ginerjm

Since, as I understand it, session data is stored on the server, and in order for a hacker to get to it he would first have to have the id, how does using a static id (set in your 'secure' function) make it more difficult to hack the session data what with everyone running with the exact same id?

Close, but no cigar. Only post the code in the box, not your text. And try and isolate your problem to the relevant code and only give us that much. Is "start_secure_session" something that you have written? I don't find it in the manual is why I ask. Does it return a value that s/b checked?

Are you going to write an appl to handle this thing? When you say templates do you mean multiple (as in many) unique layouts for a final product into which you wish to plug varying and different numbers of values into? With a little practice and experimentation you could use a php script and FPDF to create your tmeplates and have the script read in your csv file and post the values into the template very easily.

True. You have 3 args in your call to prepare. So why is that? Check the manual and you'll see what the proper format is. http://us2.php.net/manual/en/pdo.prepare.php PS - What is $this in your Redeem function? You don't have an object in there to make your call to db->prepare with.

Actually your code is kind of a mess. You don't do any checking to see if any of your inputs are set. You don't validate or sanitize them. and you don't handle the errors that will arise from your script as it is now written. I've taken the liberty to re-arrange your code and to structure it a little bit to make the whole thing a bit easier to comprehend. I added error checking (ALWAYS TURN IT ON!!!) so you can see the problems you have. NOTE HOW I HAVE ALSO POSTED THIS CODE USING THE FORUM-MANDATED CODING TAGS. PLEASE USE THEM NEXT TIME. <? /* * * */ //*********************** error_reporting(E_ALL | E_STRICT | E_NOTICE); ini_set('display_errors', '1'); /*SET THIS RIGHT BELOW AS THE FORM RECIEVING EMAIL*/ $webmaster_email = "__________@gmail.com"; /* This bit sets the URLs of the supporting pages. If you change the names of any of the pages, you will need to change the values here. */ $feedback_page = "feedback_form.html"; $error_page = "error_message.html"; $thankyou_page = "thank_you.html"; //***************** // Begin //***************** //***************** // if (!isset($_POST['btn'])) { DisplayPage(); exit(); } if ($_POST['btn'] == 'Submit') { /* This next bit loads the form field data into variables. If you add a form field, you will need to add it here. */ /* First section of variables are for the Items/Food */ $food1 = $_POST['food1'] ; $onefudgebrownie = $_POST['onefudgebrownie'] ; $food2 = $_POST['food2'] ; $fouritalianbiscotti = $_POST['fouritalianbiscotti'] ; $food3 = $_POST['food3'] ; $foursoftchewychocolatechipcookies = $_POST['foursoftchewychocolatechipcookies'] ; $food4 = $_POST['food4'] ; $fourcapecodcranberryoatmealcookies = $_POST['fourcapecodcranberryoatmealcookies']; $food5 = $_POST['food5'] ; $oneloafofartisanfrenchbread = $_POST['oneloafofartisanfrenchbread'] ; $food6 = $_POST['food6'] ; $sixkaiserdelirolls = $_POST['sixkaiserdelirolls'] ; $food7 = $_POST['food7'] ; $sixsofthamburgerrolls = $_POST['sixsofthamburgerrolls'] ; $food8 = $_POST['food8'] ; $sixfiveinchsubrolls = $_POST['sixfiveinchsubrolls'] ; $food9 = $_POST['food9'] ; $twelvetwoinchsliderrolls = $_POST['twelvetwoinchsliderrolls'] ; $food10 = $_POST['food10'] ; $foursnkickerdoodlecookies = $_POST['foursnkickerdoodlecookies'] ; $food11 = $_POST['food11'] ; $onecolossalcinnamonstickybun = $_POST['onecolossalcinnamonstickybun'] ; $food12 = $_POST['food12'] ; $onedeliciouswhoopiepie = $_POST['onedeliciouswhoopiepie'] ; $food13 = $_POST['food13'] ; $fourislandcoconutmacaroons = $_POST['fourislandcoconutmacaroons'] ; /* This second section of variables are for the Shipping/Customer Info*/ $shippinglastname = $_POST['shippinglastname'] ; $shippingfirstname = $_POST['shippingfirstname'] ; $telephonecell = $_POST['telephonecell'] ; $emailaddress = $_POST['emailaddress'] ; $breifdescript = $_POST['breifdescript'] ; // If the user tries to access this script directly, redirect them to the feedback form, if (!isset($_POST['email_address'])) { header( "Location: $feedback_page" ); } // If the form fields are empty, redirect to the error page. elseif (empty($email_address) || empty($comments)) { header( "Location: $error_page" ); } // If email injection is detected, redirect to the error page. elseif ( isInjected($email_address) ) { header( "Location: $error_page" ); } // If we passed all previous tests, send the email then redirect to the