gizmola

nothing wrong with Thorpe's answer -- but I couldn't resist refactoring your code. $months = array('January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'); $pay_month = ""; foreach ($months as $key => $name) { //array is zero based, so +1 the month number $key++; $selected = ($key == $month) ? ' selected' : ''; $pay_month .= "$name\n"; } $pay_month .= ''; As usual, I didn't test this

Huh?

2 Questions: 1. What is the purpose of using CBC with an IV that is always a bunch of zeros. That defeats the entire purpose of the mechanism, which is designed to insure that encryption of the same plaintext multiple times does not produce the same ciphertext. 2. Why does it matter that things match as long as the data can be decrypted. I don't see us offering much help here truthfully. The only thing I could suggest is a side by side comparison guaranteeing that the data is the same in each app, at each step of the process. If you've guaranteed that, then one would have to assume there's something different about the two 3des implementations.

I'm sure the next question will be how, and pretty much everything you need to know as well as examples can be found here: http://us.php.net/fpassthru. Make sure you read the comments!!!!

Hehe, don't think that will work on windows though.

Just to be clear -- I didn't explain this well, but in a post if you use: name = "checkbox[]" then you get an array. If you use name = "checkbox" then you'll have a problem if there are 2 checkboxes with the same name, as you have currently. I was surprised about this because your php source showed that you were using checkbox[] but perhaps something changed? In either case, checkboxes are somewhat confusing in that their behavior is that if the person checks a checkbox it will show up in the $_POST, but if someone does not check it, then it will be completely missing from the $_POST.

Here's an approach that could solve the email issue -- use GNU PGP. First you would have to set this up in the email clients for your employer. You would then need to take the public key and copy it to the server (and of course the server would need GNU PGP installed). This blog post explains the details: http://www.pantz.org/software/php/pgpemailwithphp.html If your employer resists this approach make sure you explain to them the potential liability they face using the public email system which sends all email across the internet in unencrypted form, allowing anyone who is able to sniff traffic to read all the email that is transported. For the same reasons, any forms that solicit people to fill out personal and confidential information absolutely must be SSL'd as stated by Teamatomic. This is for the protection of the clients as well as your company. Sniffing might be hard to pull off for a lot of people, but more and more as people use wifi and public hotspots, they expose themselves unknowingly to having having their personal information sniffed for the same reasons. Paying for and implementing SSL with valid certificates will boost the overall credibility of the business for any business savvy people.

So if you look at the source you'll see clearly that there are two problems with your checkbox. The first is that you are not emitting the name of "checkbox[]" so that will be a problem. For checkboxes, they only exist in the post if the checkbox actually has the attribute of checked. Either the names need to be different for each checkbox or you need an array. Additionally, your id value is broken, and is not parsing as php. Additionally, the input tag for the checkboxes isn't closed properly, which could be related to the other issues you have with the code. As your html is malformed it's not surprising that things aren't working.

In my experience a good captch eliminates all automated spam. If you are seen as a high profile target, then there are ways that some spammers will use to fake out real people into solving the captcha images, but that is no reason not to start with a captcha. Many many sites these days use recaptcha which is a service that not only hosts the captcha's for you, but also helps with efforts to OCR books, magazines and newspapers. If you want to host your own recaptcha there's a few decent libraries out there that use php and gd to generate the images. You have to do some research because there are plenty of weak captcha's out there that were defeated -- most notably one for phBB some years back, not to pick on them exclusively as there are plenty of other weak captchas that were defeated.

If you have the root account then you can change the password for other users. If you've lost the root password, there is a complicated process for resetting it. http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

Please run the script and take the html source and copy it here so we can take a look.

Having looked at your code it seems all you're missing is abit of glue. Using your convention of name# for names, and email# for email--- $list = array(); foreach ($_POST as $key => $value) { // is this a name? if (substr($key, 0, 4) == 'name') { $index = (int)substr($key, 4); $list[$index]['name'] = $value; } // is this an email if (substr($key, 0, 5) == 'email') { $index = (int)substr($key, 5); $list[$index]['email'] = $value; } } // Now foreach through $list, and you have an array of arrays, where the nested array has 'name' and 'email' keys for easy access.

for each is your friend. Iterators.... learn them and you will be very happy with php.

What I mean is that svn export pulls out every file. When you have a working website with hundreds of files and images, it's not really that great to have to replace every existing file in the webroot just because you updated 2 scripts. It would be great if svn export let you specify just the files changed in a revision, but unfortunately it doesn't seem to allow for that. When you specify a revision you get everything that's been commited up to that revision, and you're not even allowed to specify a revision range. For that reason, it's not the ultimate solution it might be for this. If it was, I'd 100% agree with you.

Unfortunately that is all that's available from the mysql_error(). You can always go into the class and alter it to provide you a better form of debugging, or use it to derive a new class that has additions for your benefit. This is one of the benefits of oop.

Depending on the library being used, there may not be any way of doing that, if for example they are using prepared statements. The first thing you need to do, is take a look at the database class and analyze it. See if it provides any sort of debugging switches you can turn on. You will need to understand how the library works. When you get errors, you may have to take a look at the mysql error returned and use that to reverse engineer the problem.

