dougjohnson

The best way to protect against MySQL injections in php is to use "Prepared" statements. You don't need to validate the user input since it is completely separated from the mysql statement. Example: $connection = new mysqli('server', 'username', 'password', 'database'); $result = $connection->prepare("SELECT products, usertype, special_pricing_user, special_pricing, pcconly FROM users WHERE username = ?"); $result->bind_param("s", $username); $result->execute(); $result->bind_result($userproducts, $usertype, $special_pricing_user, $special_pricing, $pcconly); while ($row = $result->fetch()) { // }

I found these online..... // READ // fh = fopen(getScriptPath(), 0); if (fh!=-1) { length = flength(fh); str = fread(fh, length); fclose(fh); write(str); } // WRITE // function WriteFile() { var fh = fopen("c:\\MyFile.txt", 3); // Open the file for writing if (fh!=-1) { var str = "Some text goes here..."; fwrite(fh, str); fclose(fh); } } WriteFile(); Hope this helps

OR - $justmonth = substr($date,0,2);

You had lot's of syntax errors. I think I fixed most of them but there could be more... <?php $colname_hometext_RS = "-1"; if (isset($_GET['home'])) { $colname_hometext_RS = $_GET['home']; } mysql_select_db($database_MySQLconnect, $MySQLconnect); $query_hometext_RS = sprintf("SELECT * FROM t_textos WHERE id_texto = %s", GetSQLValueString($colname_hometext_RS, "int")); $hometext_RS = mysql_query($query_hometext_RS, $MySQLconnect) or die(mysql_error()); $row_hometext_RS = mysql_fetch_assoc($hometext_RS); $totalRows_hometext_RS = mysql_num_rows($hometext_RS); function split_pos($row_hometext_RS['texto_esp']) { /* find middle space in text */ $mid = (int) strlen($row_hometext_RS['texto_esp'])/2 – 1; $cut = strpos($row_hometext_RS['texto_esp'] , " " , $mid); $part1= substr($row_hometext_RS['texto_esp'] , 0 , $cut + 1); $pos1 = strrpos($part1 , "<"); $pos2 = strrpos($part1 , ">"); if (($pos1 < $pos2) || ($pos1 === False)) { return $cut; /* no html tag around */ } $pos3 = strpos($row_hometext_RS['texto_esp'] , ">" , $cut1 + 1); if ($pos3 !== False) { return $pos3; /* end of middle html tag */ } else { return $cut; /* unbalancing < > */ } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- body { margin-top: 0px; } --> </style> <link href="styles/cantera_styles.css" rel="stylesheet" type="text/css" /> </head> <body> <?php $middle_pos = split_pos($row_hometext_RS['texto_esp']); echo "<table><tr>"; // First column echo "<td>" . substr($row_hometext_RS['texto_esp'], 0, $middle_pos) . "</td>"; echo "<td style='width:30px'></td>"; // Second column echo "<td>" . substr($row_hometext_RS['texto_esp'], $middle_pos + 1) . "</td>"; echo "</tr></table>"; require_once('footer.php'); mysql_free_result($hometext_RS); ?> </body> </html>

You want "all" images to be 690 wide? I'm not all that familiar with "GD", but could you calculate the percentage of the original image width, then apply that percentage to the height? Example: original image dimensions = 1024px BY 768px. 690 / 1024 = .6738281 <- % width .6738281 * 768 = 517px <- height in px. Or I may not understand your issue. Sorry.

Curl is great, however, there are instances where I've been able to use "file_get_contents()" and then parse the results to get what I'm after. This is simple and works in some cases.

Could you create a temp table containing all of the results from your first search results and then "search" the temp table for the other keywords?

Are Color: Green, Type: Painting and Size: Large Keywords also?

Access denied usually means the Mysql user doesn't exist OR the password you are using is invalid OR the user does not have rights to do what you are asking. Check user Mysql access rights.

I found this on the web: ///////////////////////////// PHP has no idea about an iframe, it's just served as another page and interpreted by the browser... You could do something like... <iframe src="frame.php?from=<?php echo currentPageURL() ?>"> Then inside the iframe, you can access $_GET['from']. Just make sure you verify, as that would be insecure. Here is the code I typically use to return the current page URL: function currentPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } //////////// I'm not sure if this would work for you???

PHP doesn't know anything about iframes. This ones tricky. I'll do some looking around. Maybe someone else can chime in.

I was just showing you how to get the URL into a variable. Don't CHANGE these! They are environment variables. Use them just as they are: $pageurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]; Then - $pageurl will contain the users current URL in his/her address bar.

$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];

Try $_SERVER['HTTP_REFERER'] or $_SERVER['REQUEST_URI']

What URL are you talking about? Are you asking about extracting the URL from the browser address area and inserting it into your table? If so, there is a way to do that. Please be more specific.

? If you use the [onChange=this.form.submit()] and add the $_POST's to receive the select values, the page will refresh and the text fields will be populated with the matching database values. This isn't what you want?

Or you could use Ajax. Which is cooler but tricker to do.

Put this in your SELECT tag: <SELECT NAME="" onChange="this.form.submit()"> Then receive the values with $_POST at the top of the page. Or I may not understand your question?

You might check the permissions on the directory you are uploading to and make sure your app can create files and folders at that location.

You might also put some "echos" in your if statements to find out where it's stopping. See below: if (isset($_POST['submitted'])) { ECHO "1ST IF<br>"; //check for an uploaded file: if (isset($_FILES['upload'])) { ECHO "2ND IF<br>"; //validate the type. Should be pdf, doc or rtf. $allowed = array('application/pdf'); if (in_array($_FILES['upload']['type'], $allowed)) { ECHO "3RD IF<br>"; //move the file over. if (move_uploaded_file($_FILES['upload']['name'], "../hollywincote/uploads/{$_FILES['upload']['name']}")) { ECHO "4TH IF<br>"; echo '<p><em>The file has been uploaded</em></p>'; } //end of move... IF } else { echo '<p>Please upload a PDF.</p>'; } } //end of isset($_FILES['upload']) IF.

First I would check the permissions on the server for the "hollywincote/uploads/" directory. Can this directory create files and folders?

Or, better yet, you could use "Prepared" queries and not have to worry about user input at all: <?PHP $fname=$_POST['fname']; $lname=$_POST['lname']; $address=$_POST['address']; $country=$_POST['country']; $city=$_POST['city']; $connection = new mysqli('localhost', 'root', '', 'testdb'); $result = $connection->prepare("INSERT INTO info (fname,lname,address,country,city) VALUES (?, ?, ?, ?, ?)"); $result->bind_param("sssss", $fname, $lname, $address, $country, $city); $result->execute(); ?> [attachment deleted by admin]