Jessica

It means making sure the user didn't enter any data you don't want. You don't want them to inject SQL, HMTL or Javascript.

What is a combo box? If you're asking how to create an HTML form, then you need to do some searching and read some tutorials before asking such a vague question. Then, read up on connecting to an Access database. I don't use Access, but it seems like the tutorial I linked to goes over how to connect to Access using PHP.

I would recommend having a separate processing file - although I can't think of a way to explain why :( Also, make sure to sanitize your user's data before printing it back to the screen, or you open yourself up to XSS attacks.

Anytime you want to do stuff with a string, check the documentation on strings and look through the functions ;) Same for arrays, etc. No one is expected to memorize all those functions, that's why they're documented :)

Javascript is client side - PHP is server side. Javascript validation can be bypassed - PHP cannot (as long as you do it correctly) To clarify: Javascript runs in your visitor's browser, meaning they have control over it. Your PHP runs on your server.

http://en.wikipedia.org/wiki/IP_address An IP address (Internet Protocol address) is a unique address that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—including routers, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address. Also, many people can find personal information through IP addresses. An IP address can also be thought of as the equivalent of a street address or a phone number (compare: VoIP(voice over (the) internet protocol)) for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. An IP address can appear to be shared by multiple client devices either because they are part of a shared hosting web server environment or because a proxy server (e.g., an ISP or anonymizer service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. The analogy to telephone systems would be the use of predial numbers (proxy) and extensions (shared).

Edit: Posted in the wrong thread!

use substr(): http://php.net/substr then just ."...";

You can also use javascript to validate as best as possible before they submit, but always validate server side TOO.

Good Point, I missed the "If Possible". My bad! :)

Please indent your code! I can barely read this. :( Can you link to the actual page so I can see EXACTLY what is printing out?

Barand - I used to do it that way, but what happens when you have a user who needs access to stuff at level 3, and 5, but not at 4? I have found it easier to just categorize things. In my admin section there are areas like Users, Forum, Etc, and admins are allowed into certain areas, instead of having a level. This has made it easier for this approach - others might work differently for different situations.

There are dynamic IPs, and you can also just request your IP to be changed. You can also use masking services and proxies. It can help when trying to detect multiple users, but it's not very accurate. My husband and I are both on several sites, and we use the same IP. We use different emails and names, so we are not the same person. Allow people to use the same IP, and simply record it to help determine if it might be the same person. For example - someone registered on my site once with two different emails, which were similar, and the same IP. Now, it could have been two different people - but they used the same birthdate and password - that was why I figured it was the same person.

Save the values to the session. On the processing page, create an array, say $form. Then say $form['name'] = $_POST['name']; //Make sure to actually sanitize your data. Before redirecting back to the form with the error, do $_SESSION['form'] = $form; On the form page get the form out of the session: $form = $_SESSION['form']; In each of the inputs add value="<?=$form['name']?>" etc.

What? You don't want your members to be able to login from anywhere? That seems kind of restrictive. IP tracking is a very poor method for tracking users. There are many ways to change or mask your IP address.

Where's the javascript? IE is very picky about spacing, commas, lots of things in JS. Post the javascript in the javascript forum, as it's probably a problem in there. Also, make sure to turn javascript error reporting on in your IE so you can see the error.

The form is not being submitted due to a javascript error. "document.theForm has no properties" Try the javascript forum. I never use this way of referencing an element, so I can't help beyond that.

"Opens or reuses a connection to a MySQL server." This makes me think if there is already a connection open, it will use that one. So you don't really need to check... I always assign to a variable also. I wrap my database connection in a function for error handling, etc, and use pconnect.

Yes. Try r+ instead of a+.

So you're saying that even if they are not in the database, it echos the you are now logged in message?

read is a reserved word. quote it with backticks $feedme="UPDATE users SET `read`='$newread' WHERE name='$name'";

Then you need to think a bit more...you're getting very descriptive errors and ignoring them. It says there is an unknown column. Look at your sql. Does dlp_library have a column called current_holder? I don't know JOINS very well, you should read up on them to make sure your query is right. The problem is in your SQL.

1.) I always create a separate permissions table. 2.) I would store in the session a list of their permitted reports when they login, and check that on each report. If it's not there, die with a message.

You get all the files from the folder. http://us2.php.net/function.opendir Read example 1

Right now you are checking if the entire string $contents is equal to the string $Mrx. You want to find if $Mrx is IN the string $contents and how many times, right? [code]$counter = substr_count($contents, $Mrx);[/code] That gives you a place to start. Go from there ;)