cloudll

Thanks for explaining that oh, I never knew that, I originally chose it because the tutorial said it was a safe way to include my pages. Could you tell me the parts that are not safe please?

Hi guys, for a long time now I have been using the same block of code to include my content pages into my layout, I understand what it does as a whole, but I have never understood what the individual parts do, could someone explain the main parts please. Thanks. here's the code: <?php if (isset($_GET['page'])) { if (strpos($_GET['page'], "/")) { $direc = substr(str_replace('..', '', $_GET['page']), 0, strpos($_GET['page'], "/")) . "/"; $file = substr(strrchr($_GET['page'], "/"), 1); if (file_exists($direc.$file.".php")) { require($direc.$file.".php"); } else { require("error.php"); } } else { if (file_exists(basename($_GET['page']).".php")) { require(basename($_GET['page']).".php"); } else { require("error.php"); } } } else { require("default.php"); } ?>

thanks your a star

Does anybody know how I would turn this into functioning code. if $_SERVER[REQUEST_TIME] is 15 minutes greater than $time_in_database; echo 'time is 15 minutes greater'; Thanks for any help

silly me, all working now. thanks

I am using the following request on my site (index.php) $compass = $_REQUEST['compass']; I wanted to use an if statement to echo an error message if $compass was anything other than north,east,south or west. However the code im using is constantly displaying the error message even when /index.php?compass=north etc. Can anyone see what I have done wrong? if (($compass != "north") || ($compass != "east") || ($compass != "south") || ($compass != "west")) { echo '<strong>Stop cheating!</strong>'; }

Im not sure if that will work for what i need. The members area is working in conjunction with a game that displays the users little character on a game field so its not just the users online page.

When a user logs in to my members area, their online status is set to 2 in my database and they are displayed as online for everyone else to see. And when they click log out their online status is set to 1 and they are no longer shown as online. My problem is when the session expires due to inactivity, the database isnt updated and they are still shown as online. So whenever the access a page in the members area I have made it so that time also gets entered into the database. And my goal is to have the users online page auto refresh every 5 minutes to check the current time against the time stored in the database for that user and if 15 minutes has past, have the online status in the database updated to 1 again. im using pdo but im a novice at it and havnt been able to find much help on google. Is there a way i can use an if statement to check the two times and only update the online field to 1 for the inactive users while leaving the users who appear active as 2? Sorry if this was confusing, i wasnt too sure how to word it properly.

Thats a good idea, do you know how I could remove the database entry if the user timed out rather than logged out?

Hi guys, I have followed a tutorial and made a members only area using sessions. The user can upload an image and which gets renamed as their username. I was hoping to display all the users images that are logged in. I know how to do it with a single image by just setting the img src as the session username but I don't know how I would display multiple images if more than one person were logged in. Is it even possible?

the value of $row is a post from a form. an email address to check if that email has already been used in the database. and session email doesnt contain anything, it just needs to exist for the require to kick in.

Hi guys, im currently querying my database and if ($row) im including a file. But i would like to make it so if ($row) or a session variable is active, to include the file. I have tried using || but ive only ever used that for regular variables and I cant get it working in the way i want. so at the moment i have if ($row) ( require 'myfile'; and i would like to add || $_SESSION['email'] is active. im guessing i would use isset, but i just cannot get it working.

ah ok, i get that, thanks

Would i need to change the code depending on what os i was using at the time? or could i leave it as \r\n and it would work no matter what the os?

I have just started using functions, and have been following a few tutorials. I think im misunderstanding returns. lets say i have the variables called $math1 an $math2 and i want to make $total = $math1 + $math2; i then use return $total; I then thought i could echo $total and it would work outside of the function but its giving me an error of an underfines variable. Could anyone explain what im doing wrong please? thanks

thanks, that worked. im using apache on windows 7

thank you very much for that detailed answer. i found it very helpfull

Hi guys. im using this line to log any users that log into my site. It writes to the log correctly however it doesn't leave a new a line. Can anyone see what ive done wrong with my code. thanks. fwrite($fh, $_SESSION['username'] . ' at ' . strftime('%c') . "\n");

Hi guys, this may be a really stupid question, but im pretty stupid so please bare with me im currently using this bit of code to encrypt and decrypt my passwords. $cleanpw = crypt(md5($pw),md5($user)); i want to crypt my passwords without the $user variable. I tried a few different ways of changing the code with no luck when i used: $cleanpw = crypt(md5($pw)); it put an encrypted password into my database but when i tried to log in and decrypt it, it doesnt compare properly and just spits out the wrong password error.

