Jump to content

MFA

Members
  • Posts

    32
  • Joined

  • Last visited

Everything posted by MFA

  1. Hi I'm trying to make a "pagination" for my webpage so people can flick through several pages of images (6 columns by 4 rows). The code is meant to check how many pages are needed and display a maximum of 5 page links, 2 links for the pages before the current page and 2 links for the pages just after. Anyway, I have tested it and the if statements are only read when the for loop is removed however the latter is necessary for this code to work. Also I'm very basic in my coding as I'm still new. here is my code: if ($numberofobjects > '23') { function getCurrentPageUrl() { $pageURL = 'http'; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } $hrefpages = getCurrentPageUrl(); $draftnumberofpages = $numberofobjects / '24'; $numberofpages = count($draftnumberofpages, 0, PHP_ROUND_HALF_UP); $currentpage = substr($hrefpages, -1); $linkwithoutpage = substr($hrefpages, 0, -1); $prevpage1 = $currentpage - '1'; $nextpage1 = $currentpage + '1'; $prevpage2 = $currentpage - 2; $nextpage2 = $currentpage + 2; $keepgoing = '0'; $currentpagination = '0'; $nomoreprev = '0'; $nomorenext = '0'; echo '<div class="row"></div>'; echo '<div class="row"></div>'; echo '<div class="pagination-centered"> <ul class="pagination">'; if ($currentpage != '1') { echo '<li class="arrow"><a href="'.$linkwithoutpage.$prevpage1.'">«</a></li>'; } for ($paginationincrement = 0; $paginationincrement == 5; $keepgoing++) { if ($prevpage2 >= 1) { echo '<li ><a href="'.$linkwithoutpage.$prevpage2.'">'.$prevpage2.'</a></li>'; echo '<li ><a href="'.$linkwithoutpage.$prevpage1.'">'.$prevpage1.'</a></li>'; $paginationincrement + 2; $nomoreprev = '1'; } if ($prevpage1 >= 1 && $nomoreprev != 1 ) { echo '<li ><a href="'.$linkwithoutpage.$prevpage1.'">2</a></li>'; $paginationincrement ++; } if ($currentpagination == '0') { $paginationarray = '<li class="current"><a href="#">'.$currentpage.'</a></li>'; $paginationincrement++; $currentpagination = '1'; } if ($nextpage2 <= $numberofpages) { echo '<li ><a href="'.$linkwithoutpage.$nextpage2.'">'.$nextpage1.'</a></li>'; echo '<li ><a href="'.$linkwithoutpage.$nextpage1.'">'.$nextpage2.'</a></li>'; $paginationincrement + 2; $nomorenext = 1; } if ($nextpage1 <= $numberofpages && $nomorenext != 1) { echo '<li ><a href="'.$linkwithoutpage.$nextpage1.'">'.$nextpage1.'</a></li>'; $paginationincrement ++; } if ($paginationincrement == $numberofpages) { $paginationincrement = 5; } } if ($currentpage != $numberofpages) { echo '<li class="arrow"><a href="'.$linkwithoutpage.$prevpage1.'">»</a></li>'; } echo ' </ul> </div></div>'; }
  2. At the minute, I'm using prepared statements for safely inserting the link and specialchars function when outputting it. Have I missed anything?
  3. Could someone please give me advice or redirect me to helpful information on how to safely insert hyperlinks into a MySQL table by members/users of my site. I am particularly concerned about security. Many thanks.
  4. Ahhh, I never knew of the shuffle function. Very useful in this scenerio indeed. It should have been: while (count($randommodulearray) != $numberofmodules) Thanks for your help.
  5. I knew I could use the array_unique function but I decided to write something more neat. Do you have any ideas as to why my code doesn't work?
