sford999

I have the following form which lists the most downloaded images from the site. and using checkboxes I am selecting specific items to show on the home page. <form action="file_selection.php" method="post" enctype="multipart/form-data" name="file_selection" id="file_selection"> <table width="100%"> <tr> <td width="5%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_fileid', 'File ID'); ?></td> <td width="35%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_original_filename_editable', 'Original Filename (Editable)'); ?></td> <td width="30%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_url', 'URL'); ?></td> <td width="10%" align="center" class="fileTable regular"><?php echo adminFunctions::t('newsfeeder_filetype', 'File Type'); ?></td> <td width="10%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_filesize', 'File Size'); ?></td> <td width="5%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_downloads', 'Downloads'); ?></td> <td width="5%" align="center" class='fileTable regular'><?php echo adminFunctions::t('newsfeeder_select', 'Select'); ?></td> </tr> <?php // Get most popular files by download $sql = "SELECT * FROM file WHERE statusId = '1' ORDER BY visits DESC LIMIT 0, 50"; $files = $db->getRows($sql); if ($files) { foreach ($files AS $file) { $addedFilename = ''; $originalFilename = wordwrap($file['originalFilename'], 60, "<br/>", true); if (SITE_CONFIG_FILE_URL_SHOW_FILENAME == 'yes') { $addedFilename = '/'.slugify($file['originalFilename']); } echo '<tr> <td width="5%" align="center" class="discreet">'.$file['id'].'</td> <td width="35%" class="discreet"><input name="originalFilename" type="text" id="originalFilename" value="'.$originalFilename.'" size="50" /></td> <td width="30%" class="discreet"><a href="'._CONFIG_SITE_PROTOCOL.'://'._CONFIG_SITE_FILE_DOMAIN.'/'.$file['shortUrl'].$addedFilename.'" target="_blank">'._CONFIG_SITE_PROTOCOL.'://'._CONFIG_SITE_FILE_DOMAIN.'/'.$file['shortUrl'].$addedFilename.'</a> <input name="url" type="hidden" id="url" value="'._CONFIG_SITE_PROTOCOL.'://'._CONFIG_SITE_FILE_DOMAIN.'/'.$file['shortUrl'].$addedFilename.'" /></td> <td width="10%" align="center" class="discreet">'; if(!$file['extension'] || !ctype_alnum($file['extension'])) { echo '<img src="'.SITE_IMAGE_PATH.'/file_icons/16px/_page.png" width="16" height="16" title="Unknown file"/>'; } else { echo '<img src="'.SITE_IMAGE_PATH.'/file_icons/16px/'.$file['extension'].'.png" width="16" height="16" title="'.$file['extension'].' file"/>'; } echo '<input name="filetype" type="hidden" id="filetype" value="'.$file['extension'].'" /></td> <td width="10%" class="discreet">'.formatSize($file['fileSize']).'<input name="filesize" type="hidden" id="filesize" value="'.$file['fileSize'].'" /></td> <td width="5%" align="center" class="discreet">'.$file['visits'].'</td> <td width="5%" align="center" class="discreet"><input type="checkbox" name="fileid[]" id="fileid[]" value="'.$file['id'].'" onclick="return addCheck(this);" /></td> </tr>'; } } else { adminFunctions::setError(adminFunctions::t("newsfeeder_no_files", "Error: No files to display.")); } ?> <tr> <td colspan="6" align="right" class="discreet"><?php echo adminFunctions::t('newsfeeder_selectall', 'Select All'); ?></td> <td width="5%" align="center" class="discreet"><input type='checkbox' name='checkall' onclick='checkedAll();'></td> </tr> </table> <br/><br/> <input type="submit" name="submit" value="<?php echo adminFunctions::t('newsfeeder_button_use_selected_files', 'Use Selected Files'); ?>" class="button blue"/> </form> The following code processes the form if (isset($_POST['submit'])) { if(!$_REQUEST['fileid']) { adminFunctions::setError(adminFunctions::t("newsfeed_error_no_files_selected", "Error: You did not select any files.")); } // Get post variables $fileid = $_REQUEST['fileid']; $filename = $_REQUEST['originalFilename']; $url = $_REQUEST['url']; $filetype = $_REQUEST['filetype']; $filesize = $_REQUEST['filesize']; foreach ($fileid as $key => $id) { $info[] = $id.",".$filename[$key].",".$url[$key].",".$filetype[$key].",".$filesize[$key]; if(!in_array($key, $filename)) { continue; } } // check for demo mode if (_CONFIG_DEMO_MODE == true) { adminFunctions::setError(adminFunctions::t("no_changes_in_demo_mode")); } // if no errors, redirect and show success banner if (adminFunctions::isErrors() == false) { foreach ($info as $file_info) { $all = explode(",",$file_info); $id = $all[0]; $filename = $all[1]; $url = $all[2]; $filetype = $all[3]; $filesize = $all[4]; $db->query("INSERT INTO newsfeeder_files (fileId, originalFilename, shortUrl, fileType, fileSize) VALUES ('".$id."','".$filename."','".$url."','".$filetype."', '".$filesize."')"); } adminFunctions::redirect('file_selection.php?s=1'); } } However it's not inserting the information into the database properly as you can see from the image below I have tried adding [] to the form fields <input name="filetype" type="hidden" id="filetype" value="'.$file['extension'].'" /> to: <input name="filetype[]" type="hidden" id="filetype[]" value="'.$file['extension'].'" /> but when I do the above and submit the form, it only adds the first 5 files (unchecked) from the 50 and not the 5 I have checked using the checkboxes. I have been scratching my head over this for the past 2-3 hours without finding a solution, so I'm hoping someone would help me out. Thanks

