ben_1uk

Hi requinix, Thank you for the quick response. I've not had experience of anything like this before and having spoken to somebody else about this, they mentioned that the below was an attempt to pull data from the database using the 'SELECT' command??? My primary concern is somebody being able to gain access to my SQL data or change the website in any way, shape or form. However, you state above 'they'll leave once they realize they're not accomplishing anything'. Are you saying the 'attack' is not anything to worry about? It has caused me a few sleepless nights over the Easter hols! Can you offer any more of an insight as to what is actually happening, or what the robot is attempting to achieve?

Hi everyone, I'm hoping someone far more knowledgeable than myself can help out with an issue that has started over the last couple of weeks. I am receiving E-mails generated by my SQL database 'functions.php' file containing what looks to be the results of someone entering spurious search queries on one of my websites. I have included an example below: SELECT p.page_title, p.page_url, COUNT(*) AS occurrences FROM search_page p, search_word w, search_occurrence o WHERE p.id = o.page AND w.id = o.word AND (w.word = 'xksvonbwfsnbudi' OR w.word = 'href=httpindianautoobservercomfemale' OR w.word = 'viagra' OR w.word = 'alternativea' OR w.word = 'wnwgpop' OR w.word = 'url=httpindianautoobservercomyang' OR w.word = 'mei' OR w.word = 'viagra' OR w.word = ''guangzhou'url' OR w.word = 'ehjwsjg' OR w.word = 'httpindianautoobservercom' OR w.word = 'viagra' OR w.word = 'prescription' OR w.word = 'jajfabw' OR w.word = 'href=httpwwwyaleacsorgbuy' OR w.word = 'viagra' OR w.word = 'interneta' OR w.word = 'hhjuxid' OR w.word = 'url=httpwwwyaleacsorghow' OR w.word = 'viagra' OR w.word = 'worksurl' OR w.word = 'kkwuvbc' OR w.word = 'httpwwwyaleacsorg' OR w.word = 'get' OR w.word = 'viagra' OR w.word = 'wxottqn' OR w.word = 'href=httpksign-mallcomwhat' OR w.word = 'metronidazole' OR w.word = 'used' OR w.word = 'for' OR w.word = 'dogsa' OR w.word = 'uthzket' OR w.word = 'url=httpksign-mallcommetronidazole' OR w.word = 'vaginal' OR w.word = 'gelurl' OR w. word = 'qajooff' OR w.word = 'httpksign-mallcom' OR w.word = 'metronidazole' OR w.word = 'dose' OR w.word = 'agdlvut' OR w.word = 'href=httpwwwmetacafecomchannelsjwannrichard' OR w.word = 'jeremiah' OR w.word = 'wanna' OR w.word = 'mpsswty' OR w.word = 'url=httpwwwmetacafecomchannelsjwannrichard' OR w.word = 'jeremiah' OR w.word = 'wannurl' OR w.word = 'qefwnsd' OR w.word = 'httpwwwmetacafecomchannelsjwann' OR w.word = 'richard' OR w.word = 'jeremiah' OR w.word = 'wann' OR w.word = 'svalyyw' OR w.word = 'href=httpgenf20-directcomgenf20' OR w.word = 'hgh' OR w.word = 'releasera' OR w.word = 'rttnfdx' OR w.word = 'url=httpgenf20-directcomgenf20url' OR w.word = 'egjipkc' OR w.word = 'httpgenf20-directcom' OR w.word = 'genf20' OR w.word = 'leading' OR w.word = 'edge' OR w.word = 'herbals' OR w.word = 'tlfsril' OR w.word = 'href=httphidecornetanyoption-reviewany' OR w.word = 'optiona' OR w.word = 'mvgfgum' OR w.word = 'url=httphidecornetanyoption-reviewanyoption' OR w.word = 'tra dingurl' OR w.word = 'ovyjjoy' OR w.word = 'httphidecornetanyoption-review' OR w.word = 'anyoption' OR w.word = 'trading' OR w.word = 'vxwmsft') GROUP BY p.id ORDER BY occurrences DESC LIMIT 0 , 10 Can someone please explain what is going on here and, in layman's terms, what actions I need to take. Many thanks in advance, Ben1uk

It works Thank you!

