per1os

http://www.phpfreaks.com/forums/index.php/topic,149316.0.html <?php include('class.def.php'); // has to be before session_Start session_start(); if (!isset($_SESSION['class_name'])) { $_SESSION['class_name'] = new class_name(); }else { $x=1; } $class &= $_SESSION['class_name']; // dunno if keeping the reference works but yea if ($x==1) echo $class->get_var('test'); $class->set_var('test', 'Testing'); $_SESSION['class_name'] = $class; ?> Unsure how savory that is, efficient or how much a toll it would take on the server. But yea I think that is what you are looking for.

Right on. You do know that you did not have to cast that get data to an int right? You could of inserted it into the table without doing that part. Just an FYI, I bet if you just left the (int) part out it would of been fine, to check if it was indeed all numeric you could of just used www.php.net/is_numeric

www.php.net/file_get_contents www.php.net/strpos www.php.net/preg_match Alot of different ways to perform webfetching.

$ip does not contain a value.

No int shouldn't be changed to big int. My remark was not mean, it was a suggestion which after reading through the post correctly was unnecessary and irrelevant. Anyhow you may need the number to be a float or double, but (int) should be fine via the php way. Keep the same as the (int) for the php but leave it as bigint in the MySQL portion see if it works.

try a javascript redirect instead of the header, sometimes they can do weird stuff. If you are on shared hosting than try the www.php.net/session_save_path and changing that as sometimes their permissions are set kinda funky.

You need to unset the session cookie www.php.net/session_destroy see the examples/user comments about that. Remember if you have the domain/path set for the cookie you need to add those into the setcookie time()-4200 part as well.

Edit: Dumb remark thought it was for a timestamp, my bad =)

Ah, check for the single quote and the OR statement and maybe even the equals sign. If it has those chances are it is pretty close. Or use www.php.net/preg_match regular expressions to do the check for you.

Pagination. Google PHP Pagination or look in the tutorials section of this site www.phpfreaks.com/tutorials (i believe).

Not going to work. Why isn't it working, how isn't it working. What part about it do you think is not working? This isn't, here is a bunch of code, find the error for me forum. This is the help forum. We will help you, but first you need to put forth the effort and ask the question the right way. Just informing you that you won't get an answer till you are clearer on the issue and not just say "Here is a haystack, please find the needle for me."

What is the question/problem? There is neither in the post above. If you want help/an answer please post what is going wrong, where you think it is going wrong and what steps you have already taken to fix it.

$result is neither. It is a mysql resource. Even if the query returns 0 rows, it is still a valid query. That is why you have to use mysql_num_rows to check. www.php.net/mysql_query Returns a MySQL Resource ID. Which is used by mysql_fetch_array etc to retrieve the data.

Most servers database are really fast, you should really be only running 1 query to get all the data. Multiple queries, where 1 would suffice is what drags ya down. But MySQL is very efficient and fast if configured properly and in 3NF form.

If thats the load you except, I would re-instantiate the object each call. The session is stored in memory and could cause some potential problems. Just generate a function in the class called getUserData or PopulateClass that is called when the constructor is ran and fills the class with needed data. EDIT:: You may be fine keeping it in session like I described, but I have no clue. I never implemented that on a huge system with a lot of people.

Umm yea, very descriptive. Write the question better and more thorough than you might get some help.

$result = mysql_query("SELECT userid FROM users WHERE (email = '[email protected]' OR username = 'username')"); if (mysql_num_rows($result) > 0) { echo 'The username/email is already in use.'; } If you want to be able to display a helpful error message you need to branch that off into 2 queries instead of just one so the user knows that it was the username that was invalid etc.

SELECT userid FROM users WHERE (email = '[email protected]' OR username = 'username') UPDATE users SET status = 1 WHERE username = 'username'

www.php.net/gd GD Library.

www.php.net/mysql_real_escape_string before you submit entry for database. It escapes the single quotes so they do not screw up the statements and leave you open for exploitation.

$sql = "SELECT name, email FROM people_table username = '" . $username . "' AND password = '" . $password . "'";

replace " with "

TinyMCE or FCKEdit You are looking for a WYSIWYG editor.

Here is a simple fix to your session problem, note that if I were you I would take care of the possible exploit that could happen. But this will solve the problem half-assed and very unsecure. <?php $page_title = "Sconnie™ Tours"; $page_name = ($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : 'main'; $position = strpos($page_name, 'PHPSESSID='); if ($position !== FALSE) { $page_name = substr($page_name, 0, $position); } $page_name = $page_name . '.php'; ?> <html> <head> Just remember there is a much bigger problem at hand with what I posted above. I HIGHLY you fix that issue ASAP. Bah my conscience got the best of me. <?php $page_title = "Sconnie™ Tours"; $page_name = ($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : 'main'; if (eregi('http:', $page_name) || eregi('\./|\.\./', $page_name) { $page_name = 'main'; // someone tried to get into the site } $position = strpos($page_name, 'PHPSESSID='); if ($position !== FALSE) { $page_name = substr($page_name, 0, $position); } $page_name = $page_name . '.php'; if (!file_exist($page_name)) { $page_name = 'main.php'; // set it to default } ?> <html> <head> Now I am not sure if this would work, I would suggest testing it before pushing it to production, but should prevent against most attacks. The only part im not sure about is the second ereg with the ./ and ../ check. I think my syntax is right.

www.php.net/file_exists is what Thorpe is talking about. But still you should check to make sure that data was not altered by someoen else. All I have to do is add this to the query string: http://www.someremotesiteofmine.com/destroy_site to the query string and that file will be included which in return could wipe out all the files on your site. Not a good thing to have happen. It is best to check that data and verify that it is legit before including.