siva.katir

You should use a more thorough check then either isset or if. If you can check the value returned as the username against the input AND check to make sure the input isn't blank, such as: if($row['user_name'] == $_POST['username'] AND $row['user_name'] != ""){ this stops the false positive of logging in with no name.

If your passwords are raw have you gone into phpmyadmin, or something else, and made sure what's in the db is actually what you're passing in via the form? Or have the results print_r out and see what's actually being returned, if anything.

I think your header is wrong: $header = "From: sender@email.com\r\n" . "X-Mailer: php"; Also, you should try testing it by removing the header option. If it's still failing your have a bigger issue.

I'm confused then, I thought that was the issue, that you were calling an image and it wouldn't be there because the next (incremental) number had been deleted?

You should assume two things: 1) You don't know the next image id # 2) The next image id # is not sequential. If you order your db and and grab the line right after the current id you'll get the next image. Which is basically what all the advice before me has said. For an image site you can always build in a safety net too so you can't build a page with a broken image by simply checking if anything was returned in a query. If you do a count() and it's 0 you may as well not run an image output routine (I do this explicitly for search functions where return 0 is a good possibility). Just making the query more flexible is by far the best place to start.

Doh, I missed that in your code but see it now. Just curious what exactly is it putting out? It looks like that should work... Unless your PHP needs the variables more clearly written, ie: ".$color.". I know my PHP will sometimes just output $color instead of the contents of the variable. Your basic idea is right. I've always done it using css though with something like: echo ($i%2 ? 'odd' : 'even'); where $i is the row number.

I don't see where you are inserting the actual row color...? You assign the variables, but where do you actually insert them into the html?

Sounds safe enough.

As teyon said, the key for unlink is it is a local server path, not a URL. So it should be something like /home/me/mysite.com/myfolder/myfile.jpg To unlink multiple files you have to run it once for each one. I'm pretty sure you can't unlink more then one file at a time across different directories. But from a post absolutely make sure that the data can't manipulate the file path. The safest would be to not allow the file name to actually be passed to the function. If you know that user bob can only delete bob.jpg and bob's thumb.jpg you may want to write it so that the script goes off of that instead of relying on the form's data. A trick I do is using PHPsession. If a user is looking at an image that PHP knows they own the session has extra variables set (such as $_SESSION['image_id']), when they request a delete both the regular authentication have to pass and the session variables have to match, that way you can't delete an image that you weren't looking at.

I'm curious why you chose to use the date as part of the file name? When I wrote my file unloader (which can pass as many files up to 100mb per post as the user wants) I specifically chose not to because of this exact issue. Same with using a random number, you can have the off chance of duplicating files (granted it's crazy unlikely). My solution was to use the auto increment function in mySQL. It looks like you are inserting one image into one line of the db, is that correct? If so you can do this: $query = "INSERT INTO blah blah blah some cells to create the mySQL row"; mysql_query($query); $id = mysql_insert_id(); $id becomes the row key that mySQL just created Now that you have the id, create the name you want: $file_name = $property-id-variable."-".$id.".".$ext; Now run an UPDATE query: $query = "UPDATE your-table SET file_name='".$file_name." If mySQL doesn't return the ID# $id is set to 0. It's not as clean as a solution as you're forced to run multiple queries per upload, but it's very fail safe.

I just found this site after searching for a while for a PHP community. I've been coding in PHP for the last 2 years, previously working in mostly Perl. I've also been trying to pick up Ruby and C# in my spare time. Right now I'm attending school to finish a degree after a long hiatus and in my spare time I work as a freelancer for friends of mine. My current project, completely coded by hand (for the experience, not so much the money) is http://imgthis.com/dev/ (obviously my dev site, the main site lacks the majority of it's functionality). My other portfolio of work includes http://quarterdown.com. I really like these communities, I previously always worked on a dev team, so working by myself makes me realize how many stupid brain blocks I have while coding. So that's me, years of experience and stupid mistakes