I have managed to get my sign up form working at last. Just a couple of questions to ask:

When all the fields of the form aren't completed I want to post an error message and display the form again.

Firstly, How do I get the fields of the form to still be populated with what the user has entered.

Secondly, when I echo the error message it either appears above the header and the whole page. or below the form (depending on where i put the include). I was told to keep my html and php seperate but How can I choose where I want the error message to go if i do this.

Answer to your first question. Manually:

<input type="text" name="myfield" value="<?=htmlentities($_POST['myfield']);?>">

Answer to the second question. Its fine to put SOME PHP within your HTML. echoing (like I've done above, or with echo or print) is fine. What you shouldnt put within the HTML is logic. Keep all that at the top or in separate files.

Does this answer your questions?

In addition to the answer to the first question, when you first hit the page, $_POST wont contain your fields so will error. I'll leave the solution to that to you :)

Firstly, How do I get the fields of the form to still be populated with what the user has entered.

Just set the default value of the form to be whatever has been passed by the user. There are some systems around that handle form validation, like ooforms in phplib (http://phplib.sourceforge.net/)

Secondly, when I echo the error message it either appears above the header and the whole page. or below the form (depending on where i put the include). I was told to keep my html and php seperate but How can I choose where I want the error message to go if i do this.

Sounds like you need to look at a templating system - personally I like the one in phplib (http://phplib.sourceforge.net/) which is a single include file and pretty easy to use.

Just set the default value of the form to be whatever has been passed by the user. There are some systems around that handle form validation, like ooforms in phplib


My registration form is on a page of its own and posts to a document called register.php. If all the fields aren't completed I echo the error message then include the form again. Do I need to set these into session variables before i do any error checking in order for them to remain set when it goes back to the form,

What you shouldnt put within the HTML is logic. Keep all that at the top or in separate files.

Sorry always disagreed with this one. It's a scripting language, it's supposed to be integrated with HTML. Never understood the argument for not doing this:


<?php if ($imageExists) { ?>
<img src="x" />
<?php } ?>


What's wrong with that? Template based systems are fine but completely unnecessary and over the top for small sites.

Does it speed it up by not putting it all over the place? I'm assuming it would but sometimes it's simply necessary to have a statement that prints something out if a variable is set.

My registration form is on a page of its own and posts to a document called register.php. If all the fields aren't completed I echo the error message then include the form again. Do I need to set these into session variables before i do any error checking in order for them to remain set when it goes back to the form,

They won't remain set - however if you set the default values in the form to the values you have just recieved then the form will be populated and the values can just be re-submitted by the user.

Thats sound cheers. Thanks for all your help. No dount there will be another post when I get stuck again 3 lines of code on. lol :D

Thats sound cheers. Thanks for all your help. No doubt there will be another post when I get stuck again 3 lines of code on. lol :D

I totally agree probedb..

I have switch statements, and html within each CASE of the switch.


switch($var)
{
case "moo":
?>
..SOME HTML HERE..
<?php

case "moo2":
?>
..SOME HTML HERE..
<?php

default:
php or html here...
}


I use this, without problems, without compatibility issues, and when im not using templates, whats the problem?? :)

Answer to your first question. Manually:

<input type="text" name="myfield" value="<?=htmlentities($_POST['myfield']);?>">


Does this answer your questions?

Slight mistake, it should be

....value="<?php htmlen....

Slight mistake, it should be

....value="<?php htmlen....

<?= is a shortcut for echo.

Sorry always disagreed with this one. It's a scripting language, it's supposed to be integrated with HTML. Never understood the argument for not doing this:


<?php if ($imageExists) { ?>
<img src="x" />
<?php } ?>



yeah thats fine, a certain amount of logic is acceptable and is quite often the only real way.

where it is wrong is when you start putting big blocks of HTML within 'if' or 'switch' statements. or if you start directly querying a database or doing complex calculations in the middle of HTML blocks.

lets face it though, you ought to be doing your logic elsewhere anyway (in the business layer for example) and not within the page.

my HTML within switches is only output, for things like a ?page=VAR.. all the querying and rest of the logic is sone else-where, and before its needed within the switch, it runs fine, no slowness, even on slow hosts, ;)

im still learning though, try out my Blog in my signature, made that all myself as a learning excercize...

