king

Hey, I have a website where I let staff upload to the /staff/ directory via an upload script that I created. Now, I don't want them to be able to include files that are in the main website (in the root, or from any other directory for that matter), but still to be able to upload PHP scripts. Currently it poses a huge security risk as they can include /config.php etc, which if they can guess the variable names, get the database info. I found something on Google about <directory> - Includes</directory> (to put in .htaccess) which i thought would work, but it gave me an 500 Internal Server Error. Perhaps I need to 'tell it' that it's a virtual directory (like my user area on the shared server my hosting is on) - so as to limit the access rights. Please help and tell me how I can limit including of files other than those in the same directory! Thanks king

Hi, i have the following statement that does not work! When people create a 'ticket' the subject goes into the tickets table and the message and everything else goes into the tickets_replies table. They are joined with tickets.id = tickets_replies.ticket_id . SELECT tickets.subject, tickets_replies.reply, `tickets_replies.when` as replied_date FROM `tickets`, `tickets_replies` INNER JOIN tickets ON tickets.id=tickets.ticket_id WHERE `tickets.id`='$id' AND ORDER BY `tickets_replies.when` However, i get the error: Not unique table/alias: 'tickets'. I don't see how it isn't unique, thats the table name and there isn't a field called that! Thanks in advance.