JonnoTheDev

Yes but you wouldn't use the users id as that woul be insecure. I could change the value in my cookie easily to gain access to another users account. What is better is if you generate a key for that user that is stored in your database aswell as the cookie. If the user is inactive for the lifetime of the cookie then destroy the key from your table. You could also change the key each time the user revisits.

Yeah, it bounces like it's on the moon.

Good result for the hosts. South Africa 1 Mexico 1. Great goal by SA.

Check! Run ls -l at a CLI prompt. If the directory is owned by the root user then there is no way it can be deleted. Why not run a simple test? Simply create an empty directory on your server (with the correct ownership). Then use rmdir() to remove it. <?php rmdir('/path/to/directory'); ?> Does it work? If so, again it is a permissions error on your other directory, the ownership of the directory probably is that of a user that the web server isn't a member of the same group. You cannot expect a php script to remove files/directories on a server that it did not create. If so you could end up deleting system files and folders, and attacks would be rife!

No, its made my morning

LOL, thats bad, and funny.

Who is the owner of the directory?

I absolutely lost it. LOL, the letter u is miles away from the letter a on a keyboard. What where you thinking? Get a VPS or a dedicated server. Cheap shared servers are a waste of time.

err no. it simply means the owner of that directory is not that of the correct user, therefore you do not have permission to delete it. The error states clearly, 'Permission Denied'. Why would you use ftp functions? FTP functions connect to a remote FTP server, not the same server!

Wow QBASIC. Didn't think it still existed. You can't get stuck with it. It's the easiest language to learn. http://www.tedfelix.com/qbasic/

Website Payments Pro is an API. You integrate it yourself. It has nothing to do with shopping carts or any other system. It is simply a method to take credit card details from a user on your site, send to Paypal with the transaction amount, and receive a response back. I have integrated into many sites. Before you can use Paypal Direct Payments or Express Checkout as part of Website Payments Pro you must first be approved by Paypal. Have you got this far? Once you have been approved and have access to the API, the easiest thing to do is download the SDK. This contains examples on taking payments and should be easy to implement into your own site. Use the Paypal sandbox system to test taking payments. There is quite a lot of documentation you will need to read through.

Stick to recommended tutorials. Some tutorials contain bad code and get you into picking up bad habbits. I always recommend learning from a book prior to doing any online learning. A Book will stick to a style of coding, tutorials will differ in styles and methods of tackling problems with each.

Bad code. You are using opendir to create a handle for a directory and not using it in any way. You are not supplying a server path to your directory or file to delete. Your folder name metro.zip, are you sure this is a folder, looks like a filename to me. <?php $openzip =opendir('metro.zip'); if ($openzip==false) { echo "Could not open metro.zip<br />"; exit; } if ($openzip==true) { unlink('metro.csv'); closedir('metro.zip'); rmdir('metro.zip'); } ?> To open a directory and recursively delete files & the folder something like the following will work <?php $dir = "/path/to/my/folder/from/server/root/"; // Open a known directory, and proceed to read its contents if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if($filename != ".." || $filename != ".") { unlink($dir.$filename); } } closedir($dh); rmdir($dir); } } ?>

I haven't read your code, however. One quick tip. Print queries to the screen to make sure they contain the correct data. Once you are satisfied, replace with the mysql_query() function.

Store in session variables and the pass into the second form as hidden fields. The image upload is part of your first form, the second posts to paypal, not to your own server.

post your code

Yep, or you could simply auto submit the second form with an onLoad event i.e <body onLoad="this.form.submit()"> and the user will jump straight to paypal.

As the form is submitted to paypal with <form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post"> you should take the data you require in a step prior to the currenct form. Here you can also add your image upload. Once you have validated the data, then redirect the user to paypal. 1. Complete form with required fields & process image upload 2. Validate form 3. If OK send required data to paypal and redirect user You can do the last bit with some hidden fields containing your data and just a continue button or something.

By giving each frame element a name i.e top, bottom, main Then in your link reference the frame where you want the link to appear i.e <a href="http://someurl.com" target="main">Click here</a> Sorry if you want it to break the frameset just add the following to the members page <script type="text/javascript"> if(top.location != location) { top.location.href = document.location.href; } </script>

Save it as a php file! Simple

http://uk3.php.net/mb_convert_encoding

It is all still applicable. Doesn't matter the age of the content. Books on php security are focused around validating / cleaning data that has been sent to a server via a POST or GET request, working with sessions, cookies, preventing SQL injection & XSS. Do not think of it like a copy of windows where new security holes are found daily and need patching. The code is as strong or as weak as you write it. If you write weak code then there maybe holes to exploit. Forget the date that they were written. If you see a new book, more than likely it will be a rehash of an existing title. http://www.amazon.co.uk/Essential-PHP-Security-Chris-Shiflett/dp/059600656X http://www.amazon.co.uk/Security-Chris-Southwell-Michael-Snyder/dp/1590595084 http://www.amazon.co.uk/Securing-PHP-Applications-Mere-Mortals/dp/0321534344

A better method would be to loop through the array and group id's to statuses. This will results in less queries i.e <?php $x['Active'] = array(1,2,3,4); $x['Inactive'] = array(5,6,7,; mysql_query("UPDATE table SET x='Active' WHERE id IN(".implode(",",$x['Active']).")"); mysql_query("UPDATE table SET x='Inactive' WHERE id IN(".implode(",",$x['Inactive']).")"); ?>

<?php foreach($_POST as $id => $status) { if(is_numeric($id)) { print "UPDATE tablename SET x='".$status."' WHERE id='".$id."'<br />"; } } ?>

UPDATE table SET date=date+INTERVAL 7 DAY Use the current date value