vineld

I definitely agree although I would suggest using another method of protection other than captcha since it is not really user friendly. If you still want to use captcha make sure that it's one that is both readable and exists in a spoken version as well.

You can not echo an array. Well you can of course but then it will display Array as you mention Either loop through its values or use print_r.

First of all you should definitely NOT turn on register_globals. That is a security risk that you can do well without and it also helps promote bad coding practices. You need to store the passed variables when being submitted, for example in a session. You should also not rely solely on client-side validation if that is what you do now.

I don't read Greek and I have never used mysqli myself but the problem is that you send the $result object and not the mysqli to the mysqli_query and mysqli_error functions. They only accept an instance of mysqli. Since you have already executed the query you do not wish to execute another one but operate on the result class instead as you do in the other places of your code. There are plenty of ways you can do this. Look here.

You should definitely listen to what mjdamato is trying to tell you and consider migrating to another environment because what you are doing now is a VERY bad idea. The solution is not scalable by any means.

It has nothing to do with your code. The exec() function has simply been disabled by your hosting service due to security risks. Safe mode is probably on. You could run phpinfo() and see for yourself.

No, the two lines of code do the exact same thing. I just wanted to demonstrate that you didn't need that extra variable for this. As long as the session doesn't time out you only need to set the variable once. If the story is long you may want to add some features in order to make the application more user friendly though. Now, if the browser crashes (or they happen to close it for some other reason), they are not able to continue from where they were at. Children are usually more unpredictable than adults.

Yeah, either break or set some variable. The latter is generally a better idea. What you do now is go through this process for each item in the array which means it simply produces the message that corresponds to the last value. Try to follow the logic of your code. Also, it might be a good idea not to print that last error message. Just say "Something went wrong." or something like that. It might confuse at least one attacker.

The $_POST array automatically holds the values that you submitted from a form. What you do now is that you retrieve the form value and assign it to the variable $name. What you do next is that you assign the $_POST["name"] variable with the value stored in $_SESSION["name"]. You would want to do the opposite I assume: $_SESSION["name"] = $name; You don't really need $name though: $_SESSION["name"] = $_POST["name"]; You might want to do some validation though on the posted values, depending on how you use them.

You are probably failing to follow the logic of your code. For debugging purposes now and in the future this is something you should learn doing because it will save you a LOT of time when your code is a bit more complex than this one. Try following each step in the process and figure out where things are going wrong. The best way to do this (if there are no apparent error messages) is to print PHP values in strategic places.

Try using php as the dynamic language it is and find a better structure for your code. That huge switch is not a good idea for example. Learn basic programming procedure, that will be of great benefit to you in the future. Heard of Google? Simply search for php paging and you will find plenty of examples and tutorials. LIMIT is the sql command to look into as suggested.

Is that really common these days? Have you tracked any stats on how many you've encountered? Why don't they just use a proper submit script instead when it's just as easy? Of course it consumes more resources but that shouldn't be a huge problem...

<html> <head> <link rel="stylesheet" type="text/css" href="thisisme.css" /> </head> <body> <h1>Hi there!</h1> </body> </html> You display code in index.php just as you would in index.html or any other file. The only difference is that you're able to execute php code inbetween <?php ?> blocks. You may of course also print html, css or anything else using php as well. The file extension has no meaning other than which extensions you instruct the server to parse as php (or any other language). You may as well have index.google or index.tree parsed as php as well if you wish.

Print the id and the sql and see if you have the right values. If nothing still seems to be wrong, try using the generated sql directly in for example phpmyadmin and see what happens.

I have seen the following suggestion in several locations on the internet which is supposed to protect you against some attacks. 1. Generate a unique id that is stored as a session variable 2. Store the id in a hidden form field 3. When submitted check that the id is correct This will indeed prevent people from submitting fake post requests but I am still able to let a bot script post the form itself a thousand times so what is really the point of this?

I noticed that Googlebot reloaded one single page of the project I am currently working on 5-6 times within an hour. What is the reason for this? Also, is there any secure way of detecting the Googlebot (and others)?

Then have a look at date() and time(). Time() is more efficient so if you don't need any particular format for some reason, use the timestamp instead.

Saving the data in a session variable sounds good. You might want to save it to a database though so that you can print out and look at previous stories. That will give you some stats options as well in the future.

Not to pick on you but of course it is possible to output CSS and every other kind of code syntax using PHP as well

That is a javascript / client side issue, not PHP. You simply need to add an event the the form element and then update the value using javascript.

Exactly, now you believe me? That was what I said in the first place.

Why not simply use date() instead?

Server side scripts can only obtain what is at the server unless the client submits data.

You need to have a proper link in the href attribute. ?page=page1, not page=page1.

Obviously you do not know how to use sql along with php, that you will need to learn. There are hundreds of good tutorials. No-one is going to just give you an admin panel... Basically what you want to do is: 1. Create menu options of what you want to be able to do in the admin panel 2. Select data from the database accordingly 3. Display the selected data as you wish 4. Display forms with database output in order to be able to update selected data 5. Retrieve form values and update the database accordingly