.net/package/Mail or http://phpmailer.worxware.com/

Are you using a zend_application object? If so, then you simply have a section in your application.ini file that sets any specific session configuration variables. See the http://framework.zend.com/manual/en/zend.application.available-resources.html section on session resources.

Where is the output being emitted? Is it in a module? Is it content from a plugin? Usually I would look for markup in the template files for your active template. Also, did you try and search for 'icon-home'?

You really need to read the php manual. It explains these concepts very well. "Query Failed: " is a string constant. You can tell that by double quotes around the string. It would actually be better practice here to use single quotes, because in PHP double quotes cause the php interpreter to have to parse the string looking for php variables to "interpolate" (search and replace, basically). Then you have the mysql_error(). This is a function, that when you look it up, you'll see it returns a string. When you look up the die() function you'll see that it is just another name for exit(). Exit accepts a single parameter that again needs to be a string or an integer. So what you need to have for input in this case is a single string. So you are passing as input, a string AND a function that returns a string. The only way this will be valid is if you can combine the two into a single string, and as explained by eran, you do that with the '.' (concatenation) operator.

Yeah Salathe has a better solution in this case even though they both work ok.

Use mysqli. It allows among other things for you to use prepared statements and bind parameters. There are a number of reasons to use them, not the least of which is that bind params eliminate concerns about sql injections.

Yes the original name for this is a "fluent" interface. Your code is exactly what's needed to implement a fluent interface with php.

preg_replace is what you want to look at. Check this out: $x = "A.S.M. Jackel"; $y = "A. S. M. Jackel"; $pattern = '/(\.)([^ ])/'; $replace = '$1 $2'; echo preg_replace($pattern, $replace, $x); echo ' '; echo preg_replace($pattern, $replace, $y);