Jump to content

dk4210

Members
 View Profile  See their activity

  • Posts

    154

  • Joined

  • Last visited

 Content Type 

Everything posted by dk4210

  1. dk4210
    That seems to work. But I have a question here. Does EXTR_PREFIX_ALL add a prefix onto the var name? If so, would it be a good idea to append a prefix and then code a check to make sure that all vars have that prefix and if they don't error out? I was even thinking of creating a table in the db of allowed vars, so if a hacker tried to inject rouge vars, that it would catch it.. Its like a white list What are your thoughts on that?
  2. dk4210
    Hey I tried this code foreach ($_POST as $key => $value) { $_POST[$key] = filter($value); print "{$key} is {$_POST[$key]}<br />"; } But when I echo out vars it doesn't work. It did with the Like this echo "<br><br><br>This is the viewname" . $ad_title; echo "<br><br><br>This is the price" . $price; It did work with this code but had the security issue foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; } Please advise..
  3. dk4210
    Ok point taken so how to I resolve it.. Here is my foreach foreach ($_POST as $key=>$value) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; } Here is my filter function function filter($data) { $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } How would I code it to patch the gaping security hole that you are referring to? Thanks for all your help
  4. dk4210
    That did the trick! Thanks alot!
  5. dk4210
    Hello guy, Just wanted to see how I could resolve this issue I have a foreach loop here that will spit out the vars. foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; print "$key is ${$key}<br />"; } echo "<br><br><br>This is the viewname" . $viewname; echo "<br><br><br>This is the price" . $price; I am trying to run the post vars through a filter (The filter name is filter($value) but I cant get it to work. I tried this foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; } echo "<br><br><br>This is the viewname" . $viewname; echo "<br><br><br>This is the price" . $price; Any ideas? Thanks, Dan
  6. dk4210
    Thanks for the quick reply. The reason I want to have individual vars is because when I found out about the foreach loop already had many vars that my function depends on. For example I have the following function //Add a flood control function to check to see if the title,body & member id match Flood_Control($ad_title,$member_id,$ad_body); Notice that I have the vars in there.. I hate to recode all that to this Flood_Control( $mydata['ad_title'], $mydata['memberid'], $mydata['ad_body']); Seems to defeat the purpose.. If I had a way that I could reference to a $var as opposed to $mydata['$var'] would be great.. Can you please give me an example of the array_map();? Please explain more on that. I am going to research this ---> EXTR_PREFIX_ALL
  7. dk4210
    Hello Guys, I have a question. I have the following code to grab all of my $_POST vars and run through my filter function foreach($_POST as $key => $value) { $mydata[$key] = filter($value); } Before using the foreach loop I was just doing the basic $var1 = $_POST['var1']; $var2 = $_POST['var2']; I'm going to have about 40 - 50 $_POST vars so my question is how do i return it as just a $var name instead of having to do this echo "<br><br><br>example1" . $mydata['var1']; echo "<br><br><br>example2" . $mydata['var2']; I guess its hard for me to explain.. Thanks for your help!
  8. dk4210
    Perfect!!! Thanks Man.. I like the - hahaah
  9. dk4210
    Hmm Still not working for me. Within the function I get a 1(which is correct) out side the function I get nothing. index.php page (Echo just to test it) // Function to choose which query to use what_Table($scat); $w_query = what_Table($scat); echo" This is outside the function" . $w_query; exit; The function [echo just to test it out] / Choosing cat type function. This is for differnt queries. function what_Table($scat){ $ctquery = mysql_query("SELECT w_query FROM ad_category WHERE cat_status='1' AND cat_id='$scat'") or die(mysql_error()); $row = mysql_fetch_array($ctquery); // Stands for which query $w_query = $row['w_query']; Echo "<br>This is inside the function" . $w_query; Here is the result.. http://screencast.com/t/T2voSWe0zDja Thanks for all your help thus far..I just can't seem to get it working correctly..
  10. dk4210
    Echo does work, but I don't want it to echo out the value to the screen. I would like it to return the value instead.
  11. dk4210
    Hello Guys, I am trying to understand how to return a value from a function. I just can't get it to work. For example I have a page lets call it index.php and on this page I have a call to a function like this $scat = 2; // Function to choose which query to use what_Table($scat,$w_query); echo "This is the w query" $w_query; I have an included file called general_functions.php and on that page I have this code function what_Table($scat,$w_query){ $ctquery = mysql_query("SELECT w_query FROM ad_category WHERE cat_status='1' AND cat_id='$scat'") or die(mysql_error()); $row = mysql_fetch_array($ctquery); // Stands for which query $w_query = $row['w_query']; return $w_query; The echo $w_query does not return a value. Any help would be appreciated! Thanks, Dan
  12. dk4210
    Hi, I replaced it and I echo'd the two vars I still get "0" for both Here is my entire code $search_for_bad_words = mysql_query("SELECT * FROM badwords WHERE 1"); $ad_title2 = $ad_title; $ad_body2 = $ad_body; //$wordlist = "shit:cr*p|dang:d*ng|shoot:sh**t"; $seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; } $words = explode('|', $wordlist); $count = 0; foreach ($words as $word) { list($match, $replacement) = explode(':', $word); //$ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2, -1,$count); //$ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2, -1,$count); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2, -1, $title_rep); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2, -1, $body_rep); } echo "This is title" . $title_rep; echo "<br>"; echo "This is body" . $body_rep; Any ideas?
