Jump to content

Drongo_III

Members
  • Posts

    579
  • Joined

  • Last visited

Posts posted by Drongo_III

  1. I have a odd one here, two classes and one which calls another class.

    I want to pass all of the parameters from the array as seperate variables into the next function. Hope my example explains a little better

     

    class master

    {

      public function __call($name, $args)

      {

        second->$name($args);

      }

    }

     

    class second

    {

      public function example($param1, $param2)

      {

     

      }

    }

     

    master->example($param1, $param2);

     

    ( i know its not accurate php, but should get the idea of what im trying to do)

    I need to do something with the following line

    second->$name($args);

    Where param1 and param2 will be seperated out

    Is there a php function which you can tell it the class, method name and pass it an array of parameters?

     

    Thanks

     

     

    Can't you just use

     class second extends master 

    Then you should be able to access everything from the master class in the second class.

    Or maybe i've misunderstood you :/

  2. Hi Guys

     

    Quick noob question.

     

    I am still fairly new to oop and i'm trying to also build my first simple mvc to learn about that too.

     

    I came across some syntax use in a tutorial that works but i don't really understand why and don't know what this is called to search for it on google.

     

    I've instantiated the class and then i pull out and explode the url to make controller or function calls in the mvc. The noob bit i don't understand is this

     

     $controller->{$url[1]}();

     

    Why do the curly brackets allow you to place a variable name? And what is this type of syntax called so i can read about it.

     

    Any help would be massively appreciated!

     

    Drongo

     

     

  3. how to logout using session in proper way ? can you give me the code

     

    Hi mate

     

    The main two things you need to do are to unset the session variables and destroy the session.

     

    These two functions are the key:

     

    //remove all the variables in the session 
    session_unset(); 
    
    // destroy the session 
    session_destroy();  
    
    

  4. I think you're good to just place it directly below your first php closing tag mate :)

     

     

    Hello again:]

     

    I am wondering where should i put valid doctype

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

    and meta tags

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

     

    in a php file like this.

     

    <?php
    
    session_start(); // Session starts here
    if(!isset($_SESSION['username'])) // If there is no session then...
    {
        die ("<div align='center'><img src='images/LOGINKITTEN.jpg'/><br /><a href='index.php'><img src='images/Login.jpg'/></a></div>"); // ...Die!
    } 
    
    $id = $_GET['id'];
    
    ?>
    <html>
    <head>
    
    <link rel="stylesheet" type="text/css" href="jamcss.css" />
    
    </head>
    <body>
    
    <img src="images/jamspace.jpg" />
    <div id="jamcontainer">
    <b><a href="main.php">Home</a>  ||  <a href="members.php">Members</a>  ||  <a href="jams.php">Jams</a>  ||  <a href="uploadjamform.php">Upload Jam</a>  ||  <a href="myprofile.php">My profile</a>  ||  <a href="about.php">About</a>  ||  <a href="adminindex.php">Moderators</a> ||  <a href="logout.php">Logout</a></b>             You are logged in as <?php echo $_SESSION['username']; ?>
    <br /><br />
    
    <?php
    
    $connection = mysql_connect("lol.com", "loldb", "lol00") or die ("Could not connect");
    mysql_select_db("loldb", $connection) or die("Could not connect");
    
    // mysql query to get the username
    $query = mysql_query("SELECT * FROM news ORDER BY id DESC");
    $numrows = mysql_num_rows($query);
    
    
    
    if ($numrows!=0)
    {
    // fetching data from the database to variable
    while ($row = mysql_fetch_assoc($query))
    {
    	$title = $row['title'];
    	$post_owner = $row['post_owner'];
    	$post = $row['post'];
    	echo "<b>" . $title . "</b><br />";
    	echo "Posted by <b>" . $post_owner . "</b><br /><br />";
    	echo $post . "<hr></hr><br /><br />";
    }
    }
    
    ?>
    </div>
    </body>
    </html>
    

  5. Hi Guys

     

    I’m trying to get my head around the magic functions __get and __set and property overloading.  From what I’ve read this sounds like a really useful thing to learn/use in the right scenario but the examples I have seen have all confused me greatly because I can’t see that the code is actually doing anything.

