Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. requinix
    I didn't tell you because the change was so simple. I knew if I poked and prodded you a bit, pointed you in the right direction, that you would figure it out. And you would learn along the way. Because someone saying "use escapeshellarg and remove the embedded quotes around it" would teach you where to get answers but not how to get them. And knowing how to get those answers is what makes skilled developers. As for being condescending... yeah, I was a bit. People who learn to be developers by copying and pasting stuff from the internet make the rest of us professionals look bad, and it's one of my pet peeves. I'm not saying you're like that, but when I see a glimmer of that that sort of mentality emerging I want to squash it there and then.
  3. UnluckyForSome
    The correct syntax is shell_exec("mv ".escapeshellarg($thisGame)." Removed/"); Why he couldn't just tell me this an hour ago I will never know. Would have taken 10 seconds of his time and saved me an hour of frustration. Getting a newbie to dance around like a monkey for a little bit of advice is a power trip for him, I guess. While I appreciate your help requinix, please consider being a little less condescending; "If you had checked the documentation for it before simply doing what people on the internet told you to do". Thanks again for your help...
  4. requinix

    PHP Gallery - Sorting newest images first

    requinix replied to Kimzerx's topic in PHP Coding Help

    That's a nice get_files() function you have there. Shame you aren't using...
  5. UnluckyForSome
    escapeshellcmd is for commands. I'm a buffoon who shouldn't get help from people on the internet Use escapeshellarg for single arguments ---- OK Don't quote the value if you want it examined. I still can't get the right syntax with escapeshellarg - as I'm a complete beginner. Please could you show me? Is it shell_exec(*SOMETHING SOMETHING* escapeshellarg($thisGame) . \ Removed/"); Kind regards.
  6. Kimzerx

