gevans

It sounds like it should be safe seeing as all the addresses can be monitored, but try putting a captcha in place; http://www.white-hat-web-design.co.uk/articles/php-captcha.php

My recommendation would be as follows (for the easiest way to sort the problem); Change the current form code bellow; <form id="form" action="" enctype="multipart/form-data"> <div class="form"> <div class="indent-form"><input type="text" value="name" /></div> <div class="indent-form"><input type="text" value="e-mail" /></div> <div class="indent-form"><input type="text" value="phone" /></div> <p> <textarea cols="2" rows="2">message</textarea> <a class="link" href="mailto:info@orientwatchusa.com" onclick="document.getElementById('form').submit()">Send<img src="images/link_marker.gif" alt="" /></a></p> <p> </p> </div> </form> to this <form id="form" action="contact_send.php"> <div class="form"> <div class="indent-form"><input name="name" type="text" value="name" /></div> <div class="indent-form"><input name="email" type="text" value="e-mail" /></div> <div class="indent-form"><input name="phone" type="text" value="phone" /></div> <p> <textarea name="message" cols="2" rows="2">message</textarea> <input type="submit" value="Submit" name="submit" /></p> <p> </p> </div> </form> This will sort out your contact form, The code bellow should be copied and pasted into notepad (or any other text editor) and saved as contact_send.php <?php $to = "you@your.com"; $subject = "Results from your Request Info form"; $headers = "From: Form Mailer"; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n"; if(!isset($_REQUEST['name']) || empty($_REQUEST['name'])) die('You must fill in all details'); else $msg .= "Name: {$_REQUEST['name']}\n" if(!isset($_REQUEST['email']) || empty($_REQUEST['email'])) die('You must fill in all details'); else $msg .= "Email: {$_REQUEST['email']}\n" if(!isset($_REQUEST['phone']) || empty($_REQUEST['phone'])) die('You must fill in all details'); else $msg .= "Phone: {$_REQUEST['phone']}\n" if(!isset($_REQUEST['message']) || empty($_REQUEST['message'])) die('You must fill in all details'); else $msg .= "Message: {$_REQUEST['message']}\n" if(mail($to, $subject, $msg, $headers)) echo "Thank you for submitting our form. We will get back to you as soon as possible."; else echo "There was a problem sending your email, please try again later."; ?> This should work, but it was off the top of my head. If you have any questions or it doesn't work let me know

Yes that should work, but you can easily get spam messages, and it doesn't check to ensure that the email sent. But it's safe to put onlnie and try.

To send form data to an email address you're going to need to use a server side script such as PHP.

Correct me if I'm wrong, but you're only sending one of the password fields to the script, $pass1 is always empty because you haven't sent it in the JavaScript URL.

http://fr2.php.net/manual/en/function.mail.php That's the link to the main function page at php.net Should be everything you need. If you have any problems just ask

Going to need a bit more details than that, can you paste the code from the problem area?

Ok, this should do what you want $pattern = "/^[0-9]+$/"; //$data = $_GET['REF']; if(preg_match($pattern,$data)){ echo "Match"; $your_array[] = $data; echo $your_array[0]; }else echo "Not match"; The pattern will match only numbers. If it is a number it gets added to an array

Store the number as a string instead of a number $number = 0055; echo $number;//prints 55 $number = "0055"; echo $number;//prints 0055 <?php $Ccrd="1234123412340001"; $last4 = settype(substr($Ccrd, -4, 4), "string"); echo $last4; ?> too the last bit of code from ddrudik, just need to set it as a string

That would be me over tidying other peoples code; "SELECT comp_name FROM was "SELECT * FROM

Do you want to match just that number, or a possible six number comination? Also are you matching the whole thing (including html tag) or just the sent data. $pattern = "/^[0-9]{6}$/"; $data = $_GET['REF']; if(preg_match($pattern,$data)) echo "Match"; else echo "Not match"; This should work if you're getting the 6 figures number and want to match any combination of six figure number.

I think I know what you're trying to do, try the code bellow in place of yours. You can sort your results in the mysql_query; $listsql = "SELECT comp_name FROM `users_db` WHERE `user_level`='11' ORDER BY comp_name ASC"; $listqry = mysql_query($listsql) or die(mysql_error()); while($list = mysql_fetch_array($listqry)){ echo $list['comp_name'].'<br />'; }

Check your page source once the code is run. Somewhere you should see the img tag if its all worked properly. <img src="you.image" width=144 > I'm guessing you want a standard width, so that the height can change. If you see the width=144 and it still doesn't work try complying to XHTML standards; <img src="you.image" width="144" />

Hey, I've just been researching rss feeds and have written the following code as a test; <?xml version="1.0" encoding="ISO-8859-1" ?> <rss version="2.0"> <channel> <title>Surf Club Test</title> <description>Testing rss feed for www.uopsc.com</description> <language>en-uk</language> <copyright>Copyright &copy;2007 uopsc.com</copyright> <link>http://www.uopsc.com/</link> <author>admin@uopsc.com</author> <pubDate>Wed, 04 Apr 2007 12:41:00 GMT</pubDate> <image> <url>http://www.uopsc.com/logo/logo_shore.jpg</url> <title>Shore Logo</title> <link>http://www.uopsc.com</link> <width></width> <height></height> </image> <item> <title>Surf Club rss test 1</title> <link>http://www.uopsc.com</link> <description>Description of the first test feed</description> <category>uopsc trips</category> <pubDate>Wed, 04 Apr 2007 12:42:08 GMT</pubDate> </item> <item> <title>Surf Club rss test 2</title> <link>http://www.uopsc.com</link> <description>Description of the second test feed</description> <category>uopsc socials</category> <pubDate>Wed, 04 Apr 2007 12:42:43 GMT</pubDate> </item> </channel> </rss> This works perfectly untill I subscribe to the feed using IE, after donig this it only ever shows 1 item.

I understand that I'm setting check to "true" as a string rather than a boolean value, but that makes no difference in the security as it's only set under the following circumstances; <?php include("config.php"); $check = ""; $username = $_COOKIE['username']; $pass = $_COOKIE['userpass']; $pass2 = md5($pass); $con = mysql_connect("mysql","$mysqluser","$mysqlpass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("pcoffee_contact", $con); $result = mysql_query("SELECT * FROM admin WHERE username='$username'"); $test = mysql_fetch_array($result); $test_pass = $test['password']; if ($test_pass != $pass2){ echo $login_fail; die(); } else{ $check = "true"; } ?>

cheers guy, Heero that seems like the most reasonable option. If I'm making an admin with set username/passwords for myself or businesses the public wouldn't have access so cookies would be safe enough. But for public sites with open registering I think I'll have to learn about sessions

Hey guys, I've recently started writing bigger scripts using PHP and MYSQL with log ins etc... I just need to know the best way to check security of the pages. When I write log-ins I compare username and password to the mysql database, then create cookies. Then each page starts with an include. The page is a check to confirm that the cookies have been set, then confirm that the username and password are the correct ones with relation to each other. If this is all good it returns true. Following this there's an if statemtent, if ($check == "true"){ the site shows, } else{ $log_error; die(); } Is this secure enough, is there ways round this, or better ways of doing it?