     

    Take the snippet below (an example of Devshed). I can follow the logic of the get set bit.

     

    
    class User
    {
    // constructor (not implemented)
    public function _construct(){}
    
    // set undeclared property
    function __set($property, $value)
    {
    $this->$property = $value;
    }
    
    // get defined property
    function __get($property)
    {
    if (isset($this->$property))
    {
    return $this->$property;
    }
    }
    
    
    
    
    // example of usage of 'User' class with property overloading
    $user = new User();
    $user->fname = 'Alejandro';
    $user->lname = 'Gervasio';
    $user->email = '[email protected]';
    $user->address = 'My address 1234';
    
    // display user data
    echo 'First Name: ' . $user->fname . ' Last Name: ' . $user->lname . ' Email: ' . $user->email . ' Address: ' . $user->address;
    /*
    displays the following
    First Name: Alejandro Last Name: Gervasio Email: [email protected] Address: My address 1234
    */
    }

     

     

     

    The part I don’t understand is where you assign something to a variable i.e.

     

    $user->fname = 'Alejandro';
    

    Because even if I wiped out everything in the class (so there is no __get __set functions) and then just did

    $user->fname = 'Alejandro';
    echo $user->fname;
    

    It still shows "Alejandro" in the browser. So I can’t see that the __get __set is actually doing anything at all.

     

    So am I missing the point and doing something wrong (likely)?

     

    Or is this just a bad example?

     

    Can someone help me to understand please :(

     

    Drongo

     

  6. So changing this:

     

    #navlist a:link#current, #navlist a:visited#current, #navlist a:hover { border-bottom: 4px solid #66733f; padding-bottom: 2px; background: transparent; color: #4F4F4F; } /* this line's the style for the current page link */

     

    doesn't change anything? Have you tried wiping out the css on that line just to see if it has any effect and to ensure it's not just a typoed syntax issue? If you do delete that line and it's still displaying that style then I would guess the style is being applied elsewhere - perhaps inline via the included menu.php??

     

    Got a  link to the website?

     

    Drongo

     

     

  7. Hi Mate

     

    I'm no php superstar liek some of the guys here but you could try somethnig like this:

     

    //this assumes you've already connected to your DB
    
    $sql = "SELECT promo FROM  TABLENAME  WHERE  id = USERID";
    
    $result = mysql_query($sql);
    
    $promo = mysql_fetch_assoc($result);
    
    echo $promo[promo];
    
    //Or if you wanted to assign it to the sessino then:
    
    $_SESSION['promo']= $promo[promo]; 
    
    //then you could do echo 
    
    echo $_SESSION['promo'];
    
    

     

    Incidentally just writing this off the top of my head so i can't be 100% it works without testing it but something along those lines.

     

    Hello all,

     

    I have a membership website which is using sessions... and ive been asked to add some promotion points system. So that each user is able to see how many promotion points they have...

     

    Now, I'm a beginner in mysql and php, but feel I'm learning fairly quickly. What I need help with, is to be able to display the amount of promotion points for the logged in user.

     

    I created a new field in my "essenti1_Users" table for the promotion code.

     

    database is called "essenti1_membership"

    table is "essenti1_Users"

    feild is "promo"

     

     

    I think im going to have to manually add the points to each user manually through phpMyAdmin Navicat unfortunatly. Unless anyone has any other ideas just for adding the points to each user account?

    ziggynerja is online now Add to ziggynerja's Reputation Report Post  Edit/Delete Message

  8. I think the least disruptive way would be to slip a div in next to your facebook feed. Looking at the code it’s a bit messy – I assume you’ve built this with some sort of website builder. You have a UL tag that doesn’t nest anything correctly.

     

    Anyway you can edit your template file as per the below and it should work - obviously where my html/css incorprates content that is otherwise included via your cms you might wish to delete it.  I’m working off the source from the website here and not the template that generates the source but it might point you in the right direction.

     

    So inside #rechtscontent div (which is your central content area) I’ve wrapped your facebook feed in another div tag and floated this left. Then I've added another div below for your new content and floated this left. Then I added a div to clear the float. So if you past the below code into your template below the H2 tag you should get your extra small content area - make sure you backup first.

