Cep

You need to trim the directory name like this, <?php $directories = file('names.txt'); foreach($directories as $dir) { $dir = trim($dir); if (file_exists("./share/{$dir}")===false) { mkdir("./share/{$dir}"); } } ?>

But I am using mysqli, not mysql so this will not apply to the situation here

People DO NOT have to help you, they are here giving THIER free time to HELP people, STOP posting that you only receive one reply, you have received several and doing so only encourages the rest of us to ignore you.

PHP can do a lot of things and it can read in a txt file and output to a csv file which Excel can read. I am pretty sure there must be some php extensions out there that will convert to excel formats as well. SQL is a query language used in databases it cannot be used in this way.

What is the error your getting?

If the script is in the same level try, $dir = "./avatars";

In other words your using an email address as a user name and I could use your email address to access your account as opposed to my own? If that's the case your authentication method is very poor. Please explain your process more.

Read the php manual regarding XML. http://www.php.net/manual/en/ref.xml.php No one will help you if you do not help provide more then a sentence worth of information. We are not mind readers.

Ok that would make sense then if you need to decrypt the data at some stage. "UTF-8 General" will pretty much cover all the characters you can think of. You need to store the data in a text field or blob, this is because varchar removes spaces at the end of strings which will break your encryption because this is one of the characters mcrypt may use at the end of the encrypted string. Don't use any string manipulation functions like you mention above, it alters the encrypted string. If the problem occurs because mcrypt is producing a string that contains SQL breakable code, you may need to use prepared statements instead of standard SQL queries.

Well I only ask because if you don't need to store the fields separately you could serialize the array and then encrypt that single string. However that is a slightly different issue. Your problem is most likely that your database charset is not set to handle the characters produced by the mcrypt functions. This is why it breaks. My next question is, why are you using mcrypt which is a two way encryption, as opposed to a hashing algorithm like sha1 which is a one way encryption method? (Which is technically more secure).

Please explain?

Are you storing the array or the string values seperately? The issue judging from your code is more likely because you have not used charsets correctly.

Looking at your code, I must ask the question. Are you seriously expecting a user to open a drop down menu with 42000 results? I think the problem here is you need to think a bit more about the poor user opening up your page. If you wanted to search for all holiday destinations in the world would you want to go through a drop down menu of tens of thousands of destinations? I think not, therefore do not expect your users to do the same here. I would more likely use a text box and create a search function of some kind. Also I would try to reduce the amount of records you need to search based on extra fields for County, City, Town etc prior to reaching the post codes

http://www.php.net/manual/en/function.uasort.php

Ah I see At least I now what they mean now. However there still seems to be a problem with my script because even though these var_dumps appear to show identical information, when I then try to run a method from the object on page 2 which uses the database object it throws a number of mysqli related errors. Warning: mysqli::prepare() [function.mysqli-prepare]: Couldn't fetch mysqli in C:\Inetpub\wwwroot\mom\lib\packages\system\class_group.php on line 106 It seems as though the mysqli references in the class cannot use the database object as if it does not exist. This is of course ridiculous because as we can see the database object is there and retains the same name. So why would the script throw these errors?

