I am useing a web server called keyfocus web server from www.keyfocus.net

Yes I did try apache for windows, I unfortunately could not get it to work, but that was a long time ago, since then I have also tryed simple server from analog x, one called omnihttpd, windows httpd and website web server.

I did get website, simple server and omni working, except for CGI, and since my origional idea was to use the server for local testing only I figured I would be safe. But omni was not working with CGI for me, so I found KF Web Server and am very pleased.

Useing your sugestions for validation server side, I can see your point, that anyone can bypass the javascript, to prove it to myself I did it, I bypassed the javascript. So last night I found a tutorial on makeing a guestbook with php, from it I took the validation for email and form fields:

if($nick == "" || $msges == "")
and
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email) && $email != ""){


I also used the strip_tags to strip any html ssi and javascript from form fields:

$nick = strip_tags ($nick);
$email = strip_tags ($email);
$homepage = strip_tags ($homepage);
$msges = strip_tags ($msges);
$msges = ereg_replace('\\\"',""",$msges);
$msges = ereg_replace("\\\'","'",$msges);
$msges = nl2br($msges);

I will add a few more checks, In javascript I already included a check to see if the maximum length for each field has been reached.

Thank you for pointing that out to me, I hope to finish the PHP checking tonight. I have checked the site for keyfocus the other day but there were no updates available, but I expect on soon since looking at the patch history they seem to be releasing a patch every month or two.

When I downloaded the PHP I made sure it was the latest version, but i hered somewhere that if you download the new and latest version of software as soon as it is released it can be a bad idea because thats when many exploits are found, Is this true? Should I wait a while before getting patches and updates?