  6. Hi, I'm trying to make an array containing values that are unique (i.e. the values are not repeated within the array). There seems to be a mistake somewhere in my code below because only one value (the first element of the array) is being stored in the $randommodulearray array. I would appreciate it if someone could explain why. Cheers. Also, just to confirm, $module == 'all'. if (($module == 'all') || ($module == 'sem1') || ($module == 'sem2')) { $modulearray = array("1"=>"Endocrine","2"=>"Renal","3"=>"Genetics","4"=>"GI","5"=>"Neuro","6"=>"EPISTATS"); $randommodulearray = array(); switch ($module) { case 'all': $numberofmodules = '6'; $min = '1'; $max = '6'; break; case 'sem1': $numberofmodules = '3'; $min = '3'; $max = '6'; break; case 'sem2': $numberofmodules = '3'; $min = '1'; $max = '3'; break; } do { $optionmodule = rand($min,$max); $checkmodule = $modulearray[$optionmodule]; if (in_array($checkmodule, $randommodulearray)) { do { echo 'lol'; $optionmodule = rand($min,$max); $checkmodule = $modulearray[$optionmodule]; } while (!in_array($checkmodule, $randommodulearray)); $randommodulearray[] = $checkmodule; } else { $randommodulearray[] = $checkmodule; } } while (count($randommodulearray) == $numberofmodules); // i.e. until they are 6 elements in array }
  7. Yes I know, it's difficult to explain. Unfortunately, I have to use an array, this is template code from pChart and I have to fill in the array values as they represent the values of the bar graphs. I am still not sure how to go about this using the list() function.
  8. I am wondering how to replace several values in an array with a single variable. I have tried just simply creating a variable for all the values within the array (e.g. $variable = $round1.",".$round2.",".$round3) and substituiting that in however it doesn't work as the array understands the comma's literally and outputs them on the page. The original line of code is below. Thank you. $myData->addPoints(array($round1,$round2,$round3),"Frequency");
  9. I just installed pchart2.1.3 onto my server. The examples and sandbox rendering work fine however when implementing any pchart code onto one of my webpages, I get weird characters instead of a graph. For example, I get something like this PNG IHDR <2IDATxogس]gwc{w4 %YeZ$hiՈ T.i * $RJhQ(=.BjJDIKHThQ@^"jmnKdu:^{v{\&g{<ώyeg~ 33ό\"aW !$w !H@BHBr;$ !$w !H@B$7 |shT*>}궊.W(R}\W#N jwwݭ]Kpʕ+q@ D6Gn^sy䑳g6 q[n%FV+Hi&Nڴium< ܣѨ 'Og>×wuW$Rc<>jD]aVTD%ip׾/۷og/^\58_R.ϼ-}A ;5HD%ipז.]: and it fills my entire webpage with these characters. Can anyone suggest how to correct this?
  10. MFA

    foreach error

    Hi I have made the code below that outputs the contents of a CSV file into a table. The code works fine however on my server host CGI error log, it says PHP Warning: Invalid argument supplied for foreach() in "my_php_file_name" on line 83 do { $array = fgetcsv($filehandle, 65, ","); echo "<tr>"; foreach ($array as $tableformat) { echo "<td>".$tableformat."</td>"; } echo "</tr>"; $nextrow++; } while ($nextrow <= $lines); $lines refers to the number of lines in the CSV file and $nextrow represents the integer value 0. Although it is working, could someone please explain to me why this message appears so that I can correct it and learn from this experience. Thank you.
  11. Hi I am wondering whether starting (<?php) and stopping (?>) PHP several times throughout a script has an affect on the speed of which it is processed. Sometimes I have a few lines of HTML in between sections of PHP language. Would it more efficient if I just echo'd this HTML section (in PHP) or does it not make a difference?
  12. So I fixed it by creating 2 separate variables for each $_GET command. One specifically for the <select> tags and the other for the switch statements. However, I still want to know why it wasn't working before, could someone help me figure this out please. If I had only one variable for each $_GET command and placed it below all the <select> tags, the sql query would work. So, the problem is obviously above that point and to do with the section containing the <select> tags.
