xylex

I'm pretty sure a perfect script is a turnkey one that generates millions of dollars a day for me with no maintenance. Not sure where objects fit in......

If you're looking for a book, a really good one is Bergmann's Real-World Solutions for Developing High-Quality PHP Frameworks and Applications. Since it's Bergmann, it does focus a lot around making sure your framework is testable, but there is pretty extensive coverage of real-world applications of the basic principles.

I'm with Vel on not allowing people to fish for valid usernames, but to answer Jesi's question on how to do the password comparison in one query without pulling the has from the DB, assuming that "secret" is the hashed password column - SELECT username, CASE secret WHEN '$hash' THEN 1 ELSE 0 END as password_matched FROM users where username = '$username';

You say that you don't know much about the backend, so do you know anything about your traffic patterns or what's causing your performance issues currently? If not, it'd definitely be worth hiring a developer to spend some time checking things out. I have no experience with hosting.com and I'm certainly not saying that they're a bad host, but almost every host that I've dealt with has always said the site will just magically be faster if I moved to a more expensive solution, regardless of if that would really solve any issues. Often with shared hosting you're stuck on a very oversold server and your site is slowing down because of other activity on the server unrelated to you, so moving to a similar plan at a more scrupulous hosting company could solve the issue. And many times throwing more hardware at a bottleneck in the application that you're running isn't necessarily going to fix the problem - for example if you're heavily querying large unindexed database tables.

If you're in the US both KBB and NADA sell API's to their prices. KBB - http://www.800bluebook.com/oem-solutions/data-syndication/ NADA - http://www.nada.com/b2b/GetValues/APIandWebServicesProducts.aspx

AWS is the result of doing just that - their infrastructure is built across secure API's for their own e-commerce platform, and then they opened those API's up to the public for a whole new revenue stream.

And as PFM points out, cookies aren't to be trusted, so you have a SQL injection spots here "SELECT `lastpost` FROM `users` WHERE `username` = '{$_COOKIE['user']}'" And here "INSERT INTO `threads` VALUES (null, '$id','$title', '$content', '{$_COOKIE['user']}', NOW(), '". qfc() ."', NOW(), '{$_COOKIE['user']}', '','{$_SERVER['REMOTE_ADDR']}', '0', '0', '$s', '')" The latter of which could easily be used to spam your database.

If fire really is your main concern, Sentry makes a few USB firesafes so you can have an external drive (or array) plugged in while in the safe. And those ones are storage-media rated for a couple hours or so. But I'm an online backup fan, there's plenty of scenarios other than fire or drive failure that online backups protect against.

Little off there- $_SERVER['QUERY_STRING'] only returns the part of the URI after the "?" (e.g. http://www.phpfreaks.com/forums/index.php?topic=353390 query string is "topic=353390") It differs from $_REQUEST in that $_REQUEST returns cookie and post variables as well as the query string ($_GET) variables, and you might use $_SERVER['QUERY_STRING'] instead of $_GET to parse a request that has multiple parameters of the same name (horrible, but possible practice in REST services). And the the second question IMO was just to see what your background is of doing this. Personally, I like to use a similar question when I'm interviewing as people tend to jump to what they know best - network issues, PHP performance, server issues, DB performance, client rendering, etc - which is usually a way more honest answer than if you ask them what part of the stack they feel the most comfortable.

All it takes is running a few million miles of optical cable to tens of thousands of data centers around the world from your personal computer and you can have free internet.

No one hires a junior web developer for what they know. Junior web developers get jobs based on what the hiring company thinks they can learn. To get an entry level job you should be able to demonstrate that you have a solid foundation in programming (know gang of 4, programming logic, OOP concepts, etc), have a good high level understanding of what scalability means, both on a software infrastructure side and a team side, be good at communication, and are eager to learn new stuff. A junior level candidate who has these skills, even without implementation experience, is far more valuable than someone who spent 6 years on the job implementing, but doing basic tasks without demonstrating growth capability.

