Amanda<3

One last question. What is MVC, and what are the benifits of it?

What language would you recommend? I've not much experience with actual programming languages, more or less just Web Development languages, but i'm looking to learn into the more powerful languages, so any suggestions would be appreciated.

I've been looking into OOP for various reasons. So far this is what i've collected:   C, C++, Perl, Python, and other various languages all use a OOP approach. PHP integrated it in version 5 or something, but its good to learn? Makes your code easier to maintain, as well as helps other developers that may be editing something job's alot easier. Gives you a better understanding of how other languages like C work to a degree Overall it sounds great.   So is there anything i should know before starting to learn OOP?

Basically, i've been trying to come up with something that will disable execution of scripts, but still allow execution of image files. This is an Apache .htaccess file i've came up with... I'm not sure if it's any good as i'm only fairly good at .htaccess stuff: DirectoryIndex -Options All -Indexes RemoveHandler .php .phtml .php3 .jsp .asp .sh .cgi RemoveType .php .phtml .php3 .jsp .asp .sh .cgi RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !^.*\.(jpg|jpeg|gif|png)$ [NC] RewriteRule ^(.*)$ - [F,L]   The first line is *supposed* to disable all the index files that are set in httpd.conf, of course only for this directory. The second line disables indexing, so since we don't have an index file, we don't have the folders contents listed. The next two lines are *supposed* to disable execution of many types of scripts, on the odd chance someone actually figures out how to slip code into a gif file, even though the uploader checks the mime type, extension, and some other things. The last 4 lines are basically checking the REQUEST_URI. The request uri is... Say you visit index.php, the request uri is index.php. What the rewrite does is checks the uri for anything, and then a file extension of either .jpg, .jpeg, .gif, or .png; If it passes, either an image is given ( if it exists ), or a 404 ( if it doesn't exist ). If the extension is not of the above, in theory it is supposed to ( and it does work, just not sure if its the best way ) give a 403 Forbidden page.

Thanks. and Yeah i still secure my scripts, i just rather have extra insurance. You can never over-secure something...

I'm saying, is it possible to rewrite the URL to not allow XSS inside the URL. I know it doesn't completely solve the problem though.

Well, i know how to do it the old way, url by url by url. I was wondering if anyone could suggest a more shortcut approach to keep XSS out of the url using mod_rewrite. Also, i currently have a rewrite function that rewrites my URL's for me: function rewriteURI($URI,$argSeperator="/"){ $origURI = $URI; $requestURI = preg_replace("/^\/?([A-Z0-9_-]+)\.php(.+)?$/i","$1", $origURI); $requestURI = '/'.$requestURI.'/'; $params = explode("?",$origURI); $args = explode("&", $params[1]); $queryString = ''; foreach($args as $arg){ $parts = explode("=", $arg); $queryString .= $parts[1].$argSeperator; } $rewrittenURI = preg_replace("/^(.*)\\$argSeperator$/i","$1", $queryString); $rewrittenURI = $requestURI.$rewrittenURI; $rewrittenURI = $rewrittenURI; return $rewrittenURI;}   Basically that is what i'm using to turn this: page.php?arg1=foo&arg2=bar, into /page/foo/bar. Is this a good method?