Alas My registration form is working. Thanks to all you guys for your help. Right Next comes the forum. im sure this is where the real fun begins. Just one thing tho.

To get my form field to stay populated I used an alternative method as I couldn't get on the internet last night, and I wanted to crack on so I called a friend. The version he gave me works fine but just thought id see if there is a reason why the way showed me would be better/quicker.

This is the way I have used.

<?php if(isset ($_POST['username']) { ?> Value="<?echo ($_POST['username']?> " <?php } ?>

Or something similar - I don't have the code in fromt of me but it is along those lines.

PHP makes my brain bleed.

I had a go at it a while back, and it totally confuzzled me.. Lol.

This is the way I have used.

<?php if(isset ($_POST['username']) { ?> Value="<?echo ($_POST['username']?> " <?php } ?>


perfectly fine. you could make it a tad shorter and slightly more readable (in my view) as follows:


value="<?= (isset($_POST['username'])) ? $_POST['username'] : '' ?>"


what this says is "if $_POST['username'] is set then echo out $_POST['username'] otherwise echo out an empty string'.

an empty value="" is fine.

remember that <?= is a shortcut for <? echo.

the 'a ? b : c' expression is called the a ternary conditional operator and means 'if a is true do b else do c'. its incredibly useful for occasions like this.

The short open tags of <? and <?= are being discouraged as they can be turned off in the config, so the code becomes less portable. This can be a pain when you cannot change the php config on some hosted servers.

yeah you have a valid point. its off by default in php5 i think.

value="<?php echo (isset($_POST['username'])) ? $_POST['username'] : '' ?>"

I have tried to understand the ternary operator from many a tutorial. Sometimes you just need somebody to use "Plain English" to spell it out. I think when people are writing tutorials they very often forget how difficult it is to grasp when you are first starting it. Cheers L200. Now get ready for my next post. I have just had a look at the programming required for a forum and I think I am going to need some serious help with it.

Thanks All

are you planning on building your own forum or using an existing one?

one of my first ever php projects many moons ago was a threaded forum application. it was incredibly useful for learning php but i'm glad it never went live to the world (just a few friends used it). the number of security holes in it was huge and it was spaghetti code, to say the least :)

Im building my own! And I do plan on this going to world. Maybe I'll let somebody check it over. lol

i would highly suggest you dont :)

there are so many excellent ones available and i can appreciate that you probably want to learn php in the process, but dont jump in at the deep end.

forums are probably of the most hacked websites. its so easy to do.

you need to understand cross site scripting, database injection, url manipulation and various other security-related issues. you'll need to deal effectively with spammers too.

lets face it though, you ought to be doing your logic elsewhere anyway (in the business layer for example) and not within the page.

That's understandable for the size of projects you're building at work but not a site that's got a small number pages :) It may be good general practice but involves far too much effort for small scale personal and even small business sites.

Aye, phpBB is a fairly good forum and free then you can get stuff like vBulletin but that's a pay for one :)

That's understandable for the size of projects you're building at work but not a site that's got a small number pages :) It may be good general practice but involves far too much effort for small scale personal and even small business sites.

nothing wrong with learning good practices from the start though and then relax them where necessary, rather than learning bad ways and then having to unlearn them later :)

Very true :) It's like trying to make sure new HTML coders learn CSS layout instead of going straight for tables.

That's understandable for the size of projects you're building at work but not a site that's got a small number pages :) It may be good general practice but involves far too much effort for small scale personal and even small business sites.

Aye, phpBB is a fairly good forum and free then you can get stuff like vBulletin but that's a pay for one :)

phpBB is a mess of security holes, I'm subscribed to the bugtraq mailling list and it is frequently mentioned. The oldest thread is 15 April this year, which is about when I signed up, and the newest is November 20th. There are 58 threads, some are duplicates, but that is bad. Steer clear of phpBB.

For completeness vBulletin has 20 threads.

