roopurt18

func1 <?php function func1($param){ $var = Array(); // Init var $var = $param; // set var return $var; } ?> Above, there is no reason to init $var since the very first use of it is an assignment. func2 <?php function func2(){ $var = explode(' ', $some_var); return $var; } ?> Above, func2 is taking for granted that $some_var has been set elsewhere in the code. Who knows where it's been set and what it's been set to. func2 is a good way to introduce an obscure bug into your code. func2 - fixed <?php function func2(){ $some_var = some_func(); $var = explode(' ', $some_var); return $var; ?> Now we know what $some_var is before using it which makes contamination less likely. Better programming practice. General guideline: You don't need to initialize variables if the first use of them is assignment. If the first use is anything other than assignment, you'll save yourself a headache somewhere down the line by taking the extra 1.5 seconds to type whichever of these fits your need: $var = NULL; $var = Array(); $var = ''; $var = ""; $var = false; $var = true; I have nothing more to say on this matter. ;^]

le sigh

?> <html>

SELECT DATE_FORMAT(NOW(), '%m-%d-%y') AS DateDisp FROM table WHERE condition

Just because you don't have to define or initialize objects / vars before you use them doesn't mean that not doing it is good programming practice.

UPDATE table SET col=NOW() WHERE conditions

That's good advice and I thank you for it. However, there is already a .htaccess file in the root directory that routes all requests through a single .php file. So effectively this URL I wish to increase the apache timeout for is not a directory where I can put a .htaccess file. Under these circumstances, what are my options?

Found this while doing some mod_rewrite, thought it could help others. http://www.ilovejackdaniels.com/mod_rewrite_cheat_sheet.png Worthy of sticky?! Updated URL: http://www.addedbytes.com/mod_rewrite_cheat_sheet.png

That's good to know. I'm curious as to what you other folks think about my proposed design.

I don't know how feasible this is for you, but I think it's really important to keep data separate when it actually is separate. Essentially you have 3 major sections of data. 1) Product Information 2) Site 1 Product Pricing 3) Site 2 Product Pricing If you're really hellbent on keeping the two sites separate, I'd create three databases. One for each site, including users, pricing, whatever else, and the third to just contain product information. This has the advantage of enabling each site to override the values contained in the general product database without polluting the product database with information that has nothing to do with products. Let's look at an example product: Name: widget Description: foobar Price: 1.00 The db.table to store that information: products.prod_info { id, name, description, price } Then each site can also contain a prod_info table that overrides any values in product.prod_info as well as add new values, such as quantities, consumer ratings, etc. site1.prod_info{ id, main_prod_id, name, description, price, qty } Then in your site 1 code, when you wish to query for a product: SELECT IFNULL(s.name, p.name) AS Name, IFNULL(s.description, p.description) AS Description, IFNULL(s.price, p.price) AS Price, IFNULL(s.qty, 0) AS Qty FROM products.prod_info p LEFT JOIN site1.prod_info s ON (p.id = s.main_prod_id) WHERE filtering I've never tried to join across multiple databases so I don't even know if that approach is possible, but if it were I think it's the one I'd go for. It has the hassle of a little extra typing in your queries, but it keeps the data where it logically belongs IMO. Of course, the other approach is to not create two sites at all. Just make a single one and base what page people view based off the URL, login credentials, etc. It sounds like this is an existing project though, so that may not be possible.

You want to research the HtmlDOM. There's two basics approach you can take: 1) You send all of the possible changes to the form in a single document as hidden page elements. As the drop down changes, you use the DOM to move the hidden elements into their visible positions on the page. How useful this approach is depends on how much dynamic content there is. If you're only talking about two hidden list boxes, each with 10 to 20 items, and based on another drop down selection one of them is displayed, this method is fine. If there's lots of possibilities of which dynamic information to display and there's a good chance most of it will never be displayed, you'll want to go with approach #2. 2) Use AJAX. There's an AJAX discussion area on these forums to help you out with this as well as useful information at the w3schools website. The basic concept is as the user interacts with the form, you use javascript to make requests to the server. Javascript on the page will be called when the server finishes the request and your page can process the results, such as inserting dynamic HTML elsewhere in the page. Typically, when the user changes a field you'd send their input to the server and the server would respond with possibly more form content; you then use the DOM to stick this content into your page. HtmlDOM http://www.w3schools.com/htmldom/default.asp Javascript http://www.w3schools.com/js/default.asp AJAX http://www.w3schools.com/ajax/default.asp

Oh, this would be a big one. Make sure the DB passwords are encrypted if they're not already.