    PHP Gallery - Sorting newest images first

    Kimzerx replied to Kimzerx's topic in PHP Coding Help

    Did try your alternative, but im not getting it to work. I must be missing something. <!DOCTYPE html> <html lang="en-GB"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> <link href="_assets/magnifix-popup/magnific-popup.css" rel="stylesheet" type="text/css"/> <link href="_assets/css/main.css" rel="stylesheet" type="text/css"/> <title>Kimz Party Snapshots</title> </head> <body> <section class="qt-photo-gallery"> <?php function get_files($qt_folder_name,$exts = array('jpg')) { $files = array(); if($handle = opendir($qt_folder_name)) { while(false !== ($file = readdir($handle))) { $extension = strtolower(get_file_extension($file)); if($extension && in_array($extension,$exts)) { $files[$file] = filemtime($qt_folder_name . '/' . $file); } } closedir($handle); } arsort($files); return array_keys($files); } /* ========================================================================== */ $qt_folder_name = 'images'; // change this to a folder of your choice for images $qt_handle = opendir( dirname( realpath( __FILE__ ) ) . '/' . $qt_folder_name . '/' ); /* ========================================================================== */ $qt_counter = 0; while( $qt_file = readdir( $qt_handle ) ) : if( $qt_file !== '.' && $qt_file !== '..' ) : $qt_counter++; $qt_file_path = $qt_folder_name . '/' . $qt_file; ?> <!-- ======================================================================= --> <div class="qt-photo-gallery-item qt-image-no-<?php echo $qt_counter; ?>"> <a class="qt-photo-gallery-item-link" href="<?php echo $qt_file_path; ?>" title="File name: <?php echo $qt_file; ?>"> <div class="qt-photo-gallery-item-image-wrapper"> <img src="<?php echo $qt_file_path; ?>" class="qt-photo-gallery-item-image" /> </div> </a> </div> <!-- ======================================================================= --> <?php if( $qt_counter == 5 ) { $qt_counter = 0; } endif; endwhile; /* ========================================================================== */ ?> </section> <script src="_assets/js/jquery-3.2.1.min.js" type="text/javascript"></script> <script src="_assets/magnifix-popup/jquery.magnific-popup.min.js" type="text/javascript"></script> <script src="_assets/js/main.js" type="text/javascript"></script> </body> </html>
  7. requinix
    Removing the quotes was part of it. Can you restate what I said in my post using your own words? Top to bottom.
  8. UnluckyForSome
    Hi Requinx You're elluding to removing the quotes so it examines the value? I tried to take the quotes off shell_exec("mv \"" . escapeshellcmd($thisGame) . "\" Removed/"); to make shell_exec("mv \"" . escapeshellcmd($thisGame) . \ Removed/"); But i'm getting errors. I'm not quite sure what else to try. Many thanks.
  9. requinix
    escapeshellcmd is for commands. If you had checked the documentation for it before simply doing what people on the internet told you to do then you would hopefully have seen the red warning: On that linked page you would see the description It's also to be used when the command is executed. Not earlier. Because it alters the value - which, in contexts like this, is generally called "escaping". This is a very important aspect you need to understand: the difference between what a value is and how a value is interpreted. The value "1+2" is a string with three characters. If you interpreted that value as PHP code you would get 3, a number. The value itself and the value of it interpreted are two things. escapeshellcmd/arg alter the value so that it will not be interpreted as anything special. That would be like taking "1+2" and adding quotes around it so that PHP considered it to be the three-character string it was originally, but in doing so the value becomes five characters. If you want to examine the value then you must not quote it yet. If you want to do something with the value then you might quote it ("might" depending what you wanted to do). You also wouldn't escape it and add your own quotes because that would be too much. So, after that rambling explanation, can you tell me what your updated code should be?
  10. Yesterday
  11. UnluckyForSome
    It wont let me edit my post anymore but I just wanted to say the file in question is Quiz$Millionaire - (Japan) (v1.0).zip NOT Quiz$Millionaire -(Japan).zip Like is originally written. Thanks
  12. UnluckyForSome
    I am trying to build a filter for sorting/removing files; However, upon testing I have noticed a certain type of file which is getting through the net despite being named with a "(Japan)" country identifier (which should be filtered) at the end. I think this is because of the dollar sign ($). The file in question: Quiz$Millionaire -(Japan).zip I get the error below when running the script. It echo's the file correctly, but then when attempting the mv it reports it with "$Millionaire" missing from the middle of the string! mv: cannot stat 'Quiz (Japan) (v1.0).zip': No such file or directory I have been told I need to use $thisGame = escapeshellcmd($thisGame); in the code below, but when I do it messes up my regex matching for everything else - so I think I have to modify my regex? - but I'm a beginner and don't really know how to fix it! Code below: $gameList = trim(shell_exec("ls -1")); $gameArray = explode("\n", $gameList); shell_exec('mkdir -p Removed'); // Do this magic for every file foreach ($gameArray as $thisGame) { if (!$thisGame) continue; // Probably already been removed if (!file_exists($thisGame)) continue; // Non-Engish speaking countries e.g. (France) or (Japan) if (preg_match('%\((Asia|Austria|Brazil|China|Denmark|Finland|France|Germany|Greece|Hungary|Israel|Italy|Japan|Japan, Asia|Korea|Netherlands|Norway|Poland|Portugal|Russia|Scandinavia|Spain|Sweden)\)%', $thisGame)) { echo "{$thisGame} is a foreign language release. Moved to Removed folder.\n"; shell_exec("mv \"{$thisGame}\" Removed/"); continue; } } I've also been told to replace the line: shell_exec("mv \"{$thisGame}\" Removed/"); with shell_exec("mv \"" . escapeshellcmd($thisGame) . "\" Removed/"); But unfortunately if I try that I get the error: mv: cannot stat 'Quiz$Millionaire \(Japan\) \(v1.0\).zip': No such file or directory Could anybody help me? I'd be super greatful! Many thanks J