I think a blog is a good project to start with. It is difficult enough to be challenging and complex enough to show the programmer why learning about things like objects and code separation is a good idea. It does input from the web, output, databases, logins.

But don't release such projects to the world without severe security warnings!

So basically if I release my project I am probably going to end going down in a fireball of courtcases. The trouble is the only reason I am learning PHP is for this project. My first of many. I want to earn an extra living from affiliate schemes etc. Seriously what are the risks. If it is just that the site could be destroyed then thats crap but it's not going to bankrupt me. Whereas if I my site could cause damage to other peoples computers by been unsecure I may have to reconsider. I am not going to be charging for anything and if I do It will only be through paypal as I wouldn't feel comfortable in this stage of my PHP career dealing with credit cards etc. Am I right in saying this takes all the risk away using the paypal method as none of the transactions are carried out on my site.

There are cross site scripting (XSS) problems, but that will not really affect you unless you have some secure element.

If you misuse exec() or include() functions then someone could take over your server and do horrible things with it. Perhaps even related to PayPal, though I can't really think what they could do.

The major problems are caused from not validating input. You can get SQL Injection reasonably easy. The early form->email scripts could be used for spam by adding a "to" to the form in many cases. If you were to do something like this on your server and you were liable for overage charges, and if the script was abused by spammers (a lot of ifs I know) then you could end up paying lots of money for your hosting.

Just work on your local machine, read up on validating input and you should be fine. Don't be intimidated by the fact you will run in to problems. Programming is full of that. Things are always happening that you didn't expect in programming.

For instance I'm thinking of taking a crack at the netflix prize (netflixprize.com), where you have to come up with a better algorithm for predicting how someone will rate a movie. The idea is to use existing ratings and relations between customers and movies. So I came up with an idea on how to do it, put all the data in a database for easy access and now it takes more than 15 minutes for me to get all the data I need for my algorithm to make a prediction. To win I have to submit 2 million predictions and be closest. As you can imagine, taking 15 minutes to get all the data for a single prediction means that making 2 million predictions will take a long, long time (about 57 years).

Obviously I will have to do something else...

But then that's programming, you start down a path, and then you end up seeing it's not the right way to go, and you look for something else.

That sounds like a very tricky problem to solve> rather you than me> So you would say If I want to have a go at my own forum and realease I should. Just not sure what the liablity and risk to other peoples hardware would be.

Just build it, worry about releasing it on the world later. You will have a good idea what's what by then. You could always let us at SF try and break it for you. If you do release your software just stick in some terms like "May not work as described, may erase all your data and destroy the planet" to warn potential users. See other software for examples. No one ever sued Microsoft for allowing a bug in their system to destroy their valuable data.

Also consider using a licence like the GPL if you are so minded.

For completeness vBulletin has 20 threads.

I'm intrigued now, could you please tell me how many smf (simplemachines.org) has? May have to sign up for that bugtraq thingummy...

I will definately will consider releasing under GPL. I like the whole idea of up your's Microsoft which is from what I can gather, what the whole open source community is about. I will crack on with the forum bit tonight and prob post a million questions tomorrow. (I don't have internet at home at min as my pc is way too slow to run the 10 mb broadband connection that my housemate has installed) Thanks for all your help anyway. At last 5 O'clock. the best time of day.

Okay

All though I said my registration form was working I have noticed a slight problem and spent all night trying to resolve. 2 fairly big chunks of code but any help would be appreciated.

This is my registration form.

<html>
<head>
<title>Registration</title>

<STYLE type="text/css">
h1 {font-family:"comic sans ms";
font-size:14px;
color: "#ffffff"}

p {font-family:"comic sans ms";
font-size:12px;
color: "#ffffff"}

p.legal {font-family:"comic sans ms";
font-size:9px;
color: "#ffffff"}

p.error {font-family:"comic sans ms";
font-size:12px;
color: "#ff0000"}

a {font-family:"comic sans ms"; font-size:12px;}
a:link {color:"#b5b5b5"}
a:hover {color:"#ff0000"}
a:visited {color:"#900000"}

