Agold

Exactly what I needed. Thanks man. Requinix, thanks for pretending like you knew what the problem was and then being an asshole about it.

Indeed I do, but this code does not fire: $qry = "SELECT * FROM userBars WHERE barName="$ename""; $result = mysql_query($qry); Nor does this code: $qry = "SELECT * FROM userBars WHERE barName="'$ename'""; $result = mysql_query($qry); This code fires but the query result comes up blank: $qry = 'SELECT * FROM userBars WHERE barName="$ename"'; $result = mysql_query($qry); So please, enlighten me here cause I'm lost as to how I properly syntax the query so that apostrophes will not interfere. Only this code fires and brings back the right result as long as there are no apostrophes: $qry = "SELECT * FROM userBars WHERE barName='$ename'"; $result = mysql_query($qry);

I should have noted that these were just examples. Say I pass in the data of $ename from a form. That form allows the user to create any sort of name with any sort of characters. I then use $ename to dynamically query based on that original data from the form and it fails because there are apostrophes. If I just force $ename with a string with apostrophes, it fails. What I mean to say is that if there are any apostrophes in the $ename variable, the query seems to fail. But if I do the same query using a name with apostrophes in mySQL directly, it succeeds.

So I've slowly noticed that thinks like apostrophes and such will cause mySQL queries to fail when going through PHP? I believe it probably has something to do with escaping and magic quotes? For instance, see this code: $ename = "Jakes"; $qry = "SELECT * FROM userBars WHERE barName='$ename'"; $result = mysql_query($qry); if($result){ echo "success"; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "Name :{$row['barName']} <br>" . "ID : {$row['barID']} <br>" . "Address : {$row['barAddress']} <br><br>"; } }else{ echo "Error"; } That work fine, but say it's spelled "Jake's" in the database, that appears to fail every time. It's got to be something PHP is doing because if i just query the database like so: SELECT * FROM userBars WHERE barName="Rick's" from database console, it works just fine and I see the entire row. Anyone have any clue what's going on here?

Well I figured out I could just add the file tree and variable together in a variable called $dir and then just pass that into mkdir. Fixed.

Pretty simple I would think but I'm unsure on the syntax. I have a variable, $ename. It's actually data from a form that I pass to said variable. What I want is to then in turn use this string in a mkdir() function. Something like mkdir("dir/folder/$ename/"); Obviously that doesn't work. I'd imagine I have to use some sort of . syntax.

Fixed, I've been confused by what session_start does I guess. I did not include it in this script thinking it restarts the session, but it appears it doesn't continue the session if I don't include it in every script? I should have known as the auth.php script has session start in it as well.

Hmmm something must be going on with the session because when I echo it after running the script, it's set to 0.

I've had it set to both int(11) and char(11), neither seems to work.

Here's my login script: <?php //Start session session_start(); //Include database connection details require_once("$DOCUMENT_ROOT/../SQLlogin.php"); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: client_login.php"); exit(); } //Create query $qry="SELECT * FROM clients WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: client_homepage.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Everytime I echo $_SESSION['SESS_MEMBER_ID'] i get the member id, but for some reason it doesn't want to enter it in the query.

session_start is only called at the log in page, I then use an auth.php script at the beginning of each client page to ensure the user is logged in and a session is running. I modified the code as you stated and I still have the same problem. I even just changed the MySQL field to a char and I still get 0. This is really baffling me right now. I have the member_id echo'd at the top of the form just to be sure it's there in the session.

Alright so I have a database table of users set up that creates a unique member_id for each new registered user. I then have a second table that stores data entries that also has a member_id field. When the users are logged in, they can enter a new entry into this second table. The problem I'm having is that when the entry is written into the database, the member_id field always comes up as "0." I'm using the session variables to pass the member_id to the query. Here's the code: //Create Member Session Variables $memberID = $_SESSION['SESS_MEMBER_ID']; //Create INSERT query $qry = "INSERT INTO userBars(member_id, barName, barAddress, barCity, barState, barZip) VALUES('$memberID','$ename','$street','$city','$state','$zipcode')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query failed"); } When I echo the $memberID var I do in fact get the member_id, but when this script writes into the database, the member_id field is always set to "0." Anyone have any ideas as to why this might happen?

Alright, first off, I'm fairly new to this aspect of web design. While I have been messing around and designing sites using your basic HTML/CSS/Flash for some time, I've decided to get into the more serious aspects of web design. As of right now, I'm using a fairly basic webhosting service that doesn't give me full administrative permission to MySQL because, as far as I can tell, the databases reside under their super-database and not on your actual allotted server. This creates a problem with creating a true MySQL database in which you set up users for their given tables you want them to be able to edit. Let me remind you here again that I am faily new to this aspect of web design, so maybe no one actually runs their databases in this way. My work around is to have the first table be the user/password table and only have a singular script that I call up every time my forms need to modify a table. I hide this small connection script in the root folder of my server where it is not viewable and just call it into my php scripts using 'include()' or 'get_file_contents.' What I'm asking here I guess is if this method is secure? And if anyone has any other ideas as to how to go about creating this database. Thanks in advance!