PFMaBiSmAd

You are also storing the passwords as plain text. At a minimum you should be hashing the passwords so that if someone gains access to or displays all the records in your table(s), they don't automatically know all the actual passwords.

To get your UNION query to work, you need to add a WHERE clause to each part - SELECT userName FROM customer WHERE userName ='admin' and password='test' UNION ALL SELECT userName FROM admin WHERE userName ='admin' and password='test' UNION ALL SELECT userName FROM staff WHERE userName ='admin' and password='test';

You shouldn't have three different tables for your users. You should have one table for your users. If you need to distinguish between the different types of users and what they can access once logged in, you need to use an Access Control List (ACL) system.

Next problem with the class code and the tutorial is that it does not address arrays of values, so the 'sfill[]' checkboxes will always be considered empty in the code as written. Since I don't think the trim() function ever operated on an array, the tutorial code probably never worked for checkboxes. You would either need to add specific methods for fields that are arrays or alter the logic to detect between scaler variables and arrays and take an appropriate action for both possibilities.

The most straightforward way of getting the class to work with the least amount of changes would be to pass an array of the form data ($_POST) into the class when you make an instance of the class, then change the _getValue() method to reference that copy of the form data.

That code is so out of date it's not funny. As of next month (April) that code is 10 years out of date. In addition to using bad coding - global and variable variables to access main program variables, it relies on register_globals to set those main program variables from the form data. That class code WON'T work as written. Edit: and in fact, the two other php form classes that the author mentions to use instead of his own simple/first attempt are equally out of date and won't work as written. Edit2: in fact that code was developed/tested using php 4.1.1.

No it doesn't. The only restriction is that it needs to occur before you send any output to the browser. However, if you are going to redirect, there's no point in sending any output to the browser since A) any output wouldn't be seen, even if it did work, and B) producing and sending any output would waste processor resources and bandwidth, even if it did work.

You are executing the header() redirect as the first thing in the file. $dateID does NOT have any value in it at that time because you are not assigning a value to $dateID until about line 13 in that code.

You likely have some code in adminteetimes.php that is clearing the value, rather than comparing the value. You would need to post enough of your code (from both pages) that reproduces the problem for anyone here to directly help. You might also have a redirect in adminteetimes.php that could be causing this or you might have some url rewriting that could be causing this (do any $_GET values work?) @l0gic, while it is true that the associative array index names are most often strings and should be quoted, php code works without quotes (produces a nasty error concerning an undefined constant and an assumption by php that you meant to put quotes around the name.)

There's nothing technically wrong with what you tried. What have you done to troubleshoot exactly at what point you have the expected data and at what point you don't?

The error messages tells you where the output is occurring at - If you don't have any characters before the <?php tag in your file and you don't have any php code on the same line with the <?php tag that is producing output, then you most likely have a file saved as UTF-8 with the BOM characters. See the last post in this thread - http://www.phpfreaks.com/forums/index.php?topic=37442.0

printf directly prints the output to the browser. It returns an integer that is - If you want to assign the formatted string to a variable, use sprintf

When I reviewed your other recent threads, I'm pretty sure I saw one where Pikachu2000 stated to add an exit() after your header() redirect in that exact function. I'm guessing that after you tried that, you removed it. You need it for security purposes. It will also fix some types of unexplained problems with your code, by preventing the remainder of your code from running while the browser requests the new URL.

You would use preg_replace to leave the letter-case as is. See this example - http://www.phpfreaks.com/forums/index.php?topic=350793.msg1655792#msg1655792

In your previous thread about your site being hacked/login code, someone provided a specific keyword/member search on the forum that would give you information on how to secure the login/remember-me cookie. Did you read through the replies in your previous thread?

Without enough of your code that would reproduce the problem you are having, seeing what exactly you are trying to write to a .php file, how you are then trying to use that .php file, and what end result you expect to produce and output as a web page, your statements concerning data, variables, functions, and scope don't mean anything to us (and some of us have had a LOT of experience deciphering/guessing what vague posts are referring to.) However, making a dynamically produced php based web site, such as this forum for example, does not mean dynamically writing php code to a file(s) and then requesting that file(s). It means having a data driven site where the static php code, that you have completely written and tested, receives/retrieves/generates data, produces the desired output, and then outputs the result back to the browser as a (valid) web page that contains html, javascript, media, and content.

