birbal

it is not secure now. anyone can now point to your any arbitary files to be included. including means user can choose which file to get excuted. eg "/index.php?page=/somedir/dir/news will include a file named news.php in /somedir/dir dont trust any kind of user input $_GET,$_POST,$_COOKIE and some $_SERVER variable.make sure your scripts do what is essentially and minimally need to do to get done the work. validate your user inputs as user must do what you intened to and which is needed to do the work.

it wont be such bad if it is used withproperly salted hashed password. properly salted hashed password never going to be same for two user in any circumstances even if the raw password is same. but doing so wont give you any advantage other than performance penalty. primary key are automatically indexed. which means when ever you insert something into table the whole tables is got re-indexed. as it gets larger it will take more time to doing so. unnecessary indexing can reverse the affect of indexing. you never going to query to match a certain password. do you? so it is not worthy to make it primary key (indexed).

you should have name your file as .php if you want server to interpret as php. php parser parse file which file type is set to executable. by default server is set to parse .php,.php5 as a php file. but you can add any other file name or .html,.htm to treat as a php file. when a file type is set to executable by php engine it parse codes inside php tag. outside anything of php tag send as it is as plain text. php does not know it sends html or other thing. though it sends a content-type header. by default which is text/html or html type which let your browser know the text should be treated as html.

https://developer.mo...event_referenceelement can also have a onload event. you can find it in the list in the middle of the page "load" another way using css. it will let an element visible for 3 second and 3 second to fade out and disappear. you have to use proper prefix for different browser where applicable eg -webkit-. it is though is not applicable in all browser as it is part of css3. You have to just simply alter the .animate class to use when applicable/* Animated */.animate { -moz-animation-duration: 6s; -moz-animation-name: eraser; -moz-animation-fill-mode:forwards; } @-moz-keyframes eraser { from { opacity:1.0; } 50%{opacity:1.0; } to { opacity:0; display:none; } } https://developer.mo.../CSS_animations <=resource

you can bound a function in onload event in that div element where you can use setTimeOut() to execute something after sometime where it will remove the node itself using DOM methods

what is not working? is there any errors? stating the error would be helpfull for us to help you i belive system() could be blocked by your host.

you need to use http://php.net/gd2

or you can lower the quality of the image using third parameter of imagejpeg() and imagepng() gif has not that option and bmp format cant be compressed. though you can convert those to jpeg and png and lower the quality. wahtever suits your situation

i am not sure about your question. you can find all the version of php in http://php.net. current stable version is 5.4ereg_*() and is session_register is deprecated you should use preg_*() and $_SESSION super global array respectively

http://au.php.net/manual/en/features.file-upload.multiple.php <= you can find more here

solution: edit:

and also $_GET superglobal array is case sensitive. as all the variables of PHP are. so $_get is not same as $_GET

yes. if you want to pull particular content of specific id from the database, you have to catch $_GET['id'] and pass it in query's WHERE clause.

http://php.net/curl

<a href="news.php?$id=id"> will be <a href="news.php?id=$id"> id is the name and value of $id will be passed as value of "id" you can always dump the $_GET (in news.php) using var_dump() or print_r() to check what is it getting

you can point to a php file in the link which will execute that function. if you point to the php page where the function will execute, in src attribute, it will show up the image <img src='/yourdir/rotate.php'> in second case you have to output the result with appropiate header.

can you post your codes? better will be in css forum

file_get_contents() wont execute the codes which it have. where include will execute it. when you use it is just pulling the source code of mail.php rather than executing it. in other words... this wont work.

yoour profile array looks like $profile_array which is different from $profile.unless $profile has prvious value. you can always us print_r() or var_dump() to see what does an array structure looks like

At least first make your personal website which will serve two purpose. client and any other developer would know you can do things. no matter client or developer both will try to find assurance that you can do this job. Freelance developer wont expect poorly design site or slow developing process or any other things which can make impact on their works and overall reputation to the client. secondly if you trying to sell a service it will be best to have a website so that client or any other person will know where to find you. it is also give you a branding. making your own site will prove your skill and also will give you a platform to sell your services.

do you already have any portfolio of your previous work online?

yes. bu what i meant is that human can pass the capctha.only robots can't hardcoded TO header can also be spoofed or attacker can use other email address to send mass emails even worse can manupulate the any headers. even message body which may break system security or trustworthiness. $_REQUEST['email'] can manupulate any headers as attacker want if it is not properly filtered. Most email server takes CRLF eg \r\n in header no doubt it is a nice topic and will be helpfull for all.

http://www.google.co.in/url?sa=t&rct=j&q=seo+google+pdf&source=web&cd=1&ved=0CGIQFjAA&url=http%3A%2F%2Fwww.google.com%2Fwebmasters%2Fdocs%2Fsearch-engine-optimization-starter-guide.pdf&ei=zVu9T9XCKMqrrAe0-OCmDQ&usg=AFQjCNEMj8KHxhxQz9cMLoMxMDiLdrAbJw a book from google about seo can be get here

i like to add one thing here ,It will be better to use whitelist approach to filter the fields.means it should check the value which should be there it should not check the value which should not be there.you know that fields only needs email address to get your application working so it is best to use regex based filtering to match exact email pattern rather than new lines or any other thing.a benifit with whitelist approach is new attacks could be invented and blacklst will be hard to maintain. captcha is good for prevent bots and adding another layer of secrity but it is still vulnrable if user try to manualy mail inject on in any vulnrable script. i dont know how much refere checkig will be effective. as you already stated it can be faked. more over that any attacker can also inject mails from your own form. they dont need to alter inputs to textarea. they still can enter new line feed like eg just typing \n

can you use english please?