448191

There are TONS of simple membership tutorials on the net. Take one.

Cleaner: make $_POST['Property_Adress'] an array in your form (use []), and: [code]$propertyAdress = implode(', ',$_POST['Property_Adress']);[/code] The power of arrays.. [img src=\"style_emoticons/[#EMO_DIR#]/laugh.gif\" style=\"vertical-align:middle\" emoid=\":laugh:\" border=\"0\" alt=\"laugh.gif\" /] Nothing more to it.

Actually an application design question... [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=93275\" target=\"_blank\"]http://www.phpfreaks.com/forums/index.php?showtopic=93275[/a] To start you off: try making a diagram of how the application should work. This gives you a visual representation of the idea in your head, one you can even share.. [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]

[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']SELECT[/span] names, rank [color=green]FROM[/color] [color=orange]table1,[/color] table2 [color=green]WHERE[/color] table1.names [color=orange]=[/color] table2.names [!--sql2--][/div][!--sql3--] Unless I'm still spaced from yesterday, this will do what you want. Which is, selecting all the ranks and usernames for users in table2, right?

[!--quoteo(post=373435:date=May 13 2006, 01:14 AM:name=jeremywesselman)--][div class=\'quotetop\']QUOTE(jeremywesselman @ May 13 2006, 01:14 AM) [snapback]373435[/snapback][/div][div class=\'quotemain\'][!--quotec--] You can find more about searching with mysql [a href=\"http://techrepublic.com.com/5100-9592-6050484.html#\" target=\"_blank\"]here[/a]. You will need to add an addition (+) sign to the beginning of each word and then put them all in a string. [code]<?php $words; //your array of words //add a plus sign to tell mysql to search for every word for($i = 0; $i <= count($words); $i++) {      $words[$i] = "+" . $words[$i]; } //join all the words to a single string $searchstring = $words[0]; for($i = 1; $i <= count($words); $i++) {      $searchstring = $searchstring . " $words[$i]"; } ?>[/code][/quote] This can be done a lot easier: [code] <?php $searchstr = implode('+',$words); ?> [/code] [a href=\"http://www.devarticles.com/c/a/MySQL/Getting-Started-With-MySQLs-Full-Text-Search-Capabilities/\" target=\"_blank\"]Here's[/a] a good article that helped me understand and use MySQL's Fulltext searching...

I recently posted an application design question in "PHP Help", got 0 relevant replies and bumped of the first page and into oblivion in a day. This other guy posted a application design question on the same day. I was unable to help him, and his question also got bumped of the first page. When we get bumped, we could of course bump back, but that is hardly ideal. I'd like to see a subforum for this type of question, it would be a logical supplement in my opinion. Talking about [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=93183\" target=\"_blank\"]this[/a] and [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=93101\" target=\"_blank\"]this[/a] thread. P.S. What happend to the "SOLVED" buttons?

I find this site very intimidating! It's way too red and way too green, and this might be because I looking at on a 19", it makes me want to close the browser window quickly. I'm not even going to read the black links on their red background, I'd could care less what they say. (Allthough those are interesting links [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /] )

Interesting article, good reading. Thanks for that!

[!--quoteo(post=372920:date=May 10 2006, 09:10 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ May 10 2006, 09:10 AM) [snapback]372920[/snapback][/div][div class=\'quotemain\'][!--quotec--] From looking at your code you use sessions. But you havn't got session_start() at the beginning of your PHP script. In order for your session variaables to work you need put session_start in all files that read and write to session variables, otherwise your session variables wont work at all. [/quote] I considered that, but since he's saying he's not getting any errors I assumed he's starting the session elsewhere (including this file)... Basicly it's just not clear what the problem is.

[!--quoteo(post=372912:date=May 10 2006, 08:32 AM:name=ainsleyclark)--][div class=\'quotetop\']QUOTE(ainsleyclark @ May 10 2006, 08:32 AM) [snapback]372912[/snapback][/div][div class=\'quotemain\'][!--quotec--] everything works, well i think as u think there are error messages in it? i was this save button to update the table in my php document, is this doing it? im really confused [img src=\"style_emoticons/[#EMO_DIR#]/excl.gif\" style=\"vertical-align:middle\" emoid=\":excl:\" border=\"0\" alt=\"excl.gif\" /] what do i nee for a content manganment system? [/quote] You've got ME confused! What is the problem? You want to check if the table is updated? To be absolutely positive, go to the mysql command line, select the database and type: SELECT * FROM (whatever the tablename)... You should see the new values. P.S. You should probably be in Newbie Help with this type of thing...

I reviewed this code for you, and although very crude, it should work. There are several things you could be doing wrong though. What exactly "doesn't work"? Do you get any error messages?

No one should be able to execute scripts FROM WITHIN your domain exept files that are in that domain. So it's a non-issue. Or do you mean how do you stop someone from executing scripts that are within your domain?