You shouldn't be writing php code to a file (unless it's something like a configuration file) and certainly NOT just the while(){} loop code snippet you have shown in this thread. What overall goal are you trying to accomplish? It sounds like you are doing something the hardest way possible.

Assuming you have your dates in DATE data type column named date (and the other column is named title) - <?php // connect and select database here.... $query = "SELECT YEAR(date) as year, MONTHNAME(date) as month, title FROM monsterposts ORDER BY date DESC"; // query to get the rows you want in the order that you want them, with the year and monthname specifically selected as well $result = mysql_query($query); $last_heading = null; // remember the last heading (initialize to null) while($row = mysql_fetch_assoc($result)){ $new_heading = $row['year']; // get the column in the data that represents the heading $new_subheading = $row['month']; // get the column in the data that represents the subheading if($last_heading != $new_heading){ // heading changed or is the first one $last_heading = $new_heading; // remember the new heading $last_subheading = null; // (re)initialize the subheading // start a new section, output the heading here... echo "{$row['year']}<br />"; } // subheading under each heading if($last_subheading != $new_subheading){ // subheading changed or is the first one $last_subheading = $new_subheading; // remember the new subheading // start a new section, output the subheading here... echo "{$row['month']}<br />"; } // output each piece of data under a heading here... echo "{$row['title']}<br />"; }

http://us3.php.net/manual/en/functions.variable-functions.php

XML - you wouldn't use xml as a database (it was originally intended to transfer data between dissimilar systems.) The extra overhead and amount of specific coding required to use it as a database is not worth it. By using an actual database, you can concentrate on forming the queries that you need to retrieve the data that you want and let the database engine do the work of finding that data for you.

Actually that format is supported by strtotime. If your original code didn't work, that's not your actual code or actual data. I'll guess the date was from someplace like a form or a database and it wasn't what you thought (probably an empty value.)

Ummm. I'm not sure why you marked this thread as being solved, but I replied in the other thread you started for this exact same problem, how you detect and output the information the way you want it to be. Don't start new threads for the same issue.

I would also recommend that you use one DATE data type column to hold your mpyear mpmonth mpday value as a date (YYYY-MM-DD.) It will use less storage, queries will execute faster, there will be less overall php code and sql statements, you can directly order/sort by dates, and you can use the few dozen mysql date functions directly in your query statements.

GROUP BY consolidates rows having the same value into a single row in the result set. That's not what you want. GROUP BY is used when you want to use aggregate functions (COUNT, SUM, AVE, MIN, MAX,...) on the rows within each group. What you want to do is form a query that gets the rows you want, in the order that you want them. Then you output the information the way you want when you iterate over the rows in your php code. You would 'remember' the year and month values (using variables) and every time either one of them change, you would output new year or month headings/sub-headings, followed by the data. Start by reading the reply at the following link - http://www.phpfreaks.com/forums/index.php?topic=352119.msg1662984#msg1662984 You would add a second if(){} statement and $last_subheading variable for the month (see reply #9 in that same linked to thread.)

Here's a slightly different slant on the question I think you tried to ask. I think your first post in this thread was actually trying to ask - You have banned/removed an account, but that person (or bot script) is still able to post replies in your forum. The answer to that has already been given. Your login check code simply tests for the existence of a cookie. As long as that cookie is sent along with the request for your form processing code, your code testing if that cookie isset will allow anyone to submit to the form processing code. The only thing your code is testing based on the value in that cookie is how many characters are permitted. P.S. References to your redirect() function currently result in a fatal undefined function error message on your site. P.P.S. When you ban an account, you should simply mark it as being banned and when you delete a post, you should simply mark it as being deleted (in real world applications, data is almost never actually deleted.) When you actually delete this information, you lose the record of the username, email address, and ip address/ip history.