  13. UnluckyForSome UnluckyForSome joined the community
  14. mac_gyver
    the biggest out of date problem is the use (and misuse) of addslashes(). for values that are being supplied to an sql query statement, you need to instead use a prepared query and supply the values when the query is executed. the php PDO extension is much simpler to use, over the mysqli extension, especially when using prepared queries. for the $taal value that is being used in the sql queries as part of a column name, you must validate that it contains only and exactly an expected value, since you cannot protect against sql injection in 'identifiers' by escaping the value and you cannot supply 'identifiers' using a prepared query place-holder. for values that are being used to build URLs, addslashes() shouldn't even be used. these cases should use urlencode() or even better yet, use http_build_query(), which applies urlencode() for you, when building the query string part of URLs. along with using prepared queries when supplying values to an sql query, you need to use exceptions to handle database statement (connection, query, prepare, execute) errors, and in most cases let php catch the exception, where it will use its error_reporting, display_errors, and log_errors settings to control what happens with the actual error information. this will give you consistent error handling through out the code, and let you eliminate any error handling logic you may have now. enabling exceptions for either the mysqli or PDO extension takes a single line of code, but is different between the two extensions, so you need to pin down which one you are going to use firstly. as to not seeing any php error messages. you should have your development system set up with error_reporting set to E_ALL, display_errors set to ON, and output_buffering set to OFF, in the php.ini, and you should remove any lines of code setting these. lastly, this code is filled with repetitive blocks that only differ in what value they use and with inefficient coding., which requires that you make changes and corrections in multiple places. going through and cleaning up the code before you try to update it, will reduce the overall amount of work. two immediate things that can reduce the amount of code when building links are - 1) the code is using some/all of the existing get parameters, and adding/modifying one of them when building links. to do this, just get a copy of the current $_GET variable, assign or unset elements in this copy, then use http_build_query to produce the query string part of the URLs. 2) the code is building a comma separated list of posted groep values in the URL &groep= parameter. you can just implode the posted data. there's no need for all the code using a flag, a loop, and conditional logic, repeated in multiple places. i would also recommend that you rearrange the code so that any post method form processing comes before the start of the html document and that the php 'business logic', that knows how to get/produce data needed to display the page, comes after the post method form processing code and before the start of the html document. the result from these two sections of code should be stored in php variables, with simple php code inside the html document using this data.
  15. ginerjm
    Leaving a site un-maintained for 12 years is not very responsible of your management team. All computer code needs maintenance/updating over its lifetime. That includes big iron and small alike, including web-based stuff. Your code is so out of date you need to devote some talented, skillful programming staff to this app to bring it into the 21st century.
  16. requinix
    That's a lot of code, and it doesn't quite match up with what you had in the first post. Can you be more precise about what isn't working? And regarding the general question about upgrading from PHP 5 to 7, have you seen the migration guides? edit: Code boxes now won't grow so large.
  17. arnoldg
    i know, this is code writen by some else, and it is not the whole code. the index file is prety large, entire index file. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Nederlands en Belgisch ZeewaterDatabase</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <LINK REL= "STYLESHEET" HREF = "/database/style/style.css" TYPE = "text/css"> </head> <body Style = "background-color: #ffffff"> <script language="JavaScript"> <!-- function getItemMain(id) { var itm = false; if(parent.document.getElementById) itm = parent.document.getElementById(id); else if(parent.document.all) itm = parent.document.all[id]; else if(parent.document.layers) itm = parent.document.layers[id]; return itm; } function confirm_delete_message(ID,url) { if(confirm("Weet je zeker dat je dit wil verwijderen?")) { form = getItemMain(ID); if(form) { form.action = url; form.submit(); } } } //--> </script> <table width = "100%"> <tr> <td> <table border="0" width="100%" cellpadding="0" cellspacing="0" align="center"> <tr> <?php if(isset($_GET['taal']) && $_GET['taal']=='eng'){ echo "<td align=\"left\"><div align=\"center\"><a href=\"index.php?