scootstah

didnt work. I wish it was that easy lol It is that easy. Did you put it in the while loop? while ($row = mysql_fetch_assoc($res)) { $enemy[] = $row; echo 'debug: variables synced with db table'; } echo '<pre>' . print_r($enemy, true) . '</pre>';

No, but that is still unnecessary. Check instead for a session. If the session isn't found, then try to auto login. If the auto login succeeds, set a session. if ($_SESSION['logged_in'] === false) { // try to auto login /* if (auto_login) { $_SESSION['logged_in'] = true; } */ } A little bit of pseudo-code, but hopefully you get the idea.

$enemy[] = $row;

You just store the salt in the database. Its only purpose is to make two identical passwords have different hashes. Even if the database is compromised and the salt exposed, its job is still done. This is called a pepper. It is just defined in a PHP file somewhere, like in a config file or something. Unless someone actually gains access to the file system, this cannot be discovered.

I should have mentioned this in my post. Remember that because there is no always-true solution to sanitation, sanitizing the entire $_POST array in this manner may yield unexpected results later on down the road. So I therefore recommend that you instead sanitize each variable individually. Or, if you want, you can sanitize groups of variables if they all require the same sanitation. So using my previous function, something like this: $sanitized = sanitize_array( 'var1' => $var1, 'var2' => $var2, 'var3' => $var3 );

When you use those functions, $var is assigned a completely new value. In this case, each function is returning the new value of $var. So you are re-assigning $var to the returned $var which has been changed. Not sure if that makes any sense or not... Well, since $_POST is an array, you could just sanitize the entire array. function sanitize($var) { $var = strip_tags($var); $var = htmlentities($var); $var = stripslashes($var); return mysql_real_escape_string($var); } function sanitize_array($array) { $sanitized = array(); if (is_array($array) && !empty($array)) { foreach($array as $key=>$val) { $sanitized[$key] = sanitize($val); } } return $sanitized; } $_POST = sanitize_array($_POST);

if($page < $this->page_count){ Try this.

As far as efficiency goes, the top is ever-so-slightly more efficient seeings there isn't an extra function call. But the difference is negligible, so I wouldn't worry about it. Writing out prepared statements for every single query is annoying and messy, in my opinion. I always prefer using wrapper classes to make things neat and tidy.

I think you want something more like this: select goldprice as change from goldclose WHERE goldprice = $goldprice order by dayid desc limit 1

Did you try my suggestion?

What? He wants a list of results displayed in a table. When the first result is outputted only, he wanted to display additional text. This is nothing like my original post. Yeah, I see that now. My mistake.

Hmm. That shouldn't happen. If the header wasn't sent, the page should redirect thus changing the URL. Does the same thing happen with this? header('redirect:0; url=menu.html');

Oh, I gotcha. Well then sort of going off xyph's response, try this: while ($row_clientes_RS = mysql_fetch_assoc($clientes_RS)) { if (!isset($once)) { // your message here $once = true; } }

It should be checked="checked", not just checked.

Yes it does. Somewhere you have output before a header is sent. If whatever you changed made this happen, then I would first look there. What is being sent for headers before that function call?

How is this any different than your first reply? Just seems like a way more complicated solution to me.

Single quotes output what is literally between them. $foo = 'bar'; echo 'foo $foo'; So this would echo "foo $foo". Double quotes will parse variables and functions within the string. $foo = 'bar'; echo "foo $foo"; So this would echo "foo bar". If you want to use variables inside single quotes you have to concatenate. $foo = 'bar'; echo 'foo ' . $foo; This would echo "foo bar".

Because that's not how you redirect. This is how: header("Location: menu.html?memberId=" . $memberId);

To clarify what he means, you don't have to use a while loop to return database rows. You only need to use a loop if you want to return more than one row. To just return the first row, simply do this: $row_clientes_RS = mysql_fetch_assoc($clientes_RS);