I find your post very interesting, but I don't think I fully understand. How does writing/reading data to/from XML reduce server load or increase stability? The way I see it, the opposite is true. But then again, I might just not understand.

[!--quoteo(post=372875:date=May 10 2006, 05:48 AM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ May 10 2006, 05:48 AM) [snapback]372875[/snapback][/div][div class=\'quotemain\'][!--quotec--] Sorry can not help with the project but what did you do them graphs on i need to no for collage cheers. [/quote] [a href=\"http://www.mindmapper.com/\" target=\"_blank\"]Mindmapper 5.0[/a]

That's okay, just give people a break. I feel I do a lot to make my posts readable, like using caps when required... [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]

[!--quoteo(post=372867:date=May 10 2006, 05:29 AM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ May 10 2006, 05:29 AM) [snapback]372867[/snapback][/div][div class=\'quotemain\'][!--quotec--] 448191 can you kindly x the EXploit: code out please cheers. [/quote] That was a typo and I was still editing, chill out. Running for mod or what?

SQL injection can be prevented by using common sense. Like you already said: always distrust any external data. Validate everything. Example: mysql_query('SELECT username FROM users ORDER BY username '.$_GET['ORDER']); This is very, very wrong. You just [u]assume[/u] there is now malicious data in there. Exploit: [b]script.php?order=desc; DROP TABLE users [/b] Yes, that [b]will[/b] drop the table 'users'... Always validate ALL external data! [code]if($_GET['ORDER'] !== 'desc' || $_GET['ORDER'] !== 'asc') {    trigger_error('SQL injection attempt!',E_USER_ERROR); }    else {    mysql_query('SELECT username FROM users ORDER BY username '.$_GET['ORDER']); }[/code] Another important note: When accessing / comparing values, let mysql know you're expecting VALUES! Example: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]mysql_query('SELECT level FROM users WHERE username = '.$_POST['username'].' AND psw = '.$_POST['psw']); [/quote] Argh! I can just attach something to the query! I just create a simple script, setting the targeted script as action. I then send the username I want and $_POST['psw'], containing "anything OR 1=1". [b]I can login as anyone I like now!*[/b] The above exploit could be prevented by using quotes (you're expecting a value, not a keyword): [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]mysql_query('SELECT level FROM users WHERE username = "'.$_POST['username'].'" AND psw = "'.$_POST['psw']).'"'; [/quote] [i]SELECT `level` FROM users WHERE username = "448191" AND psw = "anything OR 1=1";[/i] Won't get you logged in! Also, validate the referrer ($_SERVER['http_referrer']), that'll make it a lot harder to sneak in any $_POST variables... [b]*EDIT:[/b] Come to think of it: SELECT level FROM users WHERE username = 448191 AND psw = anything OR 1=1 won't get you logged in either: it'll just return all the values of column 'level' in the table! But you get the idea... [img src=\"style_emoticons/[#EMO_DIR#]/laugh.gif\" style=\"vertical-align:middle\" emoid=\":laugh:\" border=\"0\" alt=\"laugh.gif\" /]

If you're really set on using php5, you can install php5 and bind it to *.php5 files. That way, all the old php3/4 files, with the extension *.php will still be parsed by php4, but you can create php5 apps by using the php5 extension... I did manage to do this succesfully on my testserver, but can't recall the exact procedure. I googled for it, so can you. I don't know what upgrading mysql would have for impact, but there is likely to be some, since it's a BIG upgrade from 3 to 5...

A while ago, I blindly started to work on a "module" class. The Idea: to create a common interface for application "modules"... After some coding, with the idea just a vague image in my head, I decided that I'd have to visualize and document the idea, since the size of the project started to become clear to me... Here's my latest "mindmap" of how I imagine a site using this module class, would work: [img src=\"http://home.wanadoo.nl/lekkage/img/mindmap1.png\" border=\"0\" alt=\"IPB Image\" /] Here's a basic representation of class set "Module": [img src=\"http://home.wanadoo.nl/lekkage/img/modclassset.png\" border=\"0\" alt=\"IPB Image\" /] Now, why do I bother you guys with all of this? Basicly, I feel I've lost perspective. Or maybe the idea was flawed in the first place, I dunno. What I would really like, is for someone with experience with big applications to give me some pointers, through out some old ideas, and help me put in the right new ideas... I can understand if you don't quite get the picture yet, please let me know and I'll try to further explain myself. EDIT: To explain a little more: the module class set uses a "pagemap", a tree of possible pages within a module, wich defines their hierarchy and properties. Example Image: [img src=\"http://home.wanadoo.nl/lekkage/img/pagemap.png\" border=\"0\" alt=\"IPB Image\" /] This allows for standard forward and sideways navigation, and stores specific properties per class. Certian properties can be inherited from a parent, so they need not be defined necessarily for every page. One of these properities is 'file' (not shown above), this references to a HTML file, which will be loaded into an array and manipulated by subclass "HTML" before send to the browser. Before that, the position of this HTML is already determined by CSS in the header already sent by the configuration object. Thank you very much for taking the time to read all this. :) P.S. I've been away for quite some time, and what do I see? Take away my "guru" title eh? LOL! Nah, seriously, it's better this way, to many novices were getting guru titles. (inluding me! lol...)