\"><img src=\"images/misc/bg2.jpg\" border=\"0\" alt=\"Nederlands en Belgisch Zeewater Database\" /></a></td>"; } else { echo "<td align=\"left\"><div align=\"center\"><a href=\"index.php?\"><img src=\"images/misc/bg2.jpg\" border=\"0\" alt=\"Nederlands en Belgisch Zeewater Database\" /></a></td>"; } ?> </tr> <tr> <table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center"> <tr class="tborder" valign="bottom"> <table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center"> <td class="alt1" align = "left" width = "100%"> <a href="#" onclick="history.back(1)"><img src="images/misc/navbits_start.gif" alt="Ga Terug" border="0"></a> <span class="navbar"><a href="index.php?" accesskey="1">Nederlands en Belgisch Zeewater Database</a></span> <?php error_reporting(E_ALL & ~E_NOTICE); //als de taal is meegegeven, deze gebruiken, anders nederlands instellen if(isset($_GET['taal'])){ $taal = addslashes($_GET['taal']); } else{ $taal = "ned"; } require_once('connect.php'); require_once('taal.php'); require_once('dierview.php'); require_once('pagina.php'); require_once('logincheck.php'); require_once('log.php'); require_once('front.php'); require_once('fotowijzig.php'); require_once('dierform.php'); require_once('savedier.php'); if ($user){ }else{ echo " </td></tr></table></br></br>"; Echo "U dient eerst middels het zeewaterforum in te loggen</br>"; echo "<a href='http://www.zeewaterforum.info'>www.zeewaterforum.info</a>"; exit(); } if(isset($_POST['groep'])){ $groep = $_POST['groep']; } //url samenstellen om te loggen $url = "./database/index.php?taal=$taal"; if(isset($_GET['startat'])){ $url = $url."&startat=".$_GET['startat']; } if(isset($_GET['GroepID'])){ $url = $url."&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ $url = $url."&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ $url = $url."&DierID=".$_GET['DierID']; } if(isset($_GET['action'])){ $url = $url."&action=".$_GET['action']; } if(isset($_POST['zoekstring'])){ $url = $url."&zoekstring=".addslashes($_POST['zoekstring']); } else{ if(isset($_GET['zoekstring'])){ $url = $url."&zoekstring=".addslashes($_GET['zoekstring']); } } if(isset($_POST['groep'])){ $url = $url. "&groep="; $first = 0; foreach($groep as $groepnum) { if($first == 1){ $url = $url. ","; } else{ $first = 1; } $url = $url. "{$groepnum}"; } } else{ if(isset($_GET['groep'])){ $url = $url. "&groep=".addslashes($_GET['groep']); } } //loggen //logit('4','bekijk',$user['userid'],$user['username'],$url); //als hoofdgroepid is opgegeven, de naam opzoeken if(isset($_GET['HoofdgroepID'])){ $HoofdgroepID = addslashes($_GET['HoofdgroepID']); $query = "SELECT ".$taal."_omschrijving as naam FROM hoofdgroep where hoofdgroepid = '$HoofdgroepID'"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_array($result); //als ook de groepid of dierid is geset, deze weergeven if((isset($_GET['GroepID'])) || isset($_GET['DierID'])){ echo "<span class=\"navbar\">&gt; <a href=\"index.php?taal=$taal&HoofdgroepID=$HoofdgroepID\">".$row['naam']."</a></span>\n"; } } } //als de groepid is opgegeven, de naam opzoeken if(isset($_GET['GroepID'])){ $GroepID = addslashes($_GET['GroepID']); $query = "SELECT ".$taal."_omschrijving as naam FROM groep where groepid = '$GroepID'"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_array($result); //als dierid ook nog is geset, deze weergeven if(isset($_GET['DierID'])){ echo "<span class=\"navbar\">&gt; <a href=\"index.php?taal=$taal&GroepID=$GroepID"; if(isset($_GET['HoofdgroepID'])){ $HoofdgroepID = addslashes($_GET['HoofdgroepID']); echo "&HoofdgroepID=$HoofdgroepID"; } echo "\">".$row['naam']."</a></span>"; } } } ?> *3 </td> </tr> <tr> <td class="alt1" style="font-size:10pt; padding-top:1px" > <?php if(isset($row)){ echo "<img class=\"inlineimg\" src=\"images/misc/navbits_finallink.gif\" border=\"0\" />\n"; } ?> <strong> <?php //als dierid is opgegeven de naam weergeven if(isset($_GET['DierID'])){ $DierID = addslashes($_GET['DierID']); $query = "SELECT lat_naam, ".$taal."_naam as naam FROM dier WHERE dierid = '$DierID'"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_array($result); echo "<i>".$row['lat_naam']."</i>"; if($row['naam'] != ""){ echo " (".$row['naam'].")"; } } } else{ //anders de groepid is opgegeven, deze weergeven if(isset($_GET['GroepID'])){ $GroepID = addslashes($_GET['GroepID']); $query = "SELECT ".$taal."_omschrijving as naam FROM groep where groepid = '$GroepID'"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_array($result); echo $row['naam']; } } else { //anders als de hoofdgroepis is opgegeven, deze weergeven if(isset($_GET['HoofdgroepID'])){ $HoofdgroepID = addslashes($_GET['HoofdgroepID']); $query = "SELECT ".$taal."_omschrijving as naam FROM hoofdgroep where hoofdgroepid = '$HoofdgroepID'"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_array($result); echo $row['naam']; } } } } ?> *1 </td> <td class="alt2" nowrap="nowrap" style="padding:0px" rowspan="2"> <div class="smallfont"> <strong>&nbsp;Welkom, <?php echo $user['username']; ?>&nbsp;</strong><br /> &nbsp;<br /> </div> </td> </td> </tr> </table> <div align="center"> <table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center" style="border-top-width:0px"> <tr align="center"> <?php //de hoofdgroepen opzoeken $query = "SELECT hoofdgroepid, ".$taal."_omschrijving from hoofdgroep WHERE 1"; $result = mysqli_query($link, $query); $aant = mysqli_num_rows($result); //als de user een administrator is, link weergeven naar admingedeelte $aant = $aant + 4; if(isadmin($user)){ $aant++; $bree = 100 / $aant; echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"admin/dierbeheer.php?