davidannis
-
Posts
627 -
Joined
-
Last visited
-
Days Won
2
Posts posted by davidannis
-
-
Warning: mysql_real_escape_string() expects parameter 2 to be resource, string given in E:\Inetpub\wwwroot\php\home\includes\login.php on line 4
That's because the syntax is different between mysql_real_escape_string http://nz2.php.net/manual/en/function.mysql-real-escape-string.php and mysqli_real_escape_string
string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier = NULL ] )
vs.
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
notice that the link is first in one and last in the other. If this is a class assignment and will never go live, you can probably dispense with the security (though its bad practice) and just forget about sanitizing data.
Oh and also, when I enter an unregistered username and password, the error doesn't display? Is there anyway to show that too?
$result = mysql_query($query) or die(mysql_error()); $number_users = mysqli_num_rows($result ); if ($number_users==0){echo ' no such user';} $row = mysql_fetch_array($result); if ($row['user_password'] == $_POST['lipassword'] && $row['user_password']!='') { $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; $_SESSION['username'] = $_POST['liusername']; } else { echo 'username and password don't match'; $_SESSION['loggedin'] = false; $_SESSION['id'] = 0; } -
First, use mysqli, not mysql which is deprecated (no longer going to be supported, updated)
To clean up input data use mysqli_real_escape_string();
To check whether a user exists, make sure that a row gets returned:
<?php if (isset($_POST['lisubmit'])){ $liusername=mysqli_real_escape_string($dblink,$_POST['liusername']);// Note I'm using mysqli here. Can't mix and match. You need to change the rest of your code to do the same or change my function to mysql. $query = "SELECT user_id, user_password FROM user WHERE user_username = '$liusername'"; // Select details from user table $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); if ($row['user_password'] == $_POST['lipassword'] && $row['user_password']!='') { $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; $_SESSION['username'] = $_POST['liusername']; } else { $_SESSION['loggedin'] = false; $_SESSION['id'] = 0; } } ?>There are a lot of ways to check that the user exists. If not, $ row will be empty. I did a not so elegant check by adding a check to make sure that the password returned in $ row was not blank but you could use mysqli_num_rows() for a more elegant check that a row is being returned.
-
I'm not sure that I understand the question, but I think what you want is:
echo '<ul class=...."';//note outside while loop while($company = mysql_fetch_array($query)) { echo "<li> <a href=\"#\" >" . $company['t1'] ." </li></a>\n"; } echo '</ul>';//note outside while loop -
$Cc = '($_POST['email']) ';
is in single quotes
you need:
$Cc = "{$_POST['email']} ";or it tries to cc $_POST['emai'] instead of whatever address is stored in that variable.
-
The line
$QueryResult = @mysql_query($SQLstring, $DBConnect);
suppresses error messages from the query http://www.php.net/manual/en/language.operators.errorcontrol.php As a general rule suppressing errors is not a good idea so get rid of the @
Then, the next line gives an error because $QueryResult contains false.
To see the error when the query fails try:
$QueryResult = mysql_query($SQLstring, $DBConnect) or die (mysql_error($DBConnect));
http://www.php.net/manual/en/function.mysql-error.php which will print the error that caused your query to fail then stop.
-
Some questions take time to get answered. The answer is yes, someone can make your site load malware if they can control the URL in your IMG tag.
Embedded HTML Tags
Several HTML tags possess attributes that initiate Web browser HTTP requests automatically upon page load. An
example is the IMG (image) tag and SRC attribute. The SRC attribute is used to specify the URL location of image files
for display in Web pages. When your browser loads Web pages with IMG tags, the images are automatically requested
and appear within the browser. But, the SRC attribute can also be used to reference URLs, from any Web server, not
only those containing images.
For instance, if we performed a Google search for “WhiteHat Security” we’d end up with the following URL:
http://www.google.com/search?hl=en&q=whitehat+security&btnG=Google+Search
This URL could be easily substituted inside the IMG SRC attribute, thereby forcing your Web browser to perform that
exact same Google search.
<img src=”
http://www.google.com/search?hl=en&q=whitehat+security&btnG=Google+
Search”
>
Obviously forcing a Web browser to send a Google search request is more or less harmless. However, the same
process of URL construction can be used to automatically make a Web browser transfer bank account funds, post
inflammatory comments, or even hack a website. The point is that this one mechanism of forcing a Web browser to
connect to another website enables XSS worm propagation -
Why are you calling the mail function twice?
It looks to me like the first call is to send the email to the actual user and the second has a hardcoded address to send a notification that a report was sent to the developer/site owner. I'm assuming that was for debugging. I'm guessing that is not the source of his problem.
-
A few things: You can use swiftmailer. Your pdf should be in $data. The password stuff at the top of the script could stay the same.
Try removing the @ that is in front of the mail. The @ suppresses any error messages that the mail produces.
