corbin

Hi... mSQL != MSSQL, so using the mSQL extension makes no sense. Additionally, unless your code has some existing dependency on the MSSQL extension (mssql_* functions), you should be using MS's extension http://msdn.microsoft.com/en-us/sqlserver/ff657782.aspx If you do have code depedent on mssql_*, I suggest recoding it, but if it's a big project that might not be possible. Anyway, php_mssql.dll depends on a dll originally in MSSQL 2000 (I don't think the DLL exists in SQL Serv 2005/2008). I don't remember what the DLL is called, unfortunately, and I have no idea where to get it these days. Anyway, you'll likely want to run PHP from the command line or check the Apache error log to see exactly why the extension's not loading. (Also, on a semi related note: I usually use PDO for MSSQL related stuff [actually all DB related stuff, really]. That way it's easier to switch between mssql extensions if need be.)

It's worth noting that PDO::quote does not work for the ODBC driver. And yes, I should have mentioned that encoding issues and what not can make ' quite dangerous to simple str_replace escape. When working with MSSQL, I always use prepared statements because of the ODBC PDO driver not implementing quote (and I just prefer prepared statements over PDO::quote'ing).

Loading a page into a div is about as simple as AJAX gets, so I would find an AJAX tutorial. Or is there something specific that you're having issues with?

urlencode? Or, instead you could use a library with bound parameters (better option). Or, you could just replace ' with ''. (note that that is two ')

The easiest solution is to just use number_format() on in the application code instead of doing it at a database level.

Ooooo never seen mod_evasive before. Cool.

There probably still is (I know there was like 3 years ago), but I can't imagine any free hosting would be decent. I suggest just getting a like $5 package from some web host. (Also, the domain name will run you $10-15.) You can probably find a free host, but don't expect it to be good. Then again, I'm a pessimist.

Might just be an oddity of Firefox. Got to hate the browser compatibility world. Have you tried using something like Live Http Headers to see exactly what Firefox is passing? Maybe it's passing something else you could use.

Hmm, albeit it a weak one, I do think it might be an attack of some kind. It's either that or a very aggressive search crawler (google bot for example). Is the page particularly resource intensive? Because if I were going to attack a website and had little resources, my approach would be to find a very DB/memory heavy page and slam it. If a page is rather resource intensive, a fairly modest computer/internet connection can flood a server. Anyway, is it the exact URL or variations of it? For example store.php over and over again, or store.php?page=1 then store.php?page=2... Also, have you tried googling the IP address? If it's a search bot, that will likely bring something up about it.

Hmmm.... If that were the case, I would just make a custom extension so you could do like page.code or page.c or something. That way if they did find it, no big deal. Another option would be as you said, to just deny direct access to any file (and by "deny" I mean a 404 page). You could probably accomplish that with a clever RewriteCond and a RewriteRule (with the Cond checking if the file exists). Note that you'll need to order your rewrites correctly and mark the one rewriting /registration to /registration.php as final (with [F]). I'm actually kind of curious on this now, so if I decide to mess with it I'll post whatever I use.

I would pretend I went somewhere without internet access.

Yes, locking in MySQL is handled automatically. http://dev.mysql.com/doc/refman/5.0/en/internal-locking.html

Ooo Twisted looks pretty cool. Almost makes me want to learn Python. TLG, with your approach right now, the easiest way to do it is this (although I would probably go the Twisted route): Have the main thread listening for new client connections. Every time a new client connection is received, spawn a new thread. That thread's entire purpose of existence will be to handle one client connection. Basically it will be like: main thread: while(new client) { new thread for client } client threads: while(connection open) { read socket and process } The hardest part of that approach will be the synchronization so that you can act on more than 1 socket if needed. (For example, to send a message from a to b, you'd have to use a's input stream and b's output stream, meaning you will need a way to manage connections outside of threads. Basically a locking system.) I could show you some Java code if you wanted, but I don't know Python well enough to accomplish anything. thorpe's suggestion looks pretty cool too. You'd probably be better off using it than trying to reinvent it. Then again, it might be better to start low down then move to Twisted so you know what's going on better.

The socket accept is accepting a new client every time the loop goes. You need: while True: client, details = mySocket.accept() try: while True: info = client.recv(100) client.send(info) except: client.close() Note that to support more than 1 client at a time, that code will have to be changed.

Well you would have to know what signals Windows sends the program. I more I think about it though, the more I'm not entirely sure if it is 100% signal based. Haven't gotten around to trying it myself yet though. Ahh, just googled, and it looks like Windows does not have signals in the sense that Unix does.... http://stackoverflow.com/questions/140111/sending-an-arbitrary-signal-in-windows I think what I'll do is look into the Apache source to see how it handles services as I don't even know how to get started with service stuff without using managed code.