DarkWater

MD5 does not use salts. At all. string md5 ( string $str [, bool $raw_output ] ) That's all you can do with MD5. Raw_output outputs a 16 char binary string.

But this is the exact same as just using the session variable... $suser=$_SESSION['student']['user']; ...

I didn't know md5 could use salts.

I think that phpBB/Invision forums pass it with $_GET or a session variable that it sets on the page from where you came from, like $_SESSION['lastpg'].

I respect his post count, but he seems like he had no idea what he was talking about just a minute ago. I have so little posts because I just joined PHPFreaks, but I've been coding PHP for years.

Excuse me, but how do you presume that a user who obtained someone else's session ID would be able to edit the script like that and change the variables? =/ Honestly, think it through before you try and show me that I'm wrong.

You know the DB::isError($db) line that you have with that if statement? Try putting that AFTER you set the error handler for the PEAR classes. That could be why you get no error. Try that and tell me what it does then.

He's got a PHP syntax error. That's from PHP being confused about the random string with a semicolon on a random line. Yeah. >_> mate try to write "your name"; and see if that triggers a syntax error. Im not talking in vain here. I knew it but i tried it to be sure. (),),),),) lol EDIT: pure_skill_2000 which suggestion solved the problem? lol That's really weird. O_O Why does that not set an error off? *Wonders*

Really? Explain to me how you could change $_SESSION['student']['user'] to a malicious query just by knowing the session ID. Enlighten me. For the record, I'm sure about what I'm saying, I don't really need enlightenment.

That's very odd. Just put this line right after the <?php line. echo "Testing output."; Make sure that output works at all on that script. Very strange though. >_>

Make sure that the httpd.conf isn't read-only, as that could cause an error. I'm not sure if it's read-only by default on a Windows install, because I don't use Windows. =)

No problem.

You've obviously never used sessions before, or that much, anyway. Even if they took another session from another user, what'd they do? Ruin that user's account? They can't change the username or password of the session to 'DROP TABLE xxxx'. That query that he has right now is perfectly safe.

He's got a PHP syntax error. That's from PHP being confused about the random string with a semicolon on a random line. Yeah. >_>

I know, right? If you're assigning it to a variable and then putting it in the query, that's essentially the same as using it directly, so I don't understand why you'd do it like that. You can just enclose it in {} and be done.

You ended the initialization statement and finished on the next line. O_O <?php $query = "SELECT * FROM LFA WHERE LFABrief LIKE ‘%".$keywords[$i]."%’ ORDER BY LFABrief"; ?> That should work.

$course=mysql_query("select CourseID,CourseName,StudentID,Password FROM Rcourse WHERE CourseID ='$CourseID' AND CourseName='$CourseName' AND StudentID = '{$_SESSION['student']['user']}' AND Password = '{$_SESSION['student']['pass']}'"); That's it. That query will work.

File_PDF package from PEAR does the job.

Do this right after the DB::Connect line. if (PEAR::isError($db)) { die($db->getMessage()); } Tell me if that kills the script with an error message. Your DSN might be incorrect if that's the case.

You see the $check_us and $check_pw lines in the if statements? Last I checked, mysql_num_rows returns an integer and not a string, so check for ($check_us == 0) not ($check_us == "0"). That might not be the problem, but give it a shot. And do it with the $check_pw check too.

Enclose the session variable in curly braces inside the query. =) {$_SESSION['whatever']} It'll work then.

Comment out the whole thing with the dishes (after the connection) and do this: $selectnow = $db->getALL("SELECT NOW() as now"); if (!$selectnow) { echo "Something's wrong"; } else { echo $selectnow['now']; } See if that returns anything. I think the problem is with your query. Oh, and by the way, don't do if (count($dishes)), do if is_array($dishes). =)

You said that there's a delete link at the end of the table, right? So that would mean that you're using GET and appending the user id to the end of the link. Use $_GET['id'] instead. Also, it would help if you'd tell us which error you're getting.