\">Adminpagina</a></td>"; } $bree = 100 / $aant; echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"http://www.zeewaterforum.info\">Zeewaterforum</a> </td>"; //alle hoofdgroepen weergeven while($row = mysqli_fetch_row($result)){ $query = "SELECT COUNT(*) as num FROM dier LEFT JOIN groep ON groep.groepid = dier.groepid WHERE showdier = 1 AND groep.hoofdgroepid = '{$row[0]}'"; $num = mysqli_fetch_array(mysqli_query($link, $query)); echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal=$taal&HoofdgroepID=$row[0]\">{$row[1]} ({$num['num']})</a></td>"; } //link naar zoekscherm weergeven echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal=$taal&action=zoek"; if(isset($_GET['GroepID'])){ echo "&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ echo "&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ echo "&DierID=".$_GET['DierID']; } echo "\">".taal('zoek',$taal)."</a></td>"; //taal wijzigen link weergeven echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal="; if($taal == ned){ echo "eng"; } else{ echo "ned"; } if(isset($_GET['GroepID'])){ echo "&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ echo "&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ echo "&DierID=".$_GET['DierID']; } if(isset($_GET['action'])){ echo "&action=".$_GET['action']; } if(isset($_POST['zoekstring'])){ echo "&zoekstring=".addslashes($_POST['zoekstring']); } else{ if(isset($_GET['zoekstring'])){ echo "&zoekstring=".addslashes($_GET['zoekstring']); } } if(isset($_POST['groep'])){ echo "&groep="; $first = 0; foreach($groep as $groepnum) { if($first == 1){ echo ","; } else{ $first = 1; } echo "{$groepnum}"; } } else{ if(isset($_GET['groep'])){ echo "&groep=".addslashes($_GET['groep']); } } echo "\">".taal('switchtaal',$taal)."</a></td>"; //als user is ingelogd uitlog link weergeven echo "</tr>"; echo "</table>"; echo "</div>"; echo "<br/>"; function geefdierenweer($result, $taal, $aantalweergeven, $width, $user, $groep){ $aantal = mysqli_num_rows($result); if(isset($_GET['startat'])){ $st = addslashes($_GET['startat']); if($st<$aantal){ mysqli_data_seek($result,$st); } } $aantalweergegeven = 0; echo "<table width = \"$width\" align = \"right\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\">"; pagina($taal, $aantal, $aantalweergeven, $st, 'top', $groep); echo "<tr><td>"; echo "<table class=\"tborder\" cellpadding=\"6\" cellspacing=\"1\" border=\"0\" width = \"100%\" align=\"right\">\n"; echo "<thead>"; echo "\t<tr align=\"center\">\n"; echo "\t\t<td class=\"thead\" >"; echo "<a href=\"index.php?taal=$taal&orderby=lat_naam"; if(isset($_GET['GroepID'])){ echo "&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ echo "&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ echo "&DierID=".$_GET['DierID']; } if(isset($_GET['action'])){ echo "&action=".$_GET['action']; } if(isset($_POST['zoekstring'])){ echo "&zoekstring=".addslashes($_POST['zoekstring']); } else{ if(isset($_GET['zoekstring'])){ echo "&zoekstring=".addslashes($_GET['zoekstring']); } } if(isset($_POST['groep'])){ echo "&groep="; $first = 0; foreach($groep as $groepnum) { if($first == 1){ echo ","; } else{ $first = 1; } echo "{$groepnum}"; } } else{ if(isset($_GET['groep'])){ echo "&groep=".addslashes($_GET['groep']); } } if(isset($_GET['orderby'])){ $orderby = $_GET['orderby']; if($orderby == "lat_naam"){ if(isset($_GET['richting'])){ $richting = $_GET['richting']; if($richting != 'desc'){ echo "&richting=desc"; } } else{ echo "&richting=desc"; } } } else{ echo "&richting=desc"; } echo "\">".taal('latdiernaam',$taal)."</a>"; "</td>\n"; echo "\t\t<td class=\"thead\" >"; echo "<a href=\"index.php?taal=$taal&orderby=naam"; if(isset($_GET['GroepID'])){ echo "&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ echo "&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ echo "&DierID=".$_GET['DierID']; } if(isset($_GET['action'])){ echo "&action=".$_GET['action']; } if(isset($_POST['zoekstring'])){ echo "&zoekstring=".addslashes($_POST['zoekstring']); } else{ if(isset($_GET['zoekstring'])){ echo "&zoekstring=".addslashes($_GET['zoekstring']); } } if(isset($_POST['groep'])){ echo "&groep="; $first = 0; foreach($groep as $groepnum) { if($first == 1){ echo ","; } else{ $first = 1; } echo "{$groepnum}"; } } else{ if(isset($_GET['groep'])){ echo "&groep=".addslashes($_GET['groep']); } } if(isset($_GET['orderby'])){ $orderby = $_GET['orderby']; if($orderby == "naam"){ if(isset($_GET['richting'])){ $richting = $_GET['richting']; if($richting != 'desc'){ echo "&richting=desc"; } } else{ echo "&richting=desc"; } } } echo "\">".taal('diernaam',$taal)."</a>"; echo "</td>\n"; echo "\t\t<td class=\"thead\" >&nbsp;</td>\n"; if(isadmin($user)){ echo "\t\t<td class=\"thead\" >Admin:</td>\n"; } echo "\t</tr>"; echo "</thead>"; if (mysqli_num_rows($result) > 0) { while (($row = mysqli_fetch_row($result)) && $aantalweergegeven < $aantalweergeven) { $linkstring = "index.php?DierID=$row[0]&taal=$taal"; if(isset($_GET['GroepID'])){ $linkstring = $linkstring . "&GroepID=".$_GET['GroepID']; } if(isset($_GET['HoofdgroepID'])){ $linkstring = $linkstring . "&HoofdgroepID=".$_GET['HoofdgroepID']; } if(isset($_GET['DierID'])){ $linkstring = $linkstring . "&DierID=".$_GET['DierID']; } echo "\t<tr align=\"left\">\n"; echo "\t\t<td class=\"alt1\" width = \"50%\">"; echo "<a href = \"$linkstring\">".$row[1]."</a>"; echo "</td>\n"; echo "\t\t<td class=\"alt2\" width = \"50%\">"; echo "<a href = \"$linkstring\">".$row[2]."</a>"; echo "</td>\n"; echo "\t\t<td class=\"alt1\"align =\"center\" width =\"90\" border = \"0\">\n"; echo "<a href = \"$linkstring\">"; $query = "SELECT fotoid FROM foto WHERE dierid = '$row[0]' ORDER BY hoofd DESC LIMIT 1"; $fotores = mysqli_query($link,$query); if (mysqli_num_rows($fotores) > 0){ $rrow = mysqli_fetch_array($fotores); echo "<img src=\"./plaatjes/klein/{$row[0]}_{$rrow['fotoid']}.jpeg\" width=\"80\" height=\"60\">"; } else{ echo taal('geenplaatje',$taal); } echo "</a>"; echo "\t\t</td>"; if(isadmin($user)){ echo "\t\t<td class=\"alt2\"align =\"center\" width =\"80\" border = \"0\">\n"; echo "\t\t<FORM ACTION = \"./admin/dierwijzig.php?redirect=".urlencode($_SERVER['REQUEST_URI'])."