Zephni

Yep, and it should always be the first thing at the top of the page. This is because you are trying to change the $_SESSION values which won't be associated with any particular session if you don't session_start(); first. Then on the next page it will be like the session was never set. So just try adding: session_start(); Underneath your opening <?php tag

Just checking before looking into it further. But are you running session_start(); at the top of that page? I know it's on the "protected pages" but you can't manipulate the session variables if you haven't started it which you are trying to do on the login page by the looks of things.

Did you see the second part of my message?

You are binding the delete statement twice. First you are binding the parameter ":boxingid" to $PostIdThing and then executing it with a forced ID of 1 in the next line. Then you are executing within the if statement without any parameters. You would be better off deleting this line: $Startoff->execute(array(':boxingid' => 1)); Then the bindTo line would sort out the parameter binding and the execute statement can still be tested by the if statement. Also you don't want to be putting ' quotes inside the statement when using parameter bindings, remove them in this line: $delete = "DELETE FROM BoxingResults WHERE id = :boxingid LIMIT 1"; Hope this helps

I have been working on a frame work type thing: (http://zephni.com/phpzevelop/howto and GitHub https://github.com/Zephni/PHPZevelop) it needs to check for files (pages) before producing them, if the page does not exist and the page isn't set to receive parameters through the URL then it needs to set the default 404 page instead of the page that does exist. It's hard to explain but I have changed the way it works now so it uses try catch statements to check if the files exist instead of using file_exists methods.

In my situation I need to check that a php file exists, but I do not want to run any code in that script yet. I have tried the PHP is_file: http://php.net/manual/en/function.is-file.php and the file_exists function: http://php.net/manual/en/function.file-exists.php But both actually run the file. I can tell because of using sessions to test it in the file itself. Is there any way around this? Thanks in advance.

The reason is, is because I need to tell whether the array was defined with keys and values by the programmer, rather than a single dimensional array. It will be hard to explain exactly why, but it is necessary because what I'm building needs to be able to tell the difference between an array that looks like this: array("item1", "item2"); And this: array("0" => "item1", "1" => "item2"); Because if the key is defined by the user (programmer) the foreach loop needs to perform an extra task. The more I look into this. I should probably do what I'm doing a completely different way.. but I guess the answer is clear... PHP does whatever it wants with types and we have no control over it

This sounds simple in the title, but let me explain... If I did the below: $array = array("1" => "value"); foreach($array as $key => $value) if(is_string($key)) echo "true"; else echo "false"; The result would be false, even though the "1" passed as a key is a string prior to the foreach loop. Is there a way to check the ACTUAL type of the $key in this situation without just determining whether it "can" be a int or "can" be a string. If I did: $array = array("1" => "value"); foreach($array as $key => $value) echo gettype($key); The result would be "integer" so It looks to be that if the foreach loop determines if the string "can" be an integer then it regards it as such. Is there anyway around this? Thanks in advance for any help (Please note I tried to change the title of this post because I realized it wasn't quite specific enough regarding arrays but it won't let me change the title)

Thanks for your reply Ch0cu3r! Ok, but what if someone else set up a AJAX script to post data to my PHP file and make changes to the database that I don't want them to?

This may sound like a weird one. I'm in the process of making a HTML5 game where I need to make contact with a MYSQL database. I planned on doing this using PHP scripts that the game sends AJAX requests to with post data. Is there a way of securing these scripts so no one on the outside can access (or just run) them, but the game can. The game will be ran on the same server as the scripts. Does this sound ridiculous or is it possible? Or am I going about this the entirely wrong way, thanks for any answers in advance!!

Thanks for your reply So its really a case of, yes it can be cracked, but make it as slow as possible

I may get flamed for this but would just like to see how easy someone would find it to crack this hashed string. I don't mind someone saying the actual answer because its not a password or anything. The method is sha1 (This is not recommended any more apperently) The salt is 970631345a48485769c14d2e40a51706 The hashed string is 212405ffb01342e5eaefe2243fc14084082c2182 You don't need to recommend me to use PHPass, just testing

Edit: Oops... I didn't see your <!-- login functions bit at the top -->

This is unfinished, but does this look safe enough to upload images? <?php class file_upload{ public $err = array(); public $msg; function image($field_title, $base_dir = "../images/", $force_title = false){ //Set file path and filename if($force_title){ $img = $force_title; }else{ $img = basename($_FILES[$field_title]['name']); } $target_path = $base_dir.$img; $f_info = getimagesize($_FILES[$field_title]['tmp_name']); $mime = $f_info['mime']; if($mime == "image/jpg" || $mime == "image/png"){ //Remove image if it already exists if(file_exists($target_path)){ unlink($target_path); }else{ $return = false; $this->err[] = "Error unlinking existing image (ER100)"; } //Upload if(move_uploaded_file($_FILES[$field_title]['tmp_name'], $target_path)){ $this->msg .= "Image uploaded"; $return = $img; }else{ $this->err[] = "Error uploading image (ER101)"; $return = false; } }else{ $this->err[] = "Cannot upload file of this type (ER102)"; $return = false; } $this->compile_errors(); return $return; } function compile_errors(){ $this->err = implode(", ", $this->err); } } ?>

Good answer thanks Sounds like I will check the mime type AND disallow execution of scripts with .htaccess to be safe. Tbh I think you've answered my question in one fell swoop.