Jump to content

krystof78

Members
  • Posts

    51
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

krystof78's Achievements

Member

Member (2/5)

1

Reputation

  1. Hi all, I have no experience in MS SQL databases and I would like to know how difficult it is to export a MS SQL database. I am asking that because I've asked the company that is managing my company's website to export the data of our online clients details (first name, last name, address, emails...) and their orders (order nb, products description, product ordered...), as it is not possible to get it from their CMS, and they've quoted me 6 to 8 hours to do so. I am used to manage MySQL databases, and it never took me that long to extract data from my databases. So I was wondering if it was so much different that it really requires much more time, or if this company is trying to push its luck by charging a lot. Thanks in advance for your answers. If you need any details, do not hesitate to let me know. Cheers, Krys
  2. Thanks premiso for your answer. Here is the function I use to escape the string data: function mysql_prep( $value ) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0 if ( $new_enough_php ) { //PHP v4.3.0 or higher // undo any magic quote effects so mysql_real_escape_string can do the work if ( $magic_quotes_active ) { $value = stripslashes( $value ); } $value = mysql_real_escape_string ( $value ); } else { // before PHP v4.3.0 // if magic quotes aren't already on then add slashes manually if ( !$magic_quotes_active ) { $value = addslashes ( $value ); } // if magic quotes are active, then the slashes already exist } return $value; } I feel that it's doing the job required. What do you think about it? Thanks again. Cheers, Krys
  3. Hi there, I would like to know what you think about these security checks for a login page leading to an admin area: // START FORM PROCESSING if (isset($_POST['submit'])) { // Form has been submitted. $errors = array(); // perform validations on the form data $required_fields = array('username', 'password'); $errors = array_merge($errors, check_required_fields($required_fields, $_POST)); $fields_with_lengths = array('username' => 30, 'password' => 30); $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths)); // clean up the form data before putting it in the database $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); // Database submission only proceeds if there were NO errors. if (empty($errors)) { // Check database to see if username and the hashed password exists there. $query = "SELECT id, username "; $query .= "FROM users "; $query .= "WHERE username = '{$username}' "; $query .= "AND hashed_password = '{$hashed_password}' "; $query .= "LIMIT 1"; $result_set = mysql_query($query); confirm_query($result_set); if (mysql_num_rows($result_set) == 1) { // username/password authenticated // and only 1 match $found_user = mysql_fetch_array($result_set); $_SESSION['user_id'] = $found_user['id']; $_SESSION['username'] = $found_user['username']; redirect_to("staff.php"); } else { // username/password combo was not found in the database $message = "Username/password combination incorrect.<br/> Please make sure your caps lock key is off and try again."; } } else { // Errors occured if (count($errors) == 1) { $message = "There was 1 error in the form."; } else { $message = "There were " . count($errors) . " errors in the form."; } } } // END FORM PROCESSING Is there any security holes in this code? I am starting to get a bit paranoid after reading a few things about security issues so I'd be glad if you could help me on that... Thanks in advance for your input... Cheers, Krys
  4. Hi again, I found a solution to my problem. I changed the code to: setlocale(LC_MONETARY, 'en_GB.UTF-8'); echo money_format('%.0n',$list['price'])."\n"; Now it works properly. Hope that helps some people too. Cheers,
  5. Hi there, I have a question about the money_format() function. I am trying to use it on a website I'm building at the moment and I have a problem with it. Here is the code I use: setlocale(LC_MONETARY, 'en_GB'); echo money_format('%.0n',$list['price'])."\n"; On my local server, I have no problem, the amount and symbol appear correctly. But when I upload the files on an online testing server, the "£" does not appear and leaves a question mark in a black diamond. Can anyone tell me what I am doing wrong? Thanks in advance. Cheers,
  6. Hi there, I am trying to set a video as background to my website and I would like to have it scale to the width of the user' screen, but I can't figure out how to do it. I tried to put 100% in the width of the flash settings, but it does not seem to work. Any idea? Thanks for your help. Krys
  7. Ok thanks, I am going to do that...
  8. Well, I've copied all the files I've downloaded in a folder accessible from my local sever... Should I put some of the files somewhere else?
  9. I tried FPDF, but when I try the demo in tuto1 on my computer, it downloads the tot1.php instead of creating the pdf... Do I have to install something else or to configure something specific to make it work?
  10. Hi guys, I would like to know if there is a way to generate pdf when clicking on a link. In fact, I would like to be able to click on a link and generate a pdf file with information from my database, say a profile of a client for example or an invoice. I was able to generate a pdf using a basic tutorial. Here is the code: <?php $mypdf = PDF_new(); PDF_open_file($mypdf, ""); PDF_begin_page($mypdf, 595, 842); $myfont = PDF_findfont($mypdf, "Times-Roman", "host", 0); PDF_setfont($mypdf, $myfont, 10); PDF_show_xy($mypdf, "Sample PDF, constructed by PHP in real-time.", 50, 750); PDF_show_xy($mypdf, "Made with the PDF libraries for PHP.", 50, 730); PDF_end_page($mypdf); PDF_close($mypdf); $mybuf = PDF_get_buffer($mypdf); $mylen = strlen($mybuf); header("Content-type: application/pdf"); header("Content-Length: $mylen"); header("Content-Disposition: inline; filename=gen01.pdf"); print $mybuf; PDF_delete($mypdf); ?> But 1) it's seems to be pretty hard to have something that looks nice if I have to specify each item it location with X and Y 2) I have in the middle of the page: www.pdflib.com. I guess I have to pay for a licence to get rid of that but I went to the website and it's kind of expensive for me. Do you know how an easier way to generate a pdf from my website and without having this "www.pdflib.com"? Is there another script out there or another lib? Thanks for your help. Cheers, Chris
  11. Actually, I found the solution right after posting here. Here is what I did if it can help some people: <?php $sql = "SELECT SUM(bedroom_total) FROM bedrooms WHERE event_id='$sel_event[id]'"; $result = mysql_query($sql); $r = mysql_fetch_row($result); echo "$r[0]"; ?> Thanks anyway!
  12. Hi there, I have a problem with a query: <?php $sql = "SELECT SUM(room_fee) FROM function_room WHERE event_id = '$sel_event[id]'"; $result = mysql_query($sql); echo "$result"; ?> When I perform this query in phpMyAdmin, I get the number I want but when I put that in one of the pages of my website, I get a "Resource id #12" instead. Any idea what I did wrong? Thanks for your answers. Cheers,
  13. I tried that but apparently not well as I don't get anything. Here is what I tried: <?php $sql = "SELECT DATE_FORMAT(event_start_date,'%d %b %y') as event_start_date FROM events WHERE id = '2'"; $result = mysql_query($sql); echo $result; ?> Any idea what I did wrong?
  14. Hi guys, I would like to display on my webpage a DATE item from one of my database using PHP, but I would like to format it like "15 December 2009" instead of 2009-12-15. Can anyone help me? Thanks in advance for your help. Cheers, Chris
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.