Just to illustrate how I try to use this: [code]function dump_arr($arr) {     print '<pre>';     print_r($arr);     print '</pre>';     echo '<br />'; } function xml_test() {     $file = $_SERVER['DOCUMENT_ROOT'].'/config/dbconfig.xml';     $doc = new DOMDocument();     $doc->load($file);     foreach($doc->getElementsByTagname('host') as $node)     {         $arr[$node->nodeName] = array();         function loop($node, $arr)         {             foreach(($node->childNodes) as $cnode)             {                 //If the child has children of it's own:                 if($cnode->childNodes)                     return loop(array_merge($cnode,$arr,array($cnode->nodeName=>array())));                 else                     return array_merge($arr,array($cnode->nodeName=>$cnode->nodeValue));             }         }         $ret = loop($node,$arr);     }     dump_arr($ret); } xml_test();[/code] Currently this prints [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Array ( [host] => Array ( ) [#text] => )[/quote] Which is terribly wrong for more than one reason... :(

Ok, let me try to walk myself trough this.... If anyone wants to jump in, please (nah, really PLEASE) jump in. I instantiate a new DOMDocument object and load a file: [code]$doc = new DOMDocument(); $doc->load($file);[/code] So now $doc is an object of class DOMDocument. What I do next is [u]foreach($doc->getElementsByTagname($request) as $element)...[/u] So I should be looping through the the nodelist fetching objects of class DOMNode. A node can be several things like an element, text, atrribute, document, comment etc, as can be read by DOMNode->nodeType... Here's where I get confused again. If I'm fetching nodes, why is the method named get[u]Elements[/u]??? Nevermind.. I get it: because you are fetching nodes by tagname you get a list of nodes that are elements.. I apologize.. How does this nodelist thing behave anyway? [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]The DOMNodeList interface provides the abstraction of an ordered collection of nodes. DOMNodeLists are created by DOMDocument::getElementsByTagName(), DOMNode::getChildNodes(), The items in the DOMNodeList are accessible via an integral index, starting from 0.[/quote] So basicly it behaves just like a numeric array of objects. Which doesn't really help, since I was already treating it that way... sigh... Next thing I get the currents' node children: [u]foreach(($element->childNodes) as $node)[/u] This also iterates through a nodelist... [!--sizeo:3--][span style=\"font-size:12pt;line-height:100%\"][!--/sizeo--]I'm not getting anywhere with this.... anyone care to step in?[!--sizec--][/span][!--/sizec--]

I can recommend storing all your dates and timestamp as UNIX_TIMESTAMP. All these different time- and dateformats can get really confusing. Always use unix timestamps for al time-related operations, untill you need to display. Php's setlocale() and strftime() will then give you exactly the format you want to display.

I'm struggling to master parsing xml using php5's DOM class... Simple xml file: [code]<?xml version="1.0"?> <dbconfig.xml>     <host>         <name>localphp4</name>         <user>             <level>admin</level>             <name>root</name>         </user>     </host>       <pass>kjhgkfdh</pass> </dbconfig.xml>[/code] I've got this function this function that gets an element with: [code]$doc->getElementsByTagname($request) as $element)[/code] That works fine, the first element returned when I request 'host' returns the following with this piece of code: [code]echo 'This node "'.$node->nodeName.'" is a "type '.$node->nodeType.'" node, child of "'    .$node->parentNode->nodeName.'". It\'s value: "'.$node->nodeValue.'".<br />';[/code] Prints: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]This node "host" is a "type 1" node, child of "dbconfig.xml". It's value: " localphp4 admin root ".[/quote] So far so good! Then I want to loop through the children. I use [u]$node->childNodes;[/u] in a loop to try and get elements "name" and "user". However it only loops once (as confirmed by [u]count($node->childNodes)[/u] resulting in "1"), and claims this only child is of type DOMText (and empty): [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]This node "#text" is a "type 3" node, child of "host". It's value: " ".[/quote] Shoot me, I don't get it. Oh, I forgot to mention that I did check for whitespaces, as I read somewhere they can cause problems..

Something else: when I edit a post and there are multiple blocks of code, all other blocks in the textarea are identical to the first. I have to c&p the blocks from the topic display below the edit area... Really annoying. You guys probably already noticed this a long time ago, but I did not find any posts mentioning it.