Dakkadakka

This, and the tutorial, worked like a charm. Thanks. I didn't know i could do that. I was hesitant to try it and it worked on,like, the third try. This was the key foreach($_POST['item_id'] as $key=>$item_id){ $qty = $_POST['qty'][$key];$product_id = $_POST['product_id'][$key];$customer_id = $_POST['customer_id'][$key]; //Carry out the individual item query like usual.}

I wrote update cart.php. It's a very simple script that checks the quantity of the row item and it updates the respective row on the database. I've been improving my PHP all summer at my paid internship but am stuck on this problem. //Data has been retrieved at this point. // database connectionmysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die("Unable to select database"); $query = "SELECT * FROM cart_line WHERE cart_id = '".$cart_id."' AND product_id = '".$product_id."'";//echo $query."<br>";$search = mysql_query($query) or die(mysql_error()); while($row=mysql_fetch_array($search)){$price = $row['price'];//echo "Found a unit price of ".$price."<br>";$final_price = $row['final_price'];}$final_price = $price * $qty;//echo "New Final Price is ".$price." * ".$qty." = ".$final_price."<br>";$update_query = "UPDATE cart_line SET qty='".$qty."', final_price = '".$final_price."' WHERE cart_id = '".$cart_id."' AND product_id = '".$product_id."'";//echo $update_query."<br>";$update= mysql_query($update_query) or die(mysql_error()); //return to the cart.header ("Location: index.php");?> EDIT - I finally found a good example of what I'm trying to do. I'm going to start applying it unless there are better suggestions.http://www.theblog.ca/update-multiple-rows-mysql

I don't know how to make the form do that. If there are a variable number of items in the cart, how do I make one form for all of them, and how do I make the PHP check them all? I can't seem to find examples anywhere. I know carts have done it before.

I made a fully working shopping cart, but the problem is that in my line of business, customers may order a hundered items, and having to adjust quantities line by line could be a big hassle. My cart includes suggestions based on customer history due to the tremendous amount of things people typically buy. while($row=mysql_fetch_array($result)){//We grab the product id as well as everything else we need.$product_id= $row['product_id'];$sales_info = $row['sales_info'];$sku= $row['sku'];$qty= $row['qty'];$final_price = $row['final_price']; $price = $row['price'];$purchase_cost = $row['purchase_cost'];$link = $row['image_path']; //Get the price and final price in the true format.if ($price == 0){$dollar_price = "Listing Price:<br>".number_format($purchase_cost *= (1+$no_avg_markup/100),2);$dollar_final_price = "Contact your Sales Rep";}else{$dollar_price = "$".number_format($price, 2);$dollar_final_price = "$".number_format($final_price,2);} echo '<tr> <td height="110"><table width="159" border="0"> <tr> <td width="153">Sku#:'.$sku.'</td> </tr> <tr> <td height="84"> '; if (!is_null($link)){echo'<img src="/'.$link.'" alt="" width="35%" height="45%" />';}else{echo'<img src="/imagen/imagecomingsoon.png" alt="" width="35%" height="45%" />';}echo ' </td> </tr> </table></td> <td>'.strtoupper($sales_info).'</td> <td>'.$dollar_final_price.'</td> <td><form id="update'.$product_id.'" name="update'.$product_id.'" method="post" action="updateitem.php?item_id='.$product_id.'&cart_id='.$cart_id.'&customer_id ='.$customer_id.'"> <input name="qty" type="text" id="textfield" value="'.$qty.'"size="4" /> <input name="button" type="submit" id="button" value="Update" /></form></td>'; if ($price == 0){echo '<td>Contact Sales Rep</td>';}else{echo '<td>'.$dollar_price.'</td>';} echo'<td><a href="deleteitem.php?item_id='.$product_id.'&cart_id='.$cart_id.'&customer_id ='.$customer_id.'"><img src="/imagen/icon/deletered.png" width="42" height="47" /></a></td> </tr>'; $sub_total = $sub_total + $final_price; } ?> In this, each row generates an individual form for that one item. At the end of each row is a button to add that one item to the cart. I can't seem to find any tutorials on designing an Update All button. How do I make the entire cart, and an Update All button, that will work in this fashion?