img {border-color:"#424242"}
table {border-color:"#484848"}
</STYLE>


</head>
<body bgcolor="#484848">


<table width="400" cellspacing="5" cellpadding="0" border="0">
<form action="register.php" name="register" method="post">
<tr>
<td width="400"><?php if (isset($reg_error)) { ?> <p><?php echo $reg_error;?></P><?php } ?></td>
</tr>
<tr>
<td width="200" valign="top"><h1>Personal Details:<h1></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><p>First Name:</p></td>
<td width="200" valign="top"><INPUT name="first_name" type="text" id="first_name" <?php if (isset($_POST['first_name'])) { ?> value="<?php echo $_POST['first_name']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="300" valign="top"><p>Last Name</p></td>
<td width="200" valign="top"><INPUT name="last_name" type="text" id="last_name" <?php if (isset($_POST['last_name'])) { ?> value="<?php echo $_POST['last_name']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><p>Location:</p></td>
<td width="200" valign="top"><INPUT name="location" type="text" id="location" <?php if (isset($_POST['location'])) { ?> value="<?php echo $_POST['location']; ?>" <?php } ?> size="20" maxlength="30"></td>
</tr>

<tr>
<td width="200" valign="top"><p>E-mail Address:</P></td>
<td width="200" valign="top"><INPUT name="e_mail" type="text" id="e_mail" <?php if (isset($_POST['e_mail'])) { ?> value="<?php echo $_POST['e_mail']; ?>" <?php } ?>" size="30" maxlength="30"></td>
</tr>

<tr>
<td colspan="2" width="400" valign="top"><p class="legal">***Your E-mail address is used purely to verify your account.
Under no circumstances will Klubdeutsch pass on or
sell this information to third parties without written consent from yourself!</p></td>
</tr>

<tr>
<td width="200" valign="top"><br /></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><h1>Vehicle Details:</h1></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><p>Vehicle Manufacturer:</p></td>
<td width="200" valign="top"><INPUT name="veh_man" type-"text" id="veh_man" <?php if (isset($_POST['veh_man'])) { ?> value="<?php echo $_POST['veh_man']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><p>Vehicle Model:</p></td>
<td width="200" valign="top"><INPUT name="veh_mod" type="text" id="veh_mod" <?php if (isset($_POST['veh_mod'])) { ?> value="<?php echo $_POST['veh_mod']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><p>Engine Size:</p></td>
<td width="200" valign="top"><INPUT name="engine_size" type="text" id="engine_size" <?php if (isset($_POST['engine_size'])) { ?> value="<?php echo $_POST['engine_size']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><br /></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><h1>User Details:</h1></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><p>Desired Username:</p></td>
<td width="200" valign="top"><INPUT name="username" type="text" id="username" <?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><p>Password:</p></td>
<td width="200" valign="top"><INPUT name="password" type="password" id="password" <?php if (isset($_POST['password'])) { ?> value="<?php echo $_POST['password']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><p>Confirm Password:</p></td>
<td width="200" valign="top"><INPUT name="conf_password" type="password" id="conf_password" <?php if (isset($_POST['conf_password'])) { ?> value="<?php echo $_POST['conf_password']; ?>" <?php } ?> size="15" maxlength="10"></td>
</tr>
<tr>
<td width="200" valign="top"><br /></td>
<td width="200" valign="top"><br /></td>
</tr>
<tr>
<td width="200" valign="top"><br /></td>
<td width="200" valign="top"><INPUT type="submit" name="submit" value="Submit"></td>
</tr>
</form>
</table>

</body>
</html>

And this is part of the function that it posts to


<?php

$password = ($_POST['password']);
$conf_password = ($_POST['conf_password']);

if(empty($_POST['first_name']) ||
empty($_POST['last_name']) ||
empty($_POST['location']) ||
empty($_POST['veh_man']) ||
empty($_POST['veh_mod']) ||
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['conf_password']));
{
$reg_error = 'All fields are required. Please complete and resubmit';
include 'c:/easyphp/www/klubdeutsch/register1.php';
exit();
}
if($password != $conf_password);
{
$reg_error = 'Your passwords did not match, Please re-enter and try again!';
include 'c:/easyphp/www/klubdeutsch/register1.php';
exit();
}
?>

The problem im having is If all the fields aren't filled the error reads 'All fields are required. Please complete and resubmit'

but if the passwords do not match then the error still reads the same.

