Azu

Yes exactly. Isn't that what a session is? So that you can store some data when the user doesn't accept cookies and you don't want to use their internet address? In any case I am trying to find something more secure/permanent/harder to forge then any of these, since at the moment they can all be hacked by the users one way or another (although not so easily/quickly when using IPs). This is kind of getting off topic though. I really doubt that anyone will come up with a feasible way to reliably tell users apart with the state the internet is in right now (all of that DHCP stuff that makes computers' addresses keep changing over and over). I'd really appreciate it if someone would tell me which parts of my site have errors/security problems s that I can try to fix them ^^ I definitely CAN fix those kinds of problems right now.. Sorry if I made typos in this, the o and p keys on my keyboard are broke right now so I have to copy and paste them =/

if($uservariable='noimage')$var='no'; elseif(ctype_digit($uservariable))$var=$uservariable;//Feel free to add intval() around this but it shouldn't be needed elseif($uservariable!=''){echo'XSS detected';die();}

Are you sure? I thought they used persistent cookies. Aren't sessions the little variables that you pass through URLs and if anyone gets access to the URL they can just goto it and then be logged on in that session? Not many good ways to prevent these from being passed to other websites through referrer header. And I know that in some ISPs somebody's address gets changed once in a while, but at least you can't reset it instantly in less then a second by just pressing a hotkey like you can with cookies and sessions ^^ so it's a LITTLE more secure then them I think. If there is something more reliable to go on then please tell me and I will be glad to use it. I can't think of any though. MAC addresses aren't normally sent are easy to spoof anyways, regardless of your ISP. So they would be less secure. And I can't think of anything else that is in any way unique to a user and is sent over the internet.. =\ any thoughts on this would be welcome.

In any case, it's always good to make sure that you're website complies with standards and works in more then just the top 3 browsers. Trust me you won't regret it @Aureole, interesting statistics. Mine are a bit different, if you want to compare here they are Registered users using these browsers; internet Exploder: (4809)25.9%, Firefox: (3388)18.3%, Opera (478)2.6%, Safari (53).29%, Mozilla (27).15%, Netscape(17).09%, AOL(7).04% Unknown(users registered before I started keeping track of browsers) (9768)52.7%

Thanks I'm wandering how to make it so hover doesn't override focus though. Like so if you click on the field, (and thus have focus on it) then I want the :focus to take priority over the :hover, instead of the :hover overriding it..

Thanks.. the whole point of this though is to instantly block it as soon as it happens though.. and all I really want to do is just tell my website not to respond to the request. Not my whole computer just my PHP website. So I'm not sure why a firewall would be needed. Also this needs to be something OS independent (isn't that the whole point of PHP? )

Are you trying to be funny? 1. They only last until the user closes the browser rofl.. 2. There are multiple ways to hijack them without having to actually hack the user's computer I need something that is permanent, user specific, and can't be spoofed.

Okay thanks.. well if it's not possible to do it this way, is there another way to make a client think my server is offline? This is mainly for something I am making to try to automatically detect XSS attacks from E.G. automated tools and block them A.S.A.P. And the most secure response is no response so ya.. I thought that this was how I should do it..

No I don't want to send any headers or anything else that says "this website exists".

Exactly.

You mean the server sends headers to the browser before it even interprets the page?

Yes exactly that is what happens when it gets no response and it differs from browser to browser it's not something in the HTML. So please tell me how to make PHP die instantly without sending anything to the browser so that the browser reacts that way.

Server not found not page not found. Like if you try to open this link http://www.dj4jd9f5jgskjdfg346.com/

Thanks doesn't work though.

Hello.. how do I make PHP die INSTANTLY without sending any headers or anything? So that it will be like trying to access a URL that doesn't exist and says server not found?

=\

If you want your website to be good then don't be all "well.. it seems to work in MOST browsers.. so it's fine lol" .

Thanks! Is it better to initialize all variables at the very start of the script, or right before they are going to be used?

If my code is running fine without initializing variables, should I just leave it as is, or is there a benefit to initializing them? Also, which way is best to initialize? $a=$b=$c=''; or $a='';$b='';$c=''? Or is there a better way then both of these?

When :focus and :hover both change the background, it seems that :hover always overrides :focus. How can I make it so that :focus will override :hover?

Hmm.. I'm not sure of any other secure ways to tell people apart besides IP address. I thought that this was what IP addresses were made for. If not, what should I be going by?

I don't like it much. Very buggy. And it's completely invalid doesn't even have a doctype? :/ Might wanna use Google to find out how to make websites corectly.. try Googling "How to make a good website" maybe.

I REALLY REALLY like that you use CSS for the rollovers instead of javascript like most do.