And error message would be different then. Not necessarily. If his target server should be: somehost.com, yet there's still a mysql server running on the localhost, then the error would still indicate that the root user password was wrong.

The problem with svn export is that it pulls out the entire tree. It does however, solve the issue with having a bunch of .svn folders filled with svn files. Roopurts method is a variation on mine, but truthfully i don't see the benefit of having seperate tags,trunk and branches directories in the same repo. About the only thing it does is allow you to name tags as he did in his example. You can accomplish the same goal in my example, by naming a tag project.0.0.1. Making a version tag for a release is however, a great practice to get into.

I don't see anyplace in your script where you actually check the $_POST. If this is planned to be a self posting script, then you need to have an if - then - else where you actually check for values in the $_POST and do something. As it is now, this script will just repeatedly list out the database and inside the form.

Yes that's great that he can catch the exception, only to find that the page is broken because no queries work. Of course he could also print out the exception which would ultimately lead back to the real problem which is that the username/password are being rejected.

I don't have enough information to tell you that. What I can tell you is that the source of your problem is stated clearly in the exception stack: PDOException' with message 'SQLSTATE[28000] [1045] Access denied for user 'root'@'localhost' (using password: YES)' So apparently your configuration is attempting to connect as the mysql user 'root' using some password. In all likelyhood, the password is wrong. In general it's best to have a user specifically for the database needed by the application, but that's more an aside as it is irrelevant to the problem you are currently having. I would diagnose this using the mysql command line client in a shell, or phpMyAdmin. Regardless, this is why I stated that its's a username password issue. The only other issue would be the host, if for some reason the mysql server was on another machine, but I'm going to assume that is not your problem.

I'll attempt to explain a complicated topic without writing a novel. All DNS servers do is convert domain names (www.yourdomain.com) to IP addresses. How this works in practicality is that when someone types in a domain name into a piece of software, the resolver breaks it apart and sends off some messages to servers to figure out what server can provide what they need to know (the IP Address) They start this way: www.yourdomain.com Pick off the top level domain (.com) and query the "Root servers for .com" to find out the Name servers for "yourdomain". The root servers are the ones that the domain name registrar interact with, and it's their responsibility to update them as to the list of nameservers for the domain. You have to use your registrar any time you want to update your list of nameservers. You must have at least 2, but on your side only one of them will be the "Master". So your list might be: ns1.yourdomain.com 10.1.1.1 ns2.yourdomain.com 10.1.1.2 The root servers send this information back, and the client then sends requests to all the DNS servers in the list. Once it gets an answer back that indicates the IP address for the host it's looking for, the program goes on its merry way, using the IP address it has for all future tcp/ip communication. Now here is where Bind would come into play. Bind is one piece of software that provides nameserver functionality. On the "master" server, you have to configure the nameserver with zone files for any of your domains. I won't go into the format of these at all, but they are the files that configure your domain, and associate the names and types of servers in yourdomain.com with IP addresses. So typically you might have an IP address for yourdomain.com, that also aliases to www.yourdomain.com and associates them with the IP address 10.1.1.2. Once the master is configured properly, you configure any additional name servers to act as slaves. You have to do some setup on the master as well, but once it's done slaves will pull the zone files from the master, so that any of the slave servers can answer questions for the domain. Control panels provide config tools that hide a lot of this complexity, but allow you basically to set up the zone files for a domain and provide DNS answers. Since you have 2 IP's you can certainly use your server to setup the 2 required dns name servers if you want. Cpace1983 makes a valid point, that the performance and reliability of dns servers you run yourself will not be as good as companies that have a more robust dns infrastructure in place.

In general, people tend to use the server that best fits there platform. On Windows servers, that is IIS, especially if using ASP/.NET On Linux it's Apache, especially if using LAMP. With that said, many sites also use lighttpd either as a substitute for apache or to host static files like images, js and flash. If you're using java to write servelets and doing your serverside coding using JSP, then Tomcat is popular, although it is often paired up with Apache. There are alternatives in about every category, and you can obviously use Apache on Windows, which you have been using.

A sandbox is the same as a working copy. So basically you do the same thing on your beta and production server as you do for development -- you do an svn co of the project into the appropriate location on each server. For configuration files that need to be modified, the best thing to do is to check a version of these into svn that has a template of what you need, but isn't the actual filename itself. For example, if it was the httpd.conf file, you might name that file httpd.conf.dist. You then copy the file and edit it as needed, but don't ever check it into the repository. Typically you set these files up once, so there's no need to mess with them once you have them configured. As far as seperate projects, I'm not sure what you mean by that. You can setup as many svn repositories as you want, but this is often not very convenient. An alternative is to to have the projects in the same repository, only the top level subdirectory is the project. When you checkout files you simply specify the location of the project you want rather than pulling out the entire repo. What I typically do is this: /tags /branches /trunk/ And in trunk I'll have: /trunk/project1 /project2 etc.

It's failing to connect to the database. Check that the username and password as configured actually work.