SharkBait
Members-
Posts
845 -
Joined
-
Last visited
Never
Everything posted by SharkBait
-
Oh I like that, think I'll use that from now on.
-
[code] <?php if(empty($ef) || empty($es)) { // Do stuff } ?> [/code]
-
PHP login script, protection against injections and other
SharkBait replied to Soverign's topic in PHP Coding Help
The section you have that looks like this: [code] <?php } else if(isset($_POST['email'])) { $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db); if(mysql_num_rows($result)) { ?> [/code] Make it look like [code] <?php } else if(isset($_POST['email'])) { $email = mysql_real_escape_string(trim($_POST['email'])); $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db); if(mysql_num_rows($result)) { ?> [/code] You're taking out anything that acn be harmful to a SQL query prior to your query itself. Just make sure you don't use the <?php and ?> like I do (that helps with color coding php in the forum) -
Have you tried to telnet into your SMTP server? Issued the helo (can't remeber if that is it) command and sent the basic email?
-
Looking at the URLs on the page when I'm in the download section all the other URLs are https They will probably have to be hard-coded to http:// if you want it to get out of the secure mode and leave the download section as https
-
I tried this and it seemed to work: [code] $body = preg_replace("((\r\n)+)", " ", trim($body)); [/code] Though you're code might of worked too, I think i was forgetting to actualyl assign the preg_replace to $body ;) Thanks for the help it works the way I need it to now!
-
How are your links coded when they go from your https to your http? I always found that you will have to redo the links so they point to the regular site instead of just by filename. ie [code] <a href="https://www.mysecuresite.com">My Secure Site</a> <a href="http://www.mysecuresite.com">My Non-Secure Site</a> [/code]
-
Couldn't you use MySQL to format the time in the way you want? [code] SELECT DATE_FORMAT(myDateField, '%Y-%d-%m') as myDate FROM myTable; [/code] Though the formatting would have to be done properly but the idea is you can get the query to do it for you :)
-
What about setting where the cookie is valid? IE the path for the cookie in relationship to the server?
-
I have a plugin for Firefox that tells me the current, upcoming and tomorrows weather. It's nice to have, though with a skylight above my head I can tell the weather too ;)
-
Oh I guess I can, but the bit of post that I want posted, is resetting my connection... Ok on one of my scripts I set the session at the top of the script and then I use javascript to display it at the very bottom of the script, but the bottom alert I use to display the session variable seems to be null where at the top it is not. At the top: [code] <?php if(isset($_POST['type'])) { $_SESSION['myLastSearch'] = $_POST['type']; echo "<script type=\"text/javascript\">alert('TYPE: {$_SESSION['myLastSearch']}');</script>"; } require("includes/header.html"); ?> [/code] At the bottom of the script [code] <?php echo "<script type=\"text/javascript\">alert('TYPE: {$_SESSION['myLastSearch']}');</script>"; require("includes/footer.html"); ?> [/code] There are no lines that set $_SESSION['myLastSearch'] anywhere else in the script so I don't know why the bottom is not displaying what the top is. I'm at a loss :)
-
Just a test, I can't seem to post If a kind moderator would like to move this thread into the PHP Help section that would be appreciated. I dont know why it wouldn't let me post the code below into it previously. I tried 7 times to do it
-
Usually what I do is when I upload the file I will strip it's extension to see what type of file it is. Yes its not entirely accurate but since I am the only using the script I know a .PDF will be a PDF ;) When displaying the files I would use a [code=php:0]switch()[/code] statement to determine what icon I would show for the file type. Database wise I store as much as I can about the file. Filesize, Filetype, Filename, uploaded time etc. I learnt that you have to make sure your filesize is corrent when you have a download script get the file and offer it to the client downloading it. Setting up the file's header prior to downloading will corrupt the file.
-
[quote author=The Little Guy link=topic=118206.msg482920#msg482920 date=1165871698] add slashes adds slashes to ' and to " maybe this for the second part: preg_replace("~^\n$|^\r$~","I suppose ",$_POST['my_str']); [/quote] So something like this? [code] <?php $body = addslashes($entry['body']); preg_replace("~^\n$|^\r$~","<br />", $body); ?> [/code]
-
In firefox the bottom (horizontal) scroll is partially hidden behind the bottom section. How many times can I post on the site before it will stop me? Is it me or do the majority of the people that have posted on that site have some weird sexual urge needing to come out? :P
-
Ok I gues using $_POST[] wasnt the best example. When I edit my blog entries the javascript editor I use online (FCKeditor) requires that if I have a pre-existing entry in the textarea, that I escape all double quotes and get rid of any \r \n it has in the message. So when I pull the information from the database to be displayed on my editing page I have to make sure that the javascript doesn't freak out. This is the section I am trying to abide by: http://wiki.fckeditor.net/Developer%27s_Guide/Integration/Javascript#line-132 the [code] oFCKeditor.value = '{$my_database_entry_text_ here}'; [/code]
-
I just read over the posts in this thread. If they are uploading scripts and being executed what are the permissions on said script? If they are deleting files via the uploaded script isn't that an issue too? I hope somehow uploaded files aren't given 0777 access when they are created.
-
What do I need to use to escape double quotes? The javascript online editor I use needs double quoetes (") escaped with a backslash. Can I [code=php:0]str_replace('"', '\"', $_POST['body'])[/code] or is there something else I need to look at? Would [code=php:0]addslashes()[/code] escape double quotes? I'd also need to replace \n and \r characters with I suppose <br /> instead. Thanks
-
[code] SELECT COUNT(*) FROM people GROUP BY name ORDER BY COUNT(*) LIMIT 3 [/code] Try that?
-
When I hover over 'Home' it tells me it's 'About Us' ;)
-
One thing I've noticed is that if a script gets executing for a very long time, well not sure how long but.. anyway it prompts me to download the script and not the information I wanted. Perhaps the file that you're pulling from the database is too large for your php.ini files to handle in script execution time?
-
One thing I see is that you don't check to see if secret is correct so I could enter anything I want. As for the file uploading not sure but they managed to upload or replace one of your files didnt they?
-
If you find the answer I'd like to know to. I do pass variables to javascript via php with echoing the output into javascript and that seems to work, perhaps you can do that with Flash? Example [code] <?php $myWidth = 50; ?> <script type="text/javascript"> function myAlert() { alert('<?php echo $myWidth;?> is the width!'); } </script> [/code] Well I'm no JS expert but you get the point :)
-
[code] <a href="http://www.tingram.ca" target="_blank">Tingram.ca</a> [/code] That will load a link into a new window
-
Could have the privacy policy pop up another window so they don't loose their data in the form. No need to reqired.