Rohan Shenoy

@Yesideez: Actually, my problem is not spam, all emails are legitimate, but I am using a cheap shared hosting, so I always have to be careful about resource consumption. If nothing works, then I will install a SMPT server on my localhost and send mass mails directly from my PC @Blade280891: Oh yea....I had actually forgotten it. Thanks for reminding!

Thanks for the quick reply Yesideez!

Hi guyz, I am aware that the mail() function is not suitable for sending mass mails. I need to send an email to about 800 recipients. Can I use the Cc or Bcc fields? If used, will the mail() function run 800 times or will the SMTP servers handle it? Will recipients be able to see the Cc, Bcc addresses? Thank you -Rohan

You may use BLOB fields to store binary objects. Pls google it

You can't do that PHP mail() function because it just 'packages' the mail for delivery and then sends it out. It returns TRUE or FALSE depending upon whether it was able to send it out or not. The mail() function cannot check if the mail reached the recipient's inbox!

The pattern which you are looking for contains a forward slash. You should escape such literal forward slashes with backslash.

Hi guyz, I am working on my website where I need to prevent cross site scripting attacks. I do not want to use htmlspecialchars(), htmlentities() or any strip_tags() because I need to be able to post images and other HTML formatting. At present this is how I do it $prohibitedstrings=array("<script","<script","%3Cscript","<link","<link","%3Clink"); $_GET=str_ireplace($prohibitedstrings,'',$_GET); $_POST=str_ireplace($prohibitedstrings,'',$_POST); Are there any more patterns I should add to the '$prohibitedstrings' array? After observing these precautions are there any other loopholes through XSS can be exploited? Thank you! -Rohan

^use a cookie and then log the hit using some conditional statements as you wish

Instead ereg functions use strpos() in this case.

^There is no other way it can be done. offtopic: I have reported this topic to be moved to MySQL forum.

Hi guyz, I remember reading somewhere that performing mysql_query() in loops can be damaging to the database. Is it possible to avoid that damage by using usleep() function? Something like: for($i=0; $i<100; $i++) { mysql_query($sql); usleep(10); } If it is possible to do so, what should be the value of usleep seconds? Will 10 microseconds be enough or any other value you recommend? I will be performing about 200 queries in the loop. Thank you. -Rohan

After obtaining and incrementing the value from the cookie, you should write it back to the cookie, which you aren't doing.

You can try these workaround to know the param names sent by the post method, provided you know thw script to which they are posted. For temporary purposes, rename that script file and create another php file of the same name, eg: recordScore.php. In that file insert the below code <?php print_r($_POST); ?> It will spit out all the param names (and their values)

Note: This a an entry from my blog. I had written it few days back when somebody was in a situation similar to yours.

I don't know exactly what you need but won't deleting the directory itself delete all the files and foldeers under it? Why to delete each one individually?

The protected page should first check whether the user is logged in or not and then allow him access. I think you must not have integrated it into the restricted pages.

$search_term="rohan"; $string="rohan shenoy was here"; if($search_term==$string) {echo "match found";} else {echo "Match not found";} Hope this is the way you expected it. ereg or preg functions are not for this purpose anywayz! You can try using strpos() too if you find occurrence of an exact phrase within a string.

<?php //Method 1: include("path/to/file.php"); //Method 2: $content=file_get_contents("path/to/file.php"); echo $content; ?> Be careful as some elements of the page may not be rendered properly in 2nd method.

Even of you make an .exe file, there are softwares (known as decompilers) which can extract the files inside it. So making an exe also won't serve your purpose.

if (!eregi ("^[a-zA-Z0-9 ]+$", $COStreet)){ $valid="NOPE"; }

$sql="SELECT * FROM table_name ORDER BY id ASC";

Try using double quotes.

<?php $testlink ="<a href=\"http://www.testlink.com/\">Test Link</a>"; $array=explode("href=\"",$testlink); echo substr($array[1],0,strpos($array[1],"\">")); //outputs: http://www.testlink.com/ ?>

1. Ask the member to fill his old and new password on a form. 2. Check if the old password matches the one in database. 3. If it matches, use an UPDATE query, else retun some error message like :"old password does not match"

Do you already have a login script? Check if the authentication cookies are set and log them using values from cookies everytime they access a password protected resource.