Jump to content


acctman

Member Since 28 Jul 2007
Offline Last Active May 20 2015 02:54 AM

Topics I've Started

using htmlspecialchars

19 May 2015 - 10:19 PM

I'm trying to use htmlspecialchars() to escape apostrophe foreach(htmlspecialchars($_POST) as $key=>$val) { but it's not escaping / working. Am I placing it in the wrong place?

 

thanks in advance

if(isset($_POST['save_your_application']) || isset($_POST['save_progress'])) {

	$errors = 0;
	$detailsArray = array();
	$insertArray = array();

	foreach($_POST as $key=>$val) {
		$stringDivide = explode("_", $key); // Break up key name
		$type = end($stringDivide); // Get the TYPE of field
		$fullKey = $key;
		//$key = substr($key, 0, -4); // Get the field name (deleting the TYPE from the end)

		// IF FIELD IS A NUMBER
		if(strcmp($type, "num") == 0) {
			$array = array();
			$array['key'] = $key;
			$array['value'] = (int)$val;
			if($val == "")
				$array['value'] = NULL;
			$array['type'] = $type;
			$insertArray[] = $array;
		}

		// IF FIELD IS TEXT
		elseif(strcmp($type, "txt") == 0) {
			$array = array();
			$array['key'] = $key;
			$array['value'] = $val;
			$array['type'] = $type;
			$insertArray[] = $array;
		}

		$detailsArray[$fullKey] = $val;

	}
	if(isset($_POST['save_progress']) && $_POST['save_progress'] == 1) { $status = 3; } else { $status = 2; }


	if(isset($_POST['other_user'])) { $userID = $_POST['other_user']; }
	elseif(isset($_GET['other_user'])) { $userID = $_GET['us']; }
	else { $userID = $_SESSION['ID']; }


	// THIS IS WHERE WE SEND STUFF TO DB
	applicationSubmit($userID,$insertArray,$status);
	if($userID == $_SESSION['ID'] && $status == 2) {
		send_email($_SESSION['ID'],"has completed their application.");
	}
	if(isset($_POST['save_your_application']))
		$sent = 2;
	else
		$sent = 1;

} else {
	if(isset($_GET['other_user'])) { $userID = $_GET['other_user']; } else { $userID = $_SESSION['ID']; }
	$application = getUserApplication($userID);
	$detailsArray = array();

	if(is_array($application)) {
		foreach($application as $key=>$val) {
			if(is_numeric($key)) {}
			else {
				if(strcmp($key, "id") == 0 || strcmp($key, "fk_userid") == 0 || strcmp($key, "status") == 0 || strcmp($key, "submit_date") == 0 ) {
					$detailsArray[$key] = $val;
				} else {
					$detailsArray[$key] = decrypt_app($val,$GLOBALS['SITE_CONFIGURATION']['KEY_APP']);
				}
			}
		}
	}

	//$detailsArray['status'] = getApplicationStatus($_SESSION['ID']);

	//print_r($detailsArray);
}


Simple HTML Dom... get width value

17 January 2013 - 11:17 PM

Hi i'm using Simple HTML Dom to scrap a site page. I'm trying to grab the width value for each img src. Below is the html and php i've been using so far.



<table>
<tr>
<th colspan="4">
<font size="3" color="#a74165">Interest Levels</font>
</th>
</tr>
<tr>
<td nowrap>
<font size="2">MobileT</font>
</td>
<td><img src="http://pictures.domain.com/images/7.gif" alt="1 on a scale of 0-4" border="0" height="15" width="9">
</td>
<td> &nbsp;&nbsp;&nbsp;
</td>
<td nowrap>
<font size="2">MobileC</font>
</td>
<td>
<img src="http://pictures.domain.com/images/7.gif" alt="3 on a scale of 0-4" border="0" height="15" width="27">
</td>
</tr>
<tr>
<td nowrap>
<font size="2">Moderate</font>
</td>
<td><img src="http://pictures.domain.com/images/7.gif" alt="3 on a scale of 0-4" border="0" height="15" width="27">
</td>
<td> &nbsp;&nbsp;&nbsp;
</td>
<td nowrap>
<font size="2">Males</font>
</td>
<td>
</td>
</tr>
<tr>
<td nowrap>
<font size="2">Wild</font>
</td>
<td><img src="http://pictures.domain.com/images/7.gif" alt="3 on a scale of 0-4" border="0" height="15" width="27">
</td>
<td> &nbsp;&nbsp;&nbsp;
</td>
<td nowrap>
<font size="2">Females</font>
</td>
<td>
<img src="http://pictures.domain.com/images/7.gif" alt="4 on a scale of 0-4" border="0" height="15" width="36">
</td>
</tr>
</table>






include('simple_html_dom.php');

