premiso

Mainly because the syntax is all wrong. If you want the IF on oneline this should work: <?php $insert = ($config_website_url_topic == "home")?"":"test"; echo '<div id="logo"><a href="'.$config_website_url.'/'.$config_website_url_topic.'/index.php?page=home">Home</a>'. $insert .'</div>'; ?>

Honestly I never use variables variables. Just there is no point to it, slower and if you ask me that is a ton more complex than just using an array as stated earlier. Just my 2 cents.

I think mainly what Thorpe is getting at is you do not seem to even be trying. Where is your PHP code? Where is the start of the stored procedure code you have attempted? You only posted the simple HTML page, and anyone can easily create that in a matter of a minute. Try actually writing the code and when you get stuck you might get some help.

It sounds like you are wanting this to run on each login, I would advise against that and look up a Cron Job. Also I believe with MySQL you can check a timestamp, basically what you would do is something like this: <?php // time plus 60 min $timeP60 = time()+(60*60); $sql = "SELECT * FROM active_users WHERE last_activity < " . $timeP60; ?> Given that the time in your database is a timestamp, that should pull all records out that need to be "logged out".

Well what I would first is think of what you want to be in the excel file. What columns from the table? Do you just want a list of names, so just 1 column with multiple rows? If so I am sure something like this would work: <?php // create the file on the server and populate the data $export_file = "members.xls"; $fp = fopen($export_file, "wb"); if (!is_resource($fp)) { die("Cannot open $export_file"); } $host = 'hostname'; $user = 'username'; $pass = 'password'; $db = 'databasename'; $table = 'tablename'; //$id = $_GET['id']; $link = mysql_connect($host, $user, $pass) or die("Can not connect." . mysql_error()); mysql_select_db($db) or die("Can not connect."); $result = mysql_query("Select * from $table"); while ($res = mysql_fetch_assoc($result)) { $data[] = $res['name']; } fwrite($fp, serialize($data)); fclose($fp); ?> I am not to good with the attachment and email part, but that will get the file, members.xls created and populated with data on your server. I would run that and then open up the member.xls and check that it has the expected data in it before trying to email it as an attachment.

Potentially it could. If on a shared server an exploit could gain access to that folder. I would go with DarkWater and store them in a database, much more secure and easier to manipulate/retrieve. To answer the question, yes it would be a security flaw, just due to the nature of a server.

Where do you write to the file "members.xls" ? I see where you pull some data and attach a file, but I fail to see where the file is populated with data? That is probably your main issue is that you are not creating the members.xls file so it is just passing you an empty file. If I am missing something let me know.

Honestly, I think you are looking at this all wrong. MySQL is built for that, how do you think this site works? or even google? They all search through databases. The trick is limiting the rows, I take it not evey user will be accessing all 100,000 rows all the time. I think you need to optimize your code or DB more. A simple messaging system you would only be pulling out messages for a certain user so you already limit the rows to those who are to that user or sent by that user. Honestly it does make sense to query the table each time, especially if you are updating the table. Sessions are nice, but it is not a realistic example. Eventually the session data has a limit and you will slow the user down with processing time then your server will be overloaded with processing time when thousand of users are accessing/reading/writing to a file system that is not nearly as efficient as a database. Trust in the database. There is a reason they are heavily used, they are quick speedy and reliable. For example a site I own, blog site that is, has over 5,000 users it generates aroun 50,000 unique hits a day with over 40,000 unique blogs with over 100,000 unique comments and it runs smooth as butter. If I am missing the point sorry, but I think you are breaking your brain for nothing.

Anyhow given that. I am trying to see how this works: $sql = mysql_query("SELECT * FROM $tbl WHERE username='$username' and password='$password'"); $levelpull = mysql_query('SELECT access_level FROM $tbl WHERE username="$username" and access_level=access_level'); while($row = mysql_fetch_array($levelpull)) { $level = $row['access_level']; $firstname = $row['first_name']; } You have 2 sql statements, and yet you are trying to fetch first_name from a query that only selects access_level. Why even have the second query? $sql = mysql_query("SELECT * FROM $tbl WHERE username='$username' and password='$password'"); while($row = mysql_fetch_array($sql)) { $level = $row['access_level']; echo $level . " - Debug see what is coming out of the DB. "; $firstname = $row['first_name']; } I would try that and see what is coming out of the database. My hunch is that you are somehow updating the table and setting the access level to a string in some part of the code we cannot see? If $level is echoed as the SQL statement than that is exactly your problem. I would look at where the data gets inserted into the DB for the user. Let us know what happens.

Using thorpe's script: <?php session_start(); if (isset($_SESSION['logged'])) { echo "Hello {$_SESSION['username']}!"; } else { die("You are not logged in"); } if ($_SESSION['level'] == 1) { $link = "Forums, Articles Downloads"; }elseif ($_SESSION['level'] == 2) { $link = "Forums, Manage, Add Article, Add Downloads"; } echo $link; ?> I think thats what you are looking for?

Given that code everything seemed to work for me, ran a test on my own server and yea it showed up: some static footer text index footer text

I would think that you need to type in the whole url, IE: http://www.site.com/sports/beaver_sports/football If you do not it attempts to access a "non-existant" file on the server.

Yep he sure could do that, a bit more work but I would agree that would be the better way if he intends to use this script extensively.

