woobarb

no, because all your sending back is the hash, or, if you've been to page 1, it's given you the code, then you use this to access page 2...

Right, I see it's like a second session variable, which is safe to place within the page content (because it's not the session variable), hmm I like it! EDIT: Actually that's just as easy to spoof!

'm assuming you wanting to match? $res = preg_match("/^[0-9a-z]$/", $s); you might want to make it case insensitive also... oh, hi pocobueno1388....

Not that i've been all through your code, but starting a session sets a session cookie, you get the value of it using: $sid = session_id();

that won't justify it to both sides, and also I want to be exact to the character because of floating layer issues...

I have a block list which can work on ranges of ip's, I check for a valid (too short) user agent (also a block list, e.g useful for bots), then I check for frequency timings, then check for use of proxy (doesnt get onion skin proxies like tor though): ... // CHECK ADDRESS if(isset($_SERVER['REMOTE_ADDR'])) { if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) || (isset($_SERVER['HTTP_VIA'])) || (isset($_SERVER['HTTP_PROXY_CONNECTION'])) ) { $result[] = "proxy REMOTE_ADDR"; } } else { $result[] = "unset REMOTE_ADDR"; } ... But what your asking for is to check that the previous page that brought them here was within your domain, then: $_SERVER['HTTP_REFERER']; is what you need, but what happens when after the first try, they are just trying from the same page, or just faking it?

to change every text file on a server means you need to open, check and if required change and save, EVERY file... unless you know some better magic. And hey at least you don't have to do it by hand. And yes jonsjavas' variation would be faster, but you did specify with php...

i've just been looking at the wordwrp function and thought i'd like to expand it to make it justified (like a newspaper does). Then I thought i'd better consider html entities, because they won't count, which now makes it a little more complex than first thought. Is there a function which already does all this? merci

Walk all the files, opening each one in turn and doing a preg_replace or substr_replace.

your query doesn't use a where, also maybe $_SESSION['checkaddGrades']['stuid'] needs incrementing (but not sure there!)

theres 3 ways you could do this: a) use an array of buttons b) have separate form for each element c) append the id to each button name and check for which instance was used

Are you inferring you have multiple servers all dumping into a db and you need to know which one server the client the page or do actually want the clients ip? if so: $cip = $_SERVER['REMOTE_ADDR']; else $sip = $_SERVER[''SERVER_ADDR'];

Hi, i'm just testing and was wondering if there anything along these lines to look out for? $s = "<br><br><b>BOLD</b><script>alert('hello');</script><br><hr><?php echo 'im here'; ?>"; $s = bin2hex($s); $s = strrev(chunk_split(strrev($s), 2, "%")); print "converted: ".$s."<br><br>\n"; print "<a href='?cmd=".$s."'>link</a><br>\n"; if(isset($_GET['cmd'])) { //print "cmd: ".htmlspecialchars($_GET['cmd'])."<br><br>"; print "cmd: ".$_GET['cmd']."<br><br>\n"; } You know, if any other sort of encoding will get passed, or is it converted back to normal by the server before being passed onto php?

Are you aware of the php manual, that has some examples for each way of using it. The search box is the most invaluable resource available for php programming.

I like the simplicity of AndyB's way, but here's the way we have it in our CMS: function _db_do_mysql_query($s, $conn) { global $DEBUG_LEVEL; try { if ( !@ ($res = mysql_query($s, $conn)) ) throw new Exception (mysql_error()); } catch (Exception $e) { if($DEBUG_LEVEL >= 1) { echo "MYSQL ERROR: ".$e->getMessage()."<br>"; echo "USING: ".$s."<br>"; } return array(-1, $res); } return array(0, $res); }

If it's going in a database then real_escape_string() should definitively be used, also that regex expression allows for characters before and after the bit which will return true... so a stray ' could get through!

I like the str_word_count() function because it also handles comms ',' and the such, because some nationalities will write their surname before the given name, and it is proper to do this with a comma.

mmm they convert to low res flash clips. However in my personal opinion ffmpeg is surely one of the best av apps around and definitively has a streaming server for virtually every codec available.

oops, that was ment to say... it ain't definitely php! ***even though there is a ffmpeg module available, I think youtube uses it, but it may just be for the upload part?

ffmpeg server or vlc? it definitely php!

Probably an easier way but here's one: $n = rand(100, 1000); $n /= 1000; $n = sprintf("%0.3f", $n); print $n;

If it's just an excerpt that your giving them, then why not just give a link and let their own player do the hard work?

If I remember how we implemented it... When you attempt to login, the result is logged in a db table (this is modular so that any area can use the facility). Whether the result is good or bad it is logged for this entry point, but before it even attempts to login it checks to see if the attempt quota has been used for the time period since the first attempt, etc... IP, session, agent, proxy, etc are all logged, including login name. I can't remember which we used for the dissallow by proxy bit but it's one of these: HTTP_X_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_VIA: HTTP_PROXY_CONNECTION: HTTP_USER_AGENT: 'REMOTE_ADDR' oh there part of $_SERVER['*'] if you aren't aware...