\" METHOD = \"post\">\n"; echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n"; echo "\t\t<INPUT TYPE = HIDDEN NAME = \"wijzig\" VALUE = \"wijzig\" ID = \"wijzig\">\n"; echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/quickreply.gif\" alt = \"wijzigen\" VALUE = \"Wijzig\" NAME = \"wijzig\">\n"; echo "\t\t</FORM>\n"; echo "\t\t<FORM ACTION = \"./admin/fotowijzig.php?redirect=".urlencode($_SERVER['REQUEST_URI'])."\" METHOD = \"post\">\n"; echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n"; echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/gallery.gif\" alt = \"foto\" VALUE = \"Wijzig\" NAME = \"foto\">\n"; echo "\t\t</FORM>\n"; echo "\t\t<FORM ACTION = \"JavaScript:confirm_delete_message('delete$row[0]','./admin/dierbeheer.php?')\" METHOD = \"post\" ID = \"delete$row[0]\">\n"; echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n"; echo "\t\t<INPUT TYPE = HIDDEN NAME = \"delete\" VALUE = \"delete\" ID = \"delete\">\n"; echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/zquickdelete.gif\" alt = \"verwijderen\" VALUE = \"Verwijder\" NAME = \"del\">\n"; echo "\t\t</FORM>\n"; } echo "\t\t</td>\n"; echo "\t</tr>\n"; $aantalweergegeven++; } } echo "</table>"; echo "</td></tr>"; pagina($taal, $aantal, $aantalweergeven, $st, 'bottom', $groep); echo "</table>"; } //wanneer action is geset if(isset($_GET['action'])){ $action = addslashes($_GET['action']); if($action == "foto"){ if($user['userid']==-1){ echo "<table align=\"center\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"0\" border=\"0\">"; echo "<thead>"; echo "\t<tr align=\"center\">\n"; echo "\t\t<td class=\"thead\" colspan = \"2\">".taal('uploadfoto',$taal)." </td>\n"; echo "\t</tr>"; echo "</thead>"; echo "<tr><td class=\"alt1\" colspan = \"2\">"; echo taal('loginfoto',$taal); echo "</td></tr>"; echo "</table>"; } else{ fotoupload($user['userid'], $taal); } } //Als action zoek is, zoekscherm weergeven if($action == "zoek"){ echo "<table align=\"center\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"0\" border=\"0\">"; echo "<thead>"; echo "\t<tr align=\"center\">\n"; echo "\t\t<td class=\"thead\" colspan = \"2\">".taal('zoek',$taal)." </td>\n"; echo "\t</tr>"; echo "</thead>"; echo "<tr><td class=\"alt1\" colspan = \"2\">"; echo "<form method=\"post\" action=\"index.php?taal=$taal&action=vind\">\n"; echo taal('zoeks',$taal)."<br/>"; echo "<input type=\"text\" size=\"50\" name=\"zoekstring\"><br>\n"; echo "<input type=\"submit\" value=\"".taal('zoek',$taal)."\" name=\"Zoek\">\n"; echo "</tr></td>"; $query = "SELECT hoofdgroepid, {$taal}_omschrijving as naam FROM hoofdgroep WHERE 1"; $result = mysqli_query($link,$query); if(mysqli_num_rows($result)>0){ while($rij = mysqli_fetch_array($result)){ echo "<tr><td class=\"alt1\">"; echo "<input type = \"checkbox\" checked name = \"hoofdgroep\" id = \"hg{$rij['hoofdgroepid']}\" onClick = \"checkgroep{$rij['hoofdgroepid']}();\" value = \"{$rij['hoofdgroepid']}\">".$rij['naam']; echo "</td><td class=\"alt1\">"; $query = "SELECT groepid, {$taal}_omschrijving as naam FROM groep WHERE hoofdgroepid = \"{$rij['hoofdgroepid']}\""; $groepresult = mysqli_query($link,$query); $functie = "\n<script language=\"JavaScript\"> \n<!--\nfunction checkgroep{$rij['hoofdgroepid']}() {\nhoofdgroep = getItemMain(\"hg{$rij['hoofdgroepid']}\");\n"; if(mysqli_num_rows($groepresult)>0){ while($groeprij = mysqli_fetch_array($groepresult)){ $functie = $functie . "groep = getItemMain(\"gr{$groeprij['groepid']}\"); \ngroep.checked = hoofdgroep.checked;\n"; echo "<input type = \"checkbox\" checked name = \"groep[]\" id = \"gr{$groeprij['groepid']}\" value = \"{$groeprij['groepid']}\">".$groeprij['naam']."<br />"; } } $functie = $functie . "} \n//--></script>\n"; echo $functie; echo "</td></tr>"; } } echo "</form>\n"; echo "</td></tr>"; echo "</table>"; } //Als action vind is uitkomst weergeven. if($action == "vind"){ if(isset($_GET['groep'])){ $groep = explode(',',$_GET['groep']); } if(isset($_POST['zoekstring'])){ $zoekst = explode(" ",addslashes($_POST['zoekstring'])); } if(isset($_GET['zoekstring'])){ $zoekst = explode(" ",addslashes($_GET['zoekstring'])); } if($_POST['zoekstring'] != "" || $_GET['zoekstring'] != "" ){ $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier WHERE showdier = '1' AND (0"; foreach($groep as $groepnum){ $query = $query. " OR groepid = '{$groepnum}'"; } foreach ($zoekst as $zoekstring){ $query = $query . ") AND (0"; $query = $query . " OR INSTR(LCASE(lat_naam),LCASE('$zoekstring')) "; $query = $query . " OR INSTR(LCASE({$taal}_naam),LCASE('$zoekstring')) "; $query = $query . " OR INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')) "; $query = $query . " OR INSTR(LCASE({$taal}_geslachtond),LCASE('$zoekstring')) "; $query = $query . " OR INSTR(LCASE(ontdekker),LCASE('$zoekstring')) "; $query = $query . " OR INSTR(LCASE(synoniem),LCASE('$zoekstring')) "; // $query = $query . " OR EXISTS (SELECT * FROM kleurdierrel LEFT JOIN kleur ON kleurdierrel.kleurid = kleur.kleurid WHERE dier.dierid = kleurdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));"; // $query = $query . " OR EXISTS (SELECT * FROM voerdierrel LEFT JOIN voer ON voerdierrel.voerid = voer.voerid WHERE dier.dierid = voerdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));"; // $query = $query . " OR EXISTS (SELECT * FROM gebdierrel LEFT JOIN gebied ON gebdierrel.gebiedid = gebied.gebiedid WHERE dier.dierid = gebdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));"; // $query = $query . " OR EXISTS (SELECT * FROM plaagdierrel LEFT JOIN plaag ON plaagdierrel.plaagid = plaag.plaagid WHERE dier.dierid = plaagdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));"; } $query = $query . ")"; if(isset($_GET['orderby'])){ $orderby = $_GET['orderby']; if($orderby == "lat_naam"){ $query = $query . " ORDER BY 'lat_naam'"; } if($orderby == "naam"){ $query = $query . " ORDER BY '".