per1os

if(isset($_SESSION['index'])){//The correct verification number in the image $Verification = $_SESSION['index']; Change that back to the security code. Read my reply #3. As for why its not working, it must be a server issue the code, other than noted above looks fine.

In Contact2.php I do not see the session_start, is it in the top.php? Also let's see the code where the security image is actually being checked, IE ProcessContact2.php

Just out of curiosity, does the image actually display? If so it seems that the settings for the session are different, maybe the session on the new site is being handled via url instead of cookies. I do not know, but it is a server issue, and I meant by posting the code, not to post the actual page but the code that defines the page. It may be something in there too.

Now the index was just a representation. The ['index'] part is the index of the array. Which means look in the session array for an index of 'index' and print out that value. Where is the page you are using Captcha on, do you have session_start() on that page also?

No he did not forget, read all of his topics they are all too vague, which is why most of them take 20 replies to solve. If he would learn how to ask questions the right way it would be a lot less painful for everyone.

www.php.net/session Store the page in session or put it in a database field, last page visited.

www.php.net/include www.php.net/require

Remove the session_register part. www.php.net/session_register it has been replaced with $_SESSION['index']

The only reason for using a template engine, is incase you want users to be able to do their own templates but do not want them access to php commands. That is the only reason I use ETS for my blogging software. I want users to be able to have full control over their blog without having any other control. =)

Depends on the project man. MySQL if a database is required. For project management see my signature for Eclipse with PHP Plugin, the best project management software I ever used. As far as other posts, stay far away from Dreamweaver. Nothing but trouble. Template engines I use one called ETS (Easy Template System) 1 file, cannot get any simpler. I do also use classes, but that depends on the project. For a simple site with an email form, chances are I would not use classes/OOP. Where as a bigger system such as a blogging system I would use OOP. It all depends man, but Eclipse is by far the best editor I ever used.

How good of a computer are you running it on? Process speed, memory what type of OS are you using? Very well what could be happening is you do not have enough memory on your computer to make it work faster.

Yea htmlentities would be nicer especially if there is html to be displayed. But strip_tags does work either way and an FYI for ya it does work on that query string. At any rate, it bothers me when people think I do not know what I am doing and second guess my tactics =) Either way both methods do work.

Look closer my friend, strip_tags would do something against that.

What are you talking about? That was taken care of with that statement right there bud. That would of eliminated the XSS exploits.

Umm what the heck are you trying to do? $sel[1] = $echosseller = $echosseller + $p; You are setting $sel[1] equal to $echosseller which is equal to $echosseller plus $p? That makes no sense at all. Especially since $echosseller has not yet been defined. Please elaborate on what you are actually trying to accomplish if the below does not work for you. $echosseller = $sel[1]+ $p; OR $sel[1] += $p; Just make sure that your select statement contains the proper variable, IE either $echosseller or $sel[1] which ever method you choose.

You may get a better response posting this in the htaccess forum...

We are going for efficiency right? Output buffering is not very efficient and in this case is the wrong code to use. Output buffering is only for certain circumstances, this is not one of them. If you want proof simply do a bench test of 5,000 times: <?php function microtime_float() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } $start = microtime_float(); for ($i=0;$i<5000;$i++) { ob_start(); ?> <p> <?php echo 'Hi!'; ?> </p> <?php ob_flush(); } $end = microtime_float(); $time = $end - $start; echo "It took $time seconds using output buffering.\n"; $start = microtime_float(); $output = ""; //initialize variable for ($i=0;$i<5000;$i++) { $output .= '<p>Hi!</p>'; } echo $output; $end = microtime_float(); $time = $end - $start; echo "It took $time seconds <b>NOT</b> using output buffering.\n"; ?> Let me know how much slower output buffering is than the code I posted. As you can see with just 5000 times there is already a significant difference, try 50,000 and it should seconds difference. =) Efficiency.

Do you have examples to illustrate this point? Thanks a lot <p> <?php if (isset($_POST['login'])) { if ($_POST['username'] == "user" && $_POST['password'] == "password") { setcookie('username', $_POST['username'], time()+3600, '/', 'domain.com'); echo 'Hi! ' . $_POST['username']; } } ?> </p> That will throw a header after output error. Now if the <p> was stored inside and $output same with the hi part we would not have that issue: <?php $output = "<p>"; if (isset($_POST['login'])) { if ($_POST['username'] == "user" && $_POST['password'] == "password") { setcookie('username', $_POST['username'], time()+3600, '/', 'domain.com'); $output .= 'Hi! ' . $_POST['username']; } }else { $output .= "Please Login!"; } $output .= "</p>"; echo $output; ?>

