tamumech

That worked! Thanks kirk!

Sorry about that. Here is a clearer version: table name = players player_idposition1position2 00352 00431 00523 table name = positions position_idposition 11B 22B 33B 4SS 5OF The result I want is: player_idposition1position2 003OF2B 0043B1B 0052B3B kirk112, Can you explain what p1, p2, and py represent? I have also tried to do two LEFT JOINs but have gotten an error message because you can't join the same table twice. I haven't used the AS statement yet though...

Well I guess what I'll have to do is just make another position table (a duplicate of the first) and just do a regular LEFT JOIN for the three tables. If anyone knows a better way to do it please post.

Hi I am making a database of baseball players and their positions. Each player usually has at least two positions. I have two tables like this (simplified): Players: position1position2 31 23 12 Positions: Position IDPosition 1First Base 2Second Base 3Third Base I need to do a joins so that I can print both positions and not the position IDs, but I don't know how to do that when there are 3 columns? I have had no luck so far. Thanks! -Tim

Ok, got it. SOLVED.

Hi php freaks. I am having a problem with passing values to my include files. Here's the deal. In one of my files I might write: (saving this as http://www.mysite.com/file.php) $variable = 'value'; include("http://www.mysite.com/include.php"); Where include.php is: echo "$variable"; And everything would work fine. However, if include.php was saved in a different location such as: http://www.mysite.com/subdirectory/include.php, nothing would echo. I would write: $variable = 'value'; include("http://www.mysite.com/subdirectory/include.php"); I don't understand this because I am writing out the full URL. Thanks in advance for your help!

Hi all. I am inserting a lot of data into a MySQL integer column via an html form. When a field in the form is left blank, I want the value in MySQL to be NULL, but it keeps inputting '0'. The default value for my column is NULL. I don't really think there is a simple way to do this on the php side (using a hidden form to set blank entries equal to NULL would require an extra page), so I was wondering if MySQL had some sort of capability. Here's a snippet. UPDATE table SET column1 = '$_POST[$value1]', column2 = '$_POST[$value2]' WHERE id = '$_POST[$id]'

When the user logs in, set $_SESSION['auth'] to TRUE or whatever. Then on each page check it like this: <?php session_start(); if ( @$_SESSION['auth'] != "TRUE" ) { header("Location: login.php"); die(); } ?>

whew! I didn't even think of data checking here. For some reason I thought I took care of all that during registration. Thanks for the heads up!

OK. So I'm assuming I handled the tokens correctly?

Hi all. I wanted to run this by you guys to make sure I'm not making any huge security mistakes. As suggested before, each page generates a random token that is required by the next page. My Login page: <?php // If it hasn't been submitted if ( !$_POST[login_submit] ) { include ("login_form.inc"); die(); } // Check for blanks foreach ($_POST as $input ) { if ( $input == "" ) { echo "You must enter a Username and Password."; include ("login_form.inc"); die(); } } // Encrypt password $crypt_pass = md5($_POST[password]); // Verify user include("today.inc"); $connect = mysql_connect($host, $user, $pass) or die('Failure to connect to Database. Please contact us at customer support'); $db_connect = mysql_select_db($db) or die ('Failure to select Database. Please contact us at customer support'); $select = "SELECT email FROM schools WHERE email = '$_POST[email]' AND password = '$crypt_pass'"; $result = mysql_query($select) or die('Could not execute query'); $num_rows = mysql_num_rows($result); // Start session and redirect if ( $num_rows > '0' ) { session_start(); session_regenerate_id(); $_SESSION['auth'] = TRUE; $token = md5(uniqid(rand(),TRUE)); $_SESSION['token'] = $token; header("Location: http://www.website.com?token=$token"); } // get outta my house else { echo "Invalid Username or Password."; include ("login_form.inc"); die(); } ?> And the includes file at the top of every restricted page: <?php session_start(); if ( $_SESSION['auth'] != "TRUE" || $_SESSION['token'] != $_GET['token'] ) { header('Location: login.php'); die(); } $token = md5(uniqid(rand(),TRUE)); $_SESSION['token'] = $token; ?> An example page: <?php include("top.inc"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <a href="player_counter.php<?php echo "?token=$token" ?>">Click Here</a> <p>Members Only</p> </body> </html>

Alright, do I have to do that on every hyper link on the page. Good times. Thanks fellas.

I understand how to store session data, but how do I use it in GET or POST requests? I am actually trying to store something in the URL, and something in a session cookie. Is there a way to do that without a form appearing on the page? Thanks

Hi, I am trying to implement a token identifier with a session. Can anyone explain to me how store it in the session data and use in get or post requests? Thanks -Tim

stoker- Would I just put the POST and GET data in a form to transfer it from page to page? Or is there another way? Why would I pass it in the URL if I can use POST? ie: <?php <form action = "$_SERVER['PHP_SELF']" method = "GET"> <input type = "hidden" value = "$_GET['key']"> </form> ?> Hypnos- Do you recommend a place to get SSL? Is the open source any good? Thanks for all your help.

Hi all, I am creating a login script that will use sessions. Since I am not dealing with very personal information or financial data, I think it is something a beginner (sort of) like myself can do. To prevent session hijacking I understand I should use a token with the session identifier. According to Chris Shiflett here http://shiflett.org/articles/session-hijacking , I should propagate the token differently then I do the session identifier. He recommends "propagating the session identifier as a cookie and the token as GET data". Can anyone explain to me how this might be done? What if the user has cookies turned off?

oh damn, ok nevermind I got it. thanks for your help teng84

Hello all, I'm still kind of new to php so bear with me. What I'm trying to do is combine two strings within the $_POST superglobal. I would like to add the variable '$id' and and a string of characters like 'GDP' in $_POST. If $id = 3, then the outcome should be $_POST[3GDP]. This value would then be inserted into MySQL. I don't know if this is at all possible... any help is appreciated!

Ok good. Well thanks for your help! Let me know if you come across those scripts. -Thanks Tim

Ok, I figured there was some other code out there better suited for the job but I guess not. But won't submitting so many elements one by one be a bit sluggish? btw thanks for your help.

Howdy, I am building a website that will create a massive database. I need to make a spreadsheet where a registered user can input data that will be stored in a MySQL database. Each spreadsheet submitted will be about 25 rows and 15 columns (375 elements). Should I basically make a form with each field a cell in the spreadsheet? Or is there an easier way?