Rohan Shenoy

@Yesideez: Actually, my problem is not spam, all emails are legitimate, but I am using a cheap shared hosting, so I always have to be careful about resource consumption. If nothing works, then I will install a SMPT server on my localhost and send mass mails directly from my PC @Blade280891: Oh yea....I had actually forgotten it. Thanks for reminding!

Thanks for the quick reply Yesideez!

Hi guyz, I am aware that the mail() function is not suitable for sending mass mails. I need to send an email to about 800 recipients. Can I use the Cc or Bcc fields? If used, will the mail() function run 800 times or will the SMTP servers handle it? Will recipients be able to see the Cc, Bcc addresses? Thank you -Rohan

You may use BLOB fields to store binary objects. Pls google it

You can't do that PHP mail() function because it just 'packages' the mail for delivery and then sends it out. It returns TRUE or FALSE depending upon whether it was able to send it out or not. The mail() function cannot check if the mail reached the recipient's inbox!

The pattern which you are looking for contains a forward slash. You should escape such literal forward slashes with backslash.

Hi guyz, I am working on my website where I need to prevent cross site scripting attacks. I do not want to use htmlspecialchars(), htmlentities() or any strip_tags() because I need to be able to post images and other HTML formatting. At present this is how I do it $prohibitedstrings=array("<script","<script","%3Cscript","<link","<link","%3Clink"); $_GET=str_ireplace($prohibitedstrings,'',$_GET); $_POST=str_ireplace($prohibitedstrings,'',$_POST); Are there any more patterns I should add to the '$prohibitedstrings' array? After observing these precautions are there any other loopholes through XSS can be exploited? Thank you! -Rohan

^use a cookie and then log the hit using some conditional statements as you wish

Instead ereg functions use strpos() in this case.

^There is no other way it can be done. offtopic: I have reported this topic to be moved to MySQL forum.

Hi guyz, I remember reading somewhere that performing mysql_query() in loops can be damaging to the database. Is it possible to avoid that damage by using usleep() function? Something like: for($i=0; $i<100; $i++) { mysql_query($sql); usleep(10); } If it is possible to do so, what should be the value of usleep seconds? Will 10 microseconds be enough or any other value you recommend? I will be performing about 200 queries in the loop. Thank you. -Rohan

After obtaining and incrementing the value from the cookie, you should write it back to the cookie, which you aren't doing.

You can try these workaround to know the param names sent by the post method, provided you know thw script to which they are posted. For temporary purposes, rename that script file and create another php file of the same name, eg: recordScore.php. In that file insert the below code <?php print_r($_POST); ?> It will spit out all the param names (and their values)

Note: This a an entry from my blog. I had written it few days back when somebody was in a situation similar to yours.

I don't know exactly what you need but won't deleting the directory itself delete all the files and foldeers under it? Why to delete each one individually?