<?php if (isset($_GET['alert'] && $_GET['alert'] == "noechos") { echo "<script language=\"javascript\" type=\"text/javascript\"> alert(\"You don't have enough echos for this!\"); </script>"; } // should it be $_GET['offset'] ?? if(isset($offest) && !$offset) $offset=0; $recent = 0; $res = mysql_query("Select id,seller,item,sellprice,price,sellerid FROM coll_sell ORDER BY id DESC")or die( mysql_error() ); while( $row = mysql_fetch_row($res) ){ if( $recent >= $offset && $recent < ($offset + 25 )){ if( $recent%1 == 0 ){ echo "<tr><td bgcolor='312D37'><td bgcolor='312D37'><td bgcolor='312D37'><td bgcolor='312D37'><tr>"; } // needs to be named different than what we are looping on. $res2 = mysql_query("SELECT id, name, description, url, price, preview FROM collection WHERE id='$row[2]'"); $item = mysql_fetch_row($res2); mysql_free_result($res2); ?> <td><img src="stamps/<? echo "$item[6]" ?>"> <? echo "$item[1]" ?> <td><a href="trancer.php?g=<? echo"$row[5]" ?>"><? echo "$row[1]" ?></a> <td><? echo "$row[3]" ?> Echos <td><a href="sellbuy.php?id=<? echo "$row[0]" ?>&p=<? echo "$row[3]" ?>&pr=<? echo "$row[4]" ?>">Buy</a> <?php } $recent = $recent + 1; } ?> First off use <?php as <? has been depreciated. Check that offset is not being passed GET or POST, you always check a variable for being isset to avoid the notice error. For the query error you are using $res inside the while, which is what screwed it up, change that to a different name Edits made above.

www.php.net/session

1, you are correct. 2. Highly doubt that removing the <p> would improve efficiency at all, maybe this would be better though: <?php $output = ""; $q = isset($_GET['q'])?strip_tags(stripslashes($_GET['q'])):''; $output .= '<p>The characters you have input are: ' . $q . '.</p>'; echo $output; ?> Reasoning is that storing the output into a variable will allow you to decide where the data should be echoed and will not break the script from a needed header redirect or setcookie function. It is always better to echo out data using the above method to have full control of your output. 3, Using POST over GET is better, but does not improve security unless you are passing password or sensitive information. 4, You are correct if it is being entered into a DB you should use the type of database escape function to clean it up. 5, GET does limit the transportation of characters, as you should not be passing massive amounts of data via GET. POST is much better to do that type of thing. GET should really only be used in circumstances you want people to be able to link back to a webpage such as a search page etc.

http://www.cj-design.com/products/free_downloads/php_scripts/cjlinkout

<?php setcookie ('sitestyle', $_POST['set'], time()+31536000, '/', 'sprites-unlimited.com'); header("Location: " . $_SERVER['HTTP_REFERER']); ?> It sounds like your version of PHP was upgraded recently. Try the above, omit the '0' from the setcookie because that is for the SSL connection, it is assumed to be off and unnecessary. Use $_POST and $_SERVER incase the register_globals was turned off (better that way anyways). Use <?php incase the <? tag was also turned off (as it is depreciated in later versions). Give that a try plus the other post I posted and see what the results are.

lol you are expecting to get a programming job and you do not know how to fix the statement? Kind of funny. <?php $q = isset($_GET['q'])?stripslashes($_GET['q']):''; echo '<p>The characters you have input are: ' . $q . '.</p>'; ?> Explanation: Check for the isset of the get variable with the ternary operator (? and : ) to improve efficiency in that it will not throw a notice error of an undefined index. Single quotes are also proven to increase efficiency during bench tests. You remove the ( ) from the statement because it is just 2 extra characters that are un-needed. As far as security is concerned there is no need because we are not evaluating the statement or using the statement in a MySQL Database query. We stripslashes on the data because in most builds of php magic_quotes_gpc is turned on, which automatically adds slashes to get/post data submitted. Finally we use <?php because in later version <? has been depreciated. My statement still stands as above, you will be way over your head if you get hired for this job and you cannot answer that simple question =) Edit: Thinking about the security aspect, I guess this would make it not vunerable to XSS: <?php $q = isset($_GET['q'])?strip_tags(stripslashes($_GET['q'])):''; echo '<p>The characters you have input are: ' . $q . '.</p>'; ?> Using the strip_tags would remove any possible XSS exploit tag.

My bad, thats right. Try adding a b so it reads "ab+" and see if that helps. As for why it is not working, no clue. Try putting the full absolute path instead of using the relative one.