thank you page. else { mail( "$webmaster_email", "Feedback Form Results",$comments, "From: $email_address" ); header( "Location: $thankyou_page" ); } } //****************** echo "Unhandled button "; exit(); //****************** //****************** //****************** /* The following function checks for email injection. Specifically, it checks for carriage returns - typically used by spammers to inject a CC list. */ function isInjected($str) { $injections = array('(\n+)','(\r+)','(\t+)','(%0A+)', '(%0D+)','(%08+)','(%09+)'); $inject = join('|', $injections); $inject = "/$inject/i"; if(preg_match($inject,$str)) { return true; } else { return false; } } function DisplayPage() { $code=<<<heredocs <form action="send_mail.php" method="post"> <table align="left"> <tr> <td> <input type="checkbox" name="food1" value="" /> 1 Fudge Brownie</td> <td><input style="color:#000000" type="number" name="onefudgebrownie" /> </td> </tr> <tr> <td> <input type="checkbox" name="food2" value="" /> 4 Italian Biscotti </td> <td><input style="color:#000000" type="number" name="fouritalianbiscotti" /> </td> </tr> <tr> <td> <input type="checkbox" name="food3" value="" /> 4 Soft & Chewy Chocolate Chip Cookies</td> <td><input style="color:#000000" type="number" name="foursoftchewychocolatechipcookies" /> </td> </tr> <tr> <td> <input type="checkbox" name="food4" value="" /> 4 Cape Cod Cranberry Oatmeal Cookies</td> <td><input style="color:#000000" type="number" name="fourcapecodcranberryoatmealcookies" /> </td> </tr> <tr> <td> <input type="checkbox" name="food5" value="" /> 1 Loaf of Artisan French Bread. </td> <td><input style="color:#000000" type="number" name="oneloafofartisanfrenchbread" /> </td> </tr> <tr> <td> <input type="checkbox" name="food6" value="" /> 6 Kaiser Deli Rolls </td> <td><input style="color:#000000" type="number" name="sixkaiserdelirolls" /> </td> </tr> <tr> <td> <input type="checkbox" name="food7" value="" /> 6 Soft Hamburger Rolls</td> <td><input style="color:#000000" type="number" name="sixsofthamburgerrolls"/> </td> </tr> <tr> <td> <input type="checkbox" name="food8" value=""/> 6 5 sub rolls</td> <td><input style="color:#000000" type="number" name="sixfiveinchsubrolls"/> </td> </tr> <tr> <td> <input type="checkbox" name="food9" value="" /> 12 2" slider rolls</td> <td><input style="color:#000000" type="number" name="twelvetwoinchsliderrolls"/> </td> </tr> <tr> <td> <input type="checkbox" name="food10" value="" /> 4 Snickerdoodle Cookies</td> <td><input style="color:#000000" type="number" name="foursnkickerdoodlecookies"/> </td> </tr> <tr> <td> <input type="checkbox" name="food11" value="" /> 1 Colossal Cinnamon Sticky Bun</td> <td><input style="color:#000000" type="number" name="onecolossalcinnamonstickybun"/> </td> </tr> <tr> <td> <input type="checkbox" name="food12" value="" /> 1 Delicious Whoopie Pie</td> <td><input style="color:#000000" type="number" name="onedeliciouswhoopiepie"/> </td> </tr> <tr> <td> <input type="checkbox" name="food13" value="" /> 4 island coconut macaroons</td> <td><input style="color:#000000" type="number" name="fourislandcoconutmacaroons"/> </td> </tr> <tr> <td>Comments/Special Requests:</td> <td> <textarea rows="10" cols="50" name="comments" style="color:#000000" ></textarea> </td> </tr> </table> <br></br> <!--Shipping info/Personal Info Table --> <h3 align="left"> Shipping Information </h3> <table align="left"> <tr> <td>Last Name:</td> <td> <input style="color:#000000" type="text" name="shippinglastname" value="" maxlength="15" /> </td> <td>First Name:</td> <td> <input style="color:#000000" type="text" name="shippingfirstname" value="" maxlength="10" /> </td> </tr> <td>Telephone/Cell.:</td> <td> <input style="color:#000000" type="text" name="telephonecell" value="" maxlength="100" /> </td> <td>Email Address:</td> <td> <input style="color:#000000" type="text" name="emailaddress" value="" maxlength="100" /> </td> </tr> <tr> <td>Brief description of location on the lake:</td> <td> <textarea rows="10" cols="50" name="breifdescript" style="color:#000000"> </textarea> </td> </tr> <!--SUBMIT BUTTON --> <tr> <td> </td> <td> <input type="submit" name='btn'value="Submit" style = " background-color:#87D163; -moz-border-radius: 5px; -webkit-border-radius: 5px; border-radius:6px; color: #fff; font-family: 'Oswald'; font-size: 20px; text-decoration: none; cursor: pointer; border:none; submit:hover { border: none; background:#000000; box-shadow: 0px 0px 1px #777; }" /> </td> </tr> <!--SUBMIT BUTTON end --> </table> </form> heredocs; echo $code; return; } I also changed your code to use $_POST instead of request. Request is not recommended.Try running this and see what happens.