  13. Thank you for helping out and teaching me how to simplify such a code however you must appreciate I am still only a beginnner in this field and require further practice before attaining the level of expertise to write such codes. After modifiing my code to as you suggested, I received the following on my page: "Query: Error:"
  14. Hi. I have spent this whole afternoon (4 hours) trying to find the mistake causing my code to stop working. It was working fine before I appended all the if "if ($module == "neuro") {echo 'selected="selected"';}" in the option html tags. Now i get an error saying "PHP Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /.../.../mcqlist.php on line 241" <?php if (($_SESSION['year2']) || (($_SESSION['y2s1']) && ($_SESSION['y2s2']))) { echo "<h3>".$_SESSION['year2']."</h3>"; } if ($_SESSION['y1s1']) { echo "<h3>".$_SESSION['y2s1']."</h3>"; } if ($_SESSION['y2s2']) { echo "<h3>".$_SESSION['y2s2']."</h3>"; } $module =$_GET['mod']; $questiontype = $_GET['type']; $diff = $_GET['diff']; ?> <form name="customlist" action="mcqlistquery.php" method="post"> <!-- use mcqlistcustom or just make it the same page??--> <table border="0" width="90%" align="center"> <tr><td><b>Select Modules</b></td><td><b>Select Question Format</b></td><td><b>Select Difficulty</b></td></tr> <tr><td><select name="topic"> <?php if (($_SESSION['year2']) || (($_SESSION['y2s1']) && ($_SESSION['y2s2']))) { echo ' <option value="all"'; if (($module == "") || ($module=="all")) {echo 'selected="selected"';} echo '>ALL MODULES</option> <option value="" ></option> <option value="neuro"'; if ($module == "neuro") {echo 'selected="selected"';} echo '>Neuroscience</option> <option value="gi"'; if ($module == "gi") {echo 'selected="selected"';} echo '>Gastrointestinal and Liver</option> <option value="epistats"'; if ($module == "epistats") {echo 'selected="selected"';} echo '>Epidemiology and Statistics</option> <option value="genetics"'; if ($module == "genetics") {echo 'selected="selected"';} echo '>Clinical Genetics</option> <option value="renal"'; if ($module == "renal") {echo 'selected="selected"';} echo '>Renal and Urology</option> <option value="endocrine"'; if ($module == "endocrine") {echo 'selected="selected"';} echo '>Endocrine</option> <option value=""></option> <option value="sem1"'; if ($module == "sem1") {echo 'selected="selected"';} echo '>SEMESTER 1 MODULES</option> <option value="sem2"'; if ($module == "sem2") {echo 'selected="selected"';} echo '>SEMESTER 2 MODULES</option> '; } if ($_SESSION['y2s1']) { echo ' <option value="sem1"'; if (($module == "") || ($module=="sem1")) {echo 'selected="selected"';} echo 'selected="selected">SEMESTER 1 MODULES</option> <option value="" ></option> <option value="neuro"'; if ($module == "neuro") {echo 'selected="selected"';} echo '>Neuroscience</option> <option value="gi"'; if ($module == "gi") {echo 'selected="selected"';} echo '>Gastrointestinal and Liver</option> <option value="epistats"'; if ($module == "epistats") {echo 'selected="selected"';} echo '>Epidemiology and Statistics</option>'; } if ($_SESSION['y2s2']) { echo ' <option value="sem2"'; if (($module == "") || ($module=="sem2")) {echo 'selected="selected"';} echo '>SEMESTER 2 MODULES</option> <option value=""></option> <option value="genetics"'; if ($module == "genetics") {echo 'selected="selected"';} echo '>Clinical Genetics</option> <option value="renal"'; if ($module == "renal") {echo 'selected="selected"';} echo '>Renal and Urology</option> <option value="endocrine"'; if ($module == "endocrine") {echo 'selected="selected"';} echo '>Endocrine</option> '; } ?> </select></td><td> <select name="questionformat"> <option value="all" <?php if (($questiontype == "") || ($questiontype=="all")) {echo 'selected="selected"';} ?