The $i_boundary is used to tell the mail client where one part of the email (the message) stops and another (the pdf) starts. Looking at the output it looks right to me but looks like the email is not being sent with the headers for each section and the boundaries recognized. I'm not sure why. Any idea what changes were made when it stopped working?
-
For whatever help it provides, I use the PEAR Mail modules to send pdf attachments. They are out of date, but here's my code (without the actual longwinded message):
include 'Mail.php'; include 'Mail/mime.php' ; $text = "Your message here"; $html = "<html><body><p>Your message here</p></body></html>"; $crlf = "\n"; $hdrs = array( 'From' => 'david@yourdomain.com', 'Subject' => 'Your Subject' ); $mime = new Mail_mime(array('eol' => $crlf)); $mime->setTXTBody($text); $mime->setHTMLBody($html); $mime->addAttachment($file, 'application/pdf','valuation.pdf',FALSE); $body = $mime->get(); $hdrs = $mime->headers($hdrs); $mail =& Mail::factory('mail'); $recipients=$recipient_email; $mail->send($recipients, $hdrs, $body); -
why do you have {} around the variable in the closing boudary but not the opening around the pdf?
{$i_boundary}-- -
I am trying to replace the last character in a Japanese word with another. substr_replace did not work - I figured because it was multibyte so I tried using only multibyte functions, but it is still not working. Here's the code I'm trying
<meta charset="utf-8"> <?php $word='くたくた'; //substr_replace($word, 'ひ',-1); $length=mb_strlen ( $word); $length--; $word = mb_substr ( $word , $start ,$length).'ひ'; echo $word; ?>
Which results in くたく��ひ
I am probably just using the multi_byte functions wrong but can't see how.
-
To expand on Ansego's answer at the top of basket.php try
<?php session_start(); if ($_SESSION['mysession'] == 1){ header ('Location: http://mydomain.com/basket-trade.php'); } ?> -
Why not force them to select the make first, just hide the dropdown for model until they select make, then use javascript to show the model selection and Ajax to populate it?
-
I think that the first time you execute the script, you have no value for $q. Try invoking the script with myscript.php?q=test to see if I'm right. Then change line 6 to
while(false!== ($file = readdir($res)) && $q!='') { -
The source XML is huge but here's a sample:
<entry> <ent_seq>1000320</ent_seq> <k_ele> <keb>彼処</keb> <ke_pri>ichi1</ke_pri> </k_ele> <k_ele> <keb>彼所</keb> </k_ele> <r_ele> <reb>あそこ</reb> <re_pri>ichi1</re_pri> </r_ele> <r_ele> <reb>あすこ</reb> </r_ele> <r_ele> <reb>かしこ</reb> </r_ele> <r_ele> <reb>あしこ</reb> <re_inf>&ok;</re_inf> </r_ele> <r_ele> <reb>あこ</reb> <re_inf>&ok;</re_inf> </r_ele> <sense> <pos>&pn;</pos> <pos>&adj-no;</pos> <xref>何処</xref> <xref>此処</xref> <xref>其処</xref> <misc>&uk;</misc> <gloss>there (place physically distant from both speaker and listener)</gloss> <gloss>over there</gloss> <gloss>that place</gloss> <gloss>yonder</gloss> </sense> <sense> <stagr>あそこ</stagr> <stagr>あすこ</stagr> <pos>&n;</pos> <misc>&col;</misc> <gloss>genitals</gloss> </sense> <sense> <xref>あれほど</xref> <gloss>that far (something psychologically distant from both speaker and listener)</gloss> <gloss>that much</gloss> <gloss>that point</gloss> </sense> </entry> <entry> <ent_seq>1000360</ent_seq> <r_ele> <reb>あっさり</reb> <re_pri>ichi1</re_pri> </r_ele> <info> <audit> <upd_date>2012-08-04</upd_date> <upd_detl>Entry created</upd_detl> </audit> <audit> <upd_date>2012-08-04</upd_date> <upd_detl>Entry amended</upd_detl> </audit> </info> <sense> <pos>&adv-to;</pos> <pos>&vs;</pos> <misc>&on-mim;</misc> <gloss>easily</gloss> <gloss>readily</gloss> <gloss>quickly</gloss> </sense> <sense> <misc>&on-mim;</misc> <gloss>lightly (flavored food, applied makeup)</gloss> </sense> </entry> -
I think you need the form to have two inputs, start date and end date. Not sure why you have names and models. Then you need SQL something like:
SELECT COUNT * from term WHERE date>='$startdate' AND date<='$enddate'
-
What is the total number of devices that were checked out during a certain timeframe? This is the information that I am trying to pull from my database.
Do you want the total number checked out by everyone? by a particular user? Where is number of checkouts stored in your database? We need column names. During what timeframe? What database columns have dates?
