xProteuSx

I have a varchar field in one of my databases. I can insert a string such as 'this string is the data in the field' but when I go to display the data is displays 'this'. It seems that no matter what I type in it will not display the first space or anything beyond it. How do I fix this? Thanks in advance.

Never mind, I figured it out. Just had to add 'value=Proteus' to the input.

I have a form in the format of: <input type="text" name="user_handle" size="20" maxlength="35"> Is there anything that I can enter into this line to give it a default value?? I mean something like this: <input type="text" name="user_handle" size="20" maxlength="35" default="Proteus"> So that when you load the page it will already have 'Proteus' typed into this input field, but you can delete this text and enter your own. Any ideas?

I caught onto a stupid mistake ... what a surprise. All is well. Thanks for the help. Good thing I got another shot of caffeine into me! :-\

I think that I have exhausted every combination of '=' and '==' and still no cigar. If I do as you say, and use the following code I still get a foobar result: $genderstatusrow = 'F'; echo $genderstatusrow; if ($genderstatusrow == 'M') { $genderstatus = 'Male'; } else if ($row[7] == 'F') { $genderstatusrow = 'Female'; } else { $genderstatusrow == 'NotSpecified'; } echo $genderstatus; This will get you the following output: F

SORRY. Below is the correct code and output ... ------------------------------------------- $genderstatusrow = 'F'; echo $genderstatusrow; if ($genderstatusrow = 'M') { $genderstatus = 'Male'; } else if ($row[7] = 'F') { $genderstatusrow = 'Female'; } else { $genderstatusrow = 'Not Specified'; } echo $genderstatus; ------------------------------------------- This code, when run, displays: FMale WTF??

Oh man ... I think I don't have enough caffeine in me. I am trying to do something extremely simple, yet I can't get it to work. Here is the basic idea. ------------------------------------------- $genderstatusrow = 'F'; echo $genderstatusrow; if ($genderstatusrow = 'M') { $genderstatus = 'Male'; } else if ($row[7] = 'F') { $genderstatusrow = 'Female'; } else { $genderstatusrow = 'Not Specified'; } echo $genderstatusnow; ------------------------------------------- This code, when run, displays: FM WTF??

I'm not really at the debugging stage of the script (which includes security testing), and may not be there for a while, but I cannot find a really thorough source on the coding practices that can be implemented to avoid leaving XSS security holes. Anyone know of a brief but good rundown?

Man I love the help I get here. I learn as much from this Forum as I do from all my other sources combined. Thanks guys.

Is there a PHP snippet that will take a user back one page in browser history, or is everyone still using the JavaScript equivalent?

Thanks a ton. Beautiful!

I'm sorry Daniel0: I do appreciate your help, but you have not answered the question. If I do not use cookies, then my users are invulnerable to XSS (thanks for the correction) at the cost of having to log back in every time they close the browser. Is this correct? Is this the only downside to using sessions alone? Thanks in advance.

I am trying to add a function to one of my scripts. I would like to be able to click a link and have it delete a particular row from by DB. Links are generated by a PHP script and are based on entries on a DB. In this DB I have a column called 'users'. The table is generated by the following snippet: echo '<table>'; while($row = mysql_fetch_row($result)) { echo '<tr>'; echo '<td> ' . $row[0] . '</td>'; echo '<td bgcolor=blue> <a href="http://www.microsoft.com/' . $row[0] .'">Delete</a></td>'; echo '<td bgcolor=blue> <a href="http://www.microsoft.com/' . $row[0] .'">Edit</a></td>'; echo '<td bgcolor=blue> <a href="http://www.microsoft.com/' . $row[0] .'">View</a></td>'; echo '</tr>'; } echo '</table>'; So if the username value in row #1 is 'user1' the HTML reads kind of like this: <table> <tr> <td><a href="http://www.mcatzone.com/user1'">Delete</a></td> <td><a href="http://www.mcatzone.com/user1'">Edit</a></td> <td><a href="http://www.mcatzone.com/user1'">View</a></td> </tr> </table> What I would like to do is have a link that will delete the entire row for 'user1' from the DB. I think you all know what I mean. I have no idea where to start ...

