waynew

http://www.phpfreaks.com/forums/index.php/board,43.0.html

A simple example: Say you have a table called Example and one column called ID $i = 1; while($i < 101){ $query = "INSERT INTO Example(ID) VALUES('$i')"; mysql_query($query) or trigger_error(mysql_error()); $i++; } Although I must warn you of the overhead caused by such a script. If this is going to be a regular-running script (which I'm guessing it won't be), then you'll have to use prepared statements. If this is a once off script that will only run to serve as an example, then it's fine.

Search engine spiders will only be able to see the output rendered from your script. If search engines were able to see our code, we'd all be out of business.

This is a job for regular expressions. There's a subforum on this forum especially for it.

Have a look at the examples below: http://www.trap17.com/index.php/automatic-login-curl_t38162.html http://www.weberdev.com/get_example-4277.html http://ryan.ifupdown.com/2009/06/30/login-with-curl-and-php/[/code]

By not storing anything important in it. Or at the very least have a script on your server that makes sure cookie values are legit and that they're correct.

Cookies are not as secure as sessions. Cookies should really only be used in correlation with session variables.

Just note that if you my original sentence, no cutting will be done as it's under 60 characters in length.

Also, what are you doing here? $pk = $_POST["pk"]; $query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"] "; Basically if $_POST is "hi", your query is going to look like: DELETE FROM $Cur WHERE hi = hi Your syntax is also wrong. You should be doing something like this: $pk = $_POST['pk']; $query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'"; You should also note that your script is open to SQL injection attacks. So you should really use the function mysql_real_escape_string() to clean data coming in from external sources ($_GET and $_POST) $pk = mysql_real_escape_string($_POST['pk']); $query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

Could you please post Line 163 of the file CustomerIndex1.php? It's an error in your syntax.

Can you not use session variables instead? They're on the server's side, so they are far more secure.

$string = "This is a very long sentence. But I only want a basic preview of it."; if(strlen($string) > 60){ $string = substr($string,0,60).' [...]'; } echo $string;

Firstly, only show "logged in" links to people who are logged in. I usually create a navigation bar for "logged out" users and a different navigation bar for people who are logged in. Like so: if($_SESSION['logged_in']){ require("logged_in_nav.php"); } else{ require("logged_out_nav.php"); } Secondly, you'll need to stop people who are not logged in from viewing pages that are only meant to be viewed by logged in users. Here's an example for that: if(!isset($_SESSION['logged_in'])){ header('Location: login.php'); //redirect back to login.php exit; //just to be sure that they still dont see the page if a redirect doesn't happen }

Nightslyr, you should tell a group of people a joke about something to do with wheelchairs. They'll obviously laugh, either just to please you or because they genuinely find it funnier because somebody in a wheelchair told them the joke. Then wait until they're all laughing and pull a serious face, before saying "See. I knew you were all bigots." Then turn around and go about your business without saying anything else.

Since the other thread on religion turned out to be of interest to many of you, I'm just wondering whether you'd consider yourself patriotic towards your respective countries? This may not be as interesting as everyone's religious views, but it'd be interesting to see who is nationalistic or not. I'm not very nationalistic myself. I'm proud to be where I'm from; but I do have my reservations about nationalism for the obvious historical reasons.

Well, religions do market themselves as an authority on morals and kindness, so of course people are going to bring stuff like that up. Although it is important to note that Catholicism isn't really a religion. It's a subset of Christianity.

Thanks. It's just that any examples of protection against CSFR were based around post values.

I would doubt that this is an issue with Firefox. It is most likely either a problem with your server (does it support PHP?) or your code itself. Post your code.

In order to prevent CSRF on certain links, I have in place something like this: <a href="logout.php?sid=<?php echo session_id(); ?>">Logout</a> Then I check to see whether or not the session_id matches the sid in the URL. Is this method pretty safe? I know that SIDs are pretty near impossible to guess.

Didn't say that.

$user_id = $_SESSION['user_id']; $query = "SELECT * FROM user WHERE user_id = '$user_id'"; $result_user = mysql_query($query) or trigger_error(mysql_error()); $query = "SELECT * FROM orders WHERE user_id = '$user_id'"; $result_order = mysql_query($query) or trigger_error(mysql_error()); //Then user the results of those queries to form one string.

I have no problem with the Christian faith whatsoever. I just have a problem with institutions such as the Catholic Church. Building mass cathedrals pimped out to the last with every ornament and painting you can think of, while people in the world are starving, suffering from diseases that could be cured etc. And I think everyone wants control. Control is something that everybody wants.

I wouldn't recommend creating a subdomain for each user. Basically, each user should have their own user id. So your user database table could look like this: USER user_id name dob email password When a user logs in correctly, you could select their user_id, store it in a session variable like so: $_SESSION['user_id'] = $user_id; From there on, just user that user_id session variable to define who the user is and track his/her actions.

What you're looking to achieve is called "Pagination". There's a tutorial written by one of the moderators of PHPFreaks on the front-end of the site. Here's a link to it

Why make user_id private if you can simply just get it by using one function (a getter)? Think about it. Secondly, I usually put my validation code inside the class that it relates to. So I'd create a function called register() and another called login(). Makes it far easier to maintain.