premiso

Not necessarily. That script allows them to create any file remotely. They pass in the values and this will create a dynamic file for them. Notice the fopen and the mkdir. That one script alone has exploited you and allows the hacker to generate any file any folder on your system. Your FTP account username/password is safe. Your site's code is vulnerable. Look at the Apache log files you will find where they breached it at the exact file etc. I know cause I had this happen to one of my customer's servers and it was running an OSCommerce version. They were using it to send spam mail from my server.

Do you have any actual code to show us?

If you look at the PHP Manual for the Mail() function you will see that they give examples of how to send emails with PHP. I would suggest reading up on that and attempting to implement one of the examples that best suit your needs. There are also plenty of Google Resources available for how to send mail with PHP. If you cannot attempt to try it and if you fail provide the code for us to assist you, then perhaps posting this in the freelance section is the way you want to go and offer someone money to code it for you. We are here to help, not write the code for you. At least give it a try as you should have all the resources you need from the manual and or by searching google.

You can pull data out how you want, an object, associative array or regular array. It will not matter. But explode puts the items into a non-associative array and you were trying to print the array and found out it just produces "array". Instead you have to print it out by index since explode does not make an array associative. $id = $_GET['id']; $query = "SELECT moj_title, moj_issue, moj_summary, moj_genre FROM mojocd WHERE moj_id = '$id'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); $query = "SELECT moj_date FROM mojocd WHERE moj_id = '$id'"; $result2 = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); $moj_date_string = mysql_result($result2, 0, 0); // you were not really using the object right, but since you are just pulling one column/row mysql_result will work great $moj_date_exp = explode(' ', $moj_date_string); // if you used the fetch_object, this line should be $moj_date_exp = explode(' ', $moj_date_string->moj_date); $moj_date_exp = array_reverse($moj_date_exp); // make sure the year is first no matter what. $year = isset($moj_date_exp[0])?$moj_date_exp[0]:''; $month = isset($moj_date_exp[1])?$moj_date_exp[1]:''; $day = isset($moj_date_exp[2])?$moj_date_exp[2]:''; mysql_result is what I tend to use when I am only expecting 1 column from 1 row. Just easier. The ? and : are the ternary operators which is a shortended if/else to prevent errors if the index of the array is not there. Anyhow, hopefully that was what you were looking for.

print_r($moj_date_exp); Read up on array's for how to use the array items. Basically $moj_date_exp[0] will be the first element (the item before the first space) and so on. EDIT: Also note: $moj_date_string = mysql_fetch_object('$result2'); Is probably throwing an error, single quotes like you used there takes $ literally. Use double or no quotes: $moj_date_string = mysql_fetch_object($result2);

If you have a page on your website that includes a file from $_GET or $_POST data that is your first place to look. You can generally look at the Apache Logs to see what pages have been sent GET data and what the get data is. If you see a lot of requests that have URL's in them, chances are that is where you were compromised. By going to the site it should be plain text php which runs remote code to hack into your site. That is my bet on what happened, someone found an exploit in your code and exploited it.

Windows 7 by far. Vista was just a waste of the homeowner's money in my opinion, just like Windows ME. I hate the mac ads, they are way too biased and freaking retarded. Mac has less virus's because Mac does not make enough of a chunk of the PC users out there. Or the "dumb" PC users. So virus's are targeted at the system which will be the most effective for a worm to travel through. Why would you design a worm to go through a few million (if that) computers vs a few hundred million? The whole point is to cause dismay and issues and sometimes steal information. Simple as that. If Mac was more popular it would be the target of virus's etc. I honestly think the mac ads are just freaking retarded. Yea there is some humor as everyone get's a laugh at Windows and it's security issues, but when you have the user base windows does, you cannot cover all your angles. As a Mac tends to have just a few custom machines from the advanced, PC has Compaq, HP, custom, Alien Ware...and list goes on with all sorts of different hardware etc so they have to accommodate that. Now whose job is easier? The company that makes their own hardware and it is rare that user's customize their machines or the company where anyone can make a machine with any type of hardware in it and get it to work. Really, I just hate those mac commercials, so freaking stupid. And so typical of Mac to stereotype PC users to all be "geeks/nerds" vs "trendies". If you want to follow the trend or get into graphics get a Mac. If you want to be able to customize your machine fully get a PC, because a PC does not have to run Windows. /end rant/ This is strictly my view, I could be overreacting, but yea. I think Mac's are good decent computers and great with graphics but not very cost effective.

