objnoob

Your error is here: $request = 'http://api.wolframalpha.com/v2/query?appid=YKAERX-QJJAE7kj2G6&input=.'$wolfram'.&format=html'; The correction: $request = 'http://api.wolframalpha.com/v2/query?appid=YKAERX-QJJAE7kj2G6&input=' . $wolfram . '&format=html';

You could start by posting the code!

Adding this method to your custom Database class is silly. public function affected_rows() { return $this->_connection->affected_rows; } If your custom database class had query, update, delete methods. The update and delete methods would return the affected rows count, otherwise false. This kills two birds with 1 stone! See this example: class myDatabaseClass { public $this->_connection; public function __construct(mysqli $database){ $this->_connection = $database; } public function update($columns, $table_name, $where = null){ $list = array(); foreach($columns as $col=>$val) $list[] = $col . '=\'' . $this->_connection->real_escape_string($val) . '\''; $sql = 'UPDATE ' . $table_name . ' ' . implode(',', $list) . ' ' . $where; if($this->_connection->query($sql) === false) return false; else return $this->_connection->affected_rows; } }

Yes, each search you do needs to run replace on every title to swap these characters into spaces. If you would save the title with the characters _ . - already replaced with spaces.... you'd be set!

Sorry. I was experiencing tunnel vision. $query->where("( REPLACE(REPLACE(REPLACE(t.name,'.',' '),'_',' '),'-',' ') LIKE {$search} )");

You can remedy this by hiring someone to locate and fix the bug. PHPFreaks has a forum dedicated to requesting or offering private services: http://forums.phpfreaks.com/forum/20-php-freelancing/ I know this isn't the answer you're looking for, however it's the only answer you're going to get considering the lack detail you've provided.

There is -- But, it's not the most efficient way to handle this! Every search is having to do a 3 REPLACE()'s on every title to replace those 3 characters into spaces to find any matches. $query->where("( REPLACE(REPLACE(REPLACE(t.name,'.',' '),'_',' '),'-',' ') LIKE {$search} )");

change those characters into spaces before saving any titles in the database.

First, you should add a checkbox to the login form that says 'Remember Me'. Next, we'll modify the code implement the remember me feature... $auth_user = false; # define auth_user and set to false ( no user logged in ) if(isset($_GET['logout'])){ session_start(); unset($_SESSION['user']); # unset the session variable used to store id of the user session_destory(); header("Location: http://". $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit(); }elseif(isset($_GET['login'])){ # authenticate user; start session session_start(); $_SESSION['user']=USER_ID; # SET USER ID HERE! # if the user checked remember me if(isset($_GET['chkRememberMe']) && $_GET['chkRememberMe']){ # the user did check remember me, create an login key cookie that lasts a long time $key = $username .':'. sha256($user_id.$password.'iM_a_HaRdCoDeD_SaLt'); setcookie('login_key', $key, time()+31536000); } header("Location: http://". $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit(); }else{ session_start(); if(isset($_SESSION['user']) && $_SESSION['user']){ $auth_user = $_SESSION['user']; }else{ # user is not logged in, lets check for a auto login key if(isset($_COOKIE['login_key'])){ # key found, process authentication using this key. list($username, $key) = explode($_COOKIE['login_key']); # get the user id and user password from the database using the username found in the key # we store user_id into $user_id, and password into $password # now authenticate the key if($key === sha256($user_id.$password.'iM_a_HaRdCoDeD_SaLt')){ # key is valid $_SESSION['user'] = $user_id; header("Location: http://". $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit; } } } }

The way you're trying to implement a "Remember Me" solution is riddled with security flaws.

Sure it does. As long as the session cookie is valid and the session is alive. The user is treated as being logged in (authenticated)!

When a user logs in, you should start a session and create a session variable to store the id of the user that logged in. $auth_user = false; # define auth_user and set to false ( no user logged in ) if(isset($_GET['logout'])){ session_start(); unset($_SESSION['user']); # unset the session variable used to store id of the user session_destory(); header("Location: http://". $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit(); }elseif(isset($_GET['login'])){ session_start(); $_SESSION['user']=USER_ID; # SET USER ID HERE! header("Location: http://". $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit(); }else{ session_start(); if(isset($_SESSION['user']) && $_SESSION['user']){ $auth_user = $_SESSION['user']; } }

Sorry, you don't keep a user logged in by altering the session cookie expiration time. The session cookie expiration time and the session max lifetime are independent values, so setting the session cookie expiration far into the future does not guarantee the session is alive on the server when the user revisits with that session cookie.