Actually I don't think it is re-directing. Your script starts off with all your html being output before it does any php. You can't execute a header command at that point. Turn on php error checking and do your php before you send any html output. See what you get then.

Your connection var is NOT defined at the top of your class, hence my comment. It is defined as a local var within your constructor and nowhere else, hence again why things aren't working. Meanwhile, you still have a lot of code to correct to utilize the mysqlI_ extension instead of the old MySQL_ one. You can't mix the two you know.

I asked for a 'snippet'. Not the whole code.

Can you show the snippet that "works without $disp.>". It would be very interesting to see what you think is working.

Why don't you show us that code that fails.

Your is so much coding for such a simple process..... Anyway the problem is your class is not well thought out. In your query function where you try to execute a query, where is $myconnection defined? Hint: Not in that function.

echo displayTomorrow() has to fail as you've showed it. It has to be written just like your displayToday call. Question. Why the extra braces in each of your methods?

My final saying on this post. You are choosing to IGNORE what Psycho told you - a guy with over 10k posts! - and proceeding to waste your time developing for a flat file system that will NOT be able to be used in the fashion I described for you, which YOU YOURSELF thought was awesome. Really? Tell me you aren't going to be silly about this.

Yes of course it's possible - not likely tho. If I were doing this, I would do it this way: 1 - store each day's post(s) in a db table with the date as the key field. Or perhaps, the date and a sequence number if you wanted to have multiple posts per day ie, multiple records per day. 2 - use php to build a dynamic dropdown to select the available month/year posts 3 - use a second dropdown built with ajax to show the available days for the month/year selected in #2 4 - use ajax again to then show the post(s) for the specific day selected in #3. No nav bar cause it's not really (imho) navigation, but merely selection. I don't think you want to put any references to individual posts in a nav bar or immediately in a dropdown. You're probably going to have way too many posts to be able to present them to the user that way. Let the user drill down to the item he wants to see. Of course when the page is first displayed, I'd actually show the user the current day's post and then he/she can use the dropdowns to move to a different one. Maybe even a button to automatically go back one day and another button to go forward one day.

Didn't follow all the of the code - too much to piece together since we don't know how they are connected. But - have to ask - what exactly is a <piece> tag? I do not see that listed in my html reference (incl. 5).

<?php echo "<img src='user/" . $log_username . "/" . $main_image . "' width='130' height='150' id='pic5'/>"; ?>

Your error (which I've never seen) is not a php error. If that is JS code next to the message above, perhaps you should post on the js forum

no difference, therefore I don't think you HAD to change that code. I don't know what you are defending in your code. The fact that you do two fetches in a row to different vars is puzzling. No reason, especially since you only have one record to be fetched.

Makes no sense. Talk about 'less code the better'. That code is meaning-less unless you are actually expecting input from a GET at some point in this limited script's lifetime.

