ginerjm

I meant 'why NOT do the dump before the query'.

Along with mac_gyver's great post let me re-enforce something he alluded to: NEVER STORE A PASSWORD IN ANY WAY, SHAPE OR FORM. You use a password to interrogate your authentication table and once used you discard it. Create a token or simply use the username (key) to keep track of the user's status. One doesn't need the password. If you need anything else from the login process store some token or the actual 'something' but NEVER SAVE THE PASSWORD! Storing a password value only leaves you open to some malicious activity where you inadvertently leave yourself vulnerable or where some other vulnerability in the system allows a hacker to see what you have saved.

Sounds like your query failed to produce the resulting object you expect. Why do the dump before you run the query?

So now you can see how the reference to the multiple files fields should be done, thanks to cyberRobot's post. It still doesn't change the fact that once you get these images you shouldn't be storing them in a table, but rather in a folder for direct reference when needed. Design your own storage scheme and stick to it.

Are you getting any error from your query? Do you have php error checking turned on? I've not done it so I have to ask - are you sure that you can upload multiple images using the array format for the name attribute in your html? If you can you need to add another index to that name, [0],[1],[2] I think. And finally - storing of images in a db is not the recommended way. An image is a large object that can stand on its own as long as you know the name (which you do) and the location (which you do). One simply grabs it for display purposes using the info in the db that points to it. No need for the overhead of storing and retrieving it from the db.

No. You got a better result. This time you show a string that apparently contains 17 printable chars, as the var_dump told you. As Barand pointed out, your previous test showed only 10 printable (visible) chars, yet var_dump said there were 17 actual chars in the content. So - why are you getting non-printable chars in your input?

I would think that if someone logs in while selecting the remember box checkbox, that is when you save the cookie. You always save any specific login info that your appl will need later on that session, but you won't always save a cookie (probably holding the userid only). If the user logs in without checking the remember me box, then you simply don't save a cookie. I imagine the cookie would have some application-specific name to it.

Since, as I understand it, session data is stored on the server, and in order for a hacker to get to it he would first have to have the id, how does using a static id (set in your 'secure' function) make it more difficult to hack the session data what with everyone running with the exact same id?

Close, but no cigar. Only post the code in the box, not your text. And try and isolate your problem to the relevant code and only give us that much. Is "start_secure_session" something that you have written? I don't find it in the manual is why I ask. Does it return a value that s/b checked?