Gingechilla

Hi. Thanks for your help. In the end I canonical link the file to where I wanted it to go. After that I just chose to redirect anyone who tries going to domain.com/index.php/* back to domain.com/

I have a file called index.php and I want to have a file called index.php What I don't want, is for the ability of the public to be able to type domain.com/index.php/what-ever-words-they-want-to-type. At the moment when they go to domain.com/index.php/what-ever-words-they-want-to-type it loads my domain.com/index.php. I'm not sure why this happens.

Hi, No, never. You can write anything after index.php/ and the index.php file loads up. Any resources on the page with a relative url won't work though. So ../image.jpg will work on index.php but not index.php/about-us. I can only assume there's an on/off setting. I have PHP 5.6 installed.

Hi, I'm not sure why but search engines are indexing the following urls on my site: domain.com/index.php/about-us domain.com/index.php/contacto domain.com/index.php/any-word-can-go-here These aren't URLs I'm using or are in my sitemap. Can anyone tell me how I can turn off these URLs after the .php ? I'm not sure why this is happening or what words to use to find out what my problem is.

Hi, Thank you for your help. I will add that in to my code. For some reason and I'm not sure why... I changed the connection user to root and it worked. I then granted all possible permissions to the user I was previously using but nothing. So I went back and added a brand new user with the some privileges and it worked. Really not sure what went wrong but it's working now. (XAMMP). Thank you.

Hi, Im having a problem and I can't seem to figure it out or find anything on the net. If I use the following code the script successfully updates every row in the table: mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud'"); However if I try updating the table using the WHERE clause in any of the combinations below nothing happens. mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud' WHERE Ads_ID=$DBROWID"); ---------------------------------------------------------------------- My Script: mysqli_query($con,"INSERT INTO Ads (Ads_ID, Ads_AID, Ads_Title) VALUES ('', '$Polished_AdRef', '$Polished_AdTitle')"); $DBROWID = mysqli_insert_id($con); mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID=$DBROWID"); // TRIED THESE TOO // mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='$DBROWID'"); // mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='5'"); Does any one know where I am going wrong?

Hi, I have this file: http://www.cineworld.co.uk/syndication/film_times.xml I want to extract all the film information with anything that equals <row key="90"> I can't however seem to get find a way of targeting that row. <?php $getfile = file_get_contents('http://www.cineworld.co.uk/syndication/film_times.xml'); $arr = simplexml_load_string($getfile); foreach($arr->row as $a => $b) { echo "<br>".$a,'="',$b,"\"\n"; } ?> Could someone point me in the direction that I can find some help please?

Oh and the data from the form will be used between other elements and saved in a file for inclusion into the main file. So for example the data from the form might be between stylesheet tags ect. Only thing I can think of would be importing a CSS file like so: @import'http://ha.ckers.org/xss.css';

I'm attempting to clean out all unwanted input from user posted data. The user can put anything in the input box but when it goes through to my php page I filter through it with the following: function cleanxss($input) { /// Prevents XXS Attacks www.itshacked.com $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments ); $inputx = preg_replace($search, '', $input); $inputx = trim($inputx); if(get_magic_quotes_gpc()) { $inputx = stripslashes($inputx); } $input = htmlspecialchars($input); /// MYSQL USE ONLY: $inputx = mysql_real_escape_string($inputx); return $inputx; } //apply the function to an array of user submitted data... ///$_POST = array_map('clean', $_POST); //or individually like... $message = cleanxss($_POST['data']); I've pasted all the data from http://ha.ckers.org/xss.html into the form and it results in no vulnerabilities. Is this right?

Oh I've got it! I just had to remove the " " either side of checkU in the replacement code. Thank you so much for your help! :-)

Thank you very much for your reply however I don't think it has worked properly. HTML Input: [u]Hello[/u] HTML Output: checkU('Hello')

My code for replacing user input is as follows: function Replace_BB($text) { $bb = array( '@\[u\](.*?)\[\/u\]@is', '@\[i\](.*?)\[\/i\]@is', '@\[b\](.*?)\[\/b\]@is', '@\[img\](.*?)\[/img\]@is', '@\[url\](.*?)\[/url\]@is', '@\[url=http://(.*?)\](.*?)\[/url\]@is' ); $html = array( '<u>$1</u>', '<em>$1</em>', '<strong>$1</strong>', '<img src="$1" />', '<a href="$1">$1</a>', '<a href="$1">$2</a>' ); return preg_replace($bb, $html, $text); } print_r (Replace_BB($_POST['data'])); How can I use an if statement to decide how to put in my replacement. So for example: $html = array( 'IF XXXXXX THEN DO THIS>>>>> <u>$1</u> ELSE DO THIS >>>> <u>$1 Error</u>',

OK feeling a bit silly now... but where exactly is the typo I need to change to get it to work?

Actually maybe there is something wrong with the first array: preg_match_all("/<bla>(.*)<\/bla>/", $html2, $matches40); print_r($matches40); When I echo the count: $matches = $matches40; $matches_count = count($matches); echo count($matches); It only counts 2 and changes two of the 'Tom' to 'Ben' -------------- HTML Input: <bla>Tom</bla> <bla>Tom</bla> <bla>Tom</bla> <bla>John</bla> <bla>Cliff</bla> <bla>Tom</bla> -------------- Array Out: Array ( [0] => Ben [1] => Ben [2] => Tom [3] => John [4] => Cliff [5] => Tom )

Oh! I'm such an idiot! I did work! Thank you so much! However... It only works on the first 'Tom'. If I type in Tom twice ect only the first one changes.