mds1256

Your SQL script is wrong, when using '%s' you need to use LIKE rather than =

Thanks for the replies

Thanks for the replies

Many thanks, never thought of it that way lol. Cheers again

Sorry should have said that the $password and $username are used in the SQL query

Hi I am wanting to put my php/mysql queries into a functions file (using php include), I will include that php file at the top of the page which requires the sql query. But.... i have added the query into a function and just wanting to know if it is secure to pass the username and password as arguments when calling the function? e.g. fuctionname($username, $password)

Hi I currently have my site setup to rewrite .php to null so for example http://mydomain.com/registration actually maps to http://mydomain.com/registration.php But there is nothing to top anyone from typing in http://mydomain.com/registration.php. I want to stop them from doing that so it would come up 404. In essence im trying to hide to the user what language the site is written in

Hi I want to hide the login box's of my webpage once you login. I have thought of two ways of doing it but which one would you say is better practice? 1. use a PHP if statement to echo 'Display: none on css' - when viewing source code it still shows the form but not displayed on page itself 2. use a PHP if statement around the whole <form></form> so it physically doesnt write the html if already logged in? Or if anyone has a better way it would be appreciated if you would share it? Thanks in advance

Thanks for the info But..... when using the sha1(), how do i then decrypt them to use the details? other wise it may be useless to hold them details as i cannot then decrypt them

Not sure if this is in the right forum (if not can a mod move it please).... Im creating a site that is based on a subscription basis. Therefore i need to allow the user to input their card details for me to store to allow payments every month (and also for them to update when needed). How do you recommend storing card details in the database, im guessing its not secure just to store them as plain text? Opinions needed

I see, yeah using MySQL db. Will give that ago. is there anything else i should do to make sure this login form is secure and free from sql injections Also will purchasing an SSL cert for the site be a good thing to do to stop plain text being submitted from the form? Many thanks for the replies

Hello Im making a secure php login system and ideally wanted to also md5 hash the username as well as the password. My reasons for doing this is to completey stop sql injections as i can combine the md5 hash with salt for the $_POST['username']. Now my problem is i need to be able to de-hash (if this is a word) the username for admin purposes of the business. For password reset i will just send a new password. Is there anyway that i can do this easily whilst keeping my username secure and stop sql injection for username?

sorry i forgot some additional coding lol. i see how this works but when submitting it unchecks the boxes so i have no way to remove that option <?php session_start(); foreach($_POST['option'] as $option) { $values = explode(',', $option); $_SESSION['prices'][] = $values[1]; $_SESSION['items'][] = $values[0]; } echo array_sum($_SESSION['prices']); // Total ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <form action="array.php" onsubmit="array.php" method="post"> <p> <input type="checkbox" name="option[]" value="paint,250" /> <input type="checkbox" name="option[]" value="something,200" /> </p> <p> <label for="Submit"></label> <input type="submit" name="Submit" value="Submit" id="Submit" /> </p> </form> </body> </html>

<?php session_start(); foreach($_POST['option'] as $option) { $values = explode(',', $option); $_SESSION['prices'][] = $values[1]; $_SESSION['items'][] = $values[0]; } echo array_sum($_SESSION['prices']); // Total ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <input type="checkbox" name="option[]" value="paint,250" /> <input type="checkbox" name="option[]" value="something,200" /> </body> </html> now i get Warning: Invalid argument supplied for foreach() in c:\inetpub\wwwroot\array.php on line 3 Warning: array_sum() [function.array-sum]: The argument should be an array in c:\inetpub\wwwroot\array.php on line 9

not too sure what you mean as i have re-copied your code and still getting it. Am i missing something

yeah i think that is what i want but when coping your code i get Parse error: parse error, unexpected T_VARIABLE in c:\inetpub\wwwroot\array.php on line 12 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body><?php session_start(); foreach($_POST['option'] as $option) { $values = explode(',' $option); $_SESSION['prices'][] = $values[1]; $_SESSION['items'][] = $values[0]; } echo array_sum($_SESSION['prices'][]); // Total ?> <input type="checkbox" name="option[]" value="paint,250" /> <input type="checkbox" name="option[]" value="something,200" /> </body> </html>

Im in the middle of setting up a car configurator website and just wondering how i can accomplish(sp) this. My idea is that there will be a running costing total at the bottom of the page, then above that there will be option that you can add and remove e.g. add metallic paint + £250. What would be the easiest way to code this. My idea was to add each option as a variable and just use the GET to retrieve this from the url so it would be page.php?paint=yes&cost=250 but cost would be a running total but just retrieved from the URL. But i have realised that there are around 60 different options so it would be a nightmare to code this any ideas to make it easier