Bauer418

Ensure that the script on server 2 checks to see where the request is originating from, validating that it is from your first server's IP address. You may also want to employ an array of other checks to ensure your data's security.

Instead of using "case '':" try using "default:" That will run the specified action in the case that none of the other switches are met, even if the string isn't blank.

You are saving the file name as the image resource on this line: imagejpeg($image,'new_'.$image,100);

Create another database for another site, or to separate two parts of the same site (sometimes people will use different databases for forums than for their main site content). All depends on preference.

You're ending all of your parenthetical statements with brackets, which isn't right. Otherwise, what are you expecting to be output? This page would output nothing if it all went as it should.

I don't have a database to test this on currently. You could run a SELECT query (with no WHERE clause, just select all entries from your members table) to see if anything has been added.

And you are entirely positive that the record is in fact not added to the table of the database? If you have no MySQL errors, you are connected to your DB, and you insert the data with no problems, it should be there.

Change this line: $add = mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `firstname` ,`lastname` ,`gender` ,`country`) VALUES('$username','$password','$email','$firstname', '$lastname', '$gender' ,'$country')"); To this: $add = mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `firstname` ,`lastname` ,`gender` ,`country`) VALUES('$username','$password','$email','$firstname', '$lastname', '$gender' ,'$country')") or die(mysql_error()); You must have an error in your query, and that will tell us what it is.

Yes but that doesn't validate a proper md5 hash. The method I posted, though preg_match is slightly more cpu-intensive than trim, won't let a string that is obviously not an md5 hash go into the query.

This should help you out http://www.iisadmin.co.uk/?p=4

$_SERVER['REMOTE_ADDR'] is the IP address of the user connecting to your website. Sometimes it can return the wrong value if the client is connecting behind a certain firewall or proxy.

mysql_real_escape_string($_GET['hash']) would help quite a bit. And just ensure that it contains the data that you want, even if you need to run preg_match(), such as preg_match('/^[a-z0-9]{32}$/i', $_GET['hash']);

Searching does wonders. http://us3.php.net/zip

More importantly is something I just realized...you don't clean $_GET['hash'] at all before throwing it to MySQL. People could easily inject their own SQL queries into your site by simply changing the value of the hash parameter in your URL query string.

You're opening PHP tags inside of PHP tags, which is completely invalid. You'll want to use the period (.) which is a shortcut to concatenate a set of strings/variables. <?php $strKeyword = $_GET['kw']; header( 'Location: http://www.mylink.com/g9117y1A719PRVRXRZRPUQRRSWW?sid=' . $strKeyword ) ; ?>

You'll want to run htmlentities() before displaying external data, and mysql_real_escape_string() before entering it into a database. On top of that, you should be doing your own manual checks on data before letting it go through your site.

Actually it's saying that there's no form field called firstname. In your HTML, the field is called 'name', but in PHP, you're trying to access 'firstname'

You'll want to specify the second parameter of the trim function, like this: $path = trim($_GET['path'], "~./\\");

<?php $page = strtolower($_GET['page']); switch ($page) { case 'home': print 'Hi'; break; case 'events': print 'Hello'; break; } ?>

My bad, it shouldn't be mysql_affected_rows($query), it should just be mysql_affected_rows() <?php include ("init.php"); function user_activation () { $password = $_GET['hash']; $timestamp = base64_decode($_GET['timestamp']); $query = mysql_query("UPDATE users SET status=1 WHERE (password = '$password') AND (timestamp = '$timestamp')") or die (mysql_error()); return mysql_affected_rows() >= 1; } if (user_activation ()) { echo 'Your account has been activated.'; } else { echo 'Your account has been already activated.'; } ?>

What you should do is trim all dots, slashes, and tildes (. / \ ~) from the beginnings and ends of the $_GET['path'] variable. This should stop the user from getting to folders and files they don't have access to.

Here are a couple things you could do: 1) chmod the parent level directories to not allow them to do anything to the folder 2) employ a simple basedir restriction, in which ?path=/ would refer to the base directory of the user's folder. You could then proceed to strip out all dots (".") from the ?path= variable, so ?path=../ would translate to simply ?path=/ using a simple str_replace call. A combination of the 2 is obviously optimal, and the first one is more of a temporary patch than a fix

if (parentOrSub == 1) { // if it is a parent category should read if ($parentOrSub == 1) { // if it is a parent category That statement has probably been returning false and trying to delete a subcategory instead of a parent category.

You'll need to use curl which has methods of storing and sending cookies to websites. Are you sure this isn't spamming? Because using a script to make your results come up first sure sounds like something that may be in the site's terms of service.

Ok you're still not understanding. What is the first day of the forecast you are gathering?