Hi, I have a database schema such as: ID, gallery_id, Images What I would like to do is count each matching row from the "gallery_id" column and display the most popular result. eg: if the gallery_id rows are (2,5,6,2,7,9,2,5,7,2,2), then 2 would be the most popular and that is the one I want to display. Am I right in thinking along the lines of: SELECT *, COUNT(images) FROM table GROUP BY (gallery_id)

Try this <?php function make_safe($unsafe) { $safe = add_slashes(strip_tags(trim($unsafe))); return $safe; } ?> you will need to use the strip_slashes() function on anything which has single or double quotes and backslashes passed though.

Its like bundyxc said, its most likely the unsanitized $_GET['']; input. As you could probably do something like: index.php?page=<script>alert('I can see this popup')</script> You could use something like <?php function make_safe($unsafe) { mysql_connect($server, $user, $pwd); $safe = mysql_real_escape_string(strip_tags(trim($unsafe))); return $safe; } ?> Then do <?php make_safe($_GET['something']); ?>

NM I fixed it, thanks Guys

http://us2.php.net/manual/en/function.htmlspecialchars.php or http://us2.php.net/manual/en/function.html-entity-decode.php

You could use somethign like this: <form action="page.php" method="post" enctype="multipart/form-data" name="form_id" id="form_id"> <script language='javascript' type='text/javascript'> form_id = function() { if(document.getElementById('jurisdiction').value == '') { alert('Enter your text here.'); document.getElementById('jurisdiction').focus(); document.getElementById('jurisdiction').select(); return false; } else { return true; } } document.getElementById('form_id').onsubmit = form_id; </script> // Form continues here changing "form_id" for your form name and the alert to whatever you want it to be

Just tried your suggestions and I'm having this error: Warning: implode() [function.implode]: Invalid arguments passed in C:\server\htdocs\date\messages.php on line 119 Print_r($_POST['delete']); Array ( [0] => 33 [1] => 28 [2] => 27 [3] => 26 )

Hi I have the following code to delete messages from a table using checkboxes. <?php if(isset($_POST['submit'])) { $list = ""; $counter = 0; foreach($_POST['delete'] as $value) { $list+="'$value$'"; if($counter>0) $list+=","; $counter++; } $sql = "DELETE FROM messages WHERE id IN ($list)"; $result = mysql_query($sql) or die(sql_error(mysql_error(), $sql)); if(mysql_affected_rows() >= 1) { redirect('messages.php', 0); } else { echo mysql_error(); } } ?> The html thats producing the checkboxes <input name="delete[]" type="checkbox" id="delete[]" value="'.$id.'"> However when printing the mysql query its saying this DELETE FROM messages WHERE id IN (0) Doing a print_r() on $_POST['delete'] says this Array ( [0] => 33 [1] => 28 [2] => 27 [3] => 26 [4] => 25 ) However as you can see from the query, the array is not being passed to the query and I can't see where I have gone wrong. Any help would be appreciated.

