backie

Well from a quick glance at the api docs it would be a case of something like (Pretty sure there is a premade function to do this just can't think of it. <?php preg_match_all("~([a-z]+)=([a-z0-9]+)~",$Result,$Matches); $Results = array(); for ($i = 0; $i < sizeof($Matches[0]);$i++){ $Results[$Matches[1][$i]] = $Matches[2][$i]; } ?> $Results will return an array see below based upon $Results = "test=result&dkas=4h324jh"; Hope that's some help. Array ( [test] => result [dkas] => 4h324jh )

Well then what you do is check and see if the user agent isn't internet explorer and then print out the two textareas.

Well I am not seeing a curl_execute call so, mabye do that and then format the return data?

try <?php if ( preg_match("~MSIE~isU",$_SERVER['HTTP_USER_AGENT']) ){ print "Is internet explorer!"; } elseif ( preg_match("~Firefox~isU",$_SERVER['HTTP_USER_AGENT']) ){ print "Is firefox"; } ?> If you want to find out the browser for design purposes better of checking what the render engine is, that way modifications of firefox still render the same.

From a quick glance try removing the "?" from the post data. I'll read the api docs and see if I notice anything else.

Heres just a few simple ways. <?php function show_text(){ ?> A pile of text here, <b>including html</b>. <?php } ?> <?php require_once 'text.php'; show_text(); ?> Problem with this approach is that the content's are instantly shown when you call the function, not useful for templates or whatnot. Easier to format the text the way you want tho. <?php $SomeText = "Have some text here"; ?> <?php require_once 'text.php'; print $SomeText; ?> Hard to format text but it only shown when you want, better for use of templates. Or you could just read the data from a text file like.. <?php $handle = fopen("text.txt", "r"); $SomeText = fread($handle, filesize($filename)); fclose($handle); print $SomeText; ?>

Since you're talking about AJAX and claim not to know much about working with php or javascript. I would suggest you look into jQuery's AJAX functionality, real easy to get to grips with and the use of json_encode() php function. They make my life alot easier. Quick examples // With the jquery lib already included in the page. $(document).ready(function() { $("#frm_submit").click(function(){ $.get("/ajax.php", function(data){ if (data.Code == 200){ alert(data.Message); } else { alert("It broke"); } },"json"); }); }); }); <?php $Array = array( "code" => 200, "message" => "Test", "array" => array(1,2,3,4) ); echo json_encode($Array); ?>

A php script will work just the same on https or http. If you wish to stop http usage you could try checking $_SERVER['SERVER_PORT'] to see if it is the correct port. So far I have never had to change a script/app to be used on SSL

Well you should be running start_session() on index.php and before the html headers.

Umm while loop in the email? Only while loop I seen near the email was just before it where it was getting email address that weren't gussing used. while ($email_data = mysql_fetch_array($email_result)){ $to = $email_data['email']; $subject = "Upcoming Arkansas Regional Events"; $headers = "FROM: webmaster@arscna.org"; $headers .= 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n"; //$headers .= 'BCC: '$email' "\n"; $upcoming = "<html><body><h1>Upcoming Events for the Arkansas Regional Calendar</h1> <p style=\"text-align:center;\">You can find more information at <a href=\"http://www.arscna.org/activities\">Activities</a><br /> The following is only a list of the events that have been added to the Arkansas Regional Calendar. <br /> If you are aware of an event that is not on this list please click the activities link above and add any NA event to our calendar.<br /> Please let other addicts know that they can be put on this email list by registering their email address at the <br /> following link <a href=\"http://www.arscna.org/service/mailingList/\">Mailing List</a>. </p> <ul>$calendar</ul> <p>If you wish to be removed from this list you may click this link <a href=\"http://www.arscna.org/service/mailingList/\">Unsubscribe</a> and update<br /> your profile to be unsubscribed.<br /> Thank You for leting us serve you.<br /> Website Subcommittee</p>"; mail($to,$subject,$upcoming,$headers); } may be what your wanting.

There is also a security reason aswell. If you allow people to upload files with names they wish they maybe able to overwrite previous files. (Filename = "../../../../etc/passwd") If you allow them to upload any old type of file they could upload a copy of a php shell and then just type in the url and do whatever they want with your web page. (Depending on your set up) Personally I use "{$FileID}{$FileNameHash}.{$FileType}" as my file naming system.

