ManOnScooter

Ok lemme just break down your question into 2 parts 1. Hashing 2. scripts 3. mysite.com/images with my knowledge, 1. Hashing would mean, saving ur password(or any other field) in an hashed format. Where anybody reading ur database cant find the password. I would suggest sha1 - easy to implement 2. scripts, typically for login pages when you dont have captcha, its easy to make scripts to create repeated inserts into ur database for say username & password so 1 recommended way to prevent this and ensure humans r operating your site, try implementing captcha or sound validations 3. To ensure that no random user gets to view any link - such as - mysite.com/images, i recommend a session tracking to ensure every page is viewed only when certain steps/process is followed. guess its answers ur queries

anybody having any suggestions on this one?

steps to be followed 1. Fix the number of pictures to be displayed on each page. $perPage - Hardcode this value into all the code pages 2. Read total number of pictures in an array - find the total number of pictures. $totalPictures 3. use some simple math functions i.e. mod & div to find how many times this iteration would be required 4. Display the number of pictures as per $perPage simple isnt it ? lemme know if you have questions

I would suggest an if statement for every condition.. a simple function for selection of the database doing this segregation.. lemme know if i got this question right.. I see this as a straight forward code

I Need a suggestion on page reload & page refresh, Here i have a condition where on back click of wrong_password.php/welcome.php the page goes to login.php, My login.php page has a CAPTCHA image. So want to make sure on click back click of wrong_password.php/welcome.php page it goes to login.php but login.php is refreshed i.e. it shows a new captcha image. So i need to implement refresh of login.php when it comes from back-click of wrong_password.php/welcome.php I thought abt it and concluded the following steps.. 1. Have a new session parameter page_name so session makes page_no = wrongpassword for wrong_password.php and page_no=welcome for welcome.php 2. On load of login.php it checks this parameter page_no if page_no = wrongpassword or page_no = welcome then the page is redirected to login.php(which works as a refresh) I want to know is there a direct way to refresh the php page? This is adding complications to the process, isnt there a better way to execute this ?? and maybe throw an error message in other cases??

I knew i was no good for PHP - u reconfirmed it !! Thanx once again !! ... lemme try this now..

Hi All, I know this is dumb & stupid... but, all i want to do is put an "HTML form" from a PHP code, how do i do this ?? is there a way to do it? if ($password1 == $password2) { echo "<form method="post" action="action.php"> <fieldset> <legend>Login</legend> <label for="username">Username:</label><input type="text" name="username" id="username" value="" /> <label for="password">Password:</label><input type="password" name="password" id="password" value="" /> <div id="security"><img src="security-image.php?width=144" width="144" height="30" alt="Security Image" /></div> <label for="code">Security Image:</label><input type="text" name="code" id="code" value="" /> <input type="submit" name="login" id="login" value="Login" /> </fieldset> </form>" } thanx in advance.. Scooter

I suggest if u mail the table structure-it would be easier to know wots wrong where

Thanx MJ that did work, but how do I know where i need to try username='".$_POST['username']."' and where to try $result = mysql_query("SELECT * FROM userlogin WHERE username='$_POST['username']' and passwordHash='$password'") or die(mysql_error()); or was it the magic done with putting the query seperately..?? ManOnScooter Thanx MJDamo..

I know this dumb, but just cant get thru.. can anybody see any mistake in the code here?? <?php mysql_connect("localhost", "root", "administrator") or die(mysql_error()); mysql_select_db("test") or die(mysql_error()); $password = sha1($_POST['password']); $result = mysql_query("SELECT * FROM userlogin WHERE username='$_POST['username']' and passwordHash='$password'") or die(mysql_error()); $row = mysql_fetch_array( $result ); echo $row['username']; ?> name of my table-userlogin my table is as follows username passwordHash test1 b444ac06613fc8d63795be9ad0beaf55011936ac test 9bc34549d565d9505b287de0cd20ac77be1d3f2c <html> <body> <form action="2.php" method="post"> username: <input type="text" name="username" /> password: <input type="password" name="password" /> <input type="submit" /> </form> </body> </html> what is interesting is that the IE gives error as http 500 internal server error & firefox says Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\2.php on line 7 Ok i know this is really a dumb question-anybody can give any help?

i realised that-and thats the reason - i put it in another hidden HTML variable... <html> <body> <form method="POST"> <input type="text" name="search" value="<?php print $testsearch ?>"> </form> </body> </html> i again lose it - what do u suggest - how do i resolve this?? thanks again Scooter

the code goes as follows- anybody got any clues how it should be resolved?? $pageNumber=(isset($_POST["page"]) && is_numeric($_POST["page"])) ? $_POST["page"] :1; $perPage = 10; $padding = 5; $startIndex = ($pageNumber * $perPage) - $perPage; $testsearch = $_POST['search']; $totalCount = "select * from student_adv where name like '%$_POST[search]%'"; $rsCount = mysql_query($totalCount, $conn) or die(mysql_error()); $rowCount = mysql_num_rows($rsCount); print "<div align=\"center\">"; $numOfPages= ceil( $rowCount / $perPage); print "<a href=\"result.php?page=1\">FIRST</a>"; print "</div>"; $sql = "select id, name from student_adv where name like '%$_POST[search]%' order by id limit $startIndex, $perPage"; $rs = mysql_query($sql, $conn) or die(mysql_error()); if ( mysql_num_rows($rs) > 0 ) { while ($row = mysql_fetch_object($rs)) { print "<div>"; print $row->id; print ": "; print $row->name; print "</div>"; } } else { print "sorry!! no rows"; }

I am taking input from a form and getting result into the pagination(result.php) so the search i give is $totalCount = "select * from student_adv where name like '%$_POST[search]%'"; my pagination works fine when i hard code the valie of $_POST[search] as John or similar.. but when i go to the next page i get the error as "Notice: Undefined index: search in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\result.php on line 56" i tried putting the value of $_POST[search] in hidden variable-it did not work. I know there is a way out-but wots it- any body got any idea??? is the problem because of $_POST[search] or there could be some other problem? Thanks for help in advance... Scooter!!

Thanks guys, Thanks ginger & night!! Guess its am doing fine now- should move to the next chapter and more queries.. Thanks again !! Scooter

Ginger, If you were refering to it being done this way.. <?php $con = mysql_connect("localhost","root","administrator"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("test", $con); $result = mysql_query("SELECT details FROM test WHERE first_name = 'scooter'"); echo htmlentities($row["details"]); mysql_close($con); ?> It isnt giving me any value, but the while loop is giving... did i go wrong anywhere?