#1: I would say basically no, but see the "change log" section of www.php.net/preg_match for a few minor changes over time.
#3: Functionally, just checking for true/false should be fine, unless you want to capture "not found" (int 0) versus "error occurred" (Boolean false) and handle them separately.
I recently learned that it's far superior to hash a password with crypt() than it is with md5(). So, I want to make the switch. However, there seems to be debate on just how to use crypt. What technique do you recommend for generating the salt?
I've been hearing scary things about websites getting hacked and the owners being liable for lots of damages. The site I've been working on doesn't store credit card numbers or social security numbers, but it does collect other personal information, like emails. If it were hacked, and the owner were sued, would they lose? Or would it depend on how much of an effort they made to keep the site secure? Also, I don't know if it matters, but he has a LLC. So I guess, technically, the LLC owns the site? I'm not sure how LLC's work.