If I remove the exit(); from the first if statement then it runs the whole thing twice so I get my form with the 1st error message and the the form again below with 'passwords do not match' message. if I change the second If for an else or an elseif I just get a parse arror with no details 'just parse error in c:/easyphp/www/klubdeutsch/ at line xx

Any body any idea's

Thanks

I'm intrigued now, could you please tell me how many smf (simplemachines.org) has? May have to sign up for that bugtraq thingummy...

About 8. (Min 10 char padding)

<?php

$password = ($_POST['password']);
$conf_password = ($_POST['conf_password']);

$bRedisplayForm=false;

if(empty($_POST['first_name']) ||
empty($_POST['last_name']) ||
empty($_POST['location']) ||
empty($_POST['veh_man']) ||
empty($_POST['veh_mod']) ||
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['conf_password']))
{
$reg_error = 'All fields are required. Please complete and resubmit';
$bRedisplayForm=true;
}
if($password != $conf_password)
{
$reg_error = 'Your passwords did not match, Please re-enter and try again!';
$bRedisplayForm=true;
}

if($bRedisplayForm)
{
include 'c:/easyphp/www/klubdeutsch/register1.php';
exit();
}

?>

Notice the absense of ";" on if's

Also, not that I want you to stop posting PHP questions on SF, but a better forum if you find no luck here is on comp.lang.php on USENET, which is easily accessible through google groups.

Also, for immediate help you could try irc. The #php channel on freenode is the top place for php help, and freenode in general for programming help. If you do this then use pastebin.com for large code chunks and then post the url on irc asking for help.

Here's the last problem I posted to irc which may I should really have managed to figure out myself. http://pastebin.com/826576

I have tried other forum's but they all seem to just offer a completely different way of doing thins or scorn at my code and edge me in the direction of Object orientated programming. I don't think im ready for that yet. Thanks for your help yet again Richard!!!

AAAAAAAAAAAAGH not "COMIC SANS"

just a suggestion but in a poll I saw that was the most hated font ever

Object orientated programming is very good. In PHP5 it works well and is better than PHP4. You're probably right in not quite getting there yet. But as soon as you are dealing with complex stuff it makes things easier. Take for example my code for the netflix prize. I want to be able to look at a file which tells me what I need to predict, I need certain information to do the prediction and I want a measure of how well my prediction is. I also want to try many different algorithms.

So what I did was wrote a class called Tester which does everything other than make a prediction. Here it is:-

<?php
include_once('db.php');
class Tester
{
private $fpProbe=false; //probe file
private $sProbeFile='/home/richard/dev/php/netflix/data/probe.txt';
private $iNumberToTest=200; //false to finish whole file;
public $iIndicator=100;
public $iMovieID=false;
public $iCustomerID=false;
public $sDate=false;
public $sName='Default class, all predictions are 3';
private $sPredictionDataDir='/home/richard/dev/php/netflix/predictions/';
public $sPredictionFileName='baseclass';

