AyKay47

the form tag attribute enctype needs to be set to multipart/form-data and an input tag with type=file needs to be present. You can easily google how to process uploaded files via PHP.

So that you receive help quickly, that would most likely be the scope of a new thread.

Yes they can point to a single database, however you will not want to use a single table for this. Look into studying "database normalization" to get you going on that topic.

Psyco, I believe that you are teaching the OP good debugging practices in your above post so my next comment can most likely be ignored. The reason I pointed the OP to the mysql_real_escape_string() call directly is because the other function calls will not return a boolean false value given the fact that $_POST['email'] is in fact a valid string.

The file that you are including on line 2 can not be found. Verify that the path to the file is correct.

Sigh. Display the contents of connect_to_mysql.php

Then I believe that mysql_real_escape_string($email) is returning false. Debug your mysql connection.

after the if (isset($_POST['username'])){ line place these 2 lines: echo $_POST['email']; exit;

Have you output $_POST['email'] to the screen to verify its contents?

I'm not sure how to respond to that.

Putting the code aside because I cannot take the time to read through all of it, the information you are talking about should be stored inside of a database. What does your database structure look like? Hopefully we can steer you in the right direction so you do not have to pay someone.

Why not automate the total upload size using the logic we discussed earlier in the thread?

PDO is a persistence layer itself, simplifying a persistence layer is creating an persistence abstraction layer of your own and does not require an interface. Since you are wanting to implement PDO, you could either implement the inheritance method instead of a DAO, or create a UserDao class and an ItemDao class for example versus an interface and have them implement the PDO persistence abstraction layer that you are building currently.

this sounds a little different then the issue in the OP. If you do not want the script to write data to a log then remove the code that does so.

That is a data access abstraction layer in interface form. To keep it simple, a DAO separates the business logic from the persistence layer and provides the basic CRUD operations at an object level. The most basic question when beginning to think about DAO's is what specific object are you creating a DAO pattern for?

A side note, you need to be mysql_real_escape_stringing all $_POST data before using it in a query to prevent SQL injection. It seems silly to append variables together like that to create a query, especially when some of them contain static data. A common query debugging method is to output both the mysql_error() and the query itself to check for errors: $sql = "select * from example"; $resource = mysql_query($sql) or die("Query: " . $sql . "<br>Error: " . mysql_error()); the above is pseudo code.

What errors exactly are being thrown? We need to see the relevant code logic before we can help you.

I fail to see how your post was helpful in any way. The first part of my response aside, form validation should be executed server side primarily, with javascript as a secondary layer over the server side validation. That was really the point I was trying to convey.

Desc is a mysql reserved word as it stand for descending and must be surrounded by back tics ( ` ) if used in a query as a field reference. Although, I would recommend changing the field name altogether. Also, what's with the square brackets? field values should be encased in quotes.

I don't see a form..

It seems to me like the $_POST value is being escaped twice. Use get_magic_quotes_gpc to retrieve the value of the magic_quotes_gpc option in the master php.ini file. If it returns a 1, it should be disabled. Edit: seems like I took too long with my response, glad you solved the problem.

You would have to keep track of the size of each upload of a specific user and the sum of each individual upload for a specific user which would be the total size in bytes. This information would need to be stored either in a database or an object and each time a user attempts to upload another file, compare the total size of their uploads and the free allocated size to decide when to start implementing prices.

Apply an extension filter to the file validation logic. What code have you written so far?

For clarification on what each process that you stated actually is for: 1. PDO prepared statements eliminate the need to sanitize user input before using it in a statment since the driver does this for you. (Takes care of SQL injection). 2. Do not store sensitive data in sessions, I usually only store a hashed unique user id in a session which I use to get all the necessary user data from a database. 3. Adding salts to hashing algorithms makes it very difficult for someone trying to gain access to the original data using a brute force or rainbow table method. Validation should always be executed on the server primarily. It is suitable to have javascript validation only as an added layer on top of server side validation. If you rely solely on javascript to perform validation, a user can simply disable javascript on their machine, thus disabling your validation handling.