$taal."_naam'"; } if(isset($_GET['richting']) &&($orderby == "lat_naam"||$orderby == "naam")){ $richting = $_GET['richting']; if($richting == 'desc'){ $query = $query . " DESC"; } } } else{ $query = $query . " ORDER BY 'Lat_naam'"; } $result = mysqli_query($link,$query) or die('Query failed: ' . mysqli_error()); geefdierenweer($result, $taal, $aantalweergeven, '100%', $user, $groep); } } if($action == "nieuwdier"){ form($taal); } if($action == "postdier"){ savedier(); echo "<h1 align = \"center\">".taal('dankdier',$taal)."</h1>"; } } else{ if(isset($_GET['HoofdgroepID']) || isset($_GET['DierID'])){ if(isset($_GET['HoofdgroepID'])){ $HoofdgroepID = addslashes($_GET['HoofdgroepID']); } else{ $query = "SELECT hoofdgroepid FROM dier LEFT JOIN groep ON dier.groepid = groep.groepid WHERE dierid = {$_GET['DierID']}"; $result = mysqli_query($link,$query); if($row = mysqli_fetch_array($result)){ $HoofdgroepID = $row['hoofdgroepid']; } } if(isset($HoofdgroepID)){ $query = "SELECT groepid, ".$taal."_omschrijving from groep WHERE hoofdgroepid = $HoofdgroepID ORDER BY ".$taal."_omschrijving"; $result = mysqli_query($link,$query); echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width = \"100%\" align=\"center\"><tr valign = \"top\"><td width = \"15%\">"; echo "<table width=\"100%\" align=\"left\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"1\" border=\"0\">"; echo "<thead>"; echo "\t<tr align=\"center\">\n"; echo "\t\t<td class=\"thead\" >".taal('groep',$taal)." </td>\n"; echo "\t</tr>"; echo "</thead>"; while($row = mysqli_fetch_row($result)){ $query = "SELECT COUNT(*) as num FROM dier WHERE showdier = 1 AND groepid = '{$row[0]}'"; $num = mysqli_fetch_array(mysqli_query($link,$query)); echo "<tr><td class=\"alt1\"><a href=\"index.php?taal=$taal&HoofdgroepID=$HoofdgroepID&GroepID=$row[0]\">$row[1]({$num['num']})</a></td></tr>"; } echo "</table></td><td>"; } } //dier weergeven if(isset($_GET['DierID'])){ $DierID = addslashes($_GET['DierID']); echo "<table width = \"99%\" align = \"right\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td>"; dierview($DierID, $taal, $user); echo "</td></tr></table>"; } else{ //lijst met dieren weergeven if(isset($_GET['GroepID'])||isset($_GET['HoofdgroepID'])){ if(isset($_GET['GroepID'])){ $GroepID = addslashes($_GET['GroepID']); $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier WHERE showdier = 1 AND groepid = '$GroepID'"; } else{ $HoofdgroepID = addslashes($_GET['HoofdgroepID']); $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier LEFT JOIN groep ON dier.groepid = groep.groepid WHERE showdier = 1 AND hoofdgroepid = '$HoofdgroepID'"; } if(isset($_GET['orderby'])){ $orderby = $_GET['orderby']; if($orderby == "lat_naam"){ $query = $query . " ORDER BY 'Lat_naam'"; } if($orderby == "naam"){ $query = $query . " ORDER BY '".$taal."_naam'"; } if(isset($_GET['richting']) &&($orderby == "lat_naam"||$orderby == "naam")){ $richting = $_GET['richting']; if($richting == 'desc'){ $query = $query . " DESC"; } } } else{ $query = $query . " ORDER BY 'lat_naam'"; } $result = mysqli_query($link,$query) or die('Query failed: ' . mysqli_error()); geefdierenweer($result, $taal, $aantalweergeven, '99%', $user, $groep); echo "</td></tr></table>"; } } } if(!isset($_GET['GroepID']) && !isset($_GET['HoofdgroepID']) && !isset($_GET['DierID'])&& !isset($_GET['action'])){ showfront($taal); } ?> </td> </tr> </table> <center> <table align = "center" width="100%" valign = "bottom"> <tr align = "center"><td align = "center"> <p><br> <font size="-1">&copy; zeewaterforum.info</font><font size="-2"><br> <?php echo taal('copyright',$taal); ?> </font> <br> </p> </td></tr></table></center> </body> </html>
  18. Barand
    What is your actual code? The code you have posted would not work with any php version. If you are having to stripslashes() then your data handling on input is FUBAR.
  19. arnoldg
    Hi guys, need some help, we have a database driven website, (aprox 12+ years old) which is written in php and make use of mysql no i need to alter the code so it would work with php 7.2, this because we need to install this new php version because of a software update on one of the other sites. i can't get it right, where to start or how to do. i searched the internet but can't get it right. here are some code snipes. index. php require_once('connect.php'); require_once('taal.php'); require_once('dierview.php'); require_once('pagina.php'); require_once('logincheck.php'); require_once('log.php'); require_once('front.php'); require_once('fotowijzig.php'); require_once('dierform.php'); require_once('savedier.php'); after requierd_once('taal.php') i should see on my screen "test taal", but it isn't i'm confused. connect.php <= seems to work, becaus echo says so <?php require_once "config.php"; //includes configuration information $link = mysqli_connect($host,$username,$password,$database); //mysqli_query($link,$con, $database)); if (!$link){ echo "Error: " . mysqli_connect_error(); exit(); } echo 'Connected to MySQL'; ?> taal.php <= this isn't working <?php require_once('connect.php'); echo "test taal"; function taal($hash, $taal) { echo "test taal2"; $query = 'SELECT $taal from taaltabel WHERE hash = '$hash' LIMIT 1'; $result = mysqli_query($link, $query); $row = mysqli_fetch_row($result); return stripslashes($row[0]); } ?>
  20. arnoldg arnoldg joined the community
  21. TimFromPhx TimFromPhx joined the community
  22. mac_gyver