>>ALL FORMATS</option> <option value="" ></option> <option value="mcq" <?php if ($questiontype == "mcq") {echo 'selected="selected"';} ?>>Multiple Choice (MCQ)</option> <option value="emq" <?php if ($questiontype == "emq") {echo 'selected="selected"';} ?>>Extended Matching (EMQ)</option> <option value="srq" <?php if ($questiontype == "srq") {echo 'selected="selected"';} ?>>Selected Response (SRQ)</option> <option value="mcqemq" <?php if ($questiontype == "mcqemq") {echo 'selected="selected"';} ?>>MCQ and EMQ</option> <option value="mcqsrq" <?php if ($questiontype == "mcqsrq") {echo 'selected="selected"';} ?>>MCQ and SRQ</option> <option value="emqsrq" <?php if ($questiontype == "emqsrq") {echo 'selected="selected"';} ?>>EMQ and SRQ</option></select> </td> <td> <select name="difficulty"> <option value="all" <?php if (($diff == "") || ($diff == "all")) {echo 'selected="selected"';} ?>>ALL DIFFICULTIES</option> <option value="" ></option> <option value="easy" <?php if ($diff == "easy") {echo 'selected="selected"';} ?>>Easy</option> <option value="easymoderate"<?php if ($diff == "easymoderate") {echo 'selected="selected"';} ?>>Easy and Moderate</option> <option value="moderate"<?php if ($diff == "moderate") {echo 'selected="selected"';} ?>>Moderate</option> <option value="moderatehard" <?php if ($diff == "moderatehard") {echo 'selected="selected"';} ?>>Moderate and Hard</option> <option value="hard" <?php if ($diff == "hard") {echo 'selected="selected"';} ?>>Hard</option> <option value="easyhard" <?php if ($diff == "easyhard") {echo 'selected="selected"';} ?>>Easy and Hard</option> </select></td> <td> <input type="submit" value="Go!" /> </td></tr> </table> </form> <?php if (($module="") || ($diff="") || ($questiontype="")) { echo "Filter fields not correctly specified!"; die(); } include 'dbyear2.php'; if (($_SESSION['year2']) || ($_SESSION['y2s1'])) //alowed subscriptions { switch ($module) //creating whitelist, used for security, prep_stmt can't be used and is better than using escae_string { case "neuro": $tbl = "Neuro_"; break; case "gi": $tbl = "GI_"; break; case "epi": $tbl = "EPISTATS_"; break; } } if (($_SESSION['year2']) || ($_SESSION['y2s2'])) //allowed subscriptions { switch ($module) { case "genetics": $tbl="Genetics_"; break; case "renal": $tbl="Renal_"; break; case "endocrine": $tbl = "Endocrine_"; break; } } switch ($questiontype) //question format. whitelist. { case "mcq": $qtype = "MCQ"; break; case "emq": $qtype ="EMQ"; break; case "srq": $qtype = "SRQ"; break; } $tablefinal = $tbl.$qtype; switch ($diff) //whitelist { case "easy": $correctdiff = "Easy"; $imgsrc = "http://.mysite../easy.png"; $imgalt = "easy"; break; case "moderate": $correctdiff = "Moderate"; $imgsrc = "http://..mysite../moderate.png"; $imgalt = "moderate"; break; case "hard": $correctdiff = "Hard"; $imgsrc = "http://...mywebsite./hard.png"; $imgalt = "hard"; break; } $statement = mysqli_query($condbyear2, "SELECT UQN FROM $tablefinal WHERE difficulty= '$correctdiff'"); $baseURL = "http://..my website../mcq.php?uqn="; while ($row = mysqli_fetch_array($statement, MYSQLI_NUM)) { foreach ($row as $integer) { $href = $baseURL.$integer; echo "<a href= '$href'> <img src='$imgsrc' alt='$imgalt' width='80' height='80'> </a>"; } } ?>
  15. So, I finally fixed it. And for anyone else who has/will suffer(ed) from a similar problem, the solution was to reset your CGI error log. Mine was saying: 20130316T222720: www.webaddress.com/webpage.php PHP Warning: session_start(): open(/var/php_sessions/sess_8dc57575562c346dcdf093266d7a46e4, O_RDWR) failed: No such file or directory (2) in /hermes/waloraweb077/b1980/webaddress.com/webpage.php on line 2 PHP Warning: Unknown: open(/var/php_sessions/sess_8dc57575562c346dcdf093266d7a46e4, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_s And yes, the session.save_path was in the correct place (not sure why it was saying that).
