JonnoTheDev

Correct. Codeigniter set_value() function ties straight into the form validation class so if you don't have a rule set for the field name the value will never be set. Remember just because a rule exists it does not mean that the field has to be required. i.e here email is not required but the value should be maintained via set_value() $config = array(array('field' => 'fname', 'label' => 'first name', 'rules' => 'required|trim|xss_filter'), array('field' => 'lname', 'label' => 'last name', 'rules' => 'required|trim|xss_filter'), array('field' => 'email', 'label' => 'email', 'rules' => 'trim|xss_filter')); $this->form_validation->set_rules($config);

When a user logs into a website a session variable is set. This usually contains the database id of that user. Here is some psuedo code for login.php if login form is submitted if username & password fields have been completed if the username & password fields exist in the database get user id set session user id redirect user to relevent page else throw error else throw error end On pages where a user must be logged in you must check that the session variable exists. If it doesn't redirect them to login.php. i.e my-account.php if session variable user id does not exist redirect to login else continue Simple

Try this <?php $con = mysql_connect("localhost","root",""); mysql_select_db("student_management",$con); ?> <form name="form1" id="form1" method="get" action="addTimeTableValidation.php"> <table width="850" border="1" align="center" bgcolor="#00FFFF"> <tr> <td colspan="2" valign="top"><table width="100%" cellpadding="0" cellspacing="0"> <tr> <td width="25%"><img src="../../IMAGE/banner - Copy.jpg" alt="" width="186" height="136" /></td> <td width="75%" align="center" valign="middle"><div align="center"><img src="../../IMAGE/banner.jpg" alt="" width="733" height="137" /></div></td> </tr> </table></td> </tr> <tr> <td width="170"> </td> <td width="676"><table width="663" border="0"> <tr> <td width="123"><a href="../../Home page/new student registration/add_or_manage.php">Manage Data</a></td> <td width="123"> </td> <td width="123"> </td> <td width="144" align="center"><a href="../../add admin users/changePasword.php">Change Password</a></td> <td width="134" align="center"><a href="../../Home page/new student registration/signout.php">Signout</a></td> </tr> </table></td> </tr> <tr> <td height="59" valign="top"><ul id="MenuBar1" class="MenuBarVertical"> <li><a href="../../add admin users/add techer/addAdminUser.php">Add Admin Login</a> </li> <li><a href="../../Student registration/new student registration/newStudentRegistrationForm.php">Add Student</a></li> <li><a href="../../student attendance/add attendance/addStudentAttendance.php">Add Student Attendance</a> </li> <li><a href="../../Student time table/add1 time table/addTimeTable.php">Add Time Table</a></li> <li><a href="../../Student marks/add student marks/addStudentMark.php">Add Student Marks</a></li> <li><a href="../../manage subject/add subject.php">Add Subject</a></li> <li><a href="../../search student information/SearchStudentInformation.php">Search Student Information</a></li> <li><a href="../../student payments reports/studentsPayments.php">Student Payment Reports</a></li> <li><a href="../../Issue certificate/issueCertificate.php">Issue Certificates</a></li> </ul> <p> </p> <p> </p></td> <td valign="top"><table width="659" border="0"> <tr> <td> </td> <td colspan="3"> </td> <td> </td> <td colspan="2"> </td> <td> </td> </tr> <tr> <td> </td> <td colspan="3"> </td> <td> </td> <td colspan="2"> </td> <td> </td> </tr> <tr> <td width="16"> </td> <td colspan="3"><h3> <label><strong>Add Time Table </strong></label> <strong> </strong></h3></td> <td> </td> <td colspan="2"> </td> <td> </td> </tr> <tr> <td colspan="2"> </td> <td colspan="2"> </td> <td width="91"> </td> <td colspan="2"> </td> <td width="206"> </td> </tr> <tr> <td> </td> <td width="117" align="center"><label>Greade</label> </td> <td width="69"> <select name="grade_ID" id="grade_ID" onchange="changefrm()" > <?php $result = mysql_query("SELECT * FROM grade"); while($row = mysql_fetch_array($result)) { echo "<option value=\"".$row['grade_id']."\"".((isset($_POST['grade_ID']) && $_POST['grade_ID'] == $row['grade_id']) ? ' selected' : FALSE).">".$row['grade']."</option>\n"; } ?> </select> </td> <td width="1" align="center"> </td> <td align="center"><label>Class</label> </td> <td width="71"> <select name="class_ID" id="jumpMenu2" > <?php if(isset($_POST['grade_ID'])) { $result = mysql_query("SELECT class_name FROM class where grade_id='".mysql_real_escape_string($_POST['grade_ID'])."'"); while($row = mysql_fetch_array($result)) { echo "<option value=\"".$row['class_name']."\">".$row['class_name']."</option> \n "; } ?> </select> </td> <td width="69" align="center"><label>Stream</label> </td> <td> <select name="stream_ID" id="jumpMenu3"<?php if(isset($_POST['grade_ID']) && $_POST['grade_ID'] <= 11): echo " disabled"; endif; ?>> <option>Maths</option> <option>Science</option> <option>Commerce</option> <option>Art</option> </select> </td> </tr> <tr> <td colspan="2"> </td> <td colspan="2"> </td> <td> </td> <td colspan="2"> </td> <td> </td> </tr> <tr> <td colspan="2"> </td> <td colspan="2"> <input type="button" onclick="changefrm1()" name="button" id="button" value="Add" /> </td> <td> </td> <td colspan="2"> </td> <td> </td> </tr> </table> <p> </p> <p> </p></td> </tr> </table> </form>