I'm trying to get a string representative of an XML sheet send to a web service. This is how sales orders will be submitted online. The web service stores the order in a database. The web service is meant to take in a string to be read as XML. PHP and SOAP can't send XML to a web service as is and I'm having trouble working around this.First here is the code that generates the string.$xmlDocument = '<?xml version="1.0" encoding="utf-16"?>'; $xmlDocument.= '<SalesOrder dateCreated="'.$year.'-'.$mon.'-'.$day.' '.$hour.':'.$minutes.':'.$seconds.'" amount="'.$amount.'" mark_up="15.0000" customerID="'.$customer_id.'" employeeID="80000003-1325611163" source="0">'; while($row=mysql_fetch_array($result)) { //Product Id is called ProductID in the XML $product_id = $row['product_id']; //Sales info is NOT needed for the order. $sales_info = $row['sales_info']; echo $sales_info.'<br>'; //Final price is called SalesPrice in the XML $final_price = $row['final_price']; echo $final_price.'<br>'; //qty is called Quantity in the XML $qty = $row['qty']; echo $qty.'<br>'; //Purchase cost is called PurchaseCost in the XML $purchase_cost = $row['purchase_cost']; echo $purchase_cost.'<br>'; $xmlDocument .="<SalesOrderLine>"; $xmlDocument.='<ProductID>'.$product_id.'</ProductID>'; $xmlDocument.='<Quantity>'.$qty.'</Quantity>'; $xmlDocument.='<SalesPrice>'.$final_price.'</SalesPrice>'; $xmlDocument.='<PurchaseCost>'.$purchase_cost.'</PurchaseCost>'; $xmlDocument.='</SalesOrderLine>'; //$amount = $amount + $final_price; //$i++; } $xmlDocument .="</SalesOrder>"; I conclude by transmitting the string, but something is wrong. ini_set("soap.wsdl_cache_enabled", "0");$client = new SoapClient("http://12.34.56.78:blahblah/CreateDB?wsdl", array( 'trace' => 1, 'exceptions' => 1, 'soap_version' => SOAP_1_1, 'encoding' => 'ISO-8859-1', 'features' => SOAP_SINGLE_ELEMENT_ARRAYS ));$xmlvar = new SoapVar( "<ns1:xmlDocument>".$xmlDocument."</ns1:xmlDocument>", XSD_ANYXML );$params->xmlDocument = (object)$xmlvar;$save_result = $client->AddSalesOrder($params);I'm quote new to working with SOAP, but I'm really stuck with this. How do I fix this? The only alternative is using brute force and doing the insertion myself. I would love nothing more but to do that, but I have to use the webservice, because it will not only write to the MySQL database, it will write to Quickbooks.

The error log pointed out a typo. I don't remember what it was but i took care of it and it doesn't show any new problems. According to phpinfo(), SOAP is definitely turned on. I'm at my wits end because I've never worked with SOAP before.

I am trying to make a shopping cart and am using a web service my partner made to complete a transaction. The idea is to build an xml sheet and then transmit it to the web service using SOAP, but since PHP is a web language I am having problems. The web service is expecting a string, but the web service keeps getting a null pointer each time I try to submit the XML. $xmlDocument = '<?xml version="1.0" encoding="utf-16"?>'; $xmlDocument.= '<SalesOrder dateCreated="'.$year.'-'.$mon.'-'.$day.' '.$hour.':'.$minutes.':'.$seconds.'" amount="'.$amount.'" mark_up="15.0000" customerID="'.$customer_id.'" employeeID="80000003-1325611163" source="0">'; while($row=mysql_fetch_array($result)){ //Product Id is called ProductID in the XML$product_id = $row['product_id']; //Sales info is NOT needed for the order.$sales_info = $row['sales_info'];echo $sales_info.'<br>';//Final price is called SalesPrice in the XML$final_price = $row['final_price'];echo $final_price.'<br>';//qty is called Quantity in the XML$qty = $row['qty'];echo $qty.'<br>';//Purchase cost is called PurchaseCost in the XML$purchase_cost = $row['purchase_cost'];echo $purchase_cost.'<br>'; $xmlDocument .="<SalesOrderLine>"; $xmlDocument.='<ProductID>'.$product_id.'</ProductID>';$xmlDocument.='<Quantity>'.$qty.'</Quantity>';$xmlDocument.='<SalesPrice>'.$final_price.'</SalesPrice>';$xmlDocument.='<PurchaseCost>'.$purchase_cost.'</PurchaseCost>'; // Escaping illegal characters $xmlDocument.='</SalesOrderLine>';//$amount = $amount + $final_price;//$i++;} $xmlDocument .="</SalesOrder>"; echo $xmlDocument."<br>"; ini_set("soap.wsdl_cache_enabled", "0"); $client = new SoapClient("http://someplace.com/CreateDB?wsdl", array( 'trace' => 1, 'exceptions' => 1, 'soap_version' => SOAP_1_1, 'encoding' => 'ISO-8859-1', 'features' => SOAP_SINGLE_ELEMENT_ARRAYS )); $xmlvar = new SoapVar( "<ns1:xmlDocument>".$xmlDocument."</ns1:xmlDocument>", XSD_ANYXML );$params->xmlDocument = (object)$xmlvar; $save_result = $client->AddSalesOrder($params); I've been learning as much as I can about SOAP, but its really new to me. How do I make the xml document successfully go to the web service? The server log says that the connection is successful each time I click the submit button. But nothing is transferred to the web service.