  16. I was just going to type "Yes, I know but then how can i bind the result for each column without having to type out a new variable for each one. Is there not a similar function to mysqli_fetch_assoc for prepared statements?" BUT then it hit me that it is exactly the same thing as using mysqli_fetch_assoc still requires me to write out the column name anyway! What is limit overhead? One final question about prepared statements, will the example below work or must all paramaters be replaced by a '?' - The solution would obviousluy be to create a variable to replace '1' but I'm wondering if this is unnecessary? "SELECT email,password FROM members WHERE email = ? AND password = ? AND validate=1"
  17. How does one go about converting an SQL query such as: SELECT * FROM members WHERE userid='$userid' AND code=$code' into a prepared statement for PHP. I understand how to use prepared statements however I'm having trouble with the * part of the query and I'd rather not have to write out all the table coulmns because I have about 20. EDIT: I'm using mysqli procedural
  18. I'm not sure what "out of sync" errors are. I don't get error messages if that's what you mean.This is my code at the moment. <?php //prepared statement example include 'database.php'; $query = "SELECT ID FROM users WHERE email = ?"; $email = 'example@googlemail.com'; $statement = mysqli_stmt_init($condbmembers); mysqli_stmt_prepare($statement, $query); mysqli_stmt_bind_param($statement, 's', $email); mysqli_stmt_execute($statement); mysqli_stmt_bind_result($statement, $id); mysqli_stmt_fetch($statement); echo $id . "</br>"; // THIS WORKS!! $querytwo = "SELECT fname FROM users WHERE ID = ?"; $uid = '4'; $statementone = mysqli_stmt_init($condbmembers); mysqli_stmt_prepare($statementone, $querytwo); mysqli_stmt_bind_param($statementone, 'i', $uid); mysqli_stmt_execute($statementone); mysqli_stmt_bind_result($statementone, $fname); mysqli_stmt_fetch($statementone); echo $fname; //THIS DOESN'T UNLESS I INSERT mysqli_stmt_close($statement); FOLLOWING echo $id . "</br>"; ?>
  19. Okay, but how come I can't use another prepared statement unless I use mysqli_stmt_close($etc); after the first one?
  20. I've just completed my first prepared statement, converted to using them for security reasons. I've tested it and it works however I am looking for feedback (constructive criticism welcomed) regarding the code itself although I understand it 's fairly basic. Here's teh code: <?php //prepared statement example include 'database.php'; $query = "SELECT ID FROM users WHERE email = ?"; $email = 'myemail@gmail.com'; $statement = mysqli_stmt_init($connect); mysqli_stmt_prepare($statement, $query); mysqli_stmt_bind_param($statement, 's', $email); mysqli_stmt_execute($statement); mysqli_stmt_bind_result($statement, $id); mysqli_stmt_fetch($statement); echo $id; ?> Also, is using mysqli_stmt_close necessary? Am I correct in saying that without using this function I will not be able to create another prepared statement within that script? - because I have tried the latter and it wouldn't work unless I did close the statement.
  21. Okay, I now have a much better understanding of mysql injection attacks and what measures I can employ to try and prevent them . One final question, if I was to use prepared statements, should I be using bound parameter prepared statements, bound result prepared statements or both. I would think just bound parameter prepared statements however since I'm new to all this, I'm not sure if using both would confer better protection. Thank you both for your help.
  22. Thanks for the replies, security issues and sql injections have always confused me and I really need to understand them. So, I've still got a few questions. Okay, so you're saying if I have something like <Hello> in my database and I echo this out to my webpage, it wouldn't appear as I wanted it to as the < and > signs will be interpreted as HTML language. However, if I used htmlspecialchars the < and > signs will appear as I intended them to? Okay, I've been doing some reading and what happens if the hacker does something similar to the example posted under the heading "Just Escaping Strings Does Not Prevent SQL Injection" on this page (http://www.programmerinterview.com/index.php/database-sql/sql-injection-prevention/). I'm using mysqli (unfortunately, PDO is not supported by my web host). I have looked at both htmlspecialchars and FILTER_SANITIZE_SPECIAL_CHARS and they are both very similar in that they convert symbols such as < and > to html entities so they are displayed correctly and not mistaken for HTML, or am I mistaken? Also, why won't a combination of htmlspecialchars and FILTER_SANITIZE_SPECIAL_CHARS work to protect against SQL injection. It would convert quotation marks that a hacker might use into a string of characters and prevent the hacker's code from functioning as intended.
  23. I have a form where external input by users will be fed into a MySQL database and I obviously need to sanitize this input. I don't quite understand the differences between the htmlspecialchars and FILTER_SANITIZE_SPECIAL_CHARS fuctions. Which is better to use in this scenario. For FILTER_SANITIZE_SPECIAL_CHARS, I have also used FILTER_FLAG_STRIP_HIGH. Thanks.
  24. bump.. anyone have any ideas? - i have been trying for days and it still doesnt work.
  25. I didn't know <!doctype> constituted as HTML. anyway, i put the session_start() above doctype so its the first line in both files however it still doesnt work. i did print_r($_SESSION) and got Array ( )
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.