Use an absolute path in your image src <img src="/Slices/image.jpg" />

A superb idea It's the same as charging someone to drive on a toll road in their car. They always have the option to go the long way around with no charge.

SELECT tf.Id,tf.Name,tf.LName,tf.Rank,tf.Category FROM tablename

As mentioned already by Thorpe, WP is a bag of balls to develop on. It's code is a mish-mash as it has progressed from v1 to the current release with no proper overhaul. However, from a user perspective, it works well. IMO, unless one of your clients requires a lot of the functionality that WP offers, I would not use it as a base platform. Stick to your own code. As you have said, you are building a nice library up and the more things you create using it in different projects, the less time it will take to do future projects as you can re-use bits. Honestly, if a client asks for a modification to a site running on WP, it could take you the same amount of time to figure out how to make the change from reading through all sorts of resources that it does to build in from scratch in your own app. There is another option however. You could use WP as a platform for new clients who want lots of features and it doing quickly. At the same time, replicate these features in your own code. When these clients start asking for major mods, you can sell them an upgrade and port them over to your own platform. Where I work we went down a similar route with e-commerce sites. I was building our own app from the ground up but at the same time we were using off the shelf e-commerce platforms for new clients and just creating templates for them. When these clients wanted new bits adding, if it was too much to modify the code, we ported them over to our own platform.

Congrats

This isn't a bad one for building and understanding how a simple mvc framework works. http://www.devshed.com/c/a/PHP/Building-a-Simple-MVCbased-Framework-in-PHP-5/

<?php function check_backlink($url, $tofind) { // prevent using the same url to return true if(stristr($tofind, $url)) { return false; } ob_start(); if(!@readfile($url)) { return false; } $body = ob_get_contents(); ob_end_clean(); if(stristr(htmlentities($body),$tofind)) { return true; } return false; } // usage $to_check = 'http://www.thirdpartywebsite.com'; $looking_for = 'http://www.mywebsite.com'; if(!check_backlink($to_check, $looking_for)) { echo "no backlink found"; } else { echo "thanks"; } ?>

yep

I would always use a 301 redirect i.e If you have a page xyz.com/about and someone types in xyz.co.uk/about you want it to redirect to the corresponding page on your .com primary domain. If somebody posts a link on another website to xyz.co.uk/about and Google picks up on this then you want Google to acknowledge that it is a 301 redirect. If you aren't using 301 redirects and the same page is shown on both urls then Google will penalise you for duplicate content i.e having the same content on 2 different addresses.

