per1os

To enlighten you more, you received a notice, which is simply that a notice. In the newer versions of PHP notices is sent out for variables that are not defined. Generally a good check (and what you should probably do) is use the isset on POST data. The isset is nice, but in the above problem it was not necessary as you could define the variable knowing that the initial value should be blank. For post data I would highly recommend using this to avoid those notices later on. <?php $username = isset($_POST['username'])?$_POST['username']:''; $password = isset($_POST['password'])?$_POST['password']:''; Incase you do not know the ? and : are the ternary operator which is setup just like an if statement, just encapsulated. Anyhow good luck.

www.php.net/strtotime I believe thats what you want, and I do not think yo have to add the :00 to make "valid"

<?php $username = $_POST['username']; $password = $_POST['password']; $password2 = null; // assign here switch ($username) { case "bob": $password2 = 'qwerty'; break; default: $password2 = null; //or here. break; } use the default for the case or assign it before you enter the case.

mysql_query("SELECT * from books where website <> '\"'"); escape the double quote.

www.php.net/strip_tags www.php.net is your best source to answer very easy and simple questions.

Looking at it, I would store the username or userid in the session with an md5 hash of the password. I would also check that information against the database each time the page is loaded. Just to make sure that someone didn't manipulate the data etc. Just my 2 cents.

You could create your own little function to handle it. <?php function my_strpos($haystack, $needle) { if (is_array($needle)) { foreach ($needle as $need) { if (strpos($haystack, $need) !== false) { return true; } } }else { if (strpos($haystack, $need) !== false) { return true; } } return false; } ?> http://www.php.net/strpos It does not accept an array as the needle. An int or a string.

Part of the problem could be that this file <?php //NOTE: The list of ok files to highlight is called "$files". //Lets make two files that a user could try to highlight. $page = 'functions.php'; $page2 = 'sdkfjsdkfjdj.php'; if (!in_array($page2, $files)) { $content .= '<ul id="pages">'; foreach ($files as $list) { //print array $content .= '<li class="pages"><a href="/show_source.php?page='. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '">'. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '</a> (Level '. $list['level']. ')</li>'; //" => Path: " . $list['path'] ."<br>"; } $content .= '</ul>'; //Else the file is the the array so it is safe to highlight. } else { $content = highlight_file($page2, true); } } print $content; ?> Has a syntax error with the very last bracket. That is 1 bracket too many.

Read my sig. Stay far far away from dreamweaver, horrible program.

250

Shared servers are risky to begin with. If you have the funds and the means a dedicated is the way to go (cheap cheap end $1200/year). I love my dedicated server as you have full control over the number of connections to mysql, you know how many domains are on there and they are only domains that you allow. But yea you should be fine with shared hosting, but generally they are just less secure, although a lot cheaper.

It means that at any point in time you can have a maximum of 50 open connections to a database. Usually 50 is plenty, most hosts default to 25 I think or less. Basically a connection opens when a page starts to load and closes after the page is done, so it is really only open for around .5 seconds or less depending on how efficient your site is. 50 will be good until you start to see a "Too Many Connection" problems, thats when you bump up to 100.

The DB would only be a concern if you are echoing any information from the DB to the page. If you are chances are he used an XSS Exploit in one of your fields that is displayed and or used a SQL Injection tactic with XSS. The real concern is, are you including any files from GET and or POST and where is the data created at, like member signup for the inserts. Are those cleaned for SQL Injection and XSS Exploits? If the answer is no, that is how he accessed the server. There are a lot of unknowns here, let us know if you are including files via GET or doing some type of exec command, also post some code where data is being inserted into the database, that could very well point where the problem is.

Ahhh, thats what I was missing, great to know. I always wondered why I never got output to the screen =) Thanks Robot.

Post the global_func.php file, header.php and the login.php file. Use [ code ] tags instead of quote.

So it seems the browser essentially stops itself at a certain point, probably around 3 minutes. What might work is to try storing the stats in a session variable and than redirect to a page, once completed that displays the stats, or maybe try to write them to a file? Another option, and I am not sure if this will work, but you could create the function to check the size of the file, if the file is bigger than x amount of bytes you split the file in half and run the first part, display the stats and than run the second part, that may keep the browser alive and kicking.

So than it worked and the topic is solved ???

<?php echo '_POST<pre>' , print_r($_POST), '</pre>'; echo 'HTTP_POST<pre>' , print_r($HTTP_POST_VARS), '</pre>'; ?> Run that instead so we can see which one is actually being outputed.

Did the script fully complete? It may not actually "output" to the browser, the goal is for the script to run all the way through.

Google NotePad ++ I believe they have a plugin called TextFX that will do that for you.

Check for a .htaccess file. Also <script type=text/javascript>location.href='page.php';</script> A javascript redirect is an option, if he is using the javascript chances are he is using eval to execute it.

<?php $textfield = isset($_POST['textfield'])?trim($_POST['textfield']):''; if (empty($textfield)) { echo 'The text field is empty'; } ?> Trim the data www.php.net/trim

Do some debugging try this: <?php session_start(); $errorMessage = ''; echo '<pre>' , print_r($_POST), '</pre>'; echo '<pre>' , print_r($HTTP_POST_VARS), '</pre>'; ?> See if anything prints out, and a quick little fix if the http_post_vars does work is something like this: <?php $phpversion = 4.1; // I think this is accesible via $_SERVER or even a function maybe ??? php_version(); un-sure which. if ($phpversion < 4.4) { foreach ($HTTP_POST_VARS as $key => $val) { $_POST[$key] = $val; } } ?> That will allow your script to work either way, it may be necessary to do a php version check.

I dunno man, you posted all relevant code, it seems your settings are alright. Really a default installation of PHP and Apache should work just fine. I cannot re-create the error on my box, linux or windows. Is there any portion of code that is being ran that you have not posted? Are you using Header redirects, if you are using a header redirect try a javascript or meta instead. Other than that you stumped me man, as it works fine on my linux and windows servers.

Bump the 100 up to 1000 that should work a bit faster. 100 is kinda intense, sorry about that.