Minimeallolla

("***/$username.info.php") for example is my filepath/directory.. im pretty sure the filepath is correct.

its a hashed version of my directory for safety

I'm trying to: when the submit button is hit, store data in a file (already created upon registration) and then show the files content. I have a few problems. The file im showing the content of cannot be found \= even though it was created using the same line as this.. if (isset($_POST['submit'])) { $firstname = ($_POST['firstname']); $lastname = ($_POST['lastname']); include ("cookieusername.php"); $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) $filename = "***/$username.info.php" or exit("Unable to open file!"); $handle = @fopen($filename, 'x+')or die(mysql_error()); $content = "lololo"; @fwrite($handle, $content)or die(mysql_error()); @fclose($filename); } include ("***/$username.info.php")or die(mysql_error()); ?>

it doesnt write into the files, the file is created and everything and how would i echo the whole file? if (isset($_POST['submit'])) { $firstname = ($_POST['firstname']); $lastname = ($_POST['lastname']); include ("cookieusername.php"); $filename = "***/$username.info.php" or exit("Unable to open file!"); $handle = @fopen($filename, 'x+')or die(mysql_error()); $content = "lololo"; @fwrite($handle, $content)or die(mysql_error()); @fclose($filename); }

it doesnt echo into the file if (isset($_POST['submit'])) { $firstname = ($_POST['firstname']); $lastname = ($_POST['lastname']); $filename = "***/$username.info.php" or exit("Unable to open file!"); $handle = @fopen($filename, 'x+')or die(mysql_error()); $content = ('$firstname'); @fwrite($handle, $content)or die(mysql_error()); @fclose($filename); }

If i remove the @ infront of fwrite it turns into a function error -.- and no error message comes up the way it is, it just doesnt echo anytihng

if(isset($_COOKIE['ID_my_site'])) { $username = mysql_real_escape_string( $_COOKIE['ID_my_site'] ); $pass = mysql_real_escape_string( $_COOKIE['Key_my_site'] ); $check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pass'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass == $info['password']) echo "$username"; } } if (isset($_POST['submit'])) { $firstname = ($_POST['firstname']); $lastname = ($_POST['lastname']); $filename = "***/$username.info.php" or exit("Unable to open file!"); $handle = @fopen($filename, 'x+')or die(mysql_error()); $content = "nothing i enter here gets inserted into the file"; @fwrite($handle, $content)or die(mysql_error()); @fclose; }

sorry, im really tired \= so just that like? will prevent sql injection? and protect everything? <?php include ("database.php"); // show comments $result = mysql_query("SELECT * FROM gamecomments"); while($row = mysql_fetch_array($result)) { echo ($row['username']) . ": <Br> " . ($row['comment']); echo "<p>"; } ini_set ("display_errors", "1"); error_reporting(E_ALL); if (isset($_POST['submit'])) { $username = mysql_real_escape_string($username); $_POST['comment'] = mysql_real_escape_string($comment); // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } }

Would this work or something like this? need help still \= <?php include ("database.php"); // show comments $result = mysql_query("SELECT * FROM gamecomments"); while($row = mysql_fetch_array($result)) { echo addslashes($row['username']) . ": <Br> " . addslashes($row['comment']); echo "<p>"; } ini_set ("display_errors", "1"); error_reporting(E_ALL); if (isset($_POST['submit'])) { $username = real_escape_string($username); $_POST['comment'] = real_escape_String($comment); // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } } [code]

<?php include ("database.php"); // show comments $result = mysql_query("SELECT * FROM gamecomments"); while($row = mysql_fetch_array($result)) { echo $row['username'] . ": <Br> " . $row['comment']; echo "<p>"; } ini_set ("display_errors", "1"); error_reporting(E_ALL); if (isset($_POST['submit'])) { // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } }

would something like this work? if (isset($_POST['submit'])) { $username = real_escape_string($username); $_POST['comment'] = real_escape_String($comment); // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } }

'[$username]' is using a variable from a cookie varifying that you are logged in, this code works except i need to put real escape strings and protection from mysql injection and dont really know where to put them. if (isset($_POST['submit'])) { // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } } [code]

SOLVED: Characters are only sent in If and Else statements? Warning: Cannot modify header information - headers already sent by (output started at **/login.php:2) in /**/login.php on line 78 Warning: Cannot modify header information - headers already sent by (output started at **/login.php:2) in /**/login.php on line 79 There are no other headers prior to the setcookie script?

1) A bit obvious the whole thing is code. 2) It's not the cookie script itself, its being interfered by another script. I didn't send any text.

i didnt send any text though \=

<body background="homebackground.jpg"> <style type="text/css"> <!-- A:link { COLOR: black; TEXT-DECORATION: none; font-weight: normal } A:visited { COLOR: black; TEXT-DECORATION: none; font-weight: normal } A:active { COLOR: green; TEXT-DECORATION: none } A:hover { COLOR: blue; TEXT-DECORATION: none; font-weight: none } --> </style> <?php include ("database.php"); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) { $username = mysql_real_escape_string( $_COOKIE['ID_my_site'] ); $pass = mysql_real_escape_string( $_COOKIE['Key_my_site'] ); $check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pass'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass == $info['password']) print("<meta http-equiv='Refresh' content='0;index.php' />"); } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) die(' <body background="homebackground.jpg"><center><p><br><p><b> You did not fill in a required field, <a href="login.php"><b> click here to try again.</a></center></b></b> '); // checks it against the database if (!get_magic_quotes_gpc()) $_POST['email'] = addslashes($_POST['email']); $_POST['username'] = stripslashes($_POST['username']); $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) die(' <body background="homebackground.jpg"><center><p><br><p><b> That user does not exist in our database, <a href=add.php><b> click here to Register</a></b></b></center> '); while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) die(' <body background="homebackground.jpg"><center><p><br><p><b> Invalid password, <a href="login.php"><b>click here to try again.</b></b></a> '); else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $_POST['password'] = stripslashes($_POST['password']); $hour = time() + 3600; setcookie("ID_my_site", $_POST['username'], $hour); setcookie("Key_my_site", $_POST['pass'], $hour); //then redirect them to the members area if ($pass == $info['password']) print "you have logged in."; print("<meta http-equiv='Refresh' content='0;index.php' />"); } } } else { // if they are not logged in ?> <?php include ("nav.php"); ?> <center> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1> Log in</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> </center> <?php } ?> <HTML> <HEAD> <link rel="favicon.ico" href="***/favicon.ico"> <title> My site </title> </HEAD> <BODY>