Hi Christian, No, I haven't tried the code yet - I'm nervous to! I will try what you and the others have suggested above and let you know. I have a 'test' version of the website, which can only be accessed from my individual IP address so any changes I make will effectively be 'off-line'. Fingers crossed!

*bump*

Are you saying the script will work before I start making any changes? I've had the misfortune of generating PHP errors before and the entire web page disappears Thanks again both.

Thanks again QuickOldCar! If I understand you correctly, you are effectively saying I should do something like this: if($v['tickets_left'] < 30 && $v['tickets_left'] >= 1){ echo "<div class='tickets'>" . ($v['tickets_left'] < 30 ? "<span class='tickets_low'>" . escape($v['tickets_left']) . "</span>" : "" . escape($v['tickets_left']) . "") . " tickets left to buy for this match</div>"; } if ($v['tickets_left'] > 0) { echo " <div class='tickets_buy'> <input type='hidden' name='venue[]' value='" . escape($v['id']) . "' /> Select how many tickets you wish to buy <select name='quantity[]' id='venue_" . escape($venuecount) . "' onchange='update_tickets()' onkeyup='update_tickets()'> <option value='0'>No tickets</option> <option value='1'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '1' ? " selected='selected'" : "") . ">1 ticket</option> " . ($v['tickets_left'] > 5 ? " <option value='2'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '2' ? " selected='selected'" : "") . ">2 tickets</option> <option value='3'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '3' ? " selected='selected'" : "") . ">3 tickets</option> <option value='4'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '4' ? " selected='selected'" : "") . ">4 tickets</option> <option value='5'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '5' ? " selected='selected'" : "") . ">5 tickets</option>" : "") . " </select> <a href='#buy'>Confirm Ticket</a> </div> "; $venuecount++; } I don't think my attempt is quite right because I now have two IF commands and I'm not sure if I have enough curly brackets to wrap both of them..? Can you please advise? I think the above code is now saying: if tickets left is less than 30, but greater than 1, display "tickets_low". Therfore, if tickets remaining is higher than 30, the counter still won't show..? If the number of tickets left available is greater than 0, people have the option to buy tickets, which will still be handled by the existing code. Once again, thank you very much for your help

Hello everyone, I already have a thread regarding this topic featured within the 'Third Party Scripts' forum, but I think it may be better suited to this particular part of the forum given the nature of the enquiry. I have a ticket counter featured on a website I work on that displays the number of tickets left available for a number of events. I have since 'commented out' the code that displays the counter as it was decided by management that we no longer wanted people to see how many tickets had sold for any of the venues. However, I now need the script to work in such a way that the ticket counter does not shown until the number of tickets left reaches '40', ie, highlighting limited availability. The below code displays what I have so far and how the counter currently works, but I'm not sure how to modify the below in order to make the counter behave as required above. //echo "<div class='tickets'>" . ($v['tickets_left'] < 30 ? "<span class='tickets_low'>" . escape($v['tickets_left']) . "</span>" : "" . escape($v['tickets_left']) . "") . " tickets left to buy for this match</div>"; if ($v['tickets_left'] > 0) { echo " <div class='tickets_buy'> <input type='hidden' name='venue[]' value='" . escape($v['id']) . "' /> Select how many tickets you wish to buy <select name='quantity[]' id='venue_" . escape($venuecount) . "' onchange='update_tickets()' onkeyup='update_tickets()'> <option value='0'>No tickets</option> <option value='1'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '1' ? " selected='selected'" : "") . ">1 ticket</option> " . ($v['tickets_left'] > 5 ? " <option value='2'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '2' ? " selected='selected'" : "") . ">2 tickets</option> <option value='3'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '3' ? " selected='selected'" : "") . ">3 tickets</option> <option value='4'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '4' ? " selected='selected'" : "") . ">4 tickets</option> <option value='5'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '5' ? " selected='selected'" : "") . ">5 tickets</option>" : "") . " </select> <a href='#buy'>Confirm Ticket</a> </div> "; If someone more knowledgeable than myself could help out I would be really grateful Many thanks in advance, Ben_1uk.