     

     

    I’ve used inline styles so you’ll probably want to give these divs classes or Ids and paste my inline styles to your style sheet.

     

    Let me know if this works for ya or if it causes any isssues.

     

    
    <div style="width: 292px; float: left;">
    
    <br />
    
    <br />
    <br />
        <b>Welcome back guys!</b><br />   
        <p>TruVibe 24/7 providing 24/7 music - Click the miniplayer to the left or one of the icons in the top right to start listening</p>
    <p>  <br>
    <iframe 
    
    src="//www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FTruVibeFM%2F176625075754610&width=292&color
    
    scheme=light&show_faces=false&border_color&stream=true&header=false&height=395&appId=127811827320277" scrolling="no" 
    
    frameborder="0" style="border:none; overflow:hidden; width:292px; height:395px;" allowTransparency="true"></iframe></p>
    <br />
    <br />
    <br />
    
    </div>			
    
    
    <!-- this is the extra content area you want -->
    
    <div style="190px; float: left;">
    YOUR CONTENT GOES HERE
    
    </div>	
    
    <div style="height: 0px; width: 100%; clear: both;"></div>

     

  9. Hi mate

     

    The thing is everything currently aligns nicely with your header image which is a solid image and not scalable.

     

    So if you added a box on the right you'd end up with it overhanging and that would look a bit crap. Is that what you want to happen tho? Or do you want to fit the box into the empty white space next to your twitter feed?

     

     

     

     

    Hi Drongo!

     

    Thanks for your reply,

     

    I wish to leave the menu on the left and add the one on the right for centent etc...

     

    If you need anything else please just let me know!

     

    Thank you!

  10. Yeah as per above post. You could access ID element in php through ajax by extracting an element's ID (using jquery) and posting it to your php script as a variable. But I can't really see why you'd want to do that :)

     

    You can also access an element's name via jquery but the more usual way is to use IDs.

     

     

  11. Hi boxer

     

    Am i understanding you right - you want to add your nav bar to the right as well as the left? Or move it altogether? Or are you just trying to setup a bar on the right to use for other content but styled like your nav bar?

     

    I'll help if i can understnad your question :)

  12. Where are the values coming from in the first place? Query string? Input form?

     

     

     

    Hi im not sure if this can be done or not but im trying to do a site without using mysql and i want to be able to compare 3 values and depending on the values have them aranged lowest to highest...

     

    for example:

    Apple = 8

    Pear = 3

    Bannana = 5

     

    so the results would be displayed like...

     

    Pear with a total of 3

    bannana with a total of 5

    Apple with a total of 8

     

    Is this possible using just PHP or will i need to use Mysql as well...

     

    Thank you

    Chris

  13. Thanks Mj

     

    I can see more what you mean now.

     

    I suppose this is a mindset you need to get into - bit like programming in general.

     

    Thanks for the advice - i've learned a lot!

     

    Drongo

     

     

    Like I said, it all depends on how the data would or could be used. But, most of the time I would simply use mysql_real_escape_string() before storing the data. If I did have a specific purpose where I needed to restrict certain input, then I would implement that as part of the validation logic. If there was something not kosher in the input I would not accept the input and provide an error back to the user. It is never, ever a good idea IMO to modify user input without their knowledge. For example, someone might think they are being smart to strip out any non-numeric characters for a phone number input. But, what if the user used letters in the phone number - which is perfectly valid from a human interpretation. If the phone number was simply for display purposes, then I would let them use letters. But, if the phone number was going to be used by some automated dialing application that only accepted numbers, then I would only allow numbers.

     

    There is also another problem with modifying the user input - the database field length. Many processes to modify input to make it safe will increase the character length. So, if you made the input field 20 characters, you might need to make your DB field much bigger to accept the 'escaped' input.

  14. It's a bit of a jungle this...

     

    I totally see your logic and it makes a lot of sense.

     

    When you say "store the code exactly as the user submitted it" - does this mean that you'd only ever escape the code and leave it at that? No santitisation? Lets assume you were just making a simple data capture form for instance so the purpose is pretty straightforward.

