litebearer

for question 1. remove the var_dump line for question 2. read this http://developer.loftdigital.com/blog/php-utf-8-cheatsheet

Just a pre-coffee thought update indicates the existence of a record to which one wants to add/modify. it is good practice to populate an update form with any preexisting data perhaps create a hidden field in the form with the id of the existing record when processing the form, check for the value of the hidden form field, if=0 new record, if >0 update

having never used prepared statement, how would you simply loop thru a result set displaying one particular field from each returned row? You answer may lie there.

IMHO 1) store the image names, image titles and image description in a db 2) set the path to the images relative to the calling script 3) create unique names for your images using the timestamp

this (not tested a pure guess ) ... $nextDate = strtotime("{$startDate} +{$weekOffset} weeks"); echo "<td width = '100'>" . date('d/m/y', $nextDate) . "</td>\n"; $startDate = date('d/m/y', $nextDate);

Truth be told, I 'cheated'. used excel to create a csv of the combinations. then read the csv into an array

perhaps an array like this? http://nstoia.com/bigarray.php

hint: 1. put your query in a variable 2. echo the above variable

the starting point is to determine how many possible combinations there are.

This may help - <?PHP $w_file = "NAME_OF_YOUR_CSV_FILE"; /* put the contents into an array */ /* presumes the file does NOT contain Long,Lat,id,gName,fId,fName,fldId,fldName,fldAcers,featureID,objID,fInsu,fFSA,fBid */ $lines = file($w_file); /* loop thru the array capturing the desired info into a new array */ $x = count($lines); for($i=0; $i<$x; $i++) { $temp_data = explode(",", $lines[$i]); $data = $data . $temp_data[2] . ", " . $temp_data[3] . ", " . $temp_data[5] . "\n"; } $new_array = explode("\n", $data); echo "<PRE>"; print_r($new_array); echo "</pre>"; ?>

show your most recent coding

Did you read the last coding I posted? $query01 = "SELECT id, salt FROM companies WHERE username = '$username'";

do not hash/salt the username, just the password

Print this out on a piece of paper and look it over carefully. <?PHP include ('db.php'); /* set some validation variables */ $error_message = ""; /* =============================================== */ /* this section of code will set up an error message for the username if ANY of the conditions occur 1) checks to see if $_POST['username'] is NOT set 2) if length of username is less than 5 3) if username has anything other than letter, numbers or underscores */ if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) { /* if username is bad start building the error message */ $error_message = "You must enter a valid username<br>"; $error_message = $error_message . "Valid names are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['username'] . "</font><hr>"; }else{ $username = mysql_real_escape_string(trim($_POST['username'])); } /* END validating username */ /* =============================================== */ /* =============================================== */ /* this section of code will set up an error message for the password if ANY of the conditions occur 1) checks to see if $_POST['password'] is NOT set 2) if length of password is less than 5 3) if password has anything other than letter, numbers or underscores */ if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) { /* if it is NOT set, then set the error variable and start building the error message */ $error_message = $error_message . "You must enter a valid password<br>"; $error_message = $error_message . "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message = $error_message . 'Your invalid password was: <font color="red">' . $_POST['password'] . "</font><hr>"; }else{ $password = trim($_POST['password']); } /* END validating password */ /* =============================================== */ /* =============================================== */ /* if any of the post variables are invalid */ /* set the session variable and send back to the form page */ if(strlen(trim($error_message))>0) { $_SESSION['error_message'] =$error_message; header("Location: login.php"); exit(); } /* =============================================== */ /* =============================================== */ /* FUNCTION TO CREATE SALT */ function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } /* check to see if username is in the table if not send back to login */ $query01 = "SELECT id, salt FROM companies WHERE username = '$username'"; $result01 = mysql_query($query01) or die(mysql_error()); if(mysql_num_rows($result1 != 1)) { header("Location: login.php"); exit(); } $row = mysq_fetch_array($result01); $salt = $row['salt']; $password = trim($_POST['password']); $hash = hash('sha256', $salt, $password); $query02 = "SELECT id FROM companies WHERE username = '$username' AND password = '$hash'"; $result02 = mysql_query($query02) or die(mysql_error()); if(mysql_num_rows($result2) !=1){ /* not found send back to login */ header("Location: login.php"); exit(); } /* =============================================== */ /* success!!! send them where you want */ ?>

Since you have hashed the password using a salt when inserting, you also NEED to use the same hash/salt technique when checking the password on login. ie. 1. get the salt from the table for the appropriate user 2. hash/salt the login password just like you did for the insert BUT use the salt recovered in step 1 above. 3. NOW query the table to make sure the newly hashed/salted password matches the password in the table clear as mud? (look at the password in the table using phpadmin. you will see what the hash/salted passwords look like. That is 'abcd' as a password will NOT be 'abcd; in the table)

show us the code that you used for inserting the data

1. as stated above remove the $ from companies, and; 2. did you by chance use any hashing etc when you originally inserted the data into the table?

How critical is this information to you? How detailed do you want the information to be? How intrusive to a user's "private" information do you feel is appropriate? Might take at look here http://roshanbh.com.np/2008/07/getting-country-city-name-from-ip-address-in-php.html

perhaps seeing the code that creates the array may help

Not all of us do.

you execute the query BUT you aren't retrieving the row ie mysql_fetch_array

hint: look at when and where your single quotes open/close

easier to use mysql's date formating function http://www.electrictoolbox.com/article/mysql/format-date-time-mysql/

use single quotes not backticks for your variables in you query

Also seriously need to validate/sanitize your post values BEFORE you attempt to use them