Hi Christian, Thanks for your prompt response. I'm not overly confident coding in PHP and would appreciate it if you could show me how to do what you have suggested using the necessary code. I did not code the original script and it's a little above my capability (for now!) to make any changes without being shown how. Thank you.

Hi everyone, Sorry to kick an old thread back to life, but I was wondering is anybody can offer any assistance with a new requirement now being asked of me using the above criteria..? The ticket counter on the website has been removed completely by 'commenting out' the code as suggested by QuickOldCar, which has worked well. However, I now need the ticket counter to reappear when tickets reach a certain number to advertise that ticket sales are low for a particular venue - say for example, 30 tickets remaining. Can anyone offer any advice or a way to do this by adapting the above code? Many thanks in advance for any suggestions, Ben_1uk.

Hello QuickOldCar, It's been a very long time since I was on here last - work is very busy! I just wanted to let you know I have finally gotten round to trying the above code change and I'm happy to report that it worked. I haven't been able to test the system fully in as much as seeing if tickets will still go through the same process from POS to confirmation, but given how little the code has been changed, I don't see how it will stop working (fingers and toes crossed!). Thanks again for your help.

Thank you for your help. I will try this and let you know how I get on.

So, if I punctuate the original source code exactly as above, everything will remain intact, but the number of tickets left available for sale will not be displayed? It will have no effect on people being able to select the number of tickets they wish to purchase or data being posted to the SQL database? Sorry for the silly questions, but not having coded this myself, I really don't want to mess it up!

Thanks for the replies both - I really appreciate it. sunfighter: The line I want to remove from the code is 'XXX tickets left to buy for this match'. QuickOldCar: If I 'comment out' all of the above code, surely it will also remove the match date, venue name, venue address and ticket container? All I want to remove is the line that confirms how many tickets are left. Can I simply comment out the code as follows: /*<div class='tickets'>" . ($v['tickets_left'] < 30 ? "<span class='tickets_low'>" . escape($v['tickets_left']) . "</span>" : "" . escape($v['tickets_left']) . "") . " tickets left to buy for this match</div>"; */ Thanks again.

Hi everyone, I'm hoping somebody can help me out with a change I need to make to a website that I have not designed / coded myself. I have been asked to remove a "ticket counter" advertising the number of tickets left available for a number of upcoming events. I have included a copy of the .php file that is handling the ticket counter iteself below. <?php include('includes/includes_begin.php'); echo "<div id='heading'><h1><img src='images/tickets.gif' width='178' height='48' alt='Tickets' title='Tickets' /></h1></div>"; $page_title = "Tickets"; if (isset($_SESSION['checkout'])) { $_SESSION['checkout'] = false; } $conn = new dbConnect('private'); $query = "SELECT id, venue_name, venue_address, UNIX_TIMESTAMP(match_date) as m_date, tickets_left FROM venues WHERE sales_closed = 0 ORDER BY match_date ASC"; $venues = $conn->dbAll($query); $conn->dbClose(); if (count($venues) == 0) { echo "<div class='error'>There are no more tickets available to buy</div>"; } else { echo " <form method='post' action='summary.php'>"; $venuecount = 0; foreach ($venues as $v) { echo "<div class='venue'> <div class='match_date'><b>Match Date:</b> " . date(ymd, $v['m_date']) . "</div> <h2>" . escape($v['venue_name']) . "</h2> <div class='venue_address'>" . nl2br(escape($v['venue_address'])) . "</div> <div class='tickets_container'> <div class='tickets'>" . ($v['tickets_left'] < 30 ? "<span class='tickets_low'>" . escape($v['tickets_left']) . "</span>" : "" . escape($v['tickets_left']) . "") . " tickets left to buy for this match</div>"; if ($v['tickets_left'] > 0) { echo " <div class='tickets_buy'> <input type='hidden' name='venue[]' value='" . escape($v['id']) . "' /> Select how many tickets you wish to buy <select name='quantity[]' id='venue_" . escape($venuecount) . "' onchange='update_tickets()' onkeyup='update_tickets()'> <option value='0'>No tickets</option> <option value='1'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '1' ? " selected='selected'" : "") . ">1 ticket</option> " . ($v['tickets_left'] > 5 ? " <option value='2'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '2' ? " selected='selected'" : "") . ">2 tickets</option> <option value='3'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '3' ? " selected='selected'" : "") . ">3 tickets</option> <option value='4'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '4' ? " selected='selected'" : "") . ">4 tickets</option> <option value='5'" . (isset($_SESSION['tickets'][$v['id']]) && $_SESSION['tickets'][$v['id']] == '5' ? " selected='selected'" : "") . ">5 tickets</option>" : "") . " </select> <a href='#buy'>Confirm Ticket</a> </div> "; $venuecount++; } echo " </div> </div> <hr />"; } echo "<input type='hidden' id='venue_count' name='venuecount' value='" . escape($venuecount) . "' /> <div id='buy'></div><noscript><input type='submit' id='selecttickets' name='submit' value='' title='Select these tickets'/></noscript></form> "; if (isset($_SESSION['tickets']) && array_sum($_SESSION['tickets']) > 0) { echo "<script type='text/javascript'>update_tickets();</script>"; } } include('includes/includes_end.php'); ?> I have a limited understanding of how the ticket counter works in principal, but I'm anxious to start removing sections of code in case of unsuspected knock-on effects. I want to leave the number of tickets people can purchase for an event intact - I just need to remove the ticket counter itself. Can anybody offer any help? Many thanks in advance.