That's a fantastic trick. I found the problem too. Thanks!

I must be making some kind of silly mistake, but I have some php and sql intended to retrieve information on a customer for a shopping cart. In particular, their contact into and invoice history. For the life of me I cannot figure out why the invoice history is printing out empty blank rows. This is the code. There are two different queries going on. One for the contact info, and one of their invoices. Here is the code. <?php $dbuser = ""; $dbpass = ""; $host = "localhost"; $dbname = ""; // database connection mysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname) or die("Unable to select database"); //This query grabs all the puchases going back up to three months //This debug line displays the query $query = "SELECT * FROM customers WHERE customer_id = '".$customer_id."'"; echo $query."<br>"; $result = mysql_query($query); echo '<h3 class = "splitter">CUSTOMER ID - '.$customer_id.'</h3>'; //-create while loop and loop through result set while($row=mysql_fetch_array($result)) { $customer_id =$row['customer_id']; $first_name =$row['first_name']; $last_name =$row['last_name']; $company_name =$row['company_name']; $phone =$row['phone']; $alt_phone =$row['alt_phone']; $email =$row['email']; $price_level = $row['price_level']; echo 'First Name - '.$first_name.'<br>'; echo 'Last Name - '.$last_name.'<br>'; echo 'Company Name - '.$company_name.'<br>'; echo 'Phone - '.$phone.'<br>'; echo 'Alt Phone - '.$alt_phone.'<br>'; echo 'Email - '.$email.'<br>'; echo 'Individual Price Level - '.$price_level.'<br>'; //echo 'Click to make changes here -<a href="editcust.php?customer_id="'.$customer_id.'">Edit</a><br>'; } //Show their invoice history $invquery = "SELECT customer_id, transaction_id, time_created FROM invoices WHERE customer_id = '".$customer_id."'"; echo $invquery."<br>"; $invresult = mysql_query($invquery); echo '<h3 class = "splitter">Transactions</h3>'; //-create while loop and loop through result set while($row=mysql_fetch_array($invresult)) { $customer_id = $row['customer_id']; $transaction_id = $row['$transaction_id']; $time_created = $row['$time_created']; echo 'ID - '.$transaction_id.' Date/time - '.$time_created.' - <a href="viewinvoice.php?transaction_id="'.$transaction_id.'&&customer_id="'.$customer_id.'">View</a><br>'; } ?> The first query successfully gives me the contact information. The second query is doing something strange that I would ordinarily know how to debug. The echo statement prints blanks where the variables should be printing, yet I can tell the data is being read because if I enter the same query directly into the MySQL database, I get the proper rows with all the data visible. In PHP however, I get the rows with nothing printed on them. The number of rows match! Why would it not print the values?

....removing including this solved my problems! Still, this makes me uncomfortable. What are the security limitations using the default? I would love thing more than the provided script to work, but I have to move forward.

I'm learning to use this now. Thanks.

session.php is a script from here:http://w3schools.invisionzone.com/index.php?showtopic=9731 I made the appropriate database for it, and I moved session start but that didn't have an effect. It looks like this. <?php session_start();include 'session.php'; var_dump($_SESSION);if (isset($_SESSION['customer_id'])){ //Grab their session data$customer_id = $_SESSION["customer_id"];$first_name = $_SESSION["first_name"];$last_name = $_SESSION["last_name"];$price_level = $_SESSION["price_level"];$sales_rep = $_SESSION["sales_rep"]; }else{echo 'Not a logged in person<br>';} ?>