Okay, now that I've cleaned up your code I see the problem. This is your code cleaned up: if(isset($_POST['Login'])) { if(!preg_match('/^[A-Za-z0-9]{5,20}$/',$_POST['Username'])) { // before we fetch anything from the database we want to see if the user name is in the correct format. echo "Invalid Username."; } else { $query = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['Username'])."'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); // Search the database and get the password, id, and login ip that belongs to the name in the username field. if(empty($row['id'])){ // check if the id exist and it isn't blank. echo "Account doesn't exist."; } else { if(md5($_POST['password']) != $row['password']){ // if the account does exist this is matching the password with the password typed in the password field. notice to read the md5 hash we need to use the md5 function. echo "Your password is incorrect."; } else { echo "Account available"; if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already $row['login_ip'] = $_SERVER['REMOTE_ADDR']; } else { $ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) { $row['login_ip'] = $row['login_ip']; } else { $row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR']; $_SESSION['user_id'] = $row['id'];// this line of code is very important. This saves the user id in the php session so we can use it in the game to display information to the user. echo "user id is ". $row['id']; $result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); // to test that the session saves well we are using the sessions id update the database with the ip information we have received. header("Location: Sample.php"); // this header redirects me to the Sample.php i made earlier if(isset($_SESSION['user_id'])) { // if already logged in. session_unset(); session_destroy(); echo "You have been logged out."; } } } } } } } And here is the problem: if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already $row['login_ip'] = $_SERVER['REMOTE_ADDR']; } else { $ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) { $row['login_ip'] = $row['login_ip']; } else { $row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR']; // snipped $result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); // snipped } } So you are saying if $row['login'] is empty, assign $row['login'] to the users IP. Then you skip the entire process of updating the query, because that is in an else statement. So the only time the update query would ever run was if the $row['logn'] was NOT empty. So you need to move the query outside of that if/else statement. Give this a try: if(isset($_POST['Login'])) { if(!preg_match('/^[A-Za-z0-9]{5,20}$/',$_POST['Username'])) { // before we fetch anything from the database we want to see if the user name is in the correct format. echo "Invalid Username."; } else { $query = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['Username'])."'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); // Search the database and get the password, id, and login ip that belongs to the name in the username field. if(empty($row['id'])){ // check if the id exist and it isn't blank. echo "Account doesn't exist."; } else { if(md5($_POST['password']) != $row['password']){ // if the account does exist this is matching the password with the password typed in the password field. notice to read the md5 hash we need to use the md5 function. echo "Your password is incorrect."; } else { echo "Account available"; if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already $row['login_ip'] = $_SERVER['REMOTE_ADDR']; } $ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) { $row['login_ip'] = $row['login_ip']; } else { $row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR']; } $_SESSION['user_id'] = $row['id'];// this line of code is very important. This saves the user id in the php session so we can use it in the game to display information to the user. echo "user id is ". $row['id']; $result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); // to test that the session saves well we are using the sessions id update the database with the ip information we have received. header("Location: Sample.php"); // this header redirects me to the Sample.php i made earlier if(isset($_SESSION['user_id'])) { // if already logged in. session_unset(); session_destroy(); echo "You have been logged out."; } } } } } I recommend you look up some common code style practices. Writing clean, organized code is 100x less headache to read and debug, especially when you have a lot of control structures floating around.

My advice: don't reinvent the wheel. There are tons of professional solutions already to do exactly what you want to do (deploy a project). Just Google "PHP deployment".

You'll need to do something like this: $content .= <<<EOL </body> </html> EOL; while($row = mysql_fetch_array( $result )) { echo $row['title']; echo "<br />"; $file = $row['title'] . '.php'; $open = fopen($file, "w"); fwrite($open, $content); fclose($open); }

Yes. The cookie is deleted if: - The user logs out - Something doesn't match - You expire the auto login For a little bit extra security, you could make it so that every time a user is logged in via the auto login, a new key is generated and stored in the database and cookie.

If you host allows it you should be able to add cron jobs dynamically with exec() or shell_exec().

That works perfectly! thank you very much... I was initially trying to use JOIN, but from looking at your one, mine was all wrong.. but now I know how to do it properly. I did get an error though, which after googleing it, the error was saying there were 2 columns with 'showing', Column 'showing' in field list is ambiguous So just in case anyone else gets the same error after using a JOIN, it means there is a column in each table with the same name. I haven't tried it yet, but to get around it, you can put the table name before the column name, something like SELECT table1.showing, table2.showing...... please correct me if I'm wrong... I'm still learning myself. Anyway, thanks again scootsha.. problem solved! That's correct. You can also use aliases on the tables so you don't have to type the whole table name out every time. SELECT t1.showing, t2.showing FROM table1 AS t1 JOIN table2 AS t2 ON .....