Philip

if ($gender = "Male"){$gender == "his";} Your first if statement still has just one '=', looks like you got the 2 mixed up. Try: if ($gender == "Male"){$gender = "his";}

Is your data in the database 'Female' and 'Male' and not 'female' and 'male' (or something similar)? Just a quick reformat of how I'd format your current code. <?php require 'connect.php'; include 'header.php'; include 'headin.php'; if(!isset($_COOKIE['member_id'])) die('You\'re Not logged in, please <a href="index.php">go back</a>'); // Escape the ID - remember I could change a cookie and could potential exploit the query $Player = mysql_real_escape_string($_COOKIE['member_id']); $Query = "SELECT * from Users where ID='$Player'"; $Query2 = mysql_query($Query) or die("Could not get user stats"); $User = mysql_fetch_assoc($Query2); // I never recommend placing the password (even hashed/encrypted) into a cookie. if($_COOKIE['password'] !=$User['Password']) die('It seems you have an incorrect password! please <a href="index.php">go back</a>'); // I'd change it to the following switch statement, cleaner code // and using an array - its just a lot cleaner IMO switch($User['Gender']) { case 'Male': $gender['p'] = 'his'; $gender['s'] = 'he'; break; case 'Female': $gender['p'] = 'hers'; $gender['s'] = 'she'; break; default: $gender['p'] = 'theirs'; $gender['s'] = 'they'; break; } echo $User['Gender'].'<br>'; echo $gender['s']; // singluar echo '<br>'; echo $gender['p']; // plural ?>

Did you try print_r($data) on the first page? Did you do any changes to your browser, or to the .ini ?

$5 says CV reads this thread just because it asks for a genius.

Pretend this post doesn't exist.

There isn't a wrong or right way to do this. I'd suggest looking at your code, figure out more efficient ways of doing it - think outside the box (or at least on the edge of the box.) Try OOP designs if you haven't already. That seems simple enough, to check permissions and such, are there specific questions you had with that?

if(in_array(strtolower($ibforums->member['name']), array('gayner', 'burley'))) {

I've been watching this thread, and now I'm going to jump in. Just because one person (in this case, a large corporation) does something, doesn't automatically mean you should do the same. It seems like a lot of people just look to see what the big whigs do and think its what they should, but that disregards innovation, knowing your audience, hell even best practices. Innovation, if you're copying what they big sites do, what is going to make you stand out? Knowing your audience, if you know that all you users are going to have X browser with X settings (such as an intranet setting), then sure you can design/program for that one browser. Otherwise, you should always be prepared for things to break with different settings (such as JS turned off, or non-existent.) Best coding practices, see point before. Take a look at another one of Google's prized babies: GMail. You have the rich experience with JS, and then you have the option to load a Basic HTML version, where you can access it on slower connections, or if you don't have a capable browser. Seriously, here's an example: I visit your site on a netbook with a slow wireless connection. Sometimes I'll turn off JS because a lot sites have craploads of unneeded JS to save loading time. If I came to your site with JS disabled, and nothing worked, I doubt I'd go back. In all seriousness, first impression for me is everything, and if your site doesn't do shit, why should I waste my time and come back later? As said before, JS is meant to enhance the user's experience. Sorry if I started rambling, I'm tired, haha

if(in_array($ibforums->member['name'], array('gayner', 'burley'))) {

This is what I've done in the past, using $ERROR as an array of any errors they had... <?php if(!empty($_POST)) { // do your processing... if(!is_numeric($_POST['num'])) { $ERROR[] = 'Numeric field needs to be numeric'; } if(!isset($ERROR) || empty($ERROR)) { // no errors // send to db or whatever // redirect if wanted } } if(isset($ERROR) && is_array($ERROR)) { echo'Errors:'; foreach($ERROR as $error) { echo $error,'<br>'; } } ?> <form> ... </form>

I typically just reject the form and make them fill it out again. I can't always read their mind, so how do I know they didn't just read the question wrong? Plus, I like making my visitors work for their bandwidth.

Example: UPDATE table SET col1 = val1, col2 = val2, col3 = val3 WHERE id = 3

You're missing a closing bracket for your if ($logged['id']) { header("Location: " . $siteurl . "/index.php"); } else { //... // missing } ?>

See the sticky: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

Well, then your $_SESSION['identity'] is giving you the incorrect values. Check where that session value gets its data

That's a lot of code to even bother to read.... $accept_scout_username = mysql_query("UPDATE scouts SET username='$_SESSION[userName]' WHERE identity = '$_SESSION[identity]'"); $accept_scout_available = mysql_query("UPDATE scouts SET available='0' WHERE identity = '$_SESSION[identity]'"); Change it to this, and see what that outputs $query = "UPDATE scouts SET username='".$_SESSION['userName']."', available=0 WHERE identity = '".$identity."'"; echo $query; // check to make sure it's what you want the query to be $result = mysql_query($query); Also, why do you bother with this if you still used $_SES.... in the query?: $identity = $_SESSION['identity'];

Or just do what you did in your other one, instead of eval.... extract

Why not just pass the data as an array to begin with, wouldn't that just be easier? function newfn(array $data) { foreach($data as $key => $value) { // do whatever... } // whatever here } newfn(array('a'=>'apple', 'b'=>'banana', 'c'=>'carrot', 'd'=>'date'));

Almost correct, no * is needed, because you cannot specify specific columns in a DELETE command. You CAN use a WHERE clause though, both of the following commands are acceptable and will delete every row: DELETE FROM table WHERE 1 -- or, alternatively: DELETE FROM table delete will not entirely clear the table truncate does. In a way yes, but it also depends on the OP's definition of "clear a database", do they just want to delete all the rows, or do they want to completely reset all aspects of it? Remember not every table has an auto incrementing field, so DELETE FROM table might also be a viable solution. Not trying to be an ass to you or anything by all means, just wanting to make sure everyone has their facts straight on what the best solution for the OP's specific solution.

Wrong. It's: TRUNCATE TABLE tableName Wrong. Both ways are acceptable (give you're using MySQL)

Huh? Replace: if(in_array($current_user,$users)&& in_array($current_password,$users)){ with if(isset($users[$current_user]) && $users[$current_user]==$current_password) {

if(isset($users[$current_user]) && $users[$current_user]==$current_password) { // show secret stuff } like that?

Uhh, maybe I just had a long day, but I have no clue what part of the array you're asking for?

Ummm, what exactly are you trying to do?