Small piece of advice, try getting your point across in as few words as possible; people are more likely to hang around and read your questions when there's less to read! "However there is one thing happened that is causing this. THere is one user that has gotten into the site. One user that got into the site, that caused a problem He has been getting into other people's accounts and transferring money from there account to his. Based on what the admin says he has gotten into a total of 8 accounts so far. He will continue unless I figure out what he is putting in there." Translation: The admin informs me there is at least one user who has accessed a total of 8 accounts and uses them to transfer game-money into his own account. The best solution I can think of would be to do the following: 1) Keep a DB record of user logins. For each user on every login, record the current time and their IP address. Enable a cron job to clean this every 30 or 45 days because its doubtful you'll need to view records that far back. 2) Enable another cron job that inspects the data and notifies the site admin, via website message when they log in, email, etc. of suspicious behavior. Suspicious behavior in this case would be multiple accounts constantly logging in from the same IP address and transferring money to / from each other. You can use this information to suspend or ban accounts that appear to be cheating. However, keep in mind that people also play from within the same household. If there's two accounts that always log in from the same IP address, its probably multiple players within a single home. If there's two accounts and they have a consistent record of logging in from different IPs, yet occasionally one of the accounts is accessed by the IP from the other account and you can trace the accounts to, let's say, Florida and New York, that might be a case of a hacked account. 3) Every user, after logging in, should be displayed with a message indicating their last login, including time and IP. You could even modify this information to be savvy enough to report to users when there exists login behavior that appears suspicious with their account.

Force only one login per user at a time; a lot of exploits in those games comes from someone logging in with two separate web browser applications and entering almost simultaneous requests. I would also turn off directory browsing; no telling what kind of information can gather from see the directory structure on the web. *snip* I'm not registered so I have no idea what kind of information I could pull after being a user and actually logged in. EDIT: link removed at request of OP.

There's a specific URL within my website that creates color catalogs and the processing time can cause apache to drop the request. For now, I've changed httpd.conf to Timeout 60 However, I'd like to set it back to 30 for the entire site and allow only this specific URL (or URLs matching a specific pattern) to have a longer timeout. I did a bit of hunting through google and I intend to do more, but if anyone can just throw out a directive or even a link I'd appreciate the saved time. Thanks!

"The spambot would get it's own session id via the url and would have no problem in harvesting email addresses." I disagree. The original poster asked for a discreet way to check if the user has javascript enabled. Here's what I'd do: When the page finishes loading, make an AJAX call to your server and set a $_SESSION value: $_SESSION['JSEnabled'] = true; In your site where the session is started, put the following: if(!isset($_SESSION['JSEnabled'])){ $_SESSION['JSEnabled'] = false; }

I thought you could specify if the session ID is handled via cookie or URL parameter.

<pre style="font-family: enter_a_non_fixed_width_font_family;">some text</pre>

There's the HTML from your example. <pre><bold>Grande Communications Leads Corporate Partners to Provide Meals to Corpus Christi Youth</bold>

Look at the HTML source given to your browser and make sure it's what you're expecting.

Because its < b >some text< /b > without the spaces.

htmlentities replaces certain characters with their HTML encoded equivalents. For example: < is converted to < > is converted to > & is converted to & Remove the call to htmlentities as that's not what you want in this case.

I should also warn that text inside of pre tags will stretch page elements wide even if they have a CSS width attribute. You can use PHP's wordwrap() function to get around this. I've not tried it, but I would guess using the CSS overflow, or whatever it is, property might fix it as well.

Set up two cron jobs. The first is a shell script that checks for new email and sticks it into a file. The second is a PHP script that checks for that file and does stuff with the information in it. (EDIT) Or just execute the PHP script from within the shell script and use only cron job!

I think you'll have more success wrapping the text inside of pre HTML tags. Also, use CSS to give the font a fixed width for best results.