Muddy_Funster

Damn you Psycho! You always have to go that one step further! At least the Gods buggered your code formatting this time to show their displeasure! (j/k by the way)

so you would want to replace your $result = mysql_query("SELECT * FROM `cms_tasks` ORDER BY `taskid` DESC") query with the following: $sql = <<<TASK_SQL SELECT cms_tasks.cid, name, taskid, description, notes, eta FROM cms_tasks INNER JOIN customers ON(cms_tasks.cid = customers.cid) WHERE taskstatus != 'closed' ORDER BY taskid DESC TASK_SQL; $result = mysql_query($sql) or die (mysql_error()); ... while ($row = mysql_fetch_assoc($result)){ //$row array will have the following keys : //$row['cid'] //$row['name'] //$row['taskid'] //$row['description'] //$row['notes'] //$row['eta'] //use them in your table the same as you are doing with the other values, you don't even need to show the cid if you don't want, in which case just remove it from the select ... }

that's not your table, that's the code you are currently using to show your tasks on the page. what's the actual table structure for the customer and task tables?

storing just the customer ID in the tasks table is fine - actualy it's the correct way to do it. You just cross refference the customer table when you are displaying the tasks. ie SELECT customers.customerID, customers.customerName, tasks.taskID, tasks.taskName, tasks.Imprtoance FROM customers INNER JOIN tasks ON(customers.customerID = tasks.customerID) WHERE tasks.complete = 0 and customers.customerID = $currentCustID Edt: elaboration

no problem

the PHP manaul page on SESSION would be my reccomended starting location, there are some samples further down the page.

username has single quotes around it, not backticks....

I'm just saying that mysql_real_escape_string() should only be run last thing before sending the string to the database. I'd personaly probably be using a filter_vars($name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); rather than the mysql_real_eascape_string at the point where you are. The issue will only be that if you ever need to update the script, either in two weeks or in six months, and you want to start using those variables for other things, like showing a nice little personalised message or something, then it's not always going to look all that nice if the user name is something like Death's Too Slow.

right, how about we try this my way then, are you using apache? and if so do you have access to a .htaccess file?

What your looking for is a form of what's called "Persistance" and is normaly accomplished by using the built in PHP super-global array $_SESSION. To make this work you must start every page that depends on the user being logged in with <?php session_start(); ... ?> you can then pass information between pages using $_SESSION['your_variable'] = $theVariableToBePassed; to set the session variable and $variableThatHasBeenPassed = $_SESSION['your_variable']; to get it The normal rules apply fore case sensetivity and the such.

Checking the $_POST array directly is still doing the same job as checking the variables after it. You're double working it. It just doesn't make sense to do that. Especialy as you are applying mysql_real_escape_string() to two of the checks before checking if they are empty. Clients should never have a say in the structure of the system, if they were qualified to make that decission they wouldn't be paying someone else to come in and do it. That the data needs used is fair enough, but it only needs to be stored in a single location in a single form for that to happen, there is no need to have the same data stored in full in one location and then in multiple bits in another. you should either store the bits and build the full thing when requesting the data from the system or you should store the whole thing and then break it into the bits you need when requesting it from the system.

search and replace?

I'm just asking - what's not working about it? is there still an error coming up? if so what is it? is it always saying page not found when there should be a page there? If I know what the problem is I can keep trying to help.

ok, so were going with a flippent theme then, I can do flippent. Checking that some meaningful text, other than just 6 spaces for example, has been entered for the username would probably be a good place to start. Not entierly sure if you noticed, but you already check all the POST varibles if they are empty before then checking if the variables you poloulated from the POST array are also empty. Or was that part of the plan? Make it work properly would be my suggestion. Have it take two array sets - one for columns the other for values Storing the same information multiple times in the same system is called creating redundant data. Perhaps part of your planning should be normalisation? Now if you want to keep up this tone in the thread you can find someone else to play with. I'm not puting up with you being arsit when this is entierly for your benefit.

"it didn't work" isn't the most helpfull of statements...

you seem to have no validation at all, for anything, other than char count on username and password. you double check if the fields are empty, although on the second check the $name and $username will likely have something in it generated from the fact that you have run mysql_real_escape_string on them far too early. your sql function is poorly written for the insert method as you seem to be foreced to insert nothing into the auto inc id field of the user table there is no point in storing the hash, the salt and the combines hash and salt. either store the combination, or store each on their own, doing it your way leads to redundant data. I'm pretty sure, from what I can see, that your select() function will likely be doing a SELECT * from the users table, which is needlesly returning additional information (about your users) from the database - such as the users password info. This is inefficient and potentialy insecure.

your logic looks to be back to front, and you should probably make sure that all the URL variables are in the right case as in_array() is case sensitive. Try this: <?php // header include('pages/main_header.php'); $dir = 'pages/'; $files = scandir($dir); $page = (!isset($_GET['page'])) ? 'intro.php' : $_GET['page']; if (!in_array($page, $files)){ echo "This page does not exist!!"; } else { require_once "pages/{$page}"; } //footer include('pages/main_footer.php'); ?>

updated code looks like what now?

try putting an else on the if(class_exists('Form')) that will warn you the class hasn't been found. see if that warning comes up.

let's see a var_dump() of $files

an example error is always nice, especialy at this time of year. Also, doing a var_dump() of the $content varaible after it's been built helps to see what things actualy look like.

if you have the info in the session, why on earth would you want to pass it through the url as well? O_o

Are you femilliar with the difference between javascript and PHP?

you really shouldn't be sending raw $_POST[] data anywhere neer your database

what do you mean you "get errors"? ereg() is depreciated, whatever resource your learning from is out of date, you should be using preg_....() instead. You shouldn't really use a regex on names, unless you plan on checking against all accented characters and the suck, but still, if you want to force someone to use first and last name, use two mandatory fields. PHP has a better way of validating and sanitizing most form input using filter_vars() and either a validate filter or a sanitise filter. I would suggest you have a long rethink about what using regex validation will do to your form in real terms.