Sure. Its for a game, so I have a compass. Say i want to go east. I click east on my compass (the url is : index.php?hiddenbox=compass_east) and my compass_east.php contains. <?php $sql = "UPDATE game_character SET pos_y = (pos_y+25) WHERE id=1"; $statement = $dbh->prepare($sql); $statement->execute(); ?> and a lot of it is like that, when you click an attack you want to perform it loads an attack_name.php page which updates in the same way. I have about 50 pages now which all only have them 3 lines of code in, so wondered if there was another way.

At the moment, if i want to update my database, im using an external page with the sql query, say its called update.php, and im including it in an invisible css box with something like this /index.php?site=homepage&hiddenbox=update. That seems to be working fine, however I have a lot of things which constantly get updated in my database so i have lots of pages to update various things. Is there a way to update from within the index.php page, maybe with an if statement if the update is dependant on say a number being less than 10? Any opinions on the best way to go about updating database would be greatly appreciated thanks.

you first else is missing a {

Ah ok, the only reason I was thinking about htmlentities is because wouldnt it allow me to see what someone was atempting to do? if they did try any injection? would i use it like this: $statement->execute(array mysql_real_escape_string($sector), mysql_real_escape_string ($battle,$id)); or am i supposed to use it like this? $name = mysql_real_escape_string($_POST['admin_name']);

I have never looked into sanitizing before, Is using htmlentities() good enough to protect against sql injection ? Thanks.

Got it working using an arrray <?php require($DOCUMENT_ROOT . "/game/includes/connection.php"); require($DOCUMENT_ROOT . "/game/includes/settings.php"); ?> <?php $name = htmlentities($_POST['admin_name']); $img = $_POST['admin_img']; $current_hp = $_POST['admin_current_hp']; $max_hp = $_POST['admin_max_hp']; $current_energy = $_POST['admin_current_energy']; $max_energy = $_POST['admin_max_energy']; $level = $_POST['admin_level']; $exp_total = $_POST['admin_exp_total']; $exp = $_POST['admin_exp']; $exp_level = $_POST['admin_exp_level']; $pos_x = $_POST['admin_pos_x']; $pos_y = $_POST['admin_pos_y']; $potion = $_POST['admin_potion']; $ether = $_POST['admin_ether']; $elixir = $_POST['admin_elixir']; $zenni = $_POST['admin_zenni']; $sector = $_POST['admin_sector']; $battle = $_POST['admin_battle']; $id = "1"; $sql_1 = "UPDATE game_character SET name=?, img=?, current_hp=?, max_hp=?, current_energy=?, max_energy=?, level=?, exp_total=?, exp=?, exp_level=?, pos_x=?, pos_y=?, potion=?, ether=?, elixir=?, zenni=? WHERE id=?"; $sql_2 = "UPDATE game_status SET sector=?, battle=? WHERE id=?"; $statement_1 = $dbh->prepare($sql_1); $statement_2 = $dbh->prepare($sql_2); $statement_1->execute(array($name,$img,$current_hp,$max_hp,$current_energy,$max_energy,$level,$exp_total,$exp,$exp_level,$pos_x,$pos_y,$potion,$ether,$elixir, $zenni,$id)); $statement_2->execute(array($sector,$battle,$id)); ?> <?php echo $name; ?><br /> <?php echo $img; ?><br /> <?php echo $current_hp; ?><br /> <?php echo $max_hp; ?><br /> <?php echo $current_energy; ?><br /> <?php echo $max_energy; ?><br /> <?php echo $level; ?><br /> <?php echo $exp_total; ?><br /> <?php echo $exp; ?><br /> <?php echo $exp_level; ?><br /> <?php echo $pos_x; ?><br /> <?php echo $pos_y; ?><br /> <?php echo $potion; ?><br /> <?php echo $ether; ?><br /> <?php echo $elixir; ?><br /> <?php echo $zenni; ?><br /> <?php echo $battle; ?><br /> <?php echo $sector; ?><br />