skym

There are many PHP security tutorials on the net, more or less complete, but I think a topic regarding the PHP is not at all a bad idea, especially because many of the w3schools users are beginners, and it just can to make insecure sites can become a bad habit...Security doesn't involve securing only a login system, but the whole site. Even a simple contact form can cause problems in certain situations.Some things to consider:- Never trust the user input, so filter as much as you can the GPC variables (GET, POST, COOKIE), for example check the e-mails addresses, or if you expect for a variable to be an interger, use $var=(int)$_GET['var']; or check it with is_integer().- Escape output, htmlentities() for output to the screen and mysql_real_escape_string() for databases (this probably would be enough for most of SQL injection problems).- Store sensitive documents outside the web root folder allowing users to access them only through your site.- Use sessions for private data (propagated through cookies).- Store hashed passwords in the databases (this is also to respect your visitor's privacy, you don't need to know what his password is, probably it's the same as for his e-mail account)- In case of CMSs only a few persons will know the password for the admin area and will not change often, the password might be stored right in the login script (ex: $user = "admin"; $pass="mypassword"; if($_POST['username']==$user && $_POST['password']==$pass) .... ).- Never use files with .inc extension to include in your scripts, unless you configure the web server to parse the .inc files (not only .php files). Use names like inc.sql.php or config.inc.php etc.And so on...A link: http://phpsec.org/projects/

http://w3schools.invisionzone.com/index.ph...c=4769&hl=class

There's no validation in PHP, not like in HTML/CSS. There are editors which can check for syntax errors (like Zend) if this is what you are looking for.

$br = "\n";or$br = "\r\n";for Windows systems. I always use \r\nSee http://www.php.net/manual/en/language.types.string.php for escaped characters.

You want the game to be on the server only? And the players will have to download only a client? I don't know, I think it would be too slow, because the server must make all the rendering calculations and stuff for all the players, and there would be to much data to transmit to each player.I think the best to do it would be just like the multiplayer games. One participant is the host and client in the same time, or only host, and all other players are clients, and to trasmit only objects coordinates and stuff. All time-consuming calculations will take place on the client.Gravity strings... This is way over me I didn't even know that gravity is a separate dimension, just a main force. And which is the sixth?If there is a mathematical formula for this, then it can be done.

What code goes under the name of the form field?

Nothing. The input is evaluated in the next script (the script mentioned in 'action'):pagewithform.html

<form action="script.php" method="post"><input name="name"><br><select name="type"><option value="Dog">Dog</option><option value="Cat">Cat</option><option value="Horse">Horse</option><option value="Fish">Fish</option><option value="Bird">Bird</option></select></form>

script.php

$petname = array($_POST['name']);$pettype = array($_POST['type']);

Every customer must have at least one pet, so the first form will store it's information into the first spot of the arrays.

I did not understand this...

Can't write for you whole scripts, I can only show you some things to inspire from.http://www.php.net/manual/en/function.opendir.phpSee the first example how to open and parse a directory to look for the files. You may check $file to see if it contains the .jpg extension (or whatever extensions your images will use) to identify the image files ($file is a string, so you can use http://www.php.net/manual/en/function.strripos.php for example, just check if it returns true or false).Images are shown in the browser just echoing the HTML:$folder = '20060626';echo '<img src="'.$folder.'/'.$file.'">';Of course the path must be relative to the script.

I see you know very well what to do, then which is actually the problem?

<div><a href="#" onmouseover="javascript:getElementById('Iamhere').innerHTML='Hi';" onmouseout="javascript:getElementById('Iamhere').innerHTML='';">text 1</a> |<a href="#" onmouseover="javascript:getElementById('Iamhere').innerHTML='Bye';" onmouseout="javascript:getElementById('Iamhere').innerHTML='';">text 2</a><div id="Iamhere"> </div></div>

Not working. It says Netscape 5 instead FF1.5, IE4 instead of IE6, the only one that worked was Opera...Try this script: http://www.dynamicdrive.com/dynamicindex9/browsersniffer.htmSeems to be working with all important browsers and operating systems (it might need small changes to uptate it for IE7 and Opera >7).

If I understood corectly your script, then the fastest solution is

echo stripslashes($inhoud);

A little more complicated solution would be to use

if ( get_magic_quotes_gpc() ) {   function stripslashes_deep($value) {       $value = is_array($value) ? array_map('stripslashes_deep', $value) : (isset($value) ? stripslashes($value) : null);       return $value;   }   $_POST = stripslashes_deep($_POST);   $_GET = stripslashes_deep($_GET);   $_COOKIE = stripslashes_deep($_COOKIE);}

before using any $_GET, $_POST or $_COOKIE variables.Or putphp_flag magic_quotes_gpc offin the .htaccess file if you use Apache.More: http://www.php.net/manual/en/security.magicquotes.php

How about:

<?phpheader ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");header ("Cache-Control: no-cache, must-revalidate");header ("Pragma: no-cache");?>

It doesn't really matter if they used $_GET or $_POST for login, the input must be filtered in any way ($_COOKIE too). So if they used $_GET for login and they filtered it, then there should be no problem.

I use both upper and lowercase for custom function/class names like: myFunction()Variables, always lowercase: $my_variableConstants, always uppercase: MY_CONSTANTKeywords/built-in functions, always lowercase.

$data = $_GET['id'];SELECT * FROM tb LIMIT $data,1http://dev.mysql.com/doc/refman/4.1/en/select.html

Or yes, like virtualadz said, put border="0" for every <img>.

I don't have the time to see all the code, but try to put this in the css file.img {border: 0;}Seems to be working, but I do not know if there are images within the site which must have borders, it might affect those.

Try:<?php echo tep_image_submit('button_reset.gif', IMAGE_BUTTON_CONTINUE,'onClick="this.reset();"'); ?>

<?php echo tep_image_submit('button_reset.gif', IMAGE_BUTTON_CONTINUE); ?>This is for making a submit button? Because of the 'tep_image_submit' function name.We'll very probably need the source for this function too anyway, just like for the previous problem.

Right. If there are no other arguments for the function then you don't have to mention 'post'.function tep_draw_form($name, $action, $method = 'post', $parameters = '') {...}You didn't have to mention 'post' until now because the default value is already set to 'post'. For $paramenters too. If you want to set your own value for $parameters ('id="myForm"' in this case), you can't jump the $method argument, you have to set a value for that too.

Try with:<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_WHOLESALE, 'action=send'),'post','id="myForm"'); ?>

Just a notice for dcole.ath.cx: aspnetguy used sizeof(), ThePsion5 used count(), these two functions are completely the same, they both count the elements in an array. And I think it's actually $newArray = array_fill(0, $count, 0) if you want the 0 values in the array from the start, and not empty strings.

I doubt you will be able to make these in JS, especially the forum, since the data must be stored on the server, so you will need a server-side language and databases.

I don't think it will work with 2 mouseovers. I would do something like this:

<script>firsttime = true;function switchImage(obj){if (firsttime){firsttime = false;obj.src = 'firstimage.jpg';} elseobj.src = 'secondimage.jpg';}</script><img src="image.jpg" onmouseover="switchImage(this);">

The modification you will have to make is within the function, please post the function and not only the line which is calling it. But not here, make a new topic in the PHP forum.