Albright

There are speed issues doing this in that if the web server sees the PHP task isn't being finished fast enough, it will time out and abort the process. Consider doing things that way a last resort. Have you tried having your script use the chown() function to change the owner of the files it creates to "scott"? Or setting permissions on the files it creates so that they're readable by everybody?

I understand that. What I'm asking is why he thinks MD5ing passwords is a bad thing to do. Sure, SHA1 is better, but I don't think that's what he means, from context...

Have you tried include("../../includes/header.php") ? Suggestion: use require_once() instead. That way you get a visible error if the file is missing, and your script won't include the file twice if you accidentally try to do so.

In this case, it [i]does[/i] matter. PHP is looking for the variable mysql213.secureserver.net as a child of $this, and trying to set it to the variable $host. I highly doubt that's what you're trying to do. Just give Hypnos's code a try; I bet you it'll solve the problem.

[quote author=steelmanronald06 link=topic=117581.msg480844#msg480844 date=1165538527] Or just not MD5 your password, which is highly ill advised. [/quote] I suspect this might be some sort of twisted sarcasm, but if it isn't, would you care to explain why it's a good idea to store passwords in plain text?

The PHP docs seem to imply that using PDO as recommended (prepare a query, assign variables with bindParam(), then execute) makes it no longer necessary to do any sort of manual escaping with data. Is that indeed the case? Are there any security caveats or gotchas to using PDO, especially any above and beyond those found with the "standard" DB access functions for SQLite, MySQL, etc? PDO still being fairly new, it seems kinda hard to find much concrete information about on the internets, so I'd appreciate any insight anyone could bring.