From what I can see, the code checks for a period (.) character anywhere after the 3rd character in the string (this is very cautious, allowing for one letter domain names e.g. [email protected]; and for @ characters anywhere after the first character (more possible, as a single letter username is easily possible) However, if I were to modify this to allow e-mail addresses with a (.) immediately after the 1st character, would this then effetively render the validation next to useless? Somebody has also suggested the below code to tidy it up a bit: function isValidEmail(str) { return (str.lastIndexOf(".") > 2) && (str.indexOf("@") > 0) && (str.lastIndexOf(".") > (str.indexOf("@")+1)) && (str.indexOf("@") == str.lastIndexOf("@")); } However, it is still looking for a (.) after the 3rd character, which will still generate error messages for anybody with an alphabetic character followed immediately by a (.)

Thanks for all the responses - even if they are far too technical for me! I would like to understand the code I originall posted better so I can work with it rather than have to completely re-write the script. How would I adapt the code highlighted in red to stop people with E-mail addresses like [email protected] receiving error messages? Thanks.

Hi everyone, I have been asked to look into the below E-mail validation script due to a number of people not being able to register their E-mail address on a website of mine. For example, people who's E-mail address begins with [email protected] cannot register and receives an e-mail validation error message. TBH, I pinched the code from somewhere else and do not understand how it works exactly. Could someone help identify which part of the code needs changing? I have highlighted the area of code I believe needs changing, but would appreciate some help. Thanks, function checkemail() { var str = document.getElementById('register-email').value; if ((str.indexOf(".") > 2) && (str.indexOf("@") > 0)) { document.getElementById('emailcheck1').style.backgroundPosition = "top left"; return true; } else { document.getElementById('emailcheck1').style.backgroundPosition = "bottom left"; return false; } }

I have found numerous PHP scripts that will generate a unique number I can use for Ticket_ID, but because the existing data in my database is being populated by a user via a HTML form, I don't see how I can incorporate the use of such a script to correctly allocate a unique ID against a new database entry. In other words, I cannot "post" the Ticket_ID to the database using the form so how would I go about posting this data? Is there a way this can be handled automatically by SQL? I've been reading alot about GUID's, but I'm not sure how to create one as I have not created the database using code.

