xylex

The regex method to do something like this would be with assertions. preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).*$/', $password);

How many comments are you talking about? Would it make more sense to just load them all in a js object and traverse that instead of doing ajax?

I think you're mixing up your encryption block size with your key length. Blowfish is a 64-bit block encryption method. Blowfish 448 just means you're using Blowfish with a 56 character key (448/8 = 56). Related and equally confusing is that "AES 256" is Rijndael encyrption with a 128 bit block size with a 256 bit key, whereas "Rijndael 256" can refer to a 256 bit block size and doesn't say anything about the key length.

The Mayans came pretty close to accurately predicting the end of the world given the amount of time and available technology they were working with. However the date was perfected by the brilliant engineers at AT&T in the late 1960's who discovered the real end of the world is going to be January 19th, 2038.

What xyph said, and maybe start by sticking to writing PHP?

You're using functions in the Zip package, is that installed? And if so, what's the error and what's $res on failure? It'll likely be an error code.

Yeah, kind of like how Rails phased out PHP........ Mass adoption is a big factor in keeping languages/frameworks/etc going, even if there's something better out there. And jQuery's a lot more than browser compatibility. The beauty of using frameworks like jQuery with your example is that I can just put in a patch to jQuery that to use .every() when it's available and I've instantly gained a performance boost on new browsers across years of existing jQuery code. Plenty written on the benefits of always using your own wrapper instead of a native API, and on the JS world, jQuery can usually suffice as that wrapper.

Those directives are just for whomever compiled the dll's you're using, you don't need to do anything with them. Did you also uncomment the php_oci extension? Is the oci section showing up on your php_info() page? The PDO_OCI extension is experimental, most of the work that Oracle's two guys have been doing have been in the straight OCI extension. You might want to start by getting the regular OCI extension working first before using the PDO wrapper.

I take it you're running this in Windows? Did you get the OCI8 and PDO_OCI dll's and put them in your PHP extensions folder?

Apache just goes by the file extension for what to send to the PHP parser, so as long as you're sure the file has an extension that won't go to PHP, you're covered. But if you're really paranoid, you can always regenerate the image with gd. Adds a bit of load to your server, but this will wipe any image headers/metadata from the image. Also, if you did want everything to be a jpg and you're allowing gif & png's to be uploaded, this would give you a chance to convert them too.

I always thought that "sudo rm /* -rf" was the best performance enhancement.

mysql_real_escape_string() just escapes quotes that could let someone break out of a quoted string. Your query is probably assuming that id is an integer, and is using the value unquoted in that string. Since it's not a string and not quoted, mysql_real_escape_string() won't do anything since you're already in a vulnerable part of the query and that injection string doesn't use any escapable characters. To clean that up, make sure that id is an integer with intval(). Also, you could do a check/fail using filter_var() so you can log the hacking attempt and start blocking IP addresses or something.

You're sounding a bit frustrated. If you wanted start a thread with code in PHP Coding help for that specific issue, we can probably help you out a bit on how to fix the hole there.

One note on that Hándael example - it's a nice example for learning about regular expressions, but if you ever find yourself trying to match various ways someone might have written the same word using similar letters in Unicode, you'll usually be better off using the Intl class and learning ICU instead of trying to code out regular expressions to do it.

What's with the sudden surge of new users making script requests these past couple weeks? I thought it was clear that this was a development forum, not a "give me completed work that does exactly what I want for free" forum. At least no one's going out of their way to answer the request.

CV- That exchange is definitely worth a complaint to the FCC. Hopefully enough people are smart enough to complain they'll investigate and fine. http://esupport.fcc.gov/complaints.htm

Lenovo's been making IBM laptops since 2004. Are you comparing them to themselves or do you mean 8 year old IBM laptops? The biggest difference is that the Lenovo brand label has twice as many letters as the IBM logo, so this could provide additional protection to the laptop case.

Are you really complaining about not finding really good developers on the freelancing sites? That it's not packed with the caliber of developers who could easily land a high paying full time job or make a lucrative living with just a handful of steady clients? I suppose we could give that up and go for a career competing with $2/hr South Asia developers spending my day making bids with the hopes of being able to land that one gig that'll get us a whole couple hundred dollars/pounds. And then spend way too much time on that gig with the client who thinks you have nothing else going on that week than to work on their schedule, and who also has "some programming background" and will continually tell you how to code something despite every time they open their mouth, they just expose further areas of ignorance. If you're really that confident that this will only take someone 1-2 hours and you're willing to pay normal agency rates for those two hours, why not just hire a local development agency directly? Or did you try that already and all the bids were coming back reflecting that you're way underestimating what it will take to write stable, secure, maintainable code for this project?

In most situations, a 4 wheel drive car will be better than gloves. However, gloves work out better usually than a front wheel drive car. A rear wheel drive car is always better than gloves, unless the gloves are actually mittens.

Jeffery Friedl's Mastering Regular Expressions book was a huge help getting things going for myself.

Why not just use Google's Webmaster Tools and see how their engine is crawling your site for yourself?

Any chance your company would settle for a low amount of extremely high revenue traffic as opposed to a huge amount of no revenue traffic? When I was doing the agency work, anytime I would see the generic "We need more traffic via SEO" type request, it'd be a huge red flag for me. Marketing requests are almost the same as software requests - a huge part of our job is finding out what the real requirements are vs. what our client initially says the requirements are. With this whole initial focus on generic SEO and "traffic," it really sounds like something that you could dig deeper into and devise a much better ROI plan than blindly throwing money at ways to increase your bandwidth usage. Unless of course you're an ISP just looking at how to overcharge your clients, in which case you should just hire a Russian bot-net to DOS your server for awhile. You'll get awesome amounts of traffic you can bill to your clients.

You need some starting numbers to do any kind of load calculations. Do you know anything about the peak load estimates or daily usage? If you really don't have any numbers to start with, the method described here is about as accurate as anything else - http://bit.ly/gBtTCu

Usually whenever I've dug through the logs to find the referring page and client that followed it, it comes back to some black-hat SEO technique that some spider followed to my site. For example, one of the sites had some script or proxy wrapper to post the contents of the DMOZ directory on the page when the client header was Googlebot. A bot would pick up those links and then link to my site, but when I viewed the referring site in an unaltered browser, none of the links would be there. When you do find these, a quick note to Google will get them delisted.

Looking at the bug report and patch, the denial of service issue doesn't have anything specific to do with 8 bit characters. Rather, it looks like the logic dealing with the issue that their quoteimap() function didn't work well with 8 bit characters (plenty of reasons this might occur), so they had different handling for 8 bit characters, and this alternate path had the defect.