ginerjm

HTH!

The security that 'we' as developers are concerned about is 'hacking of input from the client'. Not from our own processes! So the whole question of yours is pretty well moot. IMHO - Any output from a function should be validated during the process of that function and that function should return the proper result so the caller doesn't have to handle it. A simple check on the result of the function call s/b totally sufficient to handle the continuation of your main stream process. if ( !GetSomeInfo($arg1,$arg2,$msg) if ($showerrors) { echo "Error occurred - cannot continue - message is $msg"; exit(); } where $showerrors is only true during development.

Good luck. You came for help. I don't feel I've helped you and I presume you have left the building. I feel sad. Again - good luck.

Whatever page any login process lands you on can easily be customized if you just have the user id that just logged in. If it's your login page then you can easily pass the user id thru a session var and then use it to customize your 'real' page.

But when you start reading an ini file, you may as well be querying a db.

actually you haven't learned. Yes you wrote some rudimentary php code but it is flawed. Besides the intermingling of html and php code needlessly, you did not read the entire manual page covering setcookie. If you had you would realize that you cannot set a cookie and 5 lines later check for its existence. Cookies are not 'real' until the page has refreshed. And I'm pretty sure you didn't read all the documentation since your cookie is malformed to begin with. And to top it all off the html you are outputting for your image display is also bad.

The longer one looks the simpler the error turns out to be.

Yes that works as long as you are comfortable with the possible exposure of that value. As I said I've never seen DW. A couple friends who have used it though and who are new to this whole environment do use it and in our conversations the concepts they are dealing with are just so foreign to me that we tend to have difficulty communicating. My impression is that DW has a way of arranging things and doesn't let you freely determine where things go and how projects/folders are organized on your site. I'm used to having complete control over my site (and I do use 'control') and not having an IDE tell me where to put things.

As Chocu3r said "From the pseudo code below...". What you wrote is NOT code. You simply echoed the 'pseudo code' he wrote. Do you not know the meaning of 'pseudo'? You really need to learn how to write php. That means reading. And reading some more. Did I mention learning?

My use of the word token was simply to indicate "some piece of data". Perhaps you don't (or shouldn't) use the userid as the identifier, but some other 'code' that you create for each user and maybe store in the db where the login credentials are stored. The token that DW passes may not be the thing in this case, altho I don't know anything about dw other than it makes things tricky for newbies doing their first projects I've been told.

the key to solving this was reading the code with a practiced eye looking closely at it. Programmers are always doing this and sometimes even the best need to walk away and clear their minds in order to see the forest thru the trees.

Your first post did not mention that you did not know how to program. Try to be a little more informative in your next post - of which I'm sure there will be many as you embark on learning how to write PHP scripts.

Thousands of strings? And how do you make sure that they are current? What happens when visitor A arrives and the current set of the strings is read and stored. Every body after that sees the same data. But what about when you must alter some strings - how do the users see that updated info without you destroying the current copy of the settings? Really? "Thousands of strings"? And you don't have a paid consultant working on this design for you?

HUH? I didn't say to dump your db - I said to not use the MySQL_* functions of php.

How are you tracking visitors? With a login process perhaps? You have to know some way of who's who, unless you simply want to track the ip address, which won't be at all accurate. So - you log someone in. If they already existed, you change the background on the next page load. Simple?

I really don't think you want to "store ... in the environment". Between the db and the SESSION array, there is no need to do anything else. By environment I think you mean something like an .ini file. But why? Unless you have the world's worst db connection the speed of a db query and the transfer of any application specific settings to an array in the SESSION array is immediate. A simple check for the array right after your session_start call will tell you if you have to do the query or not. In case you are not familiary here's an example: $_SESSION['appl_vars']['name'] = "My Application Name"; $_SESSION['appl_vars']['setting1'] = 'my setting #1'; $_SESSION['appl_vars']['setting2'] = 'my setting #2'; etc. etc. In each of your scripts you would have this: session_start(); if (!isset($_SESSION['appl_vars'])) { include($my_php_path."GetApplData.php"); GetApplData(); }

You will not be writing 'private user pages'. You will be writing a set page that handles a specific user by getting his id and using it to pull together the 'dynamic' data and then outputs that in a web page containing static things like appl name and button options as well as the php-built divs (?) containing each set of docs that the user owns. One page - many users. "over the next few weeks"? I know you are a noob but this really is not that complex. Get familiar with how to create sql tables and then read up on using pdo as your db interface (do not use MySQL_* functions. Check the manual to see why). Be sure to use prepared queries!! Write your file upload page - a good start actually - and do it safely. Get some opinions after you have it working. Then use the glob() function to take the userid and seek all the files for him/her and create the needed html for each result and then output it all. Do not get in the habit of mixing tons of html with php code. The beauty of php is that you can use code to get those filenames and build a chunk of html into a single php var. Then you simply place that var inside your main html ( function perhaps?) so that when you output all your html (headers, names, backgrounds, etc.) you will also output the contents of that var (or vars). Too many beginners like to mingle html and php results and more html, and repeat. Not good practice and hell on reading and understanding it later. Of course I have the time - I'm retired!

You really need to read before writing code. You are doing your querying all backwards. The best approach (IMHO): $sql = "my query statement"; $qresults = mysqli_query($link,$sql); while ($row = $qresults->fetch_array() { (handle the contents of this result row) } You have shown two examples of your misunderstanding where you try and process data that you never queried. First you write, second you execute, third you play with the results.

Create a naming convention using the userid (or some token) for all your docs and store them with that token as a prefix to the name. Use a tree of folders that divides them into the various types of files you will expect to host and display. Then when user logs in use their id (or token) and pull together all the files in all those folders using that id as a search argument. Build your user's web page using these items. Fancy touches - make thumbnails for the initial user page display with links around them to take them to a full-size image. I'm sure you can find several good examples file uploading to use - just be sure to get a decent, modern one using adequate security precautions.

You really should learn how to plan your coding to keep the logic (the php stuff) separated from the presentation (the css/html stuff). Your script is too hard to decipher the way it is assembled now. I use functions to display my output. Usually just one but sometimes more than that. In that function I have php vars that display the dynamic data of that page (built in the php section and passed into this display function), but all the static html and css code is there, or is included there. No need for any of this to suddenly appear in the middle of your php code.

I would put the users into a table in a separate db and search that db for the user in the table and use the db name stored in his entry. Search one db and then connect to the one specified

I doubt you will find help for that in the manual. You simply missed a bracket somewhere.

I did so to show the OP his mistake. I also pointed out and asked the question - Why are you doing this - which is what you have also now posted.

Your foreach looks bad. You get a row of 3 fields and then you create an array that will yield this array : array('label' = 'name1,name1,name1','value' = 'name1'),array('label' = 'location1,location1,location1','value'='location1'),array('label'='address1,address1,address1','value'='address1')) for each row in your query results and then you return that. I think you want: while (list($name,$loc,$addr)= mysqli_fetch_array($result, MYSQLI_NUM)) { $data[] = array('name'=$name,'loc'=>$loc,'addr'=>$addr); } Of course all you are doing here is taking one array ($result - although technically it's called a resource) and turning it into another array($data). What's the point of that?

Things that make no sense. 1 - spawn an email child. 2 - click a mailto href 3 - insert.... into a form's textarea field (for what purpose?) How about telling us what you are trying to do?