In theory the second one is easier, but it can allow for invalid emails to be validated which could lead to all sorts of problems depending on what you use the email address for. It did point out to me I forgot "$" at the end of my regex example.

Use regex. Something like preg_match("/[a-z0-9_\-\.]+\@thextremezik\.com/i",$EmailVar); should do the trick.

I am pretty sure the default method for forms is GET. So it would be in the $_GET['train'] and $_REQUEST['train'] but not $_POST['train'].

To save a file into your database? Depends what database system you use. I use MySQL so I know how to do it in MySQL you create a column with the type being BLOB and following to deal with the comication with mysql and php http://uk2.php.net/manual/en/pdo.lobs.php

Are you sure $_POST['train'] == 'test1' ?

Reason to avoid LFI even if you are coding it yourself is because there are people who go firing in all sorts of data in to post and get variables to see if they can get data. Thats how stuff gets hacked. Also seems you need to read http://en.wikipedia.org/wiki/Cross-site_scripting

<?php include("connect_db.php"); /****** * Code doesn't do anything. ****** $get_player_info = "select * from training"; $get_player_info_res = mysql_query($get_player_info, $conn) or die(mysql_error()); while ($player_info = mysql_fetch_array($get_player_info_res)) { $id = $player_info['id']; $identity = $player_info['identity']; $level = $player_info['level']; $energy = $player_info['energy']; $experience = $player_info['experience']; } */ if ($_POST['train'] == 'test1') { /******* * This code only updates the last identity in the table training. ******* $get_player_info = "select * from training"; $get_player_info_res = mysql_query($get_player_info, $conn) or die(mysql_error()); while ($player_info = mysql_fetch_array($get_player_info_res)) { $id = $player_info['id']; $identity = $player_info['identity']; $level = $player_info['level']; $energy = $player_info['energy']; $experience = $player_info['experience']; $update_energy = ($player_info['energy'] - 2); } $accept_scout_username = mysql_query("UPDATE training SET energy ='$update_energy' WHERE identity = '$identity'"); ********** * This query updates all the identities in the table training. **********/ mysql_query("UPDATE training SET energy=energy-2 WHERE 1"); } ?>

Prolly because you are running the update outside the loop. If you are wanting to just decrease the int value of 'energy' you can have mysql do it with one query and save some processing time. UPDATE training SET energy =energy+2 WHERE 1;

Basically all you need to do is check $_SERVER["HTTP_USER_AGENT"] for browsers that are used on mobile devices. Last time I seen a is_mobile() function it had about 30+ different browsers so have fun compiling the list.

It's not an error it's a notice, most of us suppress our errors so we can be sloppy A notice is just to warn you that you have done some sloppy code. Such as call on non existancing variables etc if ((isset($_POST['train'])) && ($_POST['train'] == 'test1')) will get rid of the notice.

1st example is vulnerable code to an RFI attack. As pointed out tho he got confused with XSS and RFI. 2nd example is vulnerable code to an LFI attack. $_GET['file'] can contain "../../../../../../../etc/password" and the file may well open and be displayed.

Basically there is not simple howto to stop your site from getting hacked. Tho not running a general web app is a good start since most of the hackers that attack php sites do it using google to find vulnerable version. Simple list of things to stop php attacks. Avoid putting variables in include/require statesments. Stops Remote and Local File Inclusions. Don't put unsantized data into SQL statements. Check any comment/user input systems don't allow users to inject php or html into your site. Converting "<" to > is an easy way to do it. etc Once your PHP is secure then you only need to worry about server applications like apache,ftp,ssh,bind,etc. There is a reason people get paid alot to do computer security.

For what you wish to do is change text on a page that has already been sent from the server. PHP is a server side scripting language so can't do stuff once the process has left the server. So what you need to do is to use Javascript (AJAX) to make a request and then display the result. Using JQuery's ajax functionality will make the task extremely easy.

Well seeing a var dump of the $menuData would be helpful. But from what I can see is your reusing the exact same array in a loop within foreach of the array and there is no place to stop if $dept has been reached.