xxreenaxx1 Posted April 1, 2010 Share Posted April 1, 2010 <?php if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) { echo '<ul class="err">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; unset($_SESSION['ERRMSG_ARR']); } ?> What do these codes mean? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 1, 2010 Share Posted April 1, 2010 What I'm getting from it (without having all the code to work with): If there's are error messages, and they are in array form, display each one in a unordered list, then unset all errors, so we don't display them again Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Thank you for the help now the next code is //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { // reference http://php.net/manual/en/function.trim.php $str = @trim($str); // trim the spaces if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Sorry if I am too annoying Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted April 1, 2010 Share Posted April 1, 2010 Asking questions is what this website is here for! This code is a function which can be called from elsewhere in your script. If you pass it a string variable it will remove any extra white space at the start and end of the string (IE. extra spaces, returns, tabs etc.), then if the string has been escaped by PHP it will remove the escaping. It then escapes the string for storage into a MySQL database and returns the cleaned up string. You would use it like so: $some_string = 'Some string.'; $cleaned_string = clean($some_string); Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Thank you once again Got few more of these codes if($login == '') { $errmsg_arr[] = 'Login field missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login.php"); exit(); } Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted April 1, 2010 Share Posted April 1, 2010 This code checks if the $login variable has information in it and if it doesn't, it adds a message to the next index of $errmsg_arr and sets $errflag to true. It then checks password as above and takes the same steps if password doesn't have any information in it. If $errflag is true, $errmsg_arr is stored in the current session, specifically $_SESSION['ERRMSG_ARR'], this data is forcibly saved to the session prior to script end (specifically this is useful if your website has frames, otherwise it's unnecessary but not harmful), the user is redirected to login.php and the script ends immediately. Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Thank you So i am guessing the code below if($fname == '') { $errmsg_arr[] = 'First name missing'; $errflag = true; Firstname was empty it wil output the error message and error message will be saved in an array and it will set the error flag to true. And what would the below code would do, I know its similiar to the first one, but not sure <?php //Start session session_start(); //Check whether the session variable MEMBER_ID is present or not if(!isset($_SESSION['MEMBER_ID']) || (trim($_SESSION['MEMBER_ID']) == '')) { exit(); } ?> Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted April 1, 2010 Share Posted April 1, 2010 As to the code you guessed at you. You're correct EXCEPT that no error is outputted, the error is saved to be outputted later. As to the 2nd chunk of code, this code starts a new session (a way of keeping track of people on the website), checks if the MEMBER_ID has been set and isn't just an empty string. If it HASN'T been set, or if it IS an empty string, it stops executing the script immediately with no error message. Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Once again thank you one more and that should be it $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; what does this do Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted April 1, 2010 Share Posted April 1, 2010 This is an SQL query that tells a databse to return all columns in all rows where the login column is equal to the $login variable, and the passwd column is equal to the md5 encrypted string produced with $_POST['password']. md5 is a form of one-way encryption (data can be encrypted with md5, but once encrypted, it is very hard or impossible to decrypt) that is often used for the encryption of things like passwords that never need to be decrypted again. Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Lets hope this is the last one $member = mysql_fetch_assoc($result); $_SESSION['MEMBER_ID'] = $member['member_id']; Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted April 1, 2010 Share Posted April 1, 2010 $member becomes an array whose indexes are the names of the columns that were returned in $result, and the values of those indexes are the values that were in the database for the given row. The session index MEMBER_ID gets set to the member_id that was in the MySQL database. Quote Link to comment Share on other sites More sharing options...
xxreenaxx1 Posted April 1, 2010 Author Share Posted April 1, 2010 Thank you very much for the help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.