mikesta707

The problem is your while loop. What your while loop does is run until $mysql_fetch_array doesn't return any more rows. That means that it tries see if there are any more rows, but it returns false, which gets stored in $rows. so when you access it in your if statement, it is false. also note that here: $result = mysql_query("SELECT * FROM users_info WHERE user_id='$userID' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($result); you are using the var $row and in your if statement: if($rows['userlevel'] > 3 || $rows['user_id'] == $userID) you are using $rows. if this is what you mean to do, I suggest instead of doing this while($rows=mysql_fetch_array($result)) { $_SESSION['user_id'] = $rows['user_id']; } you simply assign rows, like so $rows = mysql_fetch_array($result); $_SESSION['user_id'] = $rows['user_id']; by the way, you also use $rows here $id=$_GET['id']; $sql="SELECT * FROM forum_question WHERE id='$id'"; $result=mysql_query($sql) or die ("oh dear " .mysql_error()) ; while($rows=mysql_fetch_array($result)) I would suggest using different variable names, especially for different queries, as when you trying to trace back the error, it becomes difficult if you have one variabled used in multiple places

try changing your form's method to get

if you are including the first page, or for any reason session_start() isn't at the very top of the page, then move it to the very top of the page

for arrays you either have to do this '".$_POST['earliestccyear']."', //or this '{$_POST['earliestccyear']}',

define(constant name, value) thats pretty much it

post current code?

I personally hate netbeans with a passion. But I used it for Java, and it was really slow, and would lock up alot. Eclipse is 20 times better than newbeans in my opinion. Never used it for PHP though.

I use dreamweaver for coding PHP, and I always have. It has php syntax highlighting and all that jazz. However, you are right when you say it generates bad code. It generates craptastic code, but as long as you are hand writing all your code then you will be fine. Dreamweaver is still on of my favorite IDE's, for web development anyways

As I said, the best way to learn how to do these functions is by trial and error. Make a website, and keep adding functionality to it. You learn how functions work, certain techniques etc. a bunch of different ways

Oh, i'm foolish. Didn't even read the line drawing the error. function LoginSecure($this->username, $this->password) { you can't pass data members as variables into methods. Why would you? you already have access to them since they are encapulated in the class. Make the function this function LoginSecure() and it should work as expected (assuming there are no more errors in the function)

well, since you are assigning the data members already, you don't need to return anything with those functions. there are also a few syntax errors if(mysql_num_rows($this->runpasswordcheck) = 1) { should be if(mysql_num_rows($this->runpasswordcheck) == 1) { you want to use the comparison operator (==) not the assignment operator (=). you have to change that in a few places.

if its not the correct extension, how do you suggest that the file would be run? Also, you can change the mime type just as easily as you can change the file extension (well maybe its a little harder) not to mention that not every browser sends a mime type, and some send different mime types. For example, jpg files have 3 different possible mime types. I don't think IE 6 even sends a mime type. a virus.exe with a spoofed mime type is much more dangerous than a virus.jpg with a spoofed file extension in my opinion. Im no security expert, but i have read many discussions about mime types, and how they can be exploited

AJAX is what you are looking for

oh yes indeed that will work quite nicely

post what you have. if you have the following $creditscore = $_POST['creditscore']; echo $creditscore; then it will do what you want it to. I noticed that you have no action set on your form. Is the above code on the same page as the form code? If not you will have to set the action to the location of the above code. for instance if the above code were on page.php, the form would look like <form id="form1" name="form1" method="post" action="page.php"><?php //Right here is what i changed ?> <label for="textfield">credit score:</label> <input type="text" name="creditscore" id="creditscore" /> <p> <label for="submit"></label> <input type="submit" name="submit" id="submit" value="go" /> </p> </form>

see my last post. you don't seem to have changed anything at all

Using a mime type is not the best option because some browsers don't send a mime type, and it can be spoofed pretty easily. you can make an array of allowed file types, and get the file extension, and compare that to the array like so $allowed_types = array("doc", "docx", "pdf"); $ext = substr(strrchr($fileName, '.'), 1);//fileName is the name of the file; if (!in_array($ext, $allowed_types)){ echo "Invalid file type"; exit(); }

I'm not entirely sure what your question is? can you perhaps rephrase it or provide more detail as to what you want to happen and what is actually happening

yeah... just apply the functions to the variables. but thats wrong. you want to do this $username = mysql_real_escape_string($username); $username = trim($username); $username = addslashes($username); $username = strip_tags($username); $username = base64_encode($username); $this->username = $username; otherwise, $this->username will just equal the last function called on $username, which is base64_encode. it wont be trimed, scaped, or any of the other stuff. do the same for password

Make a website and do all that stuff? thats the best way to learn

I'm not sure what you are trying to do... what exactly were you doing with array map

echo $creditscore; you only need to surround arrays with curly brackets in strings

all $secureUsername and$securePassword. basically anywhere in the class where you are accessing data members or functions. I don't know what you are trying to do with array_map. if you want to apply a function to the variable, then apply the function to the variable. its that simple. array_map is used when you want to apply a function to every entry in an array.

No it will not. When inside the class you refer to itself as $this. IDK why you are refering to the class as if it were the name ofthe function. also is username an array? is password an array? if not array_map is useless and won't really work

Everything is wrong. First of all, here $filenamexx=$HTTP_POST_FILES['ufile']['name'][0]; $filename1= substr($fileNamex, strrpos($fileNamex, '.') + 1); you aren't even using the right variable name. it should be $filenamexx=$HTTP_POST_FILES['ufile']['name'][0]; $filename1= substr($filenamexx, strrpos($filenamexx, '.') + 1); secondly, you aren't testing for mime type any more, and your if statements are all wrong too, and they don't even really make. sense at all... Half of them you don't even need... you have to test file type like this if ($filename1 != 'jpg' || $filename1 != 'jpeg'){ echo "Invalid file type"; exit(); } which is what I wrote before if you were paying attention. evidently not... your code is formatted horribly, and I can't even tell if you have else ifs, or you if you are just making syntax errors if ($filename1 != 'jpg' || $filename1 != 'jpeg'){ echo "Invalid file type"; exit(); } if ($filesize > $maxsize){ echo "File too big"; exit(); } if (file_exists("upload/".$filename1)){ echo "File already exists"; exit(); } thats all the error checking you seem to want to do, but with 3 if statements.. one more thing, if you have multiple file types you want to test, you should put them into an array, and use the in_array function like so $allowed_files = array('jpg', 'jpeg', 'png', 'bmp'); if (!in_array($filename1, $allowed_files)){ echo "invalid File type"; exit(); }