That is a neat trick. If I put the vardump before the header the code looks like this. This means I can't use the header, but I can see the session array successfully filled. session_start();$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level;$_SESSION['sales_rep'] = $sales_rep;var_dump($_SESSION); //header('Location: index-in.php'); ?> It successfully displays the customer session according to the customer number I enter. This is one for example. I'm not giving the name of coursearray(6) { [1]=> int(1) ["customer_id"]=> string(19) "8000004C-1325619329" ["first_name"]=> string(6) "Dakka" ["last_name"]=> string(5) "Moredakka" ["price_level"]=> NULL ["sales_rep"]=> string(2) "OM" } But if I uncomment the header and use this, the session array becomes blank.<?php include 'session.php';session_start();var_dump($_SESSION);if (isset($_SESSION['customer_id'])){ //Grab their session dataecho 'We have a customer id<br>';$customer_id = $_SESSION["customer_id"];$first_name = $_SESSION["first_name"];$last_name = $_SESSION["last_name"];$price_level = $_SESSION["price_level"];$sales_rep = $_SESSION["sales_rep"];echo 'Customer id is '.$customer_id.'<br>';echo 'first_name is '.$first_name.'<br>';echo 'last_name is '.$last_name.'<br>';echo 'Price Level (NEVER SHOW THEM THIS) '.$price_level.'<br>';}else{echo 'Not a logged in person<br>';} The var dump says this, and the debug line says nobody is logged in:array(1) { [1]=> int(1) } Not a logged in person

It always displays the debug line "Not a logged in person." I start the session but I'm not seeing the session data being transferred.

I just changed it and it still didn't do the trick. Sorry, this is my first time learning sessions. //Give the user a session HEREsession_start();$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level;$_SESSION['sales_rep'] = $sales_rep; //This debug line makes sure the session array has all areas filled//echo "Your name is ".$_SESSION['first_name']." ".$_SESSION['last_name']."<br>(and the peronalized Level is ".$_SESSION['price_level'].")";header('Location: index-in.php'); ?> And then here is the new top of index-in.php. I was wrong to use index.html, which is just a placeholder. <?php include 'session.php';session_start();if (isset($_SESSION['customer_id'])){ //Grab their session dataecho 'We have a customer id<br>';$customer_id = $_SESSION["customer_id"];$first_name = $_SESSION["first_name"];$last_name = $_SESSION["last_name"];$price_level = $_SESSION["price_level"];$sales_rep = $_SESSION["sales_rep"];echo 'Customer id is '.$customer_id.'<br>';echo 'first_name is '.$first_name.'<br>';echo 'last_name is '.$last_name.'<br>';echo 'Price Level (NEVER SHOW THEM THIS) '.$price_level.'<br>';}else{echo 'Not a logged in person<br>';} ?>

<?phpinclude 'session.php'; /*if(empty($_POST['customer_id'])) { echo("Customer ID is empty!"); }*/ $customer_id = trim($_POST['customer_id']);$dbuser = "";$dbpass = "2";$host = "localhost";$dbname = ""; // database connection mysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die("Unable to select database"); //This query grabs all the puchases going back up to three months//This debug line displays the query$query = "SELECT * FROM customers WHERE customer_id = '$customer_id'";//echo $query."<br>"; $found = 0;$result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)){//Grab the database pieces the customer will need throughout the page.//echo "Checking customer number ".$row['customer_id']."<br>";if ($row['customer_id'] == $customer_id){$found = 1;//Grab the database pieces the customer will need throughout the page.$customer_id = $row['customer_id'];$first_name = $row['first_name'];$last_name = $row['last_name'];$price_level = $row['price_level'];//These debug lines check if the database query was successful//echo 'Customer ID is '.$customer_id.'<br>';//echo 'First Name is '.$first_name.'<br>';//echo 'last name is '.$last_name.'<br>';//echo 'price level '.$price_level.'<br>';break;} } //-create while loop and loop through result set/*if ($found == 0){echo 'Wrong customer number';}*///Give the user a session HEREsession_start();$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level; //This debug line makes sure the session array has all areas filled//echo "Your name is ".$_SESSION['first_name']." ".$_SESSION['last_name']."<br>(and the peronalized Level is ".$_SESSION['price_level'].")";header('Location: index.html'); ?> And then here is the logic at the beginning of index.html <?phpinclude 'session.php';if (isset($_SESSION['customer_id'])){ //Grab their session dataecho 'We have a customer id<br>';$customer_id = $_SESSION["customer_id"];$first_name = $_SESSION["first_name"];$last_name = $_SESSION["last_name"];$price_level = $_SESSION["price_level"];echo 'Customer id is '.$customer_id.'<br>';echo 'first_name is '.$first_name.'<br>';echo 'last_name is '.$last_name.'<br>';echo 'Price Level (NEVER SHOW THEM THIS) '.$price_level.'<br>';}else{echo 'Not a logged in person<br>';}

I fixed it but the session still is not detected.

index.html is the homepage, index-in.php is the php script embedded to it. Making the header either one has the same effect but it doesn't solve my problem. How do I get it to read the session?