Durex CMS

isset() is not the best method to use. It is used to test if a variable is in existence withing the scope of the script. It is not used to test whether a variable contains a value. i.e <?php $x = ''; if(isset($x)) print "x is set"; ?> I have cleaned up your code, so replace all those isset() tests at the top with the following: <?php $required_fields = array('uname','pass','email','website','url','user'); $error = false; foreach($required_fields as $field) { if(!strlen(trim($_POST[$field])) && !$_CLEAN[$field]) { $error = true; } } if($error) { die ('We are sorry, but all the fields are necessary. Please fill them up carefully!!'); } ?> What you should do is record the fields that are missing the input and print them out so the user knows what to fill in as opposed to just exiting the script with a simple die(). You could do this with: <?php $required_fields = array('uname' => 'username', 'pass' => 'password', 'email' => 'email', 'website' => 'website','url' => 'url', 'user' => 'user'); $errors = array(); foreach($required_fields as $field => $name) { if(!strlen(trim($_POST[$field])) && !$_CLEAN[$field]) { $errors[] = $name.' is a required field'; } } if(count($errors)) { /* display errors */ print implode('<br />', $errors); } else { /* process input */ } ?>

http://jaspan.com/improved_persistent_login_cookie_best_practice

It means magic quotes is turned on.

You should never store a username (email) / password in a cookie (even if it is hashed)! If I was to steal that cookie I would have: 1. access to your website, 2. the users email address. You should only store the user's ID (in the database), along with an access token. Read from the following url. The person does mention the username in a cookie but really that should be the user's ID http://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website Most of the tutorials you see on the Internet for this do tell you to store usernames / passwords in cookies for a remember me option. They should be avoided at all costs and are written by people who don't care about the security of a website.

This is correct. mysql_real_escape_string() is escaping the data as you can see. The problem, is that somehow the data is being double escaped so you are ending up with \ in your table i.e. something-with\\'data_that This is the behaviour you would expect with magic_quotes. I would contact your host. Try using the following in a .htaccess file: php_flag magic_quotes_gpc off

Cruzcampo when in Spain. Also I went to the Heineken brewery in Amsterdam and was pleasently surprised as the same stuff in the UK is crap.

http://stackoverflow.com/questions/173212/mysql-real-escape-string-leaving-slashes-in-mysql

There are plenty of free services out there or at least trial periods: http://www.justcloud.com/

OK then. So are you trying to insert data into the database that has slashes? mysql_real_escape_string() will escape any slashes and you will see them in the database. What is in config4.php? Are there any functions that are adding slashes? Use the query in the example instead of the VALUES() statement i.e <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Untitled Document</title> </head> <body> <?php if(isset($_POST['upload'])) { include('config4.php'); mysql_query("INSERT INTO test SET ttitle='".mysql_real_escape_string($_POST['ttitle'])."', ttitle2='".mysql_real_escape_string($_POST['ttitle2'])."'"); or die('Error, query failed : ' . mysql_error()); echo "<br />File uploaded<br />"; } ?> <form action="" method="post" enctype="multipart/form-data" name="uploadform"> <div class="field"> <label for="password">Title of image/link:</label> <input name="ttitle" type="text" class="input" id="ttitle" /> </div> <div class="field"> <label for="password">Title of image/link:</label> <input name="ttitle2" type="text" class="input" id="ttitle2" /> </div> <input name="upload" type="submit" id="upload" value="upload"> </form> </body> </html>

Run a simple test script (forget about the form for now). <?php mysql_query("INSERT INTO test SET ttitle='".mysql_real_escape_string("Joe's")."', ttitle2='".mysql_real_escape_string("Words")."'"); ?> Does this add slashes?

Then magic_quotes is still active on that server even though you have stated that it is turned off or you have the addslashes() function in use somewhere in your script.