  13. dk4210
    Hello guys. I have the following code and I would like to count the number of times that the word has been replaced. I tried echo count ($replacement) and echo count ($match) but both only show "1". I want to be able to tell if there has been a replacement and send a warning email and/or add a flag in the db. $search_for_bad_words = mysql_query("SELECT * FROM badwords WHERE 1"); $ad_title2 = $ad_title; $ad_body2 = $ad_body; //$wordlist = "shit:cr*p|dang:d*ng|shoot:sh**t"; $seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; } $words = explode('|', $wordlist); foreach ($words as $word) { list($match, $replacement) = explode(':', $word); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2); } Thanks for all your help!
  14. dk4210
    Hi stawkerm0h, This whole script is a filtering script when you need to filter out specific words when you have a form with text fields and textareas. This code here basically lists the words to filter and their replacement. Like the second one. Let's say the user enters the word "dang" it will be replaced by d*ng (It's separated by the $wordlist = "sh%t:cr*p|dang:d*ng|shoot:sh**t"; This code here does the same thing EXCEPT it queries the database for the words instead of having a static word list $seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; } Hope this helps!
  15. dk4210
    You are a genius.. That worked great!
  16. dk4210
    Anybody want to take a stab at it?
  17. dk4210
    Hi guys, I have the following code, How can I query the database for the bad words and the replacements and make it work. $ad_title2 = $ad_title; $ad_body2 = $ad_body; $wordlist = "sh%t:cr*p|dang:d*ng|shoot:sh**t"; $words = explode('|', $wordlist); foreach ($words as $word) { list($match, $replacement) = explode(':', $word); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2); } Here is my table structure Table name is badwords I have 3 columns id | word | r_word Any help would be greatly appreciated!
  18. dk4210
    Hi Brent, The difference is that == will return TRUE whether the two operands have the same value or not. === evaluates to TRUE if the two operands have the same value and are the same type. 99% of the time I just use == . I've never used ===
  19. dk4210
    Hello Guys, I need some help here.. I want to implement a Bad word filter and not quite sure how to do it.. I am grabbing the following vars from the text fields $ad_title = filter_var($_POST['ad_title'], FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES); $ad_body = filter_var($_POST['description'], FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES); Then its inserted into the db. I would like to run it through this function first.. FUNCTION BadWordFilter(&$text, $replace){ // fill this array with the bad words you want to filter and their replacements $bads = ARRAY ( ARRAY("butt","b***"), ARRAY("poop","p***"), ARRAY("crap","c***") ); IF($replace==1) { //we are replacing $remember = $text; FOR($i=0;$i<sizeof($bads);$i++) { //go through each bad word $text = EREGI_REPLACE($bads[$i][0],$bads[$i][1],$text); //replace it } IF($remember!=$text) RETURN 1; //if there are any changes, return 1 } ELSE { //we are just checking FOR($i=0;$i<sizeof($bads);$i++) { //go through each bad word IF(EREGI($bads[$i][0],$text)) RETURN 1; //if we find any, return 1 } } } // this will replace all bad words with their replacements. $any is 1 if it found any $any = BadWordFilter($wordsToFilter,1); I really would also like to query a table for any words that match and then use a replacement like [censored] Any help would be greatly appreciated!
  20. dk4210
    That worked!!!! Thanks for all your help.. http://screencast.com/t/cBL04S816
  21. dk4210
    Hi Denno, Here is my entire css file - http://pastebin.com/bLZf8UaV Here is my function - http://pastebin.com/VPdnbZMi Thanks for all your help!
  22. dk4210
    Here is the source <div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="1">Medical Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="2">Dental Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="3">Life Insurance</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="4">Disability Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="5">Retirement / Pension Plans</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="6">Company Car</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="7">Company Uniform</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="8">Direct deposit Payroll</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="9">Gym Membership</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="10">Flexible Spending Accounts</option></label></div><div class="cbwrapper"><label> Seems to be adding the clear to an empty <div>
  23. dk4210
    Hello Guys, I still cant get this right.. Could I get a little more help.. Here is my code while($r = mysql_fetch_array($result2)){ echo '<div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="'.$r["b_id"].'">'.$r["b_name"].'</option></label></div>'; $i++; if(($i%3) == 0){ echo '<div class="clearboth">test</div>'; It does display the test every 3rd one which is cool but it won't clear:both for some reason.. Any advice would be helpful.. Thanks, Dan This is what i am trying to do - http://screencast.com/t/WpVN6a8mkQj
  24. dk4210
    Thanks guys I will give it a try..
  25. dk4210
    Hello Guys, I am trying to make 3 columns of checkboxes but not sure how to do it.. Currently it is just doing one column.. Any ideas? PHP code $result2 = mysql_query("SELECT * FROM benefits WHERE b_status='1' "); if($result2){ while($r = mysql_fetch_array($result2)){ echo "<div class=\"cbwrapper\"><label><input type=\"checkbox\" name=\"keys[]\" value=\"".$r["b_id"]."\">".$r["b_name"]."</option></label> </div> <div class=\"clear\"></div><p> "; } } Here is my css .cbwrapper { margin-left:20px; border:dashed; width:160px; padding:5px; border-width:1px; border-color:#8F8F8F; background-color:#FFFBEF; } #cbwrapper label { float:left; }
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.