Ah, that was silly of me. This brings me to the index page properly, I also modified the successful login to implement the session: //Give the user a session HEREsession_start();$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level; //This debug line makes sure the session array has all areas filled//echo "Your name is ".$_SESSION['first_name']." ".$_SESSION['last_name']."<br>(and the peronalized Level is ".$_SESSION['price_level'].")";header('Location: index.html'); ?> But the index page itself immediately checks this and fails. Am I using sessions properly here? At the beginning I check if the session customer id is set. I threw in some debug statements and they always say it's not a logged in person. <?phpinclude 'session.php';if (isset($_SESSION['customer_id'])){ //Grab their session dataecho 'We have a customer id<br>';$customer_id = $_SESSION["customer_id"];$first_name = $_SESSION["first_name"];$last_name = $_SESSION["last_name"];$price_level = $_SESSION["price_level"];echo 'Customer id is '.$customer_id.'<br>';echo 'first_name is '.$first_name.'<br>';echo 'last_name is '.$last_name.'<br>';echo 'Price Level (NEVER SHOW THEM THIS) '.$price_level.'<br>';}else{echo 'Not a logged in person<br>';} ?>

Changing the header to index.html did not to the trick. I got the same error. You bring up a good point: index.html is the home page, and index-in.php is my script to go along with it. I've been so used to working with index-in.php that I wrote it as if it's the main page. It's a shame changing the header didn't do the trick.

That's what I thought at first, but the error_log would log such an error. And just in case, I commented every single echo, even the ones that are fail conditions for the login. Not only do I not get this error message in my browser, the error_log doesn't show anything. This is what it looks like now: <?phpinclude 'session.php'; /*if(empty($_POST['customer_id'])) { echo("Customer ID is empty!"); }*/ $customer_id = trim($_POST['customer_id']);$dbuser = "";$dbpass = "";$host = "localhost";$dbname = ""; // database connection mysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die("Unable to select database"); //This query grabs all the puchases going back up to three months//This debug line displays the query$query = "SELECT * FROM customers WHERE customer_id = '$customer_id'";//echo $query."<br>"; $found = 0;$result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)){//Grab the database pieces the customer will need throughout the page.//echo "Checking customer number ".$row['customer_id']."<br>";if ($row['customer_id'] == $customer_id){$found = 1;//Grab the database pieces the customer will need throughout the page.$customer_id = $row['customer_id'];$first_name = $row['first_name'];$last_name = $row['last_name'];$price_level = $row['price_level'];//These debug lines check if the database query was successful//echo 'Customer ID is '.$customer_id.'<br>';//echo 'First Name is '.$first_name.'<br>';//echo 'last name is '.$last_name.'<br>';//echo 'price level '.$price_level.'<br>';break;} } //-create while loop and loop through result set/*if ($found == 0){echo 'Wrong customer number';}*///Give the user a session HERE$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level; //This debug line makes sure the session array has all areas filled//echo "Your name is ".$_SESSION['first_name']." ".$_SESSION['last_name']."<br>(and the peronalized Level is ".$_SESSION['price_level'].")";header("index-in.php"); ?>

I just modified a bunch of pages to check the $_SESSION array, and now it's time to test my sessions. To get the login working I have commented out the debug lines and created a header() to move to the main page after a successful session creation, but it tells me [an error occurred while processing this directive.] What could be wrong? <?phpinclude 'session.php'; if(empty($_POST['customer_id'])) { echo("Customer ID is empty!"); } $customer_id = trim($_POST['customer_id']);$dbuser = "(*@)^()&*@#";$dbpass = "@#)&*%^#@(%";$host = "localhost";$dbname = "#^&@%($"; // database connection mysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die("Unable to select database"); //This query grabs all the puchases going back up to three months//This debug line displays the query$query = "SELECT * FROM customers WHERE customer_id = '$customer_id'";//echo $query."<br>"; $found = 0;$result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)){//Grab the database pieces the customer will need throughout the page.//echo "Checking customer number ".$row['customer_id']."<br>";if ($row['customer_id'] == $customer_id){$found = 1;//Grab the database pieces the customer will need throughout the page.$customer_id = $row['customer_id'];$first_name = $row['first_name'];$last_name = $row['last_name'];$price_level = $row['price_level'];//These debug lines check if the database query was successful//echo 'Customer ID is '.$customer_id.'<br>';//echo 'First Name is '.$first_name.'<br>';//echo 'last name is '.$last_name.'<br>';//echo 'price level '.$price_level.'<br>';break;} } //-create while loop and loop through result setif ($found == 0){echo 'Wrong customer number';}//Give the user a session HERE$_SESSION['customer_id'] = $customer_id;$_SESSION['first_name'] = $first_name;$_SESSION['last_name'] = $last_name;$_SESSION['price_level'] = $price_level; //This debug line makes sure the session array has all areas filled//echo "Your name is ".$_SESSION['first_name']." ".$_SESSION['last_name']."<br>(and the peronalized Level is ".$_SESSION['price_level'].")";header("index-in.php"); ?>

