mgoodman

@Andy, I was talking about WebStyle's code, not FatDank's code. FatDank's code is fine, but WebStyle's certainly is not.

That's extremely insecure WebStyles. An attacker could use that to include PHP scripts located pretty much anywhere on the server. (http://yourserver.com/index.php?page=../someotherfile)

PHP can't do that because it doesn't handle the connection; PHP only processes the request. I don't know anything else useful on this subject, sorry I couldn't help you.

As WebStyles said, you have to use $_SESSION. Here's a simplified class that can handle flash messages for you: class FlashMessage { public static function wirte($message) { self::_startSession(); $_SESSION['flash.message'] = $message; } public static function check() { self::_startSession(); if (isset($_SESSION['flash.message'])) { $m = $_SESSION['flash.message']; unset($_SESSION['flash.message']); return $m; } else { return null; } } protected static function _startSession() { if (session_id() === '') { session_start(); } } } To use it you just do this in process_form.php FlashMessage::write('You missed some fields!'); and then do this on login_form.php: echo FlashMessage::check();

Then you'll have to use PHP. It shouldn't be a problem though. I had a small site where users could upload files and I didn't have any problems with it slowing down. Try it first and then if there's any problems you can go back and fix it up.

You could always use FTP.

You need to do something like this: class User { public $users = array(); public function getAll() { $query = mysql_query("SELECT `username`, `password` FROM `user` ORDER BY `id` DESC"); while($result = mysql_fetch_assoc($query)) { $this->users[] = $result; } } // the rest of your User class code } and then in your switch: case index: $user = new User($connect); $user->getAll(); foreach ($user->users as $userInfo) { echo echo '<a href="#">' . $userInfo['username'] . '<a/><br/>'; echo echo '<a href="#">' . $userInfo['password'] . '<a/><br/>'; } break;

if(isset($_POST['Submit'])) // If the form has been submitted then do this stuff { $contents = file_get_contents('config.php'); // Store the contents of config.php in the $contents variable $var_letters = range('a', 'g'); // Create an array and store it to $var_letters variable. Same as array('a', 'b', 'c', 'd', 'e', 'f', 'g') foreach($var_letters as $letter) // Go through each letter and perform this code { $oldline = '$' . $letter . ' = ;'; // The string that you are searching for ($a = ; or $b = ; or $c = ; etc.) $newline = '$' . $letter . ' = \'' . $_POST[ $letter ] . '\';'; // The string you are going to replace it with ( $a = $_POST['a']; ) echo "Replacing <tt>$oldline</tt> with <tt>$newline</tt><br />"; // Print out a status message $contents = preg_replace('~\$'.$letter.' =.+?;~s', $newline, $contents); // Replace contents (from config.php) with the new line based on the regular expression } file_put_contents('config.php', $contents); // Write the new contents back to config.php } include 'config.php'; // Include the config file Hope that helps.

@op: Perky's code contained some syntax errors. Here's the fixed version: <select name="dropdown"> <option value="value 1" <?php if ($_POST['dropdown'] == 'value 1') echo 'selected="selected"'; ?>>value 1</option> <option value="value 2" <?php if ($_POST['dropdown'] == 'value 2') echo 'selected="selected"'; ?>>value 2</option> <option value="value 3" <?php if ($_POST['dropdown'] == 'value 3') echo 'selected="selected"'; ?>>value 2</option> </select> edit: explanation $_POST['dropdown'] is where the selected value would be stored when the user submits the form. So, for each option the code checks to see if it was selected, and if it was it prints out selected="selected" (which will set that as the "default" option). If that doesn't make sense then let me know and I'll try to explain it differently.

You are going to have to run a query no matter what. If you really wanted to make it more efficient then you could consider using a count query instead of using mysql_num_rows: $query ="SELECT COUNT(*) as count FROM users WHERE username='$username'"; $result = mysql_fetch_assoc(mysql_query($query)); if ($result['count'] > 0) { // username is taken } Since that query only returns a number, it's less information to transmit than if you return the entire row and then perform a count after the fact.

You could do this: $page = (isset($_GET['page'])) ?: 'home'; That will only work with PHP 5.3+ though, so if you are using something lower than that you would have to do this: $page = (isset($_GET['page'])) ? $_GET['page'] : 'home'; After that you just use $page instead of $_GET['page'] in your if statements: $page = (isset($_GET['page'])) ?: 'home'; if ($page == 'home') { // include home page } if ($page == 'someotherpage') { // include some other page } In case you don't know, ? : is called a ternary operator. It's basically like a mini if statement. It does the same thing as this if statement: if (isset($_GET['page'])) { $page = $_GET['page']; } else { $page = 'home'; }

Well you're going to have to query for those 25 users eventually. Maybe you should try some simple caching for 5 or 10 minutes. I'm sure that the user list doesn't have to be completely accurate all the time, does it? You could do a simple file cache where you generate the HTML needed to display the user list and then save that in a file. Let's say you have something like 15 requests per second, if you do those 25 queries for each request then over the course of 10 minutes you've performed 15,000 queries. However if you queried the information and stored it in a cache for 10 minutes then you are down to 25 queries per 10 minutes.

Well as your title suggests you've figured out that you need to use preg_replace. Try this: $contents = file_get_contents('config.inc.php'); $regex = array( 'expressions' => array( '/\$db_host = \'\';/', '/\$db_user = \'\';/', '/\$db_pass = \'\';/' ), 'data' => array( '$db_host = \'' . $_POST['host'] . '\';', '$db_user = \'' . $_POST['username'] . '\';', '$db_pass = \'' . $_POST['password'] . '\';' ) ); $contents = preg_replace($regex['expressions'], $regex['data'], $contents); // fwrite $contents back to config.inc.php

I see a few problems. You might not have a / on the end of $dirName. You also have "!$path" in there, which which would return false. Without looking at the PHP manual I'm pretty sure that the first argument for mkdir is the path, not a boolean value.

It's hard to tell with that tiny bit of code you've provided. It would be nice to know what $dirName is set to. It would also be nice to know what sort of problem you are having. You just said that "file creation is what's messing [you] up". What sort of problems are you having and can you post the code that defines $dirName? Also, have you set the working directory to the correct one for the index.html file you're trying to copy?