Nope no change

Heres the visits table CREATE TABLE IF NOT EXISTS `visits` ( `id` int(11) NOT NULL AUTO_INCREMENT, `visited_uid` varchar(25) NOT NULL, `visitor_uid` varchar(25) NOT NULL, `time` varchar(25) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=61 ; And the members table CREATE TABLE IF NOT EXISTS `members` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(25) NOT NULL, `email` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `salt` varchar(20) NOT NULL, `sex` varchar(1) NOT NULL, `age` varchar(20) NOT NULL, `country` varchar(2) NOT NULL, `city` varchar(255) NOT NULL, `has_img` varchar(1) NOT NULL DEFAULT '0', `img_id` varchar(255) NOT NULL DEFAULT 'no_image.gif', `last_login` varchar(25) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=134 ;

$uid is the member who is viewing their own page which this is displayed on. eg, my $uid = 5 and I only want to see the last 3 people who have viewed my profile. If I use m.user_id then it will show me people who have viewed other peoples profiles and not those that have viewed my profile.

Hi, I'm trying to do the following: Get the last 3 visitors from the "Visits" table as defined by the unix timestamp, and display some member info from the members table. However, its doesn't seem to be displaying correctly as the last 3 "visitor_uid" are say "55,56,57" but the page is displaying random ID's and not the last 3 $uid is defined previously and is the logged in users ID from the members table. <?php $sql = "SELECT v.visited_uid, v.time, m.username, m.age, m.sex, m.country, m.img_id, m.last_login FROM visits as v, members as m WHERE v.visited_uid = '$uid' ORDER BY v.time DESC LIMIT 3"; $res = mysql_query($sql) or die(sql_error(mysql_error(), $sql)); while($row = mysql_fetch_array($res)) { echo '<table width="100%" border="0"> <tr> <td width="10%" class="none"><img src="users/'.$row['img_id'].'" alt="" /></td> <td width="90%" valign="top" class="none">'; if($row['time'] <= time()-86400) { echo '<img src="img/new.gif" />'; } elseif($row['time'] <= time()-1800) { echo '<img src="img/online.gif" alt="Member Online" />'; } echo '<br /> <span class="inter"><a href="profile.php?uid='.$row['id'].'"><strong>'.$row['username'].'</strong></a><br /> <strong>'.$row['age'].', '.$row['sex'].'Sex</strong> from <strong>'.$row['country'].'Country</strong><br /> _{'; echo format_time($row['time']); echo '}</span></td> </tr> </table>'; } ?>

Hi all, I`m using the following function to create a thumbnail of an image when its uploaded: <?php function create_thumbnail($source, $destination, $thumb_width) { $size = getimagesize($source); $width = $size[0]; $height = $size[1]; $x = 0; $y = 0; if($width > $height) { $x = ceil(($width - $height) / 2); $width = $height; } elseif($height > $width) { $y = ceil(($height - $width) / 2); $height = $width; } $new_image = imagecreatetruecolor($thumb_width, $thumb_width) or die('Cannot Initialize new GD image stream'); $extension = get_image_extension($source); if($extension == 'jpg' || $extension == 'jpeg') { $image = imagecreatefromjpeg($source); } if($extension == 'gif') { $image = imagecreatefromgif($source); } if($extension == 'png') { $image = imagecreatefrompng($source); } imagecopyresampled($new_image, $image, 0, 0, $x, $y, $thumb_width, $thumb_width, $width, $height); if($extension == 'jpg' || $extension == 'jpeg') { imagejpeg($new_image, $destination); } if($extension == 'gif') { imagegif($new_image, $destination); } if($extension == 'png') { imagepng($new_image, $destination); } } ?> However, Whenever I upload an image that is say 1920px x 1080px the "create_thumbnail()" function is creating a square thumbnail, eg 600x600 and not what it should be at 600x338 or 300x169. How can I change it so that it does work by keeping the file proportions? Thanks.