Thanks for that. I'm a bit of a PHP novice and wondered if you could show me an example of a simple PHP script that will generate an 8-digit unique ticket ID. Also, how would I post this into my existing SQL database? Thanks, BB2011

Hello everyone, I have put together a HTML form in which data is being collected, then verified with a PHP script before being posted into a SQL database. Is there anyway I can auto assign a unique ID to a database entry other than the default auto increment ID field? I want to be able to assign random ID numbers to tickets for an event and was hoping that something could be achieved in SQL..? Many thanks, BB2011

I have tried modifying the code as suggested above, but it has not made any difference. I have also tried changing the code as follows: if (count($venues) == 100) { echo "<div class='error'>Due to Internet traffic, ticket counter has been disabled</div>"; This hasn't worked either? Problem I have is because I didn't programme this originally, I'm struggling to get my head round how it works. I thought the change I made above would have worked, but it hasn't. Can anybody else shed some light? I really need some help! Thanks, BB2011

Thanks for the reply. I have now got rid of the "isset" command as I had only included this originally to try and resolve the "undefined variable" warning messages. However, I have since included the below code to stop this from happening: error_reporting(E_ALL ^ E_NOTICE); // Prints all errors except Notices. Not the "correct" fix I know, but I was going round in circles trying to resolve something that strictly speaking isn't an error. I have simply changed: /* Gathering Data Variables */ if (!isset($_POST['name'])) { $_POST['name'] = "name"; } if (!isset($_POST['carregistration'])) { $_POST['carregistration'] = "carregistration"; } if (!isset($_POST['emailaddress'])) { $_POST['emailaddress'] = "emailaddress"; } if (!isset($_POST['numberinparty'])) { $_POST['numberinparty'] = "numberinparty"; } to... /* Gathering Data Variables */ $name = $_POST['name']; $carregistration = $_POST['carregistration']; $emailaddress = $_POST['emailaddress']; $numberinparty = $_POST['numberinparty']; ...and it now works I just need to add in some validation now. Thanks, BB2011

Hi everyone, I have created a HTML form for collecting data on a web page, ie, name, email address, etc, which works fine. I have then asked for that data to be emailed to me using the POST action in conjunction with a PHP script called "carparkprocess2.php". At the moment, the form works OK on the web page, the confirmation message to say the data has been submitted successfully works OK, but the email that should display the information entered into the form doesn't work properly. It comes through and is formatted OK, but the form information is missing. I've been trying to resolve this issue for 2 days straight now and have tried loads of different things! Can anybody help? I need a quick answer on this one if possible <?php error_reporting(E_ALL ^ E_NOTICE); // Prints all errors except Notices. /* Subject and Email Variables */ $emailSubject = 'Car Park Reservation Confirmation'; $webMaster = '[email protected]'; /* Gathering Data Variables */ if (!isset($_POST['name'])) { $_POST['name'] = "name"; } if (!isset($_POST['carregistration'])) { $_POST['carregistration'] = "carregistration"; } if (!isset($_POST['emailaddress'])) { $_POST['emailaddress'] = "emailaddress"; } if (!isset($_POST['numberinparty'])) { $_POST['numberinparty'] = "numberinparty"; } $body = <<<EOD <br><hr><br> Name: $name <br> Vehicle Registration: $carregistration <br> Email Address: $emailaddress <br> Number in Party: $numberinparty <br> EOD; $mailheaders .= "From: $emailaddress\r\n"; $headers .= "Content-type: text/html"; $success = mail($webMaster, $emailSubject, $body, $headers); /* Results rendered as HTML */ $theResults = <<<EOD <html> <head> <title>Car Park Reservation Confirmation</title> <meta http-equiv='Content-Type' content='text/html'> <style type='text/css'> <!-- body { min-height: 100%; height: auto; background: #000000; color: #ffffff; font-size: 14px; font-family: Verdana, Arial, Helvetica, sans-serif; margin: 0; } --> </style> </head> <div> <div align='left'>Your car park reservation request has been successful</div> </div> </body> </html> EOD; echo "$theResults"; ?> Here is the HTML within the form: <form method='post' action='carparkprocess2.php'>

Thanks for that wepnop! Sorry to be a bit thick, but would you mind explaining that a different way? I'm not quite sure what you mean! Also, I presume this would feature within the tickets.php file..? Thanks, BB2011