Jessica

You're messing up your quotes. if (!file_exists($mempic)) { $mempic = '<img src="images/mugs/mug_'.$u_uid.'.jpg' class='picborder' width='47px' height='53px' align='left'>"; } else { $mempic = "<img src='images/mugs/MugDefault.jpg' alt='No image on file' class='picborder' width='47px' height='53px' align='left'>"; } However, as many people mentioned, you can't use file_exists on a url like that, you need to use the path.

'.mug.' mug isn't a variable here, nor a string. Change your if to: if (!file_exists($mempic)) { $mempic = "<img src='images/...'>"; }

I don't know, but is your computer time set to the server's time? Perhaps if they're different Firefox somehow knows that you mean 30 minutes, but IE thinks you mean that time, which is different from your computer. No idea how to fix it, best of luck.

A little off topic, but how do you guys do salt? I know of a few different ways to do it, just wondering what people use?

...yes. Instead of.

$eventid = $_POST['eventID']; You need to add that on the pages you want to use the posted variable.

As I said twice, you need to SELECT the information AFTER updating it. Not before.

$sql = mysql_query("SELECT * FROM userinformation WHERE `username`='".addslashes($_POST['username'])."' AND `password`='".addslashes($_POST['password'])."' LIMIT 1")or die(mysql_error()); As you're using mysql, you really should use mysql_real_escape_string instead of addslashes()

Can you use an htaccess file to set it? Perhaps that would work?

If you already know how to implode the checkboxes into one variable, what don't you get? $check = implode(',', $check); $sql = mysql_query("INSERT INTO table_name SET text = '$check'");

Do you have PHP MyAdmin or some tool like that? Look in the database and make sure it's updating. print $north before running it to make sure it says what you want.

You select their stats before updating them. After you update the stats in the database, you also need to update your $userstats. Try changing it to +1, not +'1'

Where is userstats coming from? the session? Do you query the database each time? You'll need to update that array after the update.

It's less effort for the server to load an image from the filesystem then get all that data from the database and reconstruct the image each time. The filesystem is made for files, that's what an image is. Yes, an image has data, but it's not the type of data that databases are made for. I think it's mostly personal preference.

are you looking for http://php.net/implode or http://php.net/explode ?

Try this: move your include to the top, before the class declaration. include_once('./includes/class_dbLink.php'); Then change the $this->$connections to $this->connection. That should fix the problem. Also, I don't believe include_once() will return a false value if the include fails - you might want to use require() instead of your if statement.

I've been stuck on this too. I can't figure out how to send a file via submitting a form via ajax, so if anyone can clarify that would be great.

From the manual:http://us3.php.net/manual/en/ref.session.php#ini.session.gc-maxlifetime Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path. I think you'll need to set it in the php.ini, or on every single page, in order for it to work.

You didn't tell us what the problem is. Please post code between code tags!

$this->connection is the proper way to access a class variable $connection, it isn't gibberish. $this->$connection will look for a variable with the name that is the value of $connection. IE: $bar = 'foo'; $foo = 10; echo $$bar; will print 10. vr, I'm not sure you can just include the db class as a way to integrate it. If you post the two files we can try to help better.

How are you checking the cookie expiration time? I mean, what makes you say they're different times?

See how the form action points to index? On index there is this code: // querystring args $page = intval(querystring("page")); $id = intval(querystring("id")); $num = intval(querystring("num")); $search = querystring("search"); $action = querystring("action"); $language = querystring("language"); $self="index.php?"; foreach (array_keys($_GET) as $key) { if ($key != "language") { $self.=$key."=".$_GET[$key]."&"; } } if (preg_match("/\&$/",$self)) { $self=substr($self,0,strlen($self)-1); } if ($language!="") { $_SESSION["LANGUAGE"] = $language; setcookie("Language", $language, time()+(60 * 60 * 24 * 365)); $query = @mysql_query("SELECT * FROM lang WHERE id='".$language."'"); $row = @mysql_fetch_array($query); $_SESSION["LANGNAME"] = strtolower($row["name"]); redirect($self); } What this does (I think) is creates the page it should go to based on the URL. IMO this seems pretty insecure, and it's a weird way of doing it. Anyway, there should be yet another file which does processing, because you have two forms which only have code to select data, I see no inserts, so there should be more. Honestly, this is too complicated for me to just pick up and help with, because of the structure I am unfamiliar with. If I were you, I would tell the original programmers to help support you somewhat, or try to get some money back, if they misled you about the ease of use for this code. Best of luck.

You could make a function like this: clean($text){ return trim(html_entities(strip_tags($text))); } Then use that instead of three times. $firstname = clean($_POST['FirstName']); You may also want to check for words like "mime-type" as that's a sign someone is trying to hijack an email form. There's plenty of good articles out there about preventing email form hijacking.

You can use that, but if the variable isn't set, it will produce notices when error reporting is set to show notices. It's considered poor practice - it's a bad habit I have and I am still learning how to avoid notices. We'd need to see more of the code to tell if it really is needed here. isset() will return true if the variable is set - but if the variable is FALSE, isset will return true. Just an if() will return false if the variable is false or not set or = 0, etc.

You could use ajax to do that, or just use checkdate() on the date created to make sure it's valid.