Perfect Thanks

That doesn`t really help me a great deal, I'm trying to fetch type = "2" AND type = "3" from the same table column as some of the models are fashion only (type 1), glamour only (type 2) and some do both fashion and glamour (type 3). This is the code I have at present. <?php $sql = "SELECT * FROM models WHERE type = '2' AND type = '3' AND auth = '1' ORDER BY id"; $result = mysql_query($sql) or die(sql_error(mysql_error(), $sql)); if(!mysql_num_rows($result)) { echo 'Error'; } $column=1; while($row = mysql_fetch_array($result)) { extract($row); if ($column == 1) { // Begin row in table echo '<tr>'; } echo '<a href="model.html?'.$id.'"><img src="models/'.$img_id.'" width="94px" height="128px" /><br /><h3>'.$name.'</h3></a>'; $column++; // When you've looped enough, end the row. if ($column == 6) { echo '</tr>'; $column=1; } } ?>

Or something like this: <?php $AuthCode = makeSQLSafe($AuthCode); //database query $query = "UPDATE Users SET EmailConfirmed='1' WHERE AuthCode='$AuthCode'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { if($AuthCode != $row[AuthCode]) { // Codes didn't match echo 'Error'; } else { // All Good echo 'Congrats'; } } mysql_close(); ?>

Hi, I have this database where it holds info on models. Type '1' = Fashion Type '2' = Glamour Type '3' = Fashion & Glamour. I have this query: <?php $sql = "SELECT * FROM models WHERE type = '2' AND type = '3' AND visible = '1' ORDER BY id"; ?> However the problem is that its not showing any of the models on the page. If I change the query to this below it works perfectly. <?php $sql = "SELECT * FROM models WHERE type = '2' AND visible = '1' ORDER BY id"; ?> What/Where have I done/gone wrong? Thanks

Huh? I don`t understand what you mean ???

Hi, I'm looking to search a query string for specific text, as I`m getting a lot of hacking attempts on my site, and I want to exclude them and block the IP's that are attempting the hack. eg: The page would be rigs.htm?rigs:34 to view the rigs section and rig ID 34 but I want to search for anything after that. ie: rigs.htm?rigs:34/check_entry.php?dir_abs_src= The thing i want to search for is in bold above. I`m currently using the following code to split the querystring into that pages I want. <?php $page = mysql_real_escape_string($_SERVER['QUERY_STRING']); list($pid, $sid) = explode(":", $page); ?> I'm clueless how I would go about this, so any help would be appreciated. Thanks

I think this is what you're after: explode()

http://www.ejeliot.com/pages/2

<?php function generate_passhash($salt, $md5_password) { return md5(md5($salt).$md5_password); } function generate_salt($length=5) { $salt = ''; srand((double)microtime() * 1000000); for ($i=0;$i<$length;$i++) { $number = rand(33, 126); if ($number == '92') { $number = 93; } $salt .= chr($number); } return $salt; } ?> To use it you can do: <?php $salt = generate_salt($length=5); $md5_password = md5($_POST['password']); $hashed_password = generate_passhash($salt, $md5_password); ?> You would put both the salt and hashed_password into the database. When a user logs in, you have to grab their $salt from the database and do like the function does above: $pass = md5(md5($row['salt']).$md5_password); then do an if else eg: <?php $password = strip_tags($_POST['password']); $md5_password = md5($password); $sql = "SELECT * FROM table WHERE username = '$username'"; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result); $pass = md5(md5($row['salt']).$md5_password); if($pass == $row['password']) { // Log the user in } else { // Wrong password } ?>

Anyone have any ideas?

You can edit it via a form using the following functions http://uk2.php.net/file_get_contents http://uk2.php.net/manual/en/function.file-put-contents.php