dptr1988

Yes, having the previous page passing it's URL or "id" is the best way. That will gurantee that you get back to the page that 'called' the script and won't have to depend on the browser like the $_SERVER['HTTP_REFERER'] or JavaScript methods would.

You could try replacing the apostrophe ( and any other char that you want to disregard in the search) with a '%' symbol. I don't think that there are any 'looser' search methods that MySQL can do for you. It sounds like you will need to select all of the rows and do the search your self.

No sarcasm intended. I guess I didn't make my self clear. There are no weak points. The code is secure. It's perfect!

That will give you the full url, but you can break it up and get the file, path and domain domain components out of it if you need them

Are you wanting to delete multiple ID's in one SQL query or multiple ID's in one page request?

Try using $_SERVER['HTTP_REFERER']

Yes, it should work. PHP doesn't have many different data 'types', and automatically converts between the few ones that it does have, so it is not a problem of different data types. Have you checked the contents of the hash from the cookie and the contents of the hash you are comparing it to? It could be trouble with setting and retreiveing cookies.

You can't just use 'mysql_connect()' by it's self. You need to use 'mysql_connect($dbhost, $dbuser, $dbpass)' and save the result of that function and then analize the result. Also when debugging, you should uncontionally print the values that are in question, and print a 'yes'/'no' if you are wanting to determine the result of a if statment.

Yes, the AJAX may be causing the trouble. There was another guy that was having trouble setting a cookie from a PHP script that was called by AJAX. Have you tried accessing this script from a regular webbrowser instead of AJAX?

That is strange! How come it's say "usering password: NO" when you are using the password? @DarkWater: Sessions don't have anything to do this. The only reason for the session errors, is becuase he was printing out a debug string that I requested.

@DarkWater: The table in the URL he mentioned shows June then July, then June again. I am concerned that he is not useing a standardized date/time format for his database

What is the default value for the grade column? If the column definition contains a default value, then use that value.

Try using urldecode() to decode your string http://us.php.net/manual/en/function.urldecode.php

So 'field_6' contains the month for that entry? Could you describe your table, and the data format of the relevent colums.

Well, that login code looks very secure! I don't know of any way that it could be 'hacked' from a remote computer.

Yes, when you are logged out, the script may not be includeing the neccessary db config files. Please double check the contents of those config vars. You can do that by 'echo'ing the right before using them in the mysql_connect function and then going to your forum and then logging out and showing us the 'echo'ed results.

It sounds you havn't setup the proper config variables for the database connection. In the file 'db_connect.php', double check that you are actually getting the proper host/username/password/database varialbles.

Is that line where you 'print_r($checkbox)' just for debugging? Why are you serializeing and unserializing the $checkbox var? What do you get with 'print_r($_POST);' after the form has been submitted? Is the post data the way you were expecting it?

A quick google search of 'php send mail attachment' showed up these informative results: http://www.drquincy.com/resources/tutorials/webserverside/sendemailattachmentphp/ http://www.codewalkers.com/c/a/Email-Code/PHP-Email-Attachment-v2-UPDATED-091106/ http://www.webcheatsheet.com/php/send_email_text_html_attachment.php

I got 8 for http://clearwebvideo.com/ and 8 http://aahc-cf.org/ on IE 6.0 ( installed on linux for testing purposes ONLY. )

If you would post the relevent portion of the script that handles the login, I could check it for security related bugs.

Well I'm stumped! All of that code looks good! The only thing I can think of is on line 44 of 'login.php' where you send out the location header. Most browsers want a full URL for this header rather then just a relative URL like you are using ( 'login_done.php' ). Try changing the URL for the "Location: " header to a full URL ( 'http://www.your_domain/path/example.php' ). This is just another wild guess, but it might be worth a try.

I don't know how they handle it, but the method we describe here is the only one I have seen used, so I'm sure they use it too.

Some more info from the mysql manual: http://dev.mysql.com/doc/refman/5.0/en/working-with-null.html

Use 'Grade IS NULL' rather then 'Grade = null'