I am relatively new to PHP and MySQL and I have started on a major project. I have read many posts on Cross Site Scripting. It seems to me that a lot of people are using Cookies. Although I have a members section only for my site, I have decided to use sessions alone. Seeing that so many people are utilizing cookies, I am starting to doubt my decision. I have read up on both, and I do not see a major benefit of cookies. On the contrary, it seems that CXX is rampant, so it seems like cookies are a bad idea. After all, if a member wants back into the site, its not too much to ask him to login again. So I guess I want to make sure of one thing: if you do not issue cookies, you cannot have CXX security flaws. Am I right? I think so, but I would like confirmation. Thanks. :-\

Thanks very much. I have been racking my brain for a while regarding this one. I'm not too proficient at PHP and MySQL, and I was pretty sure I could not do this using the functions that I am familiar with ...

I am trying to create an Online/Offline function for a membership system. I have created an extra column in the MySQL table that stores user info, called 'userstatus'. It is set to '0' if the user is offline, and is set to '1' if the user is online. When the user logs in his status is set to '1'. When the user logs out, his status is set back to '0'. My question is, if the user leaves the site without hitting the "Logout" button, how can my script determine that the user is offline? (meaning has left the site, not that he is not connected to the internet). Thanks. I cannot figure this one out.

When I create a table in MySQL, how do I go about creating a date/time value, that is updated when 'x' event occurrs. Initially, I want the value to show the date/time value given by the now() function: CREATE TABLE whatever (lastvisit DATETIME 'now()') ????

Thanks guys.  With your help the problem is now solved.  It was a matter of putting session_start(); at the top of each page.  Also, to print the values of the session variables to the screen I had to use print($_SESSION['variablename']); instead of echo"$variablename";

fert, I have tried it your way and I still cannot get any variables to stick to the session.  Also, the print_r command produced a blank page, as before.  It seems that the session is not being initialized.  I should mention, though I am unsure what this means exactly, that Global Variables on my server are disabled.  Could this be part of the problem?

I think that the whole problem is in the fact that the values for the variable are assigned after the header is sent.  How can I get around this problem?  After all, I do not want the values to be assigned to the variables before the login process is complete, and this completion can only take place after the header has been sent.  Is there any way to do this using a single page?

I created a session.php file that consisted of: <?php echo "$_SESSION"; ?> and when I viewed it it was blank.  Why is my session not working?

I tried to figure out why I could not get it to work with the TIMESTAMP data type, but yes, this was what you told me to do.  Thanks Artacus.

I am trying to create a website that you can register with.  As a result, I am trying to implement sessions so that registered users can have additional functions built into the site.  So on index.php I have a form where the user enters his Handle and Password, and this gets passed on to login.php which runs the code to verify the username/password combo and thus the login.  At the top of index.php, above the header I have the following code: [code] <?php session_start(); session_register("mcathandle"); session_register("mcatemail"); session_register('mcatdatejoined'); session_register('mcatrandomkey'); session_register('mcatvisits'); session_register('mcatlastvisit'); session_register('mcatquestionsanswered'); session_register('mcatcorrectanswers'); session_register('mcatpercentcorrect'); session_register('mcattotalscore'); session_register('mcatpagesviewed'); session_register('mcatvisitbonus'); session_register('mcatactivity'); ?> [/code] If the login is successful the following occurs: One, the proper db is selected, connected to, and values are extracted and assigned to all of the registered session variables above, and two, the variables are output to the screen.  Now, this works just fine and dandy, but when I go to another page on the site, and call up any of the registered session variables, the values are blank.  What am I doing wrong?  Do I have to put something at the top of each page to signify the implementation of the session?  What do I do to carry the values over? Please help.  My text books are of no help, and the examples that I am finding online are not helpful.

It seems that I do not comprehend the full function of TIMESTAMP.  This being so, I have just changed the data type of the users_datejoined column from TIMESTAMP to DATETIME and all is in working condition.  Thanks for the help.

I just went into PHPMyAdmin and realized that the users_datejoined has an attribute of "ON UPDATE CURRENT_TIMESTAMP" and it won't let me change that setting. Here is the error I get: Error SQL query: [code]ALTER TABLE `users` CHANGE `users_datejoined` `users_datejoined` TIMESTAMP UNSIGNED NOT NULL DEFAULT '0000-00-00 00:00:00'[/code] MySQL said: Documentation #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UNSIGNED NOT NULL DEFAULT '0000-00-00 00:00:00'' at line 1