-
Then try:
<?php function test($textboxnumber) { switch ($textboxnumber) { case 1: $response = "hello"; break; case2: $response= "goodbye"; break; .... case 10: $response = 'response 10'; break; default: $response="oops, I don't know hat to say"; break; } return $response; } ?>and call your function with the texbox number.
<input type="textbox" name="xx" value="<?php $textboxnumber=2 ; echo test($textboxnumber); ?>" />
-
I am trying to get the names of the children nodes in XML
Here is the code:
foreach ($pos->children() as $child) { echo "I never get here"; echo $child->getName() . "\n"; } //} echo "but the node has children---<br>"; print_r($pos);which I modeled on the code from http://www.php.net/manual/en/simplexmlelement.getname.php
and here is a sample of the output:
SimpleXMLElement Object ( [n] => SimpleXMLElement Object ( ) ) but the node has children--- SimpleXMLElement Object ( [int] => SimpleXMLElement Object ( ) ) but the node has children--- SimpleXMLElement Object ( [n] => SimpleXMLElement Object ( ) )Why can't I go through the chldren with foreach?
-
For anyone who needs this in the future I decided that if the element was not an object I'd create a one element array and then I could use foreach in all cases. Still not elegant but a little better. I'm marking solved and moving on.
-
I am trying to get a large (~60MB) XML file into a database and it is giving me fits. A sample record from the XML file looks like this:
<entry> <ent_seq>1002090</ent_seq> <k_ele> <keb>お手盛り</keb> <ke_pri>news2</ke_pri> <ke_pri>nf33</ke_pri> </k_ele> <k_ele> <keb>御手盛り</keb> </k_ele> <r_ele> <reb>おてもり</reb> <re_pri>news2</re_pri> <re_pri>nf33</re_pri> </r_ele> <sense> <pos>&n;</pos> <gloss>making arbitrary decisions which benefit oneself</gloss> <gloss>self-approved plan</gloss> </sense> </entry>So, I can have 1 or more <k_ele> elements and within each I can have 1 or more <ke_pri> elements. I need to decide what to do with the record based on the the content of ke_pri elements. Same issue with <r_ele> elements. So, I read the XML with SimpleXML and then because I don't know if each r_ele and re_pri is an object over which I need to iterate or a variable I have ugly code that looks like this:
if (is_object($r_ele)) { foreach ($r_ele as $reading_element) { $re_pri = $reading_element->re_pri; if (is_object($re_pri)) { foreach ($re_pri as $value) { switch ($value) { // decide what to do here } } } else { switch ($re_pri) { // decide what to do here } } } } else { $re_pri = $reading_element->re_pri; if (is_object($re_pri)) { foreach ($re_pri as $value) { switch ($value) { // decide what to do here } } } else { switch ($re_pri) { // decide what to do here } } }I know that there must be a more elegant way to do this and would love suggestions of how I can improve my code.
-
While on vacation I had a lot of downtime and my handy Nexus 7. I got tired of studying Japanese vocabulary and realized that my problem was that I needed to learn more grammar to go with my growing vocabulary. Being a glutton for punishment, I decided that the best way to learn grammar was to create a program that would teach it. So, I began writing and now my little program can spit out some grammatically correct sentences in both languages. Next step is to make it quiz me on the grammar and vocabulary. Which brings me to my big question. I would like to use a spaced repetition system to maximize retention. I've Googled a bit and learned some things. The Leitner System seems pretty easy to understand but I'm guessing that there are better algorithms around. Ideally I'd like PHP/MySql code that I could integrate with my app (My preference is procedural because I am less comfortable with OO), second choice is pseudocode that I could turn into code, third choice is a clear description of a better algorithm than Leitner. So, can anybody point me to code or examples? Does anyone have experience with flashcard algorithms and can make suggestions on a different method or tweaks to Leitner?
Thanks,
David
-
You do not need a div tag. I used one but as mac_gyver suggests you can assign an id to an input tag like this.
<input name="city" id="city" type="text">
Then just change the value of the input using javascript per mac_gyver's suggestion above.
-
Hard to tell from your question but I think that what you want is:
if (!(empty($_REQUEST['checkbox_name_here']))){ // do your implode here }You can change $_REQUEST to $_POST or $_GET if you know how form is submitted.
How to change the day date?
in PHP Coding Help
Posted
If what you want is the date to role over at midnight I think you mean:
if($time1[1] == "PM") { if ($hours==12){ $date = date_create();//default is now I think date_modify($date, '+1 day'); // adds 1 day if it is midnight $time1[0] = date_format($date, 'Y-m-d') . ((int)($hours) + 12) . $minutes . "00"; }else{ $time1[0] = date("Ymd") . ((int)($hours) + 12) . $minutes . "00"; }not sure why it wouldn't roll over on its own.