Well using var_dump on the object on page1.php before it is assigned to a session, I get this for the output, object(User)#8 (18) { ["db"]=> object(mysqli)#1 (0) { } ["group"]=> object(Group)#10 (4) { ["group_id:private"]=> int(2) ["group_name"]=> string(14) "Administrators" ["group_permissions"]=> string(1) "1" ["db"]=> object(mysqli)#1 (0) { } } ["user_id:private"]=> int(1) ["user_username:private"]=> string(6) "myuser" ["user_password"]=> string(40) "474ba67bdb289c6263b36dfd8a7bed6c85b04943" ["user_state"]=> int(1) ["user_status:private"]=> int(1) ["user_group_id:private"]=> int(2) ["user_group_name"]=> string(14) "Administrators" ["user_group_permissions:private"]=> string(1) "1" ["user_profile_id"]=> int(1) ["user_profile_css"]=> string( "main.css" ["user_profile_name"]=> string( "Standard" ["user_permissions:private"]=> string(1) "1" ["user_email"]=> string(30) "my.name@my-group.co.uk" ["user_ext"]=> int(335) ["user_displayname"]=> string(11) "My Name" ["user_warning"]=> NULL } On page two when I then var_dump the session and I get this, object(User)#4 (18) { ["db"]=> object(mysqli)#5 (0) { } ["group"]=> object(Group)#6 (4) { ["group_id:private"]=> int(2) ["group_name"]=> string(14) "Administrators" ["group_permissions"]=> string(1) "1" ["db"]=> object(mysqli)#5 (0) { } } ["user_id:private"]=> int(1) ["user_username:private"]=> string(6) "myuser" ["user_password"]=> string(40) "474ba67bdb289c6263b36dfd8a7bed6c85b04943" ["user_state"]=> int(1) ["user_status:private"]=> int(1) ["user_group_id:private"]=> int(2) ["user_group_name"]=> string(14) "Administrators" ["user_group_permissions:private"]=> string(1) "1" ["user_profile_id"]=> int(1) ["user_profile_css"]=> string( "main.css" ["user_profile_name"]=> string( "Standard" ["user_permissions:private"]=> string(1) "1" ["user_email"]=> string(30) "my.name@my-group.co.uk" ["user_ext"]=> int(335) ["user_displayname"]=> string(11) "My Name" ["user_warning"]=> NULL } The interesting part is that these dumps are virtually identical except next to the objects the hash numbers change. Unfortunately these are the only part of the var_dump that I cannot translate so I have no idea what they mean

I see, thank you. I am still not getting very far with this though and it may be a misunderstanding on my part. As the example I show states, the object of class User has a property ($db) which contains the database connection object from another class (mysqli class). Am I right in believing that if I assign the user object to a session or even instantiate to a session like this, $_SESSION['myobj'] = new User($db); This automatically serializes the object into the session variable? Or should I be explicitly calling the serialize function beforehand like this? $myobj = new User($db); $_SESSION['myobj'] = serialize($myobj); And then when I move to another script I then unserialize the object from the session, $myobj = unserialize($_SESSION['myobj']);

Hi, I have a class which creates an object with a database property. This property holds as you might of guessed a database connection object (mysqli to be precise). Much like the following, ----- mydatabaseinclude.php ----- $db = new mysqli('server', 'user, 'password', 'database'); ----- myscript.php ----- require_once("mydatabaseinclude.php"); $user = new User($db); Class User { public $db; public function __construct($conn) { $this->db = $conn; } If I then store the User object in a session variable (so I can traverse my scripts) this will cause my object to lose its database connection object. So I decided to use __wakeup() to re-establish the database connection when the User object is unserialized from the session. ---- extra function in User Class ---- public function __wakeup() { require_once("mydatabaseinclude.php"); $this->db = $db; } The problem is, the magic method does not appear to be working. I am using PHP 5.2.5. Is this even the right way to do what I am trying?

satic $DAYS = array( That won't work for starters Check this out http://www.php.net/manual/en/language.oop.php

Nice, you might want to remove your password and username details. What is your script supposed to do except connect and then close?

You say the script works on this other guys server but not on yours? You have not got magic_quotes_gpc turned on in your php.ini file have you?

That is partially true, the quote is being escaped with slashes but would be done so by using addslashes function. Do not use addslashes for validation, it is bad. Use htmlentities if you want to escape all html entity types, for an overhead save you should use htmlspecialchars but you would need to specify the charset your going to use and I feel this may be a topic beyond the scope of this post.

That is where you are wrong, you are not just redisplaying information, you are allowing a user to perform a task on the server by leaving an opening in your code. Your display is only an outputted process from the server once your script has executed. If I inserted malicious code into that opening that then executed on your server before the remainder of your script I could make it do a whole heap of things, even exiting your script entirely. You need to be aware of cross site scripting attacks, XSS (I would google it if you are not aware)

SQL Injection is not the only form of attack a $_POST or $_GET resource can leave you open too if you do not properly validate the data being entered. Sessions are a much more secure then using $_POST or $_GET. Plus with Sessions you are not having to re-process the information, the server already has it.

If you do var_dump($location); Do you get an array?