AdamB

Hi, I'm using a PHP function to protect access to some pages. I'd just like to check some finer points on the security of this function. The code I'm using is: function is_authed() { if((isset($_SESSION['userid'])) && (md5($_SESSION['accesslevel'] . $_SESSION['lastlogin']) == $_SESSION['encrypted_key'])) { return true; } else { return false; } } The session variables are set when the user logs in. This access check function is called at the top of every page. My questions are: Is this the most secure way of checking the user is verified? Can you think of an instance in which these session variables could be bypassed? Is it possible for a user to view the content of the session variables, then trying to guess what checks I'm performing and engineering a work around? I'm sure any gaping holes would be found by a hacker if they had the time and inclination. My hope is to secure any holes so that door is closed. Many thanks for any advice! Adam

It did, thank you! Can I mark this question as solved or will one of the mods?

That worked straight away (changed a spelling), thanks very much! I was getting confused using GROUP BY() and MAX() and didn't think of using multiple GROUP BY() and nested SELECT() statements... The only bit I'm not sure about is: WHERE deriv1.caseworker_id IS NULL Purely for my knowledge more than anything, what does that bit actually mean and why does the statement need it?

Hello, I'm having a problem with a MySQL query I'm trying to write. I know logically what I'm trying to achieve, but I can't get the results I need from the database. I've got a list of cases in one table, and a list of caseworkers in another table. The caseworkers are assigned to each case using their unique ID. The cases table also records the date (Y-m-d) the caseworker was assigned to the case. I need to select all of the caseworkers who have not taken a case in the last 90 days. Caseworkers can have more than one case assigned to them at a time. I want to be able to iterate the results through a PHP while() loop to output all of the caseworkers, and the date they last took a case if it's over the 90 days, but it's the query bit thats got me stuck.. The table structures look like: TBLCASES - case_id - caseworker_id - caseworker_allocated etc. etc. TBLCASEWORKERS - caseworker_id - caseworker_name - caseworker_address_line_1 etc etc. If I can provide any more information to help, a prod in the right direction would be really appreciated!!

Hello, I'm having a problem with mysql_real_escape_string in an application I'm writing. Whenever I escape a string I get an error back because the database cannot then insert it: function add_user($firstname, $lastname, $telephone, $email) { $query = "INSERT INTO tblusers (firstname, lastname, telephone, email, active) VALUES('$firstname', '$lastname', '$telephone', '$email', '1');"; $query = mysql_real_escape_string($query); mysql_query ($query) or die ('Could not add caseworker.'); } I know the slashes are being added correctly because I've echo'ed the query post-escaping. Have I misunderstood the use of the function or is there something else I need to use? Thanks! Adam

Managed to fix that problem: $arr = explode(",", $list['shippingdata']); Which makes a long list come out, which is a step forward, really what I wanted to try and do was say: "10kg costs £10 to ship by Air" "10kg costs £5 to ship by Fedex" ???

Initially it looks as though the array isn't "exploding" properly at this point: $arr = explode(",", $list); It reads into the first array (mysql_fetch_array) fine, but at the end returns "Arraykg costs $ to ship by "

Hello, I am trying to create a cart script which offers table based shipping. Basically, the rates are predefined in a MySQL database and follow the format "maximumweight:price," - the fields with data look something like "1:2.00;2:4.00,4:8.00;8:16.00". So, orders up to 1KG cost £2 to ship, orders upto 2kg cost £4 to ship etc. I cant figure out how to get PHP to search through the "shipping data" field in the database. Each shipping method has its own row, and each shipping method has its own set of weights/prices based on the shipping company rates. I know what I'm trying to do in words, but can't seem to get PHP to do it ??? Any help would be much appreciated!

I know what the Master Category ID is, I just need to select all of the products residing in the "Sub Category" and "SubSubCategory"...

I hope this helps: Master Category - Subcategory   - Product   - Product - Subcategory - Subcategory   - SubSubCategory   - Product   - Product Thanks for your patience  ;D

Could you possibly point me in the direction of how to modify my above queries to that please? Thank you,

Is there no way to pull all the products from multiple subcategories using one query? It's possible there would only be 1 subcategory with 1 product in, but there could be five subcategories with 5 products in...  ???

Thats the bit im unsure of, ive had a few tries with combining "IN" clauses but it hasnt worked so I didnt see the point in posting them  :(

Hello, Im trying to get my head around several levels of subquerying and its driving me insane, i cant figure this out. This code selects what I need it too, all of the sub-categories within the master category. [code]SELECT categories_id FROM categories WHERE parent_id = 3[/code] But when I try to then sub-select the sub-sub-categories contained within these results Im only returned with products that reside in the sub category, not the sub-sub-category. [code]SELECT products_id FROM products WHERE master_categories_id IN (SELECT categories_id FROM categories WHERE parent_id = 3)[/code] Am I going about this totally the wrong way, or is there something simple Ive forgotten? Thanks for any help!!

Thank you very much for your help. With the starter you gave me (which did work, thanks), a tutorial on three-way left joins, and phpMyAdmin Ive managed to construct the SQL statement I needed: [code]SELECT p.products_id, p.products_quantity, p.products_image, p.products_price, name.products_name FROM (products AS p LEFT JOIN categories AS c ON c.categories_id = p.master_categories_id) LEFT JOIN products_description AS name ON (name.products_id = p.products_id) WHERE p.products_status = 1 AND c.parent_id = $_GET[cPath] ORDER BY RAND() LIMIT 10[/code] Thanks very much again! Its much appreciated  :)