Err

If the database is compromised, then they probably already have access to sensitive information they were trying to access. Same thing with the web server, if someone gets access they can get to your include file.If you want to save salts in a include file you can use arrays.

Your second example needs to follow the same date format. So try this: $startDate = $monday->format('d-m-Y');$endDate = $sunday->format('d-m-Y')'; Also, I don't know if you did this by accident but the for loop is missing the closing curly bracket }

I should note right now, there is no consensus on any number of methods used. But generally, for practical purposes, using sha1() and a randomly generated salt or two ensures good security. Obviously it's not the best method you can do, but I find it that doing that suites MY needs and level of protection just fine.I can help you with #3 at least. An example: $salt = uniqid(); $pass = sha1($pass.$salt); Then save $salt in the database so you can reference it again later.

Yes. Using a database is faster. Because you didn't mention what you have tried I'm going to be general. If you're gonna edit values in the database directly, then all you need to do is setup a database and a table with the columns that you need. A very popular database is MySQL, and a very popular database manager is phpMyAdmin, both are free. You can setup and manage your database with phpMyAdmin if you have it. More than likely your webhost (if you have one) will have phpMyAdmin database manager together with a MySQL database, just look for the link.

Thanks, your explanations have been very helpful.

Shouldn't I be able to detect messages like that through a .htaccess file and prevent attacks that way? Or would it be too late by the time the messages reach the .htaccess file?

On an Apache server I have, been getting what I can only describe as attacks from different ips. My access logs have this: 68.91.91.177 - - [25/Apr/2012:17:13:40 -0500] "\xb2\xfdf\x1c/\xbf\x96z\x18\xce\xd8'\r?`\xle;\x0e@D\xed\xdd\x7f\x88\xdaB" 501 299 "-" "-" I did a bit of research and found that it may be linked to Shellcode. Shellcode as I've understood in this context is arbitrary code that can be run on the machine to give attackers control over the machine. Am I right about this? How can I prevent such attacks? Or, at the very least, protect against these type of attacks?

Column 2 & 3 are the same column name. You mean ig_paragraph, right?

Line 183: Instead of if (eregi($Match, $agent)) try to replace with this: if (preg_match("/$match/",$agent))Line 247: It's because there is no such variable as: $row["device"] you therefore cannot assign nothing to another variable.Maybe you mean: $row["anno_device"];

Personally, I would either do more queries to narrow it down even more or create a script that processes the information outputed which then puts it into tabular data the way you want.

Use arrays: $mths = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October' 11 => 'November', 12 => 'December'); $fromMonth = 5;$toMonth = 7; // After you set the array, then just add 1 to $fromMonth every time by counting up until it reaches $toMonth,// you can do this by using a while loop.// While it's counting up, it's referencing the current number in the array which also echos out the month name. while ($fromMonth <= $toMonth) { echo $mths[$fromMonth]."<br />"; $fromMonth++;} The above should work (I didn't test).

Validating your website isn't a bad idea. http://validator.w3.org/check?uri=http%3A%2F%2Fwww.divinedesigns1.com%2F&charset=%28detect+automatically%29&doctype=Inline&group=0

Edit: Never mind, I see that you've tried it.

You can host the files yourself with WAMP. Also, new routers (you may have one of these kind) have a USB port attached to them for creating a temporary web directory for sharing files.

What I usually do is: Make sure user cannot put username for a password.mysql_real_escape_string(); for sql injection protectionAdd a "salt" to password, then use sha1() BTW, sha1() is more secure than md5(). So something like this: $salt = "Salt makes a hash more secure.";if ($username !== $password) { $username = mysql_real_escape_string($username); $password = sha1($password.$salt);} I like to go overboard though. I save the hash of both the password and the username. This gives the login function more security as you don't have to worry about sql injection since it turns the username into a safe hash. I don't keep the plain-text username in the database unless I know I need to reference it. Instead I assign the username to the session. So as long as the user is logged in, they will have access to their own username in plain-text through the session.

Yeah, sorry about that, it was my fault for not refreshing a few times. I've been working on my project for so long that I've gotten used to changes showing up immediately.There is nothing else, right now.

Ah, I see. It was my cache, I should of known better. It looks good.Go to: http://www.imgur.com/Put the direct link in img tags.

Here you go:

You won't get all the security concerns in one go, I would do some research on it and try to make it as secure as you can make it.

I was using Google Chrome actually. I still see the text-over-the-date problem.

I can tell you a few things, from a developers point of view at least: - When you hover over the main links, they change from bold to normal and it causes this drop in size-- that is very noticeable. I would recommend keeping bold or normal.- Because you're using a dark background and red links, it makes the links very hard to see once you hover over them. Maybe a lighter shade of red for the navigation links.- When you click on Home, the "Contact Us" link is blue. When you click on "About Us" the link is red.- The scrolling box on the home page-- text of the news is almost completely on top of the dates. I suggest fixing that.- Project Page: It's fine but when I first went there I moved my mouse over one of the links under the navigation and the images that were first there were gone. Maybe instead of having people hover over the links to change the images, have them click it so they don't accidently change the images. That's all I got.

Yes. It's entirely up to you, I would love any testers and feedback either way!

I would recommend a already built system and just modify it to your needs. But if you're not in a hurry, want a custom one built for your needs and not other things, and don't mind reinventing the wheel, then go for the custom one.I have built my own CMS as well, but I did it mostly because i saw it as an opportunity for the experience of building one and was doing it for one of my hobby sites so there was no time constraints.

[refer to the first post]

Try: [...] ORDER BY profit DESCOr: [...] ORDER BY SUM(profit) DESCORDER BY does ascending (ASC) by default.