     

    Can you describe how you'd go about storing the data from this form so i can see how it should be done? :) (don't expect code or anything)

     

    Thanks,

     

    Drongo

     

     

    Well its not just sql injection its a sort of all round bit of a code to stop any nasties getting into my application. My main concern originally was whether sanitizing the data was some how conflicting with escaping it.

     

    I thought (and my understanding isn't great) that sanitising input was just a necessary part to ensuring incoming data is safe. That not the case?

     

    It is very important to ensure user submitted data does not "damage' your site. But, you need to analyze what you are doing and how you are using the data to determine WHEN and HOW you will do that sanitation. For example, you used FILTER_SANITIZE_STRING for all of the values - why didn't you use FILTER_SANITIZE_EMAIL for the email! But, that is really beside the point.

     

    You need to be very careful when imposing any arbitrary methods that will actually modify the user input. There are plenty of way to make the input safe without changing the 'intent' of the input. Rule #1 is that you always escape the input before using in a query. But, it gets trickier to determine what validations/escaping you should do for XSS, HTML tags, etc.

     

    The approach I almost always take is to simply store the code exactly as the user submitted it. Then when I retrieve the code I will 'escape' it as needed. If I am using the content in a web page I will use either htmlspecialcharacters() or htmlentities() to make it safe to be displayed in the web page. But, you never know how else you may need the data in the future. Maybe an RSS feed, output to an XML file, or ??? So, if you modify the data before you store it you make it difficult, if not impossible, to re-purpose the data for other purposes.

  15. Well its not just sql injection its a sort of all round bit of a code to stop any nasties getting into my application. My main concern originally was whether sanitizing the data was some how conflicting with escaping it.

     

    I thought (and my understanding isn't great) that sanitising input was just a necessary part to ensuring incoming data is safe. That not the case?

     

     

     

     

    Why do you think you need to use FILTER_SANITIZE_STRING to prevent SQL Injection?

  16. I see that - that makes sense.

     

    So the way I have filtered and escaped my input in my example above should provide a good basic level of protection against injections etc?

     

    I just want to be sure i am not leaving a massive gap anywhere - quite paranoid about this sort of thing :)

     

    Drongo

     

     

    It doesn't mean you should always use FILTER_FLAG_NO_ENCODE_QUOTES with mysql_real_escape_string, it all depends on the application.

    How you want the data stored etc, some cases may call for the encoded quotes to be stored in the databases others maybe not.

    I always use mysql_real_escape_string on all database inputs regardless of prior filtering/cleaning methods.

  17. Hi Buddski!

     

    Thanks for that. Does that mean you should always use filter_flag_no_quotes when sanitising strings - assuming you're going to use real_escape_string after? Is that a safe way to input into the database?

     

    Thanks

     

    Drongo

     

     

    FILTER_SANITIZE_STRING without the FILTER_FLAG_NO_ENCODE_QUOTES will encode quotes.

    Which means that mysql_real_escape_string has no "physical" quotes to escape.

  18. I have been mulling this over in anticipation of some more enlightened help.

     

    Could it be that because the validate function encodes html entities,like quotes,  that when the escape function works it then doesn't see the array values as containing quotes and therefore is not escaping them?

     

    So does that mean that the data is in fact safe and the escape function is likely working?? Anyone?

     

    Hmmm

     

     

    Hi Guys

     

    I'm a tad confused by what's going on when using real_escape_string. Could be that I'm using it incorrectly or that i'm not fully understannding it but here goes.

     

    I'm trying to sanitize the post data from a form then escape it before storing it in my database. The code is as follows:

     

    	$validation_options = array(
    
    
    'title_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'name_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'surname_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'address_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'town_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'postcode_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'telephone_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'email_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'dob_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    
    
    
    );
    
    
    $validated = filter_input_array(INPUT_POST, $validation_options );	
    
          // Display results to test that it's working
    echo "<pre>";
    print_r($validated);
    echo "</pre>";
    
    
          // Run validated array through real escape for database
    
    $escaped = array_map('mysql_real_escape_string', $validated);
      
           // Display results to test that it's working
    print_r($escaped);
    echo $escaped['town_2'];

     

    But here's the issue. When I used the $validated array and deliberately entered quotes or double quotes into the form and then print the results of $escaped it doesn't add slashes. However, if i make up a new test array with say

     

    
    $testarray(
    
    'TESTER' => "This is a 'test' and 'another test' "
    
    );
    

     

    and run that through the same escape function and print the results it displays the backslahes around the single quotes.