I would have to disagree, it seems like he is saving this as a file on the server given that it is an upload script. Files with weird characters in the name tend to get messed up and can cause problems, in fact that is how webservers can be exploited, a user creates a folder on it that has certain characters and bam, they can no longer access that folder or delete it which allows that folder to be accessed by certain programs and a user to do what they want with it such as upload files etc. The point of this wasnt because of the magic_quotes, he wants all special characters our of it. At least that is how I took it.

Do you have any of the code to post? If you want the code created for you, take this to the freelance section. If you do have code to post and want help figuring out the problem start trying to code it and ask for help when you need it. If you are not even trying to do it yourself no one is going to do it for you for free unless they are nice/bored.

I am not good with regex, so if the pattern/replace doesnt work I would take this to the regex forum. As for why it is not working, I just noticed you do not assign what comes out of the regex to a variable IE: ereg_replace($file,$pattern,$replace); should be $file = ereg_replace($file,$pattern,$replace); Hope that works for ya, if not it is the pattern and I am not good with regex =\

The submit page part isn't important; it's just the generation of the dropdown that's causing problems. And yes, array key should enclosed in quotation marks unless they are integers. Yea just saw that, notice the edit above =)

edit, just noticed the <option value= does not have " surrounding the data. That is the issue. Thank Darkwater for that =P A side not: you should surround clubname with single or double quotes so it is note taken as a constant.

You have the $pattern and $replace after the rege_replace is done. In php definitions go first. $file = str_replace(' ', '_', $_POST['title']); $file = strtolower($file); $pattern="*^$%&()#@!'"; $replace=""; ereg_replace($file,$pattern,$replace);

www.php.net/nl2br Chances are it is kept, just html requires it to be converted to a <br> tag to display it. Before echoing out the item you want to display the break try wrapping it in the nl2br function. Hope that helps.

Alright I did some testing and I forgot to re-sort the array. This should work: <?php $get_allteams = mysql_query("SELECT * FROM teams WHERE game = 'css' AND division = 'a'"); $team_matches = array(); // first setup a teams array $i=0; while ($team = mysql_fetch_assoc($get_allteams)) { $teams[$i++] = $team; } $i=0; while (count($teams) >= 2) { // if there are less than 2 teams in the array, do not enter if. $index = rand(0,(count($teams) - 1)); $get_home_team = $teams[$index]; unset($teams[$index]); // remove the team from the list sort($teams); $index = rand(0,(count($teams) - 1)); $get_away_team = $teams[$index]; unset($teams[$index]); sort($teams); $team_matches[$i]['away'] = $get_away_team; $team_matches[$i++]['home'] = $get_home_team; } // lets print out a test print_r($team_matches); ?>

My logic was wrong on the < 2 part. It should be >= 2. Try this. <?php $get_allteams = mysql_query("SELECT * FROM teams WHERE game = 'css' AND division = 'a'"); $team_matches = array(); // first setup a teams array $i=0; while ($team = mysql_fetch_assoc($get_allteams)) { $teams[$i++] = $team; } $continue = false; $i=0; while (!$continue) { // if there are less than 2 teams in the array, do not enter if. if (count($teams) >= 2) { $index = rand(0,count($teams)) $get_home_team = $teams[$index]; unset($teams[$index]); // remove the team from the list $index = rand(0,count($teams)) $get_away_team = $teams[$index]; unset($teams[$index]); $team_matches[$i]['away'] = $get_away_team; $team_matches[$i++]['home'] = $get_home_team; }else { $continue = true; } } // lets prnt out a test print_r($team_matches); ?>

Well you need to store the matches in an array, particularly a multi-dim array I would say. So here is the logic for the below. First put all teams into an array. Next do a loop until we tell it to continue, and as long as there are more than 2 teams in the teams array this will continue. First get a random index, use that index to reference a team in the array, once that is done remove that team from the array. Rinse and repeat. We should now have 2 teams let's match them up in the team matches array. Once that is done keep repeating until there are no more or not enough teams to matchup. <?php $get_allteams = mysql_query("SELECT * FROM teams WHERE game = 'css' AND division = 'a'"); $num_teams = mysql_num_rows($get_allteams); $max_teams = $num_teams; $min_teams = 1; $team_matches = array(); // first setup a teams array $i=0; while ($team = mysql_fetch_assoc($get_allteams)) { $teams[$i++] = $team; } $continue = false; $i=0; while (!$continue) { // if there are less than 2 teams in the array, do not enter if. if (count($teams) < 2) { $index = rand(0,count($teams)) $get_home_team = $teams[$index]; unset($teams[$index]); // remove the team from the list $index = rand(0,count($teams)) $get_away_team = $teams[$index]; unset($teams[$index]); $team_matches[$i]['away'] = $get_away_team; $team_matches[$i++]['home'] = $get_home_team; }else { $continue = true; } } // lets prnt out a test print_r($team_matches); ?> Should get you what you want.

The lastfilm is just the variable name I chose to hold the data array. change this $link .= ($lastFilm['id'] + 1); to $link = "http://www.mydomain.com/mymovies/details.php?id=" . ($lastFilm['filmID'] + 1);

No, as long as .php is recognized as a PHP file no one can download the source. However if you want a file to be viewable you name it .phps and this will display the source if the server is configured to do so.