lightningstrike

SELECT * FROM sb_members WHERE sb_gender IN ('1','2','3') ORDER BY sb_id DESC should do what you want.

Rather than making an IP based feature. Write a script to automatically flag suspicious users for a review. e.g. If multiple accounts have the same email address, password, similar user names. Also a possibly effective method would be to monitor transactions between accounts and flag anyone who makes many transactions to only one account. Meaning that they are transferring a lot of money to one account, then check if the IP range is very close and you can usually tell it's someone cheating. Of course there is no 100% way of doing this perfectly but what I suggested is a start.

Simply edit the displayimage.php script. Since you appear to be using the built-in php session support. simply include before the session_start(); session_cache_limiter("public"); or something more advanced http://www.php.net/session_cache_limiter which will allow the dynamic images to cache properly.

Yes the INDEX will speed up any statement that has a WHERE clause searching the name. It might be better practice to instead use WHERE ID = 'xxx', if your index is using to much space I believe MySQL can create partial indexes from a shell command as well. Avoid using SELECT * FROM table. * means your retrieving all the data from the table where the conditions are met. Instead SELECT field1,field2 FROM table would consume less memory and time then retrieving unecessary fields you don't need.

Yes the Index should generally be a integer as it is faster and less space consuming but in your case it will only benefit you.

Refrain from using session_register it is deprecated instead use $_SESSION["variablename"] = "value"; Should $arr[1] and $arr[2] be $arr[0] and $arr[1] as after exploding element keys start at 0. If that doesn't fix it, please show us what your userdb file looks like in structure.

Well to be honest I think that's a design that's asking to be tampered with. I mean someone might be able to put data into a table they shouldn't be able to access if they get it's name. What I would recommend I guess to read http://www.phpfreaks.com/quickcode/Check-if-a-table-exists/665.php You could possibly encrypt the table $name . "|" . $sessionid in the hidden field then decrypt it and see if it's a valid alphanumeric response then check if that table exists using the tutorial above and the sessionid after the | is actually the user logged in or something like that.

I would personally recommend a database IP specific timed ban for flood limits but that's up to you. I believe the random text I am seeing is actually a bunch of images ALT tags. images/spacer.gif is not loading for me so I see it's text tag instead.

It's quite well designed. However it has very limited functionality. Also when posting a message with the text ' OR it became \' OR (escaped) which should not be shown the user. Rather then escaping the message use htmlentities($text,ENT_QUOTES); which will encode quotes rather then escape them. I also don't believe that you have made a flood defense feature, although the web host is too slow to test that out. Also at the bottom of every post near the icons i see text "dd232323" perhaps remove that After posting a new topic it says refreshing and takes you to a page on local host which we clearly can't access. That's about as much I've checked out so far.

php.net/curl Read more about the cURL extension. After the user confirms the data. Simply POST the data to the e-commerce programs script. If that is not possible you could show the user a form and use javascript to auto-submit it.

Well actually if he/she has access to the php.ini file or even setting a htaccess php_flag. All they would have to do is make a file I described then simply edit the value of auto_append_file to the file handling the auto-opening.

Perhaps write a simple script to include at the top of the pages. e.g $openat = mktime(1,0,0,9,1,2007); // 1 AM, September 1st, 2007 read more at php.net/mktime $javascript = "<br> <script type=\"text/javascript\"> //put some code here for javascript countdown. </script> "; if(time()<$openat){ die("The website will open on: " . date("M d Y",$openat) . $javascript); }

Not likely they usually have a strong validation set if they are well-coded. Changing a drop-down to invalid value will probably have it reset to a default, perhaps using a switch statement and default.

Read more at the PHP docs - http://www.php.net/session Simply start a session on every page allowing you to access the $_SESSION vars on any page where the session is started. And when the user submits the form save the products to an array or something similar. You can also store their information in the $_SESSION variable (persistent through pages) until they verify the purchase and decided to receive the email. <?php //starts session, MUST be called before sending ANY text to the screen session_start(); //setting Super global session variable ball to true $_SESSION["products"]["ball"] = true; ?>

Are you sure you used mysql_select_db() to select the database you are using, prior to making your query. http://www.php.net/mysql_select_db If so it's possible you may have unescaped quotes in the variables (check by printing them) if so, escape them with mysql_real_escape_string(); http://www.php.net/mysql_real_escape_string