soos

Thanks Keith for you help, but I still don't quite understand. Can you show me an example of how the query should look? (sorry, I'm a newbie in msyql)

TABLE 1 id : primary key title category timestamp album_id user_id and TABLE TWO album_id : primary key When inserting values into table one I want create an album for it that would be identifiable with album_id. So, my question is: How do I insert values into both tables in a single query? Thanks for the help in advance.

I researched a few database normalization examples and explanations and got the grasp of it. Thanks, Psycho.

I'm creating a re classified ad site and I've hit a brick wall. I'm trying to create a 'listing' which will contain info and pictures of the property that's for sale, but I'm unsure on how to do it. Would I have to create different db tables to have the albums, images and listing together? Or would can I just do it all in one table? I appreciate your help.

Disregard this post. I figured out the issue. Thanks anyway.

Here it is: <?php include 'init.php'; if(logged_in()) { header('Location: index.php'); exit(); } include 'template/header.php'; ?> <h3>Create your FREE account</h3> <?php if(isset($_POST['register_name'], $_POST['register_email'], $_POST['register_password'], $_POST['register_location'], $_POST['confirm_password'])) { $register_name = $_POST['register_name']; $register_email = $_POST['register_email']; $register_password = $_POST['register_password']; $confirm_password = $_POST['confirm_password']; $register_location = $_POST['register_location']; $register_category = $_POST['register_category']; $errors = array(); if(empty($register_name) || empty($register_email) || empty($register_password) || empty($confirm_password) || empty($register_location)) { $errors[] = '*All fields are required!'; } else { if(filter_var($register_email, FILTER_VALIDATE_EMAIL) === false) { $errors[] = 'The email address you entered is not valid'; } if($register_password != $confirm_password) { $errors[] = '*The passwords you entered do not match!'; } if(strlen($register_email) > 255 || strlen($register_name) > 35 || strlen($register_password) > 32 || strlen($register_location) > 35) { $errors[] = '*One or more fields contain too many characters'; } if(user_exists($register_email) === true) { $errors[] = '*The email address you entered already exists!'; } } if(!empty($errors)) { foreach($errors as $error){ echo $error . '<br />'; } } else { $register = user_register($register_id, $register_name, $register_email, $register_password, $register_location, $register_category); $_SESSION['user_id'] = $register; echo $_SESSION['user_id']; header('Location: index.php'); exit(); } } ?> <form action="" method="post"> <p>Name: <br><input type="text" name="register_name" size="46" maxlength="35" /></p> <p>Email: <br><input type="email" name="register_email" size="46" maxlength="255" /></p> <p>Password: <br><input type="password" name="register_password" size="46" maxlength="40" /> </p> <p>Re-type password: <br><input type="password" name="confirm_password" size="46" maxlength="40" /></p> <p>Location: <br><input type="text" name="register_location" size="46" maxlength="35" /></p> <p>I am a: <select name="register_category" > <option value="Home buyer">Home buyer</option> <option value="Home seller">Home seller</option> <option value="Renter">Renter</option> <option value="Real Estate Professional">Real Estate Professional</option> <option value="Other">Other</option> </select> </p> <p><br><input type="submit" value="register"/></p> </form> <?php include 'template/footer.php';

Hey guys, I have an issue with my php code. After registering in my site, i (the user) can't login again. It displays a message: <?php if(logged_in()) { $user_data = user_data('name'); echo 'Welcome, ', $user_data['name']; } else { ?> <form action="" method="post" > <p> Email: <input type="email" name="login_email" /> Password: <input type="password" name="login_password" /> <input type="submit" value="Log in" /> </p> </form> <?php } if (isset($_POST['login_email'], $_POST['login_password'])) { $login_email = $_POST['login_email']; $login_password = $_POST['login_password']; $errors = array(); if(empty($login_email) || empty($login_password)){ $errors[] = 'Email and password are required!'; } else { $login = login_check($login_email, $login_password); if($login === false) { $errors[] = 'The email and password combination you entered is incorrect.'; } } if(!empty($errors)) { foreach ($errors as $error) { echo $error. '<br />'; } } else { $_SESSION['user_id'] = $login; header('Location: index.php'); exit(); } } ?> And here's the function where I call check the login: <?php function login_check($email, $password) { $email = mysql_escape_string($email); $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password) ."'"); return(mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false; echo mysql_error(); } ?> Any clue of what this could be?

What is the benefit of using mysql_real_escape_string()?? Is it really necessary?? Debbie From W3schools: The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement The following characters are affected: \x00 \n \r \ ' " \x1a This function returns the escaped string on success, or FALSE on failure. It basically 'escapes' characters from being inserted to your queries and preventing somewhat sql injection.

A Salt is a small string containing random characters that are not known by the user. But you can use both md5() and salting to safely secure your users passwords. Example: <?php $pass = mysql_real_escape_string($_POST['password']); $salt = 'b7lLkm755246zZlaBkl44zc2'; $password = md5($salt . $pass); $sql = mysql_query("INSERT INTO table (password) VALUES ('$password')"; ?> What the code above does is it first escapes special characters in the string/user's password. Then it md5's the Salt you created along with the user's password, hence it makes the password virtually impossible to crack.