zGrassman

//Checks if there is a login cookie if(isset($_COOKIE[".SITE_NAME."])) if(!isset($username) | !isset($password)) { //check if they are logged in you are missing an open bracket at the start of your first if

OWNED lol pays to read i guess...ty = )

You know what? that is pretty cool...i checked on php.net what it was about and i like this one better. At least with this one if i was to log a page I could tell if someone was trying to put crazyness into my forms. while the other one would just strip it. Im sure i could assign a seperate var before i strip the tags and then store it in a text file or maybe break it somehow...so it wouldnt be dangerous. but would just using strip_tags() be suffice or would i still be open to attacks. i dont want a whole lot of string functions when there is no need..i understand its all based on what you want your form to do or process i just wanted a general idea. thanks for the info on that function tho i really like it

that is what i ment...strip_tags...oops? that is what i ment from the beginning so ill ask my question again only this time correctly My bad.... LOL

is strip_slashes() good enough to use to stop sql or php or html manipulation entered in to a html form post box? I understand there is still JS issues that i haven't looked into yet and url manipulation with mysql. Any short advise on those topics are appreciated but for now im just worried about html forms. Is killing slashes suffice? I know with a comma you can allow certain tags for certain situations. the form is username and password login and register for now, i havent used it anywhere else yet just so you have an idea what im working with.

yea, im checking to see if the value is == to 1. im new at this stuff, so i guess i want to check if a user is signed in sorta speak. if they are then it shows stuff, if it isnt it shows something else. i changed the source to isset and it works fine. both work fine, i was just curious. so i guess it doesnt matter?

session_start(); if($_SESSION[loggedin]) { include('sidebar.php'); include('connect.php'); } else{ print "bla"; } Or should i use session_start(); if(isset($_SESSION[loggedin])) { include('sidebar.php'); include('connect.php'); } else{ print "bla"; } or does it really matter