     

     

    So does this mean that for some reason the $validated array is not being escaped? Or am I just getting something wrong?

     

    Any help would be very much appreciated!

     

    Drongo

     

    PS Indicentally before anyone points this out - i incorporate the DB handler elsewhere in the code.

  19. Hi Guys

     

    I'm a tad confused by what's going on when using real_escape_string. Could be that I'm using it incorrectly or that i'm not fully understannding it but here goes.

     

    I'm trying to sanitize the post data from a form then escape it before storing it in my database. The code is as follows:

     

    	$validation_options = array(
    
    
    'title_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'name_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'surname_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'address_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'town_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'postcode_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'telephone_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'email_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'dob_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    
    
    
    );
    
    
    $validated = filter_input_array(INPUT_POST, $validation_options );	
    
          // Display results to test that it's working
    echo "<pre>";
    print_r($validated);
    echo "</pre>";
    
    
          // Run validated array through real escape for database
    
    $escaped = array_map('mysql_real_escape_string', $validated);
      
           // Display results to test that it's working
    print_r($escaped);
    echo $escaped['town_2'];

     

    But here's the issue. When I used the $validated array and deliberately entered quotes or double quotes into the form and then print the results of $escaped it doesn't add slashes. However, if i make up a new test array with say

     

    
    $testarray(
    
    'TESTER' => "This is a 'test' and 'another test' "
    
    );
    

     

    and run that through the same escape function and print the results it displays the backslahes around the single quotes.

     

     

    So does this mean that for some reason the $validated array is not being escaped? Or am I just getting something wrong?

     

    Any help would be very much appreciated!

     

    Drongo

     

    PS Indicentally before anyone points this out - i incorporate the DB handler elsewhere in the code.

  20. Genius!

     

    That worked and i think i now understand the issue a bit better.

     

    I changed my code to remove document write which means i don't need document.close  - which in the true spirit of learning has spurred anotehr question.

     

    Can you tell me why this code only outputs the final version of the loop. What i mean is instead of repeatedly writing: "loop number 1", "loop number 2" it just prints "Loop number 5".

     

    Should i use append in a loop to see the recursive state?

     

    Thank you so much for your help thus far!

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="jquery_ui.js"></script>
    
    
    
    
      
      </head>
    <body>
    
    
    
      <script type="text/javascript" >
      $(document).ready(function () {
      
      
    		var i = 0;
    
    	while(i <= 5)
    
    	{
    	 $("#text1").html("Loop number" + " " + i );
    	i++;
    
    	}
    
    
    });
    
    
    
      </script>
    
    
    
    <div id="text1" style="width: 400px; height: 300px; border: 1px solid #000;"> </div>
    
    
    </body>
    </html>
    

     

     

     

    The never-ending loading is Firefox-specific. The main problem here is that you're writing to the document after it's finished loading (using jQuery's document ready event),  which is effectively starting a new document stream and you're loosing the previous content.

     

    Firefox continues to load because technically this document hasn't been closed, other browsers just close it automatically. If you added document.close() after your loop you will see it stops. As I said though, you're going to always overwrite your previous content here, you need to either write in-line (within the body without the ready event) or just append the contents to an element (recommended).

  21. Hi AyKay

     

    I've modified the code as follows but still no joy :/

     

    Any ideas?

     

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="jquery_ui.js"></script>
    
    
    
    
      
      </head>
    <body>
    
    
    
      <script type="text/javascript" >
      $(document).ready(function () {
      
      
    		var i = 0;
    
    	while(i <= 5)
    
    	{
    	 document.write("The number is " + i);
    	 document.write("<br />");
    	i++;
    
    	}
    
    
    });
    
    
    
      </script>
    
    
    
    </body>
    </html>
    

     

     

     

     

     

     

     

     

    1. you are not specify what type of language is to be parsed.. you will need to specify..

    <script type='text/javascript'>

     

    2. this function is not a listener.. and ouputs to the browser, so it should be placed in the body of your page instead of the head

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.