markyoung1984

Yes I used iisreset and I have also restarted the server itself. Like I said, PHP works its just the MySQL that its not seeing. Should I see some configuration in phpinfo() regarding MySQL? If so all I see is the path when it outputs the environment variables.

Hi, I have installed PHP successfully on IIS6 thanks to some detailed instructions and have proved its working with phpinfo(); I have also installed MySQL community addition and this works as well. However, I can't seem to get the two of them working. I have put both paths into the PATH environment variables and have also uncommented the MySQL extensions and extension_dir in php.ini. However in phpinfo() there is still no information about the MySQL server. Anyone got any ideas?

I have the following code: $temp1 = 'images\prodinitial\copimage.jpg'; $temp2 = 'images\prodinitial\copimage_1.jpg'; rename($temp1,$temp2); Even if I try double back slash (to account for the escape sequence), I still get the error "[function.rename]: No such file or directory" I'm working on a Windows machine with XAMPP. Its driving me crazy and I can't see whats wrong. The file the command is being launched from is in the same folder as the images folder that the command references. Why is it so hard to simply rename a file?

I have recently installed an SSL certifcate on my site. When users are logged in I want them to be automatically directed to pages beginning with HTTPS instead of HTTP, whether they click a link or type a link directly into the address bar. How can I do this?

I must be doing something wrong. I have the following code: while($row = mysql_fetch_array($result,MYSQL_BOTH)) { for($i=0;$i<$this->numOfFields;$i++) { $dbResults[mysql_field_name($result,$i)] = $row[$i]; } } As you can see I am using the MYSQL_BOTH array constant, because I want to use both associative and numerical indices, however the numberical part does not seem to work e.g. echo $dbResults['myColumnName']; //this works fine with the above code echo $dbResults[1]; //this does not work at all!! I was under the impression by using MYSQL_BOTH that I could switch between the numerical and associative indices. Is this not correct?

I do use objects in my code. I am relating GET variables to objects but within a switch statement. Is that how you would do it?

In an MVC environment, what should a controller be like? Should it be a long series of switch statements? Should it be an object or some description? I just don't know and its confusing me.

I am new to designing user logins for a site and I'm not sure how to proceed with regards browsing. Basically I have my main domain that I want people to browse, thats not a problem. Database functionality etc working without a problem. However, when a user logs in should I then go to a subdomain for example users.mydomain.co.uk or stick to the main domain (www.mydomain.co.uk)? What is best practice? I only have one SSL certificate. Any articles people could recommend would also be appreciated. www.play.com use their main domain for people to browse and then when you login they use their main domain again for logins etc. How do they do this?

My ISP has told me that to modify settings in their php.ini file I can create my own php.ini file and insert it into my web directory. However, I want this file to be hidden from browsers for security reasons. Currently when typing www.mydomain.co.uk/php.ini the PHP file contents are displayed in my browser. I know this happens because the browser doesn't know what a ini file is and so displays it as plain text but I don't want it to be displayed. How can I stop it being displayed?

I currently have a .co.uk website using PHP and a login script. I have implemented several security measures and have tailored my code to stop SQL injection and XSS (as far as I know). The next step is to use SSL. I have purchased an SSL certificate, but I'm not sure how it will fit into my design. I have a main website where users can browse products, look at more detailed product and company information etc. However, on there I have a login script where users can login and look at different information. When users log in they can still see the same pages as before, but with some additional, previously hidden information. How would I handle hyperlinks in this situation? Would I have to use https all the time, even when a user is not logged in to achieve the desired result? Would I need to create a subdomain, say users.mydomain.co.uk and have a copy of all the general files in there as well as on the root? I really don't know how to proceed.

If I don't use the username, then how do I keep track of users currently "logged on"? What session variables would I set? Would I use the session ID? I do have a shared server, therefore its probably not a good idea to store usernames etc on it, thanks for the warning. What is the PK ID?

My session management code is the following and this is present at the top of each page: //All pages need to include this file, regardless if they are for login or not session_start(); session_name(test); //check if user is logged on (session variable username stored) if (! isset($_SESSION['username'])) { $user = 0; //username not present, therefore not logged in $username = "guest"; } else { $user = 1; //username present, therefore have already logged in $username = $_SESSION['username']; } include_once("blank.html"); //Output the start of the standard HTML page //If the page requires a user to be logged in then check if(($loginRequired == true) && ($user == 0)) { //user must log in outputLogin(); //Get them to enter username and password outputEnd($user); //Output end of the page (JavaScript init etc) exit(); } The $loginRequired variable is defined as either true or false at the start of the script and determines if the page needs a login or not

I have been reading about various security measures I can use in PHP and am now completely paranoid that my site will be hacked. I have implemented these measures, especially to stop XSS and SQL injection, as well as other things. However, my main concern is now Session variables. My site requires a login for certain things. After a successful login, the username of the user is stored as a session variable. On a page that requires a login, the session is checked for the presence of a username using the isset() function. If a username is present, the user is allowed to access the page. This seems terribly insecure to me, can anyone suggest how I could enhance my security? Usernames and passwords are stored in a table. Passwords are stored encrypted.

Basically a button is outputted in a HTML form from a php file. When this button is clicked I want a specific php function to be called.

I've outputted a form in HTML and when the submit button is clicked, I want to call a function (called test). Is this possible? <form method="post" action="<?=test()?>" target="_new">