Not really. The method you posted, since concatenation is being used, will be faster/more efficient by microseconds.

mail If your server allows the user of mail then that should get you where you want on how to email the content.

Chances are, if you have a shared host, allow_url_fopen_wrappers (unsure of the exact name but close enough) is disallowed for security reasons. You should look into converting it to cURL if your host allows cURL.

Maq's quote goes with the commercials: There are somethings you can't buy... But can works just as well as can't in my opinion. Some people cannot figure out items even with google, so yea. Either works

Why not use an md5 or an sha1 hash. Or use an id field that is auto_incremented in the DB and use that auto_incremented ID value to refer to it.

"There are some things you can't figure out, for everything else, there's Google". Nice! I never seen that before Great slogan.

http://www.google.com/#hl=en&q=image+resize+watermark+php http://www.google.com/#hl=en&q=php+resize+image+proportionally Asking mute questions on a forum: Free Learning to Google and answering your own questions: Priceless

You could just use the or tags around code to highlight it etc. That was what Kev was referring to. Example: // Place Code Here Or: // Place PHP Code Here

How is that page setup? You need to know what the page name is somehow...so how do you "personalize" their account page?

You need to read into Relation Database Management Systems before you continue or take a SQL Class/read RDMS books. As you obviously do not have the experience with such. It will make your life so much easier understanding that, as stated 100 tables is ludacris and completely defeats the purpose of a database. A table can have as many rows as you want, so you setup the table with the common items needed, machine name, make, model etc. Then if you want to "log" information setup another table "computer logs" which olds the machine id for the first table so they link then you write a query to pull up this information. I explained it rough and brief because yea, I do not have the time to fully explain relational databases especially when there are books/classes out there that do it a ton better than I can.

I would use the script phpMailer (google it) as that seems to work very well. If you use gmail as your smtp host look into phpGMailer, same thing just customized to work with GMail.

From the same page above. Set the timeout to be however long you want, a year, a day etc.

From : http://us2.php.net/manual/en/session.configuration.php It does not time sessions out. That has nothing to do with session timeout. This is what you want: From the same page above.

Store it in a text file with fopen and fwrite or store it in a DB entry.

header('Content-Type: image/jpeg'); That is why you see text. You are saying the content type is an image. Remove that line and it should work like expected. As to why that would work in IE7 and not IE8 is beyond me, but yea.

I understand that part. I am talking about when you submit the form to change the dropdown. You stated that it gets put back in as "Y" no matter what. That part of the code is where you would put that definition I posted earlier as it seems like your $rec_access variable is not being set or retrieved from the form properly. The code to populate that dropdown list has nothing to do with the issue you are describing. It is mute point. You are saying that the value being submitted from the form is not updating correctly, however the form is populating just fine right?

I think they tried but failed. I know that my FF starts up at 80MB then slowly increases and gets to about 500MB and all I do is browser forums and read GMail, and in fact it is GMail with FireFox that is causing the memory leak. Whose end is it on, GMails or FF I am not sure. But yea it is a known problem. So I just installed a mail notifier and use that. I would use Thunderbird to get my email but I hate using clients cause I am often on 3-4 different computers and it gets to be a pain

Yep it is possible depending on how your DB is designed. If you do have repeats (which if you do my bet is your DB is designed wrong) then you can use the DISTINCT keyword in MySQL on the field: SELECT DISTINCT fruit FROM fruits WHERE somecondition = true