MadTechie

I don't see how that's being triggered, the if statement will always be false! which means the email is failing! in the email part, change print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">"; to print "<meta http-equiv=\"refresh\" content=\"0;URL=error2.htm\">"; and see if it goes to error2.htm,

you can't call a Javascript function as if it was a PHP function, PHP builds the page, Javascript runs on the page.

Solved ? (crosses fingers) if so please click solved bottom left

if your text is being pull from the database then add the following two queries mysql_query("SET CHARACTER SET utf8"); mysql_query("SET NAMES 'utf8'"); now on the page you need to tell the browser you using UTF-8 so add a UTF-8 header header('Content-type: text/html; charset=utf-8'); (you could also do this via a meta tag) The encoding isn't changing, its the characters to the left or right that are affecting it, for example is 2 Chinese letters BUT is made up of 5 characters if i removed the å i'll get 你Ž

I have no idea what your asking.. if your not using something then you don't need to filter it, if you need to use $_SERVER then filter it, if you don't use it then you don't need to filter it! if you should use it, well that depends if you need to, I wouldn't recommend using preg_grep if theirs no need to either!

check the URL manually, do you get the flv file ?

your using ISO-8859-1 encoding, change to UTF-8

'QUERY_STRING' The query string, if any, via which the page was accessed. AKA $_GET AKA Not secure 'PHP_AUTH_USER' When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user. again provided by the user not secure I'll admit saying anything is over the top, for example $_SERVER['SERVER_NAME'] is provide by the server, so that should be fine, the rule is simple, if the user can change it you need to filter it.

And they lines were ? do you know if the problem is related to recaptcha or mail ?

I am not going to commit to saying yes, mysql_real_escape_string() is for strings, you may want to read PHP Security by Daniel Egeberg

does it work without the recaptcha ? could also be down to a failed mail! !

Using the last one would be harder, the second one would be okay the problem is the more info you have the easier it becomes, with that in mind i think i am going to have to ask what your doing i assume your scraping a web page, maybe pulling links? either way you can get more info but it depends on what your trying to do

before querying a database I convert floats to floats, integers to integers, and mysql_real_escape_string() the strings, before outputting to screen I use htmlentities() on variables that are untrusted (any input I didn't control or filter)

I gave an example in my first post, Nothing wrong with that.. BUT if I changed my User-Agent to <script>alert('PHP Freaks Rule');</script> I'll get an alert, this is the basis behind injections, its only a problem when coders don't filter the untrusted data, and some coders think that $_SERVER['anything'] is safe! and they find out the hard way. just remember if you use $_SERVER['anything'] then filter it before output or inserting it into a database

PHP is server side, firebug is on the client, so no!

are you using the header info ? from what i have seen your not, so no

if you can't get the access you need then as a last resort (apart from changing hosts) you could probably find a site that provide this service. for a windows platform its very simple 1. open services and change Apache service to "Interact with the desktop". <?php $browser = new COM("InternetExplorer.Application"); $handle = $browser->HWND; $browser->Visible = true; $browser->Fullscreen = true; $browser->Navigate("http://www.phpfreaks.com"); /* Still working? */ while ($browser->Busy) { com_message_pump(4000); } $im = imagegrabwindow($handle, 0); $browser->Quit(); imagepng($im, "iesnap.png"); imagedestroy($im); ?>

It can't be done, unless you have full control, you need to use a COM control over a browser, to open the URL then you change to full screen and do a screen shot, of course the screen shot look different depending on the browser user. however you need to give apache user level control instead of system

Not really, obscurity is not security, if you want, you could post to one file and have that include the needed files ie instead of posting to user_edit.php you could post to postmanager.php?action=useredit and use something like the code below <?php switch($_GET['action']) { case "useredit": include "user_edit.php"; break; case "usersave": include "user_save.php"; break; } ?>

or only run the query if the reverse condition is met if ($energy > 0) { //SQL query } or if ($energy <= 0) { echo "Error: no energy "; }else{ //SQL query }

<?php //Close Page PDF_end_page($mypdf); PDF_close($mypdf); //Buffer & Display Page $mybuf = PDF_get_buffer($mypdf); //Removed as it for download only /* $mylen = strlen($mybuf); header("Content-type: application/pdf"); header("Content-Length: $mylen"); header("Content-Disposition: inline; filename=gen01.pdf"); */ PDF_delete($mypdf); $pdffile = tempnam("/tmp", "PDF"); //create temp file $handle = fopen($pdffile, "w"); //open temp file fwrite($handle, $mybuf); //write pdf data to temp fclose($handle); //close temp //Email file here $pdffile /*add email code here*/ unlink($pdffile); //remove temp file ?>

Huh!

Why ? is the first thing that springs to mind, the second it why add this in at the end? i guess you could control posts from a main index page.

If you want to do it via the SQl you could do this $query = mysql_query("SELECT DATE_ADD(registered, INTERVAL 1 YEAR) as enddate FROM members where username='$username'"); $startdate = $row['registered'); $enddate= $row['enddate'); or via PHP $enddate= date( "Y-m-d", strtotime( "$startdate +1 year" ) );

Yes it can be done, it depends on your server, do you have a Linux, Mac or PC server ? do you have full control over the server ?