Your login script is vulnerable to session fixation attacks with this behavior if you're allowing session ids to be set in the URL, which is the default. You always want to call session_regenerate_id() after a successful login to prevent this, which will give you a different session id.

Most phones support the HTML5 Geolocation API.

You counting the speed of development or the speed of code execution? Because hiring a team of developers to write a website in assembly seems like a waste of resources. Every language has its strengths and weaknesses depending on the task at hand, and if your language/platform/framework/etc agnostic, and know many of them, you can easily learn to leverage the best strengths for whatever task is at hand. I'll have to dig if you make me source this, but there's one study out there that showed the one metric that could consistently predict the productivity of a programmer was the number of languages that programmer knew. Translating this into the real world, I just landed a job with a major software company not based on any language or platform they used that matched what I knew, but rather on my track record of being able to quickly pickup whatever language/framework/api etc I needed for the task at hand and integrate it into any system. So learn Python, but don't totally abandon PHP or claim one is universally better than another. A nice learning project might be leveraging Python's strength as an SOA architecture while using PHP as a web frontend to it.

And I've always wanted to build an airplane, but whenever I go ask the guys at Boeing if they can guide me through it, those jerks won't help me out. You're brand new to PHP, you don't have any concept as to what a custom payment system might even entail, and you're coming here asking people to make something work with no real regard or understanding of what it would take to protect your user's payment information. I'm doing both you and your users a huge service in advising you not to proceed down this path until you get some more fundamentals taken care of because public payment systems are not something that you should hack together as your first learning experiment. Your post history largely consists of asking for help using code you downloaded and don't understand how it works. Many of the forum members here who have significantly more experience than two months have seen the end result of trying to go down that path, which is why it is not encouraged. If you feel that this community's effort to help guide you become a successful developer based on our years of knowledge and experience is this regard doesn't cater to the route you insist your brief experience show is better, you're welcome to find another forum that will cater to your every need.

Not to be a buzzkill here, but you're asking to do something that's pretty complex for someone who's brand new to PHP to do. Tying in webservices well builds on a lot of other fundamentals that it doesn't sound like you have yet. And when you're trying to write a custom payment solution without a good understanding of defending something like basic SQL injection, even if you can hack it together that it kind of works, you're just asking to be another statistic on the list of security breaches.

"Tuition reimbursement is up to $12,000 per calendar year." - http://www.google.com/intl/en/jobs/lifeatgoogle/benefits/index.html#bbb I know, that won't cover tuition, but between that plus financial aid and scholarships, you'd likely be able to go to either school with pretty minimal out of pocket to you.

You seem pretty willing to bust your ass for awhile, so to speak. If I had your opportunity, I'd really consider taking the job at Google while having them pay for most of my degree at Stanford or UC Berkeley or the like. It'd suck for the 4-5 years you might be doing that, but you could be coming out of that with a degree from one of the top CS schools in the world and several years of experience with one of the top software companies in the world.

Why not just get an actual reseller account? You can get a decent one for less than $20/month.

You should always sanitize any data that you use in a query, whether that means escaping or doing something else to sanitize the data. Escaping won't help you if you're using user data in an unquoted part of the query (unquoted integer in a limit or order by, table name reference, etc).

Busby- Looking at your post history, you haven't answered a single php question on the forum. Most of the questions people ask on here are ones that you commonly run into in the real world, and many companies expect you to be able to answer many of those off the top of your head, and for ones that you can't, to quickly find the answers to those problems. Hit the help forum, and learn to master figuring out the answer to those types of questions. This will give you the the basic skills of what employers expect at an entry level.

That's how you had time for your 9200 posts. You needed something to do while things were compiling

That's not a file size error, that's a memory limit error. Search this forum for "memory limit", plenty written up about it.

Your bug is right there. Make sure you understand what fgetcsv() and list() are doing.

16 years now for web-related coding for me. I even have the documentation to back that - http://www.nytimes.com/1996/04/06/us/on-the-internet-the-unabomber-is-a-star.html And started working with PHP when it was PHP/FI, so about 13 years there.