EDIT - wait... I JUST got the session working! I can see it echoing back whats in the $_SESSION array! It's beaaaauuuutiful. I guess my last question is, what do I need to put in a customer logout.php to properly make sure the proper session destroy is called?

Thank you for the link. I think I'll just switch to that since I'm quite pressed for time. How do I rewrite the conclusion of my login to create the session to this version? I have these four fields that I would like to go in what is now the "content" column of the new database. //-create while loop and loop through result setif ($found == 0){echo 'Wrong customer number';}else{while($row=mysql_fetch_array($result)){//Grab the database pieces the customer will need throughout the page.$customer_id = $row['customer_id'];$first_name = $row['first_name'];$last_name = $row['last_name'];$price_level = $row['price_level'];} //Give the user a session HERE }?> And then what can I add to the beginning of other pages to establish a flag for a logged in user from a non-logged in user?

Lovely. I just ordered a php security book to see if I can get something more competent. In the meantime, I still really like this tutorial and want to improve upon it. It's just too incomplete. So we have this tutorial and a database with many unused fields and we need to create a new session to be inserted into the database. So modifying the createCookie() function seems to be key.First here is the database: sessionHash – varchar – length:32 sessionIP – varchar – length:30 sessionTime – int – length:11 sessionPage – varchar – length:100 sessionData – text sessionExpire – int – length:11 I threw in an incremental index as well called sessionID. Now maybe we can fix createCookie. //Create a cookie.public function createCookie(){//This variable is a unique, encrypted user identifier. $hash = md5( time() . uniqid() );//This creates a cookie ON THE USER DEVICE. setcookie( $this->cookiename, $hash, time()+$this->expireTime ); $this->sessionHash = $hash;//Set the hash which we get from the class. $hash = mysql_real_escape_string( $this->sessionHash );//The IP address is grabbed directly from the server. $ip = $_SERVER['REMOTE_ADDR'];//An expiration time is calculated to be 15 minutes + the user's time of login.$expire = time() + $this->expireTime;$dbuser = "(&*%(*&%^&*(";$dbpass = "(&*%^^&%^&";$host = "&^%*^&%^&%";$dbname = "43082976258496"; // database connectionmysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die("Unable to select database");$sql = sprintf("INSERT INTO `sessions` (sessionHash, sessionIP, sessionData, sessionExpire) VALUES ($this->sessionHash, $ip, this->sessionData, this->ExpireTime)" );mysql_query($sql);}Would something like this work? There is still the matter of the loggin using setSessionData, which only UPDATEs, and doesn't INSERT. So should I modify what happens during the login, or the SetSessionData function? How about I change it like this? //Give the user a session.$sessions = new sessionsClass;$sessionInfo = $sessions->sessionCheck(); if( $sessionInfo = false ){ # This session is invalid. Tell the user.}else{//I just changed this from $sessionInfo to $sessions to see what would happen # Update the name. $sessions->sessionData['customer_id'] = $customer_id;$sessions->sessionData['company_name'] = $company_name;$sessions->sessionData['first_name'] = $first_name;$sessions->sessionData['last_name'] = $last_name;$sessions->sessionData['price_level'] = $price_level;$sessions->_sessionStart(); //$sessions->setSessionData();# Session is valid, can use the data. echo "Your name is ".$session->sessionData['first_name']." ".$session->sessionData['last_name']."<br>(and the peronalized Level is ".$session->sessionData['price_level'].")";} Unfortunately that last echo prints out a bunch of blanks for each sessionData element at the moment.