function __construct()
{
$this->fpProbe=fopen($this->sProbeFile,'r');
if($this->fpProbe===false)
die("could not open probe file\n");
}
function GetNextRatingToPredict()
{
$bGotCustomerAndDate=false;
while (!feof($this->fpProbe) && !$bGotCustomerAndDate)
{
$sProbeLine = trim(fgets($this->fpProbe, 4096));
$iProbeLineLen=strlen($sProbeLine);
if($sProbeLine[$iProbeLineLen-1]===':')
{
$this->iMovieID=substr($sProbeLine,0,$iProbeLineLen-1);
}
else if($sProbeLine!=='')
{
$bGotCustomerAndDate=true;
$aProbe=explode(',',$sProbeLine);
$this->iCustomerID=$aProbe[0];
$this->sDate=$aProbe[1];
}
}
return $bGotCustomerAndDate;
}
//Sub classes should override this method.
function PredictRating()
{
return 3.9;
}
function ActualRating()
{
$sSQL='select rating from ratings where movieid='.$this->iMovieID.' and customerid='.$this->iCustomerID;
$r=Query($sSQL);
$a=pg_fetch_array($r,null,PGSQL_ASSOC);
if($a===false)
die("Could not find rating for movie ".$this->iMovieID.", customer ".$this->iCustomerID." on date ".$this->sDate."\n");
return $a['rating'];
}
function RunProbeTest()
{
$iNumValues=0;
$iSumSquaredValues=0;
while($this->GetNextRatingToPredict() && ($iNumValues<$this->iNumberToTest || $this->iNumberToTest===false))
{
if($iNumValues%$this->iInicator===1)
print ".";
$iNumValues++;
$iPredictedRating=$this->PredictRating();
$iActualRating=$this->ActualRating();
$iDelta=$iActualRating-$iPredictedRating;
// print "p$iPredictedRating a$iActualRating d$iDelta\n";
$iSumSquaredValues+=$iDelta*$iDelta;
}
if($iNumValues===0)
print "not got any rows?\n";
else
print 'Test: '.$this->sName."\n$iNumValues pairs RMSE: ".sqrt($iSumSquaredValues/$iNumValues)."\n";
}
function GenerateTestFile()
{
$sSaveFileName=$this->sPredictionDataDir.$this->sPrecictionFileName.'-'.date('Y-m-d_His').'.txt';
$fp=fopen($sSaveFileName,'w+');
if($fp===false)
die("Could not open file '".$sSaveFileName."' to save to.\n");
$iLastMovieID=false;
$iCounter=0;
print "About to start, every period is another 100 predictions\n";
while($this->GetNextRatingToPredict() && ($iNumValues<$this->iNumberToTest || $this->iNumberToTest===false))
{
if($iCounter>100)
{
print ".";
$iCounter=0;
}
if($this->iMovieID!==$iLastMovieID)
fwrite($fp,"$iMovieID:\n");
$iPrediction=$this->PredictRating();
fwrite($fp,$iPrediction."\n");
$iLastMovieID=$this->iMovieID;
$iCounter++;
}
fclose($fp);
print "prediction file wrote to $sSaveFileName\n";

}
}

Then the actual prediction stuff is done in a sub class. A sub class "inherits" all the functions and variables from the superclass but can replace parts as specified. So in one test I did this:-

<?php
include_once('../tester.php');
class Mean extends Tester
{

public $sName='Using Mean for all values';
private $sPredictionFileName='mean';
private $iLastMean=false;
private $iLastMovie=false;
function PredictRating()
{
return $this->GetMean();
}
function GetMean()
{
if($this->iMovieID===$this->iLastMovieID)
return $this->iLastMean;
$sSQL='Select mean from moviedetails where movieid='.$this->iMovieID;
$r=Query($sSQL);
$a=pg_fetch_array($r,null,PGSQL_ASSOC);
$this->iLastMean=$a['mean'];
return $a['mean'];
}
}
?>

And then the code to run it
<?php
include_once('Mode.php');
$oMode=new Mode();
$oMode->RunProbeTest();
?>

Each code snippet is a separate file.

I can see how the logic is much more structured and easier to follow. I am going to stick to my spaghetti code for now tho. Anyway I have a massive report to get out so may not get on again today. Have a good weekend

AAAAAAAAAAAAGH not "COMIC SANS"

just a suggestion but in a poll I saw that was the most hated font ever

Thanks for the heads up. I just can't find a decent font AT ALL that will be acceptable to all browsers. Is there a web standard for a preferred font.

followed by wingdings?

Thanks for the heads up. I just can't find a decent font AT ALL that will be acceptable to all browsers. Is there a web standard for a preferred font.

Sans-serif: Use Verdana (used on this forum), Trebuchet (my favourite) or Tahoma
Serif:Georgia, Times New Roman, Times

Those are standard on most if not all macs/pc's.

if you're specifiying them in a style something like
font-family:"Trebuchet MS" Verdana Tahoma Arial Helvetica sans-serif;

or

font-family: Georgia "Times New Roman" Times serif;

do your fonts in ems or % if you can, specifying pixel heights can sometimes mean users cannot resize type