What are you trying to do? Be specific.

header('Location: welcome.php?update=true');

It does not use an extra cookie. If I call setcookie() and specify the NAME, PATH, DOMAIN, SECURE, HTTP ONLY of an existing cookie... the existing cookie is overwritten.

You could create some additional methods in your database class... class myDatabaseClass { public function query($columns, $table_name, $where = null){ } public function update($columns, $table_name, $where = null){ $list = array(); foreach($columns as $col=>$val) $list[] = $col . '=' . $this->_connection->real_escape_string($val); $sql = 'UPDATE ' . $table_name . ' ' . implode(',', $list) . ' ' . $where; if($this->_connection->query($sql) === false) return false; else return $this->_connection->affected_rows; } }

$sql = "UPDATE ...."; # an SQL statement that updates data in the database $result = $database->query($sql); return ( $result && $database->affected_rows) ? true : false;

You can use setcookie to set any cookie, including a session cookie as long as no output has already been started and sent to the browser. To modify an existing cookie, you need to make sure you use the same cookie parameters NAME, PATH, DOMAIN, SECURE, HTTP ONLY that were used to create the cookie in the first place. Using 0 as the expiration time for cookie, sets the cookie to expire when the browser windows are closed. If you want to delete the cookie before then, you should set the cookie time to expire using a time less then current time. time()-3600 will set the expiration time to an hour ago, which means the cookie is expired and will be deleted by browser on the spot. setcookie(session_name(), '', time()-3600, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));

You cannot use session_get_cookie_params() to get the expiration date of an existing session cookie. It is used to get the configuration values PHP will use when creating the session cookie. If you need to evaluate the expiration of an existing session cookie, you should store the value in the session. # check if there is a session cookie if( ! isset($_COOKIE['SESSION_COOKIE_NAME']) ){ // no session cookie: set parameters, start session, store cookie time in session $cookieTime = time()+31536000; session_set_cookie_params($cookieTime, 'SESSION_COOKIE_PATH', 'SESSION_COOKIE_DOMAIN', false, true); session_start(); # start session $_SESSION['session_cookie_time'] = $cookieTime; # set session variable to remember time }else{ // session cookie exists: start session, get cookie time, update cookie if required session_start(); # start session if( $_SESSION['session_cookie_time'] == SOME_VALUE ){ $cookieTime = time()+31536000; # updated cookie time # update cookie using setcookie setcookie ( 'SESSION_COOKIE_NAME', session_id(), $cookieTime , 'SESSION_COOKIE_PATH' , 'SESSION_COOKIE_DOMAIN' , false ); $_SESSION['session_cookie_time'] = $cookieTime; # update session variable to remember time } }

You could return true or false from the updateUserDetails method. public function updateUserDetails($user){ $sql = sprintf("UPDATE User SET UserForename=%s, UserSurname=%s WHERE IDUser=%s", $this->db->GetSQLValueString($_POST['forename'], "text"), $this->db->GetSQLValueString($_POST['surname'], "text"), $this->db->GetSQLValueString($user->get('IDUser'), "int")); if($this->db->query($sql) === false) throw new Exception('SQL ERROR!'); return (bool)$this->db->affected_rows(); } The call to the method updateUserDetails now returns whether or not the update command changed a record in the database. If there was an SQL error it throws an exception! try{ if($um->updateUserDetails($user)){ echo 'Your account was updated!'; }else{ echo 'Sorry, Your account was not updated!'; } }catch(Exception $e){ echo 'Sorry, there was an SQL Error!'; }

Get the parameters after setting them. $cookieParams = session_get_cookie_params(); session_set_cookie_params(time()+31536000, $cookieParams["path"], $cookieParams["domain"], false, true); $cookieParams = session_get_cookie_params(); // get parameters session_start(); echo "lifetime: ".$cookieParams["lifetime"]."<br />";

i never knew __get() and __set() were called when the properties exist but are not accessible. that's interesting.

Yep. All of the $data is encoded as 1 JSON object in that code. You should be good to go!

http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_field the MySQL FIELD() function is great for this. SELECT rating FROM tRatings ORDER BY FIELD(rating, 'Professional', 'Advanced', 'Amateur');