You should NOT have removed the value attribute. You need it! You need to develop good habits and that is one of them. What will you code up when you create a form that is supposed to give the user two actions that can be done? Both (un-valued) submit buttons will have the same default label, but your intent is to have them do different things. Without meaningful labels they are indistinguishable and your php script will not know what to do. As for using request_method that too is worthless since you won't know which button was clicked with that code. My code is very correct. It will only respond to a POST method since there won't be any POST values if the method was not a post. Why check request_method if I'm looking for post vars - THAT would be a waste of code.

Your submit field had no value clause, so what does the submit have for a value when it comes in? And when checking for the submit you should be checking to be sure that it is the button you expected, regardless of whether there is only one, imho. This is standard practice to ensure you are handling the form correctly (in all situations) and to ensure that what you are getting is what you expect.

not bad if it's your first effort. Judging from what we can see here: 1 - you should use quotes around array indices such as $cinf[quantity]. 2 - you do the bindvalue of quantity as a string - why not an int? 3 - you grab the first row of your query result then you grab a second row but you limited the results to only 1. Wassup with that? You should be checking the results of your query executions before doing anything with the results to ensure they ran. You should also have php error checking turned on, but it may just not be shown here.

Many confusing things in your code, so I cleaned It up so I could read it, but I still don't understand what your goal is. Pleae note the changes I made. <?php error_reporting(E_ALL | E_STRICT | E_NOTICE); ini_set('display_errors', '1'); $error_msg = ''; if (isset($_POST['submit'] && $_POST['submit'] == 'Submit')) { if (isset($_POST['fax'])) { $option = $_POST['fax']; if ($option <> 'interfax' && $option <> 'metrofax') { $error_msg = "invalid fax choice"; } } else { $error_msg = "Fax choice not made"; } // switch ($option) { case 'interfax': $file = "fax.php"; //$fax_client = "interfax"; // already have a value for the above $faxmsg = "?????"; if(file_put_contents($file,$faxmsg)) echo "$option Successful"; else die("$option Can't write file"); break; // By defualt all the orders go to metrofax so by selecting the variable it resets it self case 'metrofax': $file = "fax.php"; // $fax_client = "metrofax"; // $faxmsg = "<?php ".'$fax_client = "' . NULL . '"'."endphp"); // You are already in php mode, so no idea what this is supposed to do. file_put_contents($file,$faxmsg); if(file_put_contents($file,$faxmsg)) echo "$option Successful"; else die("$option Can't write file"); break; } } echo $error_msg; ?> <!-- --> <!-- --> <!-- more html preceding this I hope --> <!-- --> <!-- --> <form method="POST"> <input type="radio" name="fax" value="interfax">Switch To Interfax<br> <input type="radio" name="fax" value="metrofax">Switch To Metrofax<br> <input type='submit' name="submit" value='Submit'> <!-- --> <!-- --> <!-- You need an end form tag --> <!-- --> <!-- --> <!-- --> </form> (more html???) 1 - check for a submit button , not a request method2 - add a value to the submit button 3 - radio buttons must all be grouped under the same name otherwise you will have two values. 4 - you need an end of form as well as much more html 5 - ALWAYS DEVELOP WITH PHP ERROR CHECKING ON ! So - what are you trying to write to that fax.php file? Actual php tags?

Actually for your example, you don't need to include the ip. The link will work with just this: <link rel="stylesheet" href="/main.css" type="text/css">

Not by any means an OOP guy, but I have the basic understanding to say this. When designing a class you look for the common denominators of the thing(s) that you are creating it for. If everything you know about your objects can produce a set of properties and methods that are the same for all, then those are things in your "starting" class. When you start to say to yourself - ok, I need to handle b,c,d differently that's when you start to identify a subset of properties and methods for those things and create a sub class that a) inherits the base functionality from the first class and b) adds some new functionality for the new oddballs. You don't begin to modify the methods of the main parent class to accommodate, but rather build a new object that is more flexible. That is polymorphism wherein you morph your object by adding new features to the child class which "extends" the overall functionality of the first class. (Extends - as in "Class mynewclass Extends OldClass"). The key is to recognize ALL the properties and actions that the set of things has in common so that you don't duplicate method/props in a second class. I'm sure you will get many responses to this post now, with many telling me I'm way off base ( I don't think so) and others giving you a more detailed, technical oriented description, but IMHO I think I have given you some food for thought on how to proceed.