$html = new simple_html_dom();   
$html = file_get_html('http://dev.domain.com/');

$element = $html->find("td font[size=3]", 0);  
echo $element-> plaintext . '<br>';

$element = $html->find("font", 7);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[color=red]", 0);  
echo $element-> plaintext . '<br>';

$element = $html->find("font", 3);  
echo $element-> plaintext . '<br>';

# city state country
$element = $html->find("font[size=2]", 3);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=2]", 10);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=2]", 11);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=2]", 12);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=-1]", 0);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=-1]", 1);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=-1]", 2);  
echo $element-> plaintext . '<br>';

$element = $html->find("font[size=-1]", 3);  
echo $element-> plaintext . '<br>';

$html->clear();

Http Authentication With Php?

12 December 2012 - 02:56 AM

Hi does anyone have an example of using a PHP code to access the .htpasswd file for a user / pass login.

Error in SQL syntax LEFT JOIN

08 May 2012 - 08:47 AM

I'm trying to create a query to where the code below will work... I typed out the general idea of what I'm trying to do

SELECT 
    entry_id, author_id, title, status
FROM exp_channel_titles
WHERE title LIKE %Member Package% 
AND status = 'complete'

LEFT JOIN SELECT
    entry_id, 
    field_id_14, field_id_15, field_id_25, field_id_27, field_id_28, field_id_29, 
    field_id_30, field_id_31, field_id_32, field_id_33, field_id_34, field_id_35
FROM exp_channel_data
WHERE entry_id = exp_channel_titles.entry_id

LEFT JOIN SELECT   
    member_id, email
FROM exp_members
WHERE member_id = exp_channel_titles.author_id


I tried something like this but got an error.

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.field_id_14, d.field_id_15, d.field_id_25, d.field_id_27, d.field_id_28, d.fiel' at line 3
SELECT 
    t.entry_id, t.author_id, t.title, t.status
    d.field_id_14, d.field_id_15, d.field_id_25, d.field_id_27, d.field_id_28, d.field_id_29, 
    d.field_id_30, d.field_id_31, d.field_id_32, d.field_id_33, d.field_id_34, d.field_id_35,
    m.member_id, m.email
FROM exp_channel_titles t
LEFT JOIN exp_channel_data d on t.entry_id = d.entry_id
LEFT JOIN exp_members m on t.author_id = m.author_id
WHERE t.title LIKE %Member% 
  AND t.status = 'complete'

Possible explode() and/or function problem.

04 May 2012 - 01:29 PM

I'm not getting any errors but its also not INSERTing into the database. Without an error I can figure out whats wrong.


$db_server = 'localhost';
$db_user = 'user_db';
$db_pass = 'password';

$dbc = mysql_connect ($db_server, $db_user, $db_pass);
if (!$dbc) { 
    die(mysql_error());
    header ('Location: /form');
    exit;
}

	if (is_array($_POST)) {
        foreach ($_POST as $key => $value) {
            $_POST[$key] = mysql_real_escape_string(stripslashes($value));
        }
    }

    $xRequestType      = $_POST["xRequestType"];
    $xConsumerBusiness = $_POST["xConsumerBusiness"];
    $xGlobalLocation   = $_POST["xGlobalLocation"];
    $xFirstName        = strtolower(str_replace("'","''",$_POST["xFirstName"]));
    $xFirstName        = strtoupper(substr($xFirstName,0,1)).substr($xFirstName,1);
    $xLastName         = strtolower(str_replace("'","''",$_POST["xLastName"]));
    $xLastName         = strtoupper(substr($xLastName,0,1)).substr($xLastName,1);
    $xEmail            = strtolower(str_replace("'","''",$_POST["xEmail"]));
    $xTitle            = strtolower(str_replace("'","''",$_POST["xTitle"]));

function dbSet($fields, $source = array()) {
    $set='';
    if (!source) $source = &$_POST;
    foreach ($fields as $field) {
        if (isset($source[$field])) {
            $set.="`$field`='".mysql_real_escape_string($source[$field])."', ";
        }
    }
    return substr($set, 0, -2);
}

// INSERT INTO DATABASE
            mysql_select_db("new_contact",$dbc) or die("Could not select new_contact");
            
$fields =   explode(" ", "xRequestType xConsumerBusiness xGlobalLocation xFirstName xLastName xEmail xTitle xCompany xAddress xCity xState xZip xPhone xFax xProductDesc xComment");
            $query = "INSERT INTO new_contact SET ".dbSet($fields, $_POST);
            mysql_query($query);