Christian F.

If they use MD5, and especially unsalted MD5, to hash the users' passwords, then that might explain why there has been so many reports about leaked passwords, hijacked accounts and so forth from these systems. Personally, I doubt that they're still using MD5 to do this. However, I haven't looked at their code in a while, but I would sincerely hope that they've moved on to properly secure method as of late.

Single quotes are available on all PHP installations, or rather should be. However, I suspect that the text you copied didn't actually contain single quotes. Just something that looked like single quotes, for us humans.

Do you have a link to the page, so that we can see this in effect ourselves? The only things I can think of right now, is that the cookie isn't being set properly. Or that you might be doing things out of order, though unlikely. In any case, do make sure that you're not blocking the cookie, and check to see if it is indeed being sent with the request from the browser.

Searching the 'net for "prevent default javascript" will give you all the details you need, and more.

var_dump () and/or print_r () will help you figure out what's inside the variables.

I'd ask Paypal support on this one, to be honest. Seeing as it's an HTTP error they're the ones who're best equipped to help you out.

This isn't a PHP problem as much as it's an "Application design" problem, so you should really have posted it in that section. A mod will probably move it for you, once they notice it. That said, to your question: You should start with the planning phase, always. Which means you'll need to sit down, think through exactly what you want from the site, what you need to do to get those results, and what data you need in order to do it. Take a piece of paper, or several, and start with the headings; The big stuff, the end results of what you want to have on it. To take this forum for example, we've got the headings of "forum", "members page", "member administration", "private messages", "profiles", and "recent content". To take a few. Once you've got that down, you can start to drill down in more detail on what you want to have on each section. Such as "categories", "sub categories", "threads", and "posts", taking the "forum" section as an example. Filling out all of the small parts, in ever increasing detail, until you've sketched out everything you want/need. By now you should have a pretty complete list of headings, telling you what you want, and in a large part what kind of data you need. The next step is to define the logic needed to get the results needed from the data, which I tend to write down as a keyworded bullet list. Mostly using a single verb and one noun to describe what needs to be done, and the flow of logic between the steps. Using the "new post" item as the example, you can get a list pretty much like this: - Verify access. - If submitted. - Retrieve & validate data. - If validation failed. - Create validation warning message. - Prefill input values. - Show form + error. - Return. - Create query. - Execute query. - If query failed. - Create critical error message. - Prefill input values. - Show form + error. - return - Redirect to confirmation page (view new thread). - Read form template file. - Prefill input values, if any. - Show form. Once that's done, you should have a pretty much complete understanding of the logic in the application. An understanding which will make a lot easier to translate your pseudo-code into actual PHP, as you've already solved most (if not all) of the problems you had; Without ever introducing an actual programming language into the confusion. That is, paradoxically enough, what programming is mostly about.

Also, I wonder if you can explain why you're doing this? $tempFile = str_replace(" ", "", $_FILES['picUpload']['tmp_name']); Not only is it quite unnecessary because the temp name never contains a space, but what would have happened if it did..?

I'm afraid that this statement is false. You can indeed JOIN two tables in this way, it's just not advisable. For one it's a lot harder to read, especially if you have something more advanced than the most basic of joins. Secondly it's very easy to make it a cross-join (or end up with other unwanted results), mainly because of it's harder to read syntax. This is commonly known as the "implicit JOIN syntax". That said: It's highly recommended to stick with the proper ANSI syntax for JOINs, it'll save you a LOT of headaches.

The problem isn't with your MySQL query, but with your (PHP code) logic: You haven't actually fetched the returned row from the result, just executed the query. You'll need to use mysql_fetch_array () to get the (first) row of results. Also, you should never use @ to suppress errors, and the use of "or die (mysql_error ())" must be limited to debugging purposes only. Once you've fixed the script, you should handle errors in a more proper manner. So that you yourself gets all the details about the error, but your users only get told what part of their operation went wrong (such as "could not validate against database"). This'll help you make sure your scripts work as they should, without giving any malicious users any information they could potentially use in an attack on your site.

If you're using an AJAX call to this script, and have no trouble actually getting the proper result from the cURL call, then your issue is a Javascript issue; Not a PHP issue. I suspect you've simply forgotten to prevent the default behaviour (submit form/follow link), but without knowing the code it's merely a guess. Check out my suggestion first, and if you still can't figure it out, please post your JS code (in the appropriate section).

SocialCloud: The quotes are not the issue there, as he's properly ended the single-quoted string and concatenated the variable. Pokebert: Please see this thread for how to properly debug SQL errors.

Do you get any error messages? Try commenting out the content-type header, and see.

If you're talking about how to enter the values into the system, and not how it should be stored in the DB, then using a textarea (or straight import from a file) would probably be the best way. Yes. Since you mention a macro, I reckon you already have it in a spreadsheet? If so, then just export it as CSV and MySQL can import it directly. The table itself need to have two fields (key and value), where each pair gets one row. Then it's a simple SELECT query to retrieve the correct value(s).

Or, the slightly more readable version. echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] Do take into consideration potential XSS injections and other security risks when doing this, as this will send whatever the user wrote in the address-field unmodified!