    PHP Array

    mac_gyver replied to KingTut's topic in PHP Coding Help

    and after you switch to use the php PDO extension, your goal should be to execute one single JOIN query that gets the related data that you want in the order that you want it. you should never execute SELECT queries inside of loops. and while it will probably go away when you convert to use the PDO extension, a fetch() statement doesn't cause a database error, so using or die() logic on the end of a fetch() statement doesn't do anything useful. when you switch to use the PDO extension, you should use exceptions to handle the database errors, and in most cases, let php catch the exception, where it will use it's error_reporting, display_errors, and log_errors settings to control what happens with the actual error information.
  23. benanamen

    PHP Array

    benanamen replied to KingTut's topic in PHP Coding Help

    The first and most important thing you need to do is stop using the dangerous and obsolete mysql_* code. You need to use PDO and Prepared Statements. Here is a tutorial to get you going. https://phpdelusions.net/pdo You can also download my PDO Bumpstart Database from my repo. It was written for folks just like yourself. https://github.com/benanamen/pdo_bumpstart_ver1.6
  24. KingTut

    PHP Array

    KingTut posted a topic in PHP Coding Help

    I am trying to use a array to display 6 items instead of doing every single one alone. But I can't figure out how to fetch data from another table within the array. //first part $slots = array(); for($i = 1; $i <= 6; $i++) { $query = mysql_query("SELECT * FROM data1 WHERE user_id = $info[id] AND s = $i"); $slots[$i] = mysql_fetch_assoc($query); if($slots[$i]) { } else { $slots[$i] = "Empty"; } } //second part for($i = 1; $i <= 6; $i++) { if($slots[$i] != "Empty") { $pquery[$i] = mysql_query("SELECT * FROM data2 WHERE id = ".$slots[$i]["user_id"]." "); $slot2 = mysql_fetch_row($pquery[$i]) or die(mysql_error());
  25. Last week
  26. ajoo
    Hi Requinix, No, there is no recommend link at the bottom near the quote. The check would be just fine. What's required is an indication that the problem is solved or had a best reply. So I guess the checks would do the job well. You know, the main reason I think this feature was not used is that often, there is more than one reply to fit the best category and the user is in a quandary regarding which to select as the best. Happened with me so many times. Even in this very question. Lol !!, Your reply was correct but Gizmola's provided a deeper insight & got me thinking. All the best for your new idea !! Thanks !!
  27. requinix

    symlinks in public folder not invoking the website

    requinix replied to ajoo's topic in Linux

    Made a couple small tweaks: in the forum view, on the left of each thread where there used to be a star or circle (or nothing) there can now be a check. Shows if there is a recommended post. I also made a similar change somewhere else but I don't know where it is... tempted to revert but meh, the syntax is good so it should be fine. I did the check because that's the only thing I saw readily possible - didn't see markup to support something like the label style the old forum had. The change isn't in other places. And if people can't see the Recommend link then I'll figure out where that's all managed tomorrow because I think I'll have to go into the IPB source to find out. edit: Oh, I see something better I can do. Tomorrow.
  28. requinix

    symlinks in public folder not invoking the website

    requinix replied to ajoo's topic in Linux

    Okay, yes, but do you see a Recommend link at the bottom of each post? By the Quote? I can look into it but I suspect it won't be easy enough for me to just do. If it requires writing a plugin then I'd really rather not have to bother. Truth is the Mark Solved thing didn't actually get a whole lot of use...
  29. ajoo
    Hi, It however does not show up in the list of topics to indicate that a topic is answered and closed. Wish you could do something about that too ! Thanks
  30. ajoo
    Hi requinix, I do have a recommended link at the top of the page. and there's a Featured Link , like a star in a down arrow, on Gizmola's post. So how do we do it ?? This would serve nicely to show that the topic is answered and closed ! Thanks !
  31. zahra zahra joined the community
  32. requinix

    symlinks in public folder not invoking the website

    requinix replied to ajoo's topic in Linux

    I just made some changes. Do you see a "Recommend" link at the bottom of posts? I suspect not...
  1. Load more activity

  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept