Matt

This code example shows what is going on in my case: Please note for using global variable in child functions: This won't work correctly... <?php function foo(){ $f_a = 'a'; function bar(){ global $f_a; echo '"f_a" in BAR is: ' . $f_a . '<br />'; // doesn't work, var is empty! } bar(); echo '"f_a" in FOO is: ' . $f_a . '<br />'; } ?> This will... <?php function foo(){ global $f_a; // <- Notice to this $f_a = 'a'; function bar(){ global $f_a; echo '"f_a" in BAR is: ' . $f_a . '<br />'; // work!, var is 'a' } bar(); echo '"f_a" in FOO is: ' . $f_a . '<br />'; } ?> Taken from php.net

HartleySan and I have most likely found the source of the problem! It has to do with $dbc losing scope within the get_password_hash() function! global $dbc; Yes, $dbc was set as global within the functions, but as it turns out, that didn't matter! Terry, you hit the nail right on the head! Last night, HartleySan and I stayed up trying to figure this out over the phone. We tried out several things and finally honed in on the problem. After a bit of troubleshooting, we then tried pasting the following into the get_password_hash() function, and to our surprise the login worked fine: $dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); What this told us was that the mysqli_connect.php script was being accessed, but that the $dbc variable had somehow lost scope when it came to the get_password_hash() function. It doesn't do this when using Larry's Example1 site, so I thought that it must have been caused by something I was doing differently with my site. I did some research today on php.net and found out that variables established in php lose scope when used inside a function (as you probably already know), which is quite the opposite of C/C++. Furthermore, if a variable is declared inside a function (which is true in our case since we are importing the database connect file inside of the create_gallery() function), then then somehow the scope of $dbc is lost within all functions using it, even if they are declaring it as global. When I declared $dbc as global at the top of the mysqli_connect.php script... global $dbc; $dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); ...it again worked fine! Although it now makes some sense, it is still somewhat strange behavior! Was this similar to what you did Terry? I'd like to hear Larry's feedback on this as well! Matt

Larry, I have made great progress working on the "Art Gallery" site I had posted about a few weeks ago! A Site With Subdirectories For Each User! I have the user registering on the main index page, then they are directed to a page where they create a gallery/profile (they fill out a form where they input their name, gallery name, name of the directory that will be created, upload a profile pic, etc...). I have the php set up to create the gallery directory and drop an index file into it and it works perfectly. The problem I am having is that I am trying to develop a login system where the artist can login to his/her own gallery. This should seem simple enough as I am using php code that is virtually identical to yours from Example 1. There is a login box at the top of the gallery index page, but when the artist tries to log in I get the following error: An error occurred in script '/home/tueslcom/mysqli_ecommerce_connect.php' on line 47: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given The offending line of code is from the mysqli_connect.php script: return mysqli_real_escape_string ($dbc, hash_hmac('sha256', $password, 'c#haRl891', true)); I spent 3 hours last night going over all the code, and like I said, it is the same as yours Larry. I have just changed the names of the files (i.e. gallery_login_form.inc.php, gallery_login.inc.php. etc...) The only big difference I can think of is that in the "index.php" page I am calling a function in the includes directory which actually creates the page itself. This was done so as to minimize the amount of code in the index file since it was being created on the fly! However, I can't see how this would be a problem. In fact, if you just view the index page in a gallery directory, it is making a database query when the page loads in order to display the profile info.! You can see the page here: Example Gallery Page I did a google search on the error and even found a link back to your old forum from 2006. It might have something to do with calling "mysqli_real_escape_string" or the database connection (i.e. $dbc) before the connection has actually been set, but that is impossible! I am requiring the mysqli_connection script in almost the first line of the code which creates the page! I have been pulling my hair out on this one, but I'm almost sure the answer involves changing one line of code! This functionality is pretty important to the site, so any help would be greatly appreciated! Thanks in advance! Matt

Larry, I just wanted to let you know that I went back and scoured the PHP 6 & MYSQL 5 book and you were right! There is a proxy script for displaying images in the Chapter 17 - E-Commerce example, but it wasn't labeled as such, so I think that's why it was hard for me to find. When I first read the book, the only chapters I didn't read were 15 & 17. I just skimmed over them, so I completely missed the proxy script! Again, my apologies for giving you a hard time about that! Also, where do you recommend putting the proxy script? In the book, you put it right with all ther other files in the web root, but since it's not a stand alone php page, would it be better to put it in the "includes" directory? Thanks Larry, Matt

Larry, My apologies! I was just getting buried in new concepts (and trying to do 10 different things at once), and when I got stuck on the proxy script thing it made me a little frustrated. And then, when I start looking at other people's code, the first thing I think is "Oh no! What would Larry do here? I need to get Larry's opinion on this!" - he, he. Believe me, that is a compliment However, it's all starting to make sense now, and you're right that I was making it more complicated than it is! Also, my mistake about the Javascript/popup window thing! I didn't have the book in front of me when I wrote that post, so I was mixing it up with something else in the book. Sorry for the carelessness! I will check your other books again, and see if I missed anything. Thanks, Matt

Thanks Larry! You are right about the '@' being used everywhere! What's going on with that? However, what do you think should be done to improve the code? I haven't implemented it yet, so any advice regarding how to handle possible errors would be greatly appreciated! More importantly, I had a little trouble accessing the images once they were uploaded! You go into great detail in the book about the virtues of placing uploaded files outside of the web directory. However, in the ecommerce example, you completely go against this and place the images in the web root! I had to refer to the pdf upload example to get everything working. Then came the time to grab the links to the uploaded images and place them in <img> tags. As I'm sure you know, the very same access we are trying to prevent by putting the images outside the web root, also prevents html from accessing them as well! With little to go on, I can tell you that this wasn't particularly fun! True, the pdf example in chapter 5 used files that were uploaded, and then accessed, from a folder outside the web root. However, they were accessed directly by php and then streamed to a popup window using javascript. That might work fine for pdfs, but images are a different story! I guarantee that 99.9% of developers are using uploaded images for profile pics, galleries, etc... and don't want those images to just magically appear in a popup window! You make brief mention of using a proxy script to do this, but never explain what exactly that is. I did a google search and found just one short tutorial on the subject: http://foundationphp.com/tutorials/image_proxy.php The script worked fine, but is the code in the tutorial the best way to do this? I just want to get your "thumbs up / thumbs down" on it. You know I hold you in the highest regard Larry (I own 5 of your books and sing praises about you with every web developer I meet), but I feel you dropped the ball with only a few yards to go on this one! Perhaps you could elaborate more on using a proxy script to access uploaded files in the next edition. Matt

Larry, I think I have found a solution to the image file upload security problems you talk about in book! As you know, I am making an art gallery section for my Underworld website. Every user will have his own index page within a personal directory. I want to allow them to upload images (profile image, artwork, etc...). HartleySan and I have talked about this and feel that the most logical way to store these is within a subfolder of the artist's directory itself (i.e. within the web root directory). Well, I was looking at Facebook profiles and I have noticed that all the images in a user's gallery have been resized somewhat. I thought that if I did the same image resizing from the moment that the user tries to upload the image, then there would be a couple of benefits. First of all, if it isn't an image, then the resize code will fail and generate an error. Second, all images will be reduced to a manageable size which will save on disk space. Third, the type of image (i.e. jpeg, png, gif) that is output can be controlled. I did some searching for a good image resize script and found a good one by a guy named Mike Lopez: <?php header ("Content-type: image/jpeg"); /* JPEG / PNG Image Resizer Parameters (passed via URL): img = path / url of jpeg or png image file percent = if this is defined, image is resized by it's value in percent (i.e. 50 to divide by 50 percent) w = image width h = image height constrain = if this is parameter is passed and w and h are set to a size value then the size of the resulting image is constrained by whichever dimension is smaller Requires the PHP GD Extension Outputs the resulting image in JPEG Format By: Michael John G. Lopez - www.sydel.net Filename : imgsize.php */ $img = $_GET['img']; $percent = $_GET['percent']; $constrain = $_GET['constrain']; $w = $_GET['w']; $h = $_GET['h']; // get image size of img $x = @getimagesize($img); // image width $sw = $x[0]; // image height $sh = $x[1]; if ($percent > 0) { // calculate resized height and width if percent is defined $percent = $percent * 0.01; $w = $sw * $percent; $h = $sh * $percent; } else { if (isset ($w) AND !isset ($h)) { // autocompute height if only width is set $h = (100 / ($sw / $w)) * .01; $h = @round ($sh * $h); } elseif (isset ($h) AND !isset ($w)) { // autocompute width if only height is set $w = (100 / ($sh / $h)) * .01; $w = @round ($sw * $w); } elseif (isset ($h) AND isset ($w) AND isset ($constrain)) { // get the smaller resulting image dimension if both height // and width are set and $constrain is also set $hx = (100 / ($sw / $w)) * .01; $hx = @round ($sh * $hx); $wx = (100 / ($sh / $h)) * .01; $wx = @round ($sw * $wx); if ($hx < $h) { $h = (100 / ($sw / $w)) * .01; $h = @round ($sh * $h); } else { $w = (100 / ($sh / $h)) * .01; $w = @round ($sw * $w); } } } $im = @ImageCreateFromJPEG ($img) or // Read JPEG Image $im = @ImageCreateFromPNG ($img) or // or PNG Image $im = @ImageCreateFromGIF ($img) or // or GIF Image $im = false; // If image is not JPEG, PNG, or GIF if (!$im) { // We get errors from PHP's ImageCreate functions... // So let's echo back the contents of the actual image. readfile ($img); } else { // Create the resized image destination $thumb = @ImageCreateTrueColor ($w, $h); // Copy from image source, resize it, and paste to image destination @ImageCopyResampled ($thumb, $im, 0, 0, 0, 0, $w, $h, $sw, $sh); // Output resized image @ImageJPEG ($thumb); } ?> Of course it needs to be modified a bit for my use case, but it does seem like a good solution! What do you think about this? Matt

Larry I understand completely! Don't get me wrong, I wasn't trying to attack anyone on this forum for paying more for a hosting service per say. Rather, I was trying to elicit a response/justification for spending that much because I am obviously inexperienced in that area, and it worked! I've basically come to the same general conclusion as you. For non-profit or development sites, I think my host is fine. For running any sort of web business, then I would definitely need to look elsewhere! I always have my eyes and ears open for new and better hosting services, especially for starting a web business. The problem is that you have to wade through a sea of hosts, who all offer different variations on the same basic service, and who may or may not turn out to be good! And as I think you mentioned before, trusting online reviews can be unreliable at best. Therefore, I think that word of mouth is probably the best way to go! So ServInt it is then! Thank you Larry! Matt

I have always used GlobeDomain! A few years ago, one of my fellow IT allumni recommended it to me. It is very cheap - starting at $4.95/year, however, they are quite professional and have all the necessities (C-panel, mySQL, full PHP support, CGI support, etc...) I've heard that they are geared more for the experienced web developer, so support is very limited (i.e. you need to know what you are doing), but for anyone who is reading any of Larry's books, this shouldn't be rocket science. For my Underworld website I use the G-2000 plan - 2000MB disk space, 20GB data transfer/month, $62.00/year! I have had absolutely no problem with them over the past 3 years. Once in a while the server goes down for a couple hours, for what I presume to be upgrades, but other than that they are fine! Having server downtime is obviously not good for an e-commerce site, but since this is the only web host I've ever had any experience with I don't know if this is common for other hosting plans. When I hear that other hosts are charging PER MONTH what I pay PER YEAR, I am shocked! It's like the average person doesn't know any better and are open to getting ripped off! Again, reliable service is key, and if the other hosts have some advantage I'm not aware of (zero downtime, more bandwidth, etc...) then perhaps the higher prices are justified. I am always open to other options, but you really can't beat $62.00 a year for what you get! Is there something I'm missing here? I'd like to know if maybe I'm getting ripped off! Larry, Terry, or anyone else, please check out the web site and let me know if they are as good as I want to think they are. www.globedomain.com Thanks, Matt

Thanks Jonathon! I ran a info.php script on my host and it does show that GD is installed! Matt

Hello everyone, I am currently writing a script that allows users to create a profile. They upload an image, and using Larry's code, it saves it in a folder outside the web directory. Because users could theoretically upload images of any width and/or height, I decided that I wanted to resize them during the upload to constrain their size. I found a highly recommended script by a guy named Mike Lopez that does exactly what I wanted (although it appears to be mainly for loading/resizing images from other URLs). The problem is that it was written in 2006, and the sparse documentation says that I must install the PHP GD extension to use the functions in the script (i.e. ImageCreateFromJPEG ($img)). I Googled PHP GD and found out that it was an extended library for manipulating image files. To further complicate things, I've also found out that there is a GD 2! The instructions on php.net say: Do I still need to do this with PHP 5? It just seems like a lot of extra nonsense to do something as simple as manipulate image sizes! I am doing all my testing on a web host, so PHP GD might already be installed there. Does anyone have any experience with manipulating images with PHP or using PHP GD? Thanks for any help! Matt

Thank you Larry and HartleySan for your help! It was the backtick (grave accent marks) that were the problem! I fixed them and now the script works fine! Matt

Hello everyone, I am working on a script which takes a user`s profile information and then writes it to a table called "profiles" in the database. The code is based almost entirely on the registration script from Larry`s "knowledge Is Power" example! The problem is I keep getting an error at the line where it tries to run the query (actually, the error line number the one for the "if" statement). Also, when I go into PhpMyAdmin, it`s not adding the record to the database. I spent almost 2 hours playing with it last night, but can`t figure out what is preventing the INSERT! I have errors turned on, and when I scroll down and check the array element that holds the query, all the correct data is there. It has got to be something stupid that I overlooked! Here is the offending code: Add the user to the database... $q = "INSERT INTO profiles (user_id, first_name, last_name, directory_name, description) VALUES ({$_SESSION['user_id']}, '$fn', '$ln', `$dn`, `$d`)"; $r = mysqli_query ($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. ... All field names and variable names have been checked about 10 times over and are correct! Here is the design of the "profiles" table: CREATE TABLE `profiles` ( `profile_id` INT UNSIGNED NOT NULL AUTO_INCREMENT, `user_id` INT UNSIGNED NOT NULL, `first_name` VARCHAR(20) NOT NULL, `last_name` VARCHAR(40) NOT NULL, `description` TINYTEXT NOT NULL, `directory_name` VARCHAR(40) NOT NULL, `date_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE KEY `user_id` (`user_id`), UNIQUE KEY `directory_name` (`directory_name`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; If anyone has any idea what might be causing this please let me know! I`d really appreciate it! Thanks, Matt

Thanks again Jonathon! Yeah, this is both perplexing, and frustrating! Perhaps someone else (i.e. Larry - since this is essentially your code) has an idea of what`s going on. Thanks, Matt

Thanks Jonathon! I have seen a warning about that too! I am on a hosted server and I think I am running in safe mode. Why does safe mode matter? All I`m doing is passing a string to an array, which I`ve done all the way through the code without any trouble! Errors like this are simply ridiculous!

Does anyone know what the following error means: An error occurred in script '/home/tueslcom/public_html/ecommerce/create_profile.php' on line 96: shell_exec() has been disabled for security reasons It is being generated by the following line: $reg_errors[`directory_name`] = `Directory ` . $dn . ` already exists.`; This code is nested down in a few if-else statements. I have tried many combinations (i.e. `Directory already exists`, "Directory already exists", etc...), but to no avail! My only guess is that perhaps variable scope is being lost for $reg_errors, but that doesn`t really make sense since the array is being defined at the top of the file. Thanks for any help anyone can give! Matt

Terry, Thank you very much for your detailed response! It has really cleared all of this up for me! That`s why I said that "I hate to ask such a stupid question"! I do own "PHP 6 and MySQL 5" and have gone through it at least twice over the past 3 years! In fact, it is pretty tattered and pages are starting to fall out from having carried it around so much! It`s very straight forward and I pretty much have it down! I also own, "PHP 5 Advanced", but I use it more as a reference and have only skimmed through certain topics. That`s the problem here: Larry has never, in any of these books, clearly defined what exactly a URI is! He spends one sentence on URIs on page 540 of "PHP5 Advanced" as part of another topic, but that`s it! I even spoke with HartleySan, who is an "Advanced Member" in this forum, and even he didn`t know what a URI was when he bought "Effortless E-Commerce". He had to spend hours on Google trying to figure out what it was! And that leads to another problem - a URI is more of an umbrella term, and it has different meanings depending on what site you go to, which further adds to the confusion! I think one problem is that when it comes to PHP I start to rely on Larry as a source for all information. And usually this is fine because things flow from one book to the next and he builds on older examples/ideas. However, this one came out of nowhere and it was just assumed that we knew what a URI was! I just think he needs to cover this a little more in the next edition of "Effortless E-Commerce". A quick and thorough description, like the one you gave me, would be perfect! Thanks again, Matt

Larry, Thank you very much for your responses! I think I have enough to go with to get started. Actually, I already started setting this up. I decided to use the "Knowledge is Power" example from "Effortless E-Commerce" as a starting point. The code is much more up-to-date and secure compared with the "PHP6 and MYSQL 5: Visual Quickpro Guide" user registration code from ch16. I do need to take out the whole PayPal payment code and a few other things, but everything else is almost ready to go! I just had one last (I hope) question for now: As you know, I need have a profile setup page for each user that will get certain information from the them which it used to create his/her gallery (i.e. display name, country, hobbies, gallery description, and most importantly, the name for the gallery folder). Currently, I have a table for users, but I don`t think it would be appropriate to store all this extraneous information there. From a database design point-of-view, the "users" table is merely the table for storing information about the user`s account. I think that there should be another table called "profiles" which has a one-to-one relationship with "users" by "user_id". What do you think of this Larry? Finally, what I`m thinking is that when a user logs in for the first time after registering, he/she will be sent to a page for setting up their profile. As mentioned above, this profile page will collect various pieces of info. about the user, as well as the name he/she would like to use for their gallery directory (i.e. the folder name). Obviously, I need to check the database every time a user logs in to see if they have an entry in the "profiles" table. If they do, then they sign in as usual. If they don`t, then they are redirected to the create_profile.php page. What I wanted to know is what would be the most efficient way to check for this? Wouldn`t it be faster to just have a flag field in the "users" table that contains "1" if the "profile/gallery was created, or "0" if it wasn`t? Thanks again Larry, Matt btw - Larry, you might laugh at me for this, but I was actually an IT major and I took a few database classes!!! I can usually visualize the setup for most schemas quite easily, and indeed many are quite simple, but there are always the outliers. It can start getting pretty philosophical sometimes and I guess it just comes down to feeling and how you want to separate the data. In this case, I`ve got a gut feeling that there should be a "profiles" table, but I want to hear your advice first.

Larry, Thank you so much for your reply! Good points! As * Hartleysan said, I`m not sure why this is necessary. It just seems more logical to have all the artists media kept within the folder for his gallery. If done outside the artists`s folder, then you get into the added complexity of linking a specific artist with his/her image files (adding a new table to the database, writing more code, putting more demand on the server, etc...). What do you think about Hartleysan`s suggestions? I didn`t even think about this one! Thank you so much Larry! Hartleysan thought that including a simple function call in the index.php file to a "createPage()" function in an upper-level script would be a good way to do this and I agree! All links shown in the index page would call upper-level scripts to create the new content (i.e. gallery pages) without the user ever leaving the folder/index.php page. Does that sound like a good idea? Hartleysan suggested the same thing about using the folder name, and it would certainly work fine, but I just feel that using the artist`s ID would be a more direct and less error-prone way to make a database query. Querying the user table by "folder_name" just seems like a half ass workaround to the way it ought to be queried (i.e. by user_ID). I look at it like this: Imagine that we all live in a small town. Everybody in the town has one car, and they are all different makes and colors. Would it be more logical to ask "Who owns the red Porch 911?" , or "Who owns the car with license plate # 1967825?" The last question is far more accurate/efficient from a database point of view. The problem is how to get access to this user_ID unless it is embedded in a variable within the index.php file. With that scenario I now have to open, write to, and then close the index.php file before writing it to the artist`s folder every time a new account is created, which does create more work! It sounds easy in theory, but I might need a little help with this one Matt * Hartleysan and I both live in Japan and are good friends. We often talk about various web projects and code problems.

Larry, I hate to ask such a stupid (and probably obvious to most) question, but what exactly is a URI? In your book, you define it as "/path/to/Web/parent/directory/", however that doesn`t tell me much! My domain name is "www.tuesdaygirl.com", but how in the name of god do you point to the parent folder of a root web directory that a domain name is pointing to? Perhaps I sound like a smart ass, but should it be "../" Well, since I have no idea how to set that up, I decided to just point the BASE_URI to the web directory itself. In this case is I`m guessing that the URI should be: "http://www.tuesdaygirl.com/", however what is the URI doing that the URL can`t do. It all seems like a big unnecessary mess really! Just to clarify, I have decided to post the constants for the URL and location of all files on my site: define ('BASE_URI', 'http://www.tuesdaygirl.com/'); define ('BASE_URL', 'www.tuesdaygirl.com/ecommerce/'); define ('PDFS_DIR', BASE_URI . 'pdfs/'); // Added in Chapter 5. define ('MYSQL', BASE_URI . 'mysqli_ecommerce_connect.php'); Is this correct? I used to get a "file not found" error for the mysqli_ecommerce_connect.php file before I wrestled with the URI for 30 minutes. Now that it seems to be working, I just get a blank page when I go to www.tuesdaygirl.com/ecommerce/index.php Also, how on earth do I point to the mysqli_ecommerce_connect.php file if it`s outside the web directory? I tried this, but the URI is getting in the way! When I change the BASE_URI for the mysql file to "../mysqli_ecommerce_connect.php" I get an error which shows that path it is trying to resolve as: "http://www.tuesdaygirl.com/ecommerce/../mysqli_ecommerce_connect.php" Now believe me Larry, I`m not trying to give you a hard time (I always tell Hartlysan that you are the "web programming god"), but a little more explanation of this in the future - and perhaps some real world examples (i.e. "www.example.com/foldername/") - would be great! I generally follow all your code (both easy and advanced), but something like this shouldn`t take a degree in rocket science, nor 1000 headaches, to get your head around! Matt

Hi Larry! This is "phaseblue" (the Flash guy) from your last forum. I know you don`t cover mkdir() in "PHP5 Advanced: Visual QuickPro Guide", but given that my situation is a bit "advanced" I thought that this was the best forum to post this. As you know, I run a fan website for the group Underworld in Japan. Many of the fans are quite tech savvy and quite a few are into visual/musical arts. Recently I have been playing with the idea of creating an art gallery on the site where fans can create a profile and post their work. What I think should happen is this: 1) A fan/artist registers and clicks on the email link sent to him to confirm his registration. 2) He/she then logs in for the first time and creates a profile. 3) A sub-directory (which he names) is automatically created for the artist (i.e. www.darktrain.jp/galleries/JohnSmith) and a php index file is dropped in it. 4) He can then start uploading images to display in his/her gallery. 5) Whenever a visitor goes to a particular artist`s url, the index.php page will pull the artist`s data from the database and display it. My question(s) is/are: - What are some best practices/good security measures for implementing something like this? - Should the images be stored in the artist`s folder, or should they be stored outside the web directory? - Would you create a modular structure for the index.php page (so that the user never leaves the artist`s folder), or would you have it redirect to other scripts on the top level of the site? - When a visitor visits the artist`s index page (within the folder), how would you link the index.php file to the particular artist`s data, by the folder name in which it resides or by a variable stored within the index file? - And finally, when should the folder be created, before or after the artist creates his profile? I don`t want to run into a situation where the directory was created, but the database wasn`t updated for some reason, or vise versa! I`m using Larry`s complete user registration system from "PHP 6 and MySQL5: Visual QuickPro Guide" as a starting point. I found a good mkdir() script which uses regular expressions on the name and checks for the existence of the directory before creating it. Sorry for all the questions, but this type of layout is quite new for me. Thanks a lot for any help Larry or anyone else can offer! Matt

DeeDee, Like HartleySan, I just tested this as well and it`s working perfectly! Sorry, I wrote my reply late last night and looking at your code again I realize that you actually were attempting a "timestamp" in the database, so my apologies for the confusion. However, I think I got confused because you put the "NOW()" function call in a variable: I`m sure this is perfectly fine, but I think doing that is completely unnecessary. As HartleySan said, something like the following (which is the code I used) should work fine: $q = "UPDATE users SET last_login=now() WHERE user_id={$_SESSION['user_id']} LIMIT 1"; Make sure you have a field in the database set as follows: last_login DATETIME NOT NULL Hope this helps!

DeeDee, I would not suggest grabbing the last login time this way: The best way to do this is with a timestamp in the database! If you grab the date/time from the user`s machine, then it will depend on the user`s location/time zone. Since many of your visitors will certainly come from different parts of the world, this will cause you to lose a precise point of reference If you use a timestamp, then all dates/times will be entered relative to one time zone (i.e. GMT or wherever your server is located)! Hope this helps! Matt