ManiacDan

No, we won't help you hack into a website. Thread closed.

That password is now permanently compromised. If I changed it, he would be lazy and not change it himself. By leaving it here, he's forced to do the right thing.

Change your mysql password immediately, you've posted it on the internet.

You're going to have to be a lot more specific.

What is "it." What are you expecting? What is the error? All we see is a script, we have no idea what your intentions are. function onapi() accepts zero arguments, and therefore your loop at the bottom of your script is useless, onapi() will do the same thing every time. What do you believe onapi() does?

What do you believe this is supposed to do? onapi() will do the same thing every time.

Jesi wins again!

Huh, I've never noticed that. I believe you can say [ code=php ] $a = "testing"; Edit: Eh, no coloring. I still prefer [ php ] for general readability.

You need to use [ php ] tags, and not [ m ] tags.

Because it would include adding a column for it to the "user" table, mostly.

I think CSRF is what she meant, there's no "legitimate" way it's supposed to happen, but it happens. That's why I put the user's create-date as part of the one-way hash. You can't tell what data is in there, and one of the pieces is never available to the user.

A couple more things: The session is controlled by a cookie. Due to this, the session CAN extend past a single browser session, but it's usually unwise to do that. You should NEVER keep information in a cookie that would be bad if a third party received it. Never keep personal information, payment information, passwords, or anything else in the cookies. Also, never ever use a cookie for the user's security role. If you have a cookie called "is_admin," you've done it wrong. What you should be doing is simply using the session for everything. If you need to do auto-logins or "remember me" cookies, they should be set to a relatively short duration (2 weeks is standard) and contain a hash of the userID, user-agent of the browser, IP (if you want), and some secret information available only to your database, like the user's exact create date. That way, nobody can spoof that cookie. So you'll store an auto-login-hash cookie, as well as a user-id cookie. When they go to your site and they don't have the session, but they do have those two cookies, use the user-id cookie to look up the information that should be in the hash. If the cookie hash matches the data you pull from the database and the $_SERVER variable, you can log them in.

That's not the right error for the code you've shown. Why did you remove the periods from that string? What are you trying to accomplish?

Once you get your first IF block set up so it actually calculates 27-31 for $day, then you need to add a special case where the month is february and the day is 29.

Define "not working." What output are you getting, and what are you expecting?

If you use [ php ] tags instead of [ code ] tags, the forums will highlight your code for you. What looks wrong here... echo "\t" . '<td><a href="' . APP_ROOT . 'onlinebanking/viewtransactions.php">. $account['BankAccountID'] . </a>' '</td>' . "\n";

Perhaps fgetcsv

Some other encoding functions won't step on their own toes (and double-encode things), just in case they're called twice. I thought mysql_real_escape_string wouldn't double-encode things, but requinix (privately) told me I would be wrong if I mentioned that. So ignore that bit, I thought there were other algorithms that behaved more intelligently than they do.

Oh no it definitely would, I'm just prejudiced against addslashes because: A) There's always a better solution, addslashes was a hack from back in the day B) Addslashes combined with magic_quotes produced a significant number of threads in the PHP forums while it was still a default, and I got really sick of them

People call it twice because there's no way to tell if it's been called before, and there are built-in features of PHP (or used to be) that did it for you, so people ended up doubling or tripling up on slashes and it was a huge problem. Not so much anymore thanks to magic_quotes being killed, but I still hate it.

jesi, addslashes only seems to cause problems. It isn't self-aware, and calling it twice often irreparably breaks a string. It should be gone in a not-too-distant-future release of PHP.

I think he was being sarcastic, yeah. It's the users' fault, for using quite literally the most flexible and powerful machine humankind has ever built, and expecting it to be easy. With a standard desktop computer, I can decode potentially alien signals from outer space, sequence the human genome, edit a movie, email someone on the other side of the planet, watch movies, listen to music, design a space ship, order food, watch television, organize my finances, do my taxes, buy a new wardrobe, file a car insurance claim, make a website, meet new friends, watch porn, find a sex partner, read about any subject ever investigated by mankind, or even make entirely new programs. And then my mom says "why is this so complicated!?"

My mom is probably the worst sufferer of this disease. She will simply state that there is nothing on the screen if she gets confused. I'll ask "nothing? like, seriously nothing? No letters, no words, no icons, NOTHING? The screen is black?" She'll said "I SAID NOTHING!" in a panicked voice. Sure enough, there's a dialog, blue screen, or just normal content.

The punchline is that if you actually treated a mechanic like that, he'd call you a moron and throw you out. There isn't really a joke, it's just...sad. My brother and I have this argument constantly. He thinks IT guys are elitist assholes for saying "well that sentence doesn't even make sense." Him: Can you look at my computer? When I try to do some of the things, it's slow. Me: Sure. While I'm doing that, can you look at my car? When I make the moves, it doesn't go. Him: Stop being an asshole

I wonder if you'd be less happy with your iPhone after using an android phone for a while. There's just so much more I can do. Do you have a standalone GPS? That's usually the selling point for people, I can actually push a button and say "Navigate to Susan's home" and the lady starts telling me where to turn.