Jump to content


  • Posts

  • Joined

  • Last visited


Everything posted by rwwd

  1. From my somewhat limited knowledge, the answer to your question lies in what your asking $_POST is a super global, and because of that, so long as it is set/has state, you can access this array from anywhere within the scope of your project. >>private function __construct(){ This has a lot of benefits really, I only like to call things public when I have to, though I do steer clear of protected; be aware though as these instructions are php5> and are NOT compatible with anything less, so make sure you know that you can migrate servers without needing to worry about compatibility issues, I tend to write with php4 in mind, but when expressly asked for php5, I go wild!!! Rw
  2. Well, the first thing that strikes me is that there is no submit button, and you need a submit button to send a form! And on the receiver script there is no error handler for the $_POST array for if it isset() but not having the value you expect, also the ereg function has been officially superseded by preg, I forget which version of PHP, but it's something that is best fixed now. And seriously, the @ prefixing the mail() is a bad Idea, it only returns a boolean so personally I would leave it so that you get AS MUCH information back from the function as possible, the mail() isn't very helpful anyway as it doesn't really give any confirmation on the successful sending of an email until it actually arrives in the inbox (I would check the junk folder too, the get in there sometimes...) Lastly, you need to run the strip_tags() function over the entire $_POST array so that potentially malicious code can be stripped from the user submitted data - NEVER trust a user! Hopefully some of that makes sense. Rw
  3. rwwd


    Nice, nifty bit of code, often i think that most of us forget that you can use a string to be technically an array:- $MyString = "phpFreaks"; echo $MyString[3];//outputs 'F' echo $MyString[5];//outpus 'e' And can be referenced as such. Though I may be tired as I can't see where the execute() comes into it. Either that or my beers stronger than I gave it credit for.. Rw
  4. Is the url set at all, as your assigning the $uname var from the $_GET which is URL, $_POST is from a form, ensure you have it correctly assigned. Rw
  5. I did tell you a couple of posts back, but thorpe has expressed it better... Rw
  6. rwwd


    if(isset($_POST['text']) && ($_POST['text'] == '@ban'.$username)){ Check it's set then check it's value if you know what it should be.. No need for the extra '' at the end of $username, this would create an extra space, therefore, not equal too. As you are concatenating string to var, you don't need to finish of the quote. And realistically you don't need to have the semi-colon in the sql statement, as the php function add's this for you anyway.. At this point of the script I would echo the sql string value to screen to see if you are getting the string populated as you expect, and, I would build the string outside of the function as this makes more sense for when you come to debug later on... Rw
  7. rwwd


    if it's a console app, and your the author (ie nothing dodgy being done) you can use the shell() or exec() functions, and if this is on a live site, I would check with the hosts (read the small print) to see if they allow that type of content... Other than that, not sure, I have only flirted with this sort of stuff, ie used shell to run a program that I wrote to write a time stamp to a text file... Rw
  8. If this is a live site, that will potentially have quite a bit of traffic, I would strongly suggest that you ditch md5() as it has been proven vulnerable, and change to the hash() and use the 'SHA512' algorithm, but firstly check what algorithms you have available by using hash_algos this works in the same way as phpinfo() - ie no paramters needed, it just gives an array of algorithms available.. Hope that makes sense to you anyway.. Rw
  9. function(Array $PassedArray){ //your processes } This means that the data being passed into the function HAS to be an array, OR the parser will alert you by throwing an error saying "Invalid data, expected Array, string/boolen given", or something to the effect of anyway. But if memory serves, separating the types by comma divides them into parameters, though that is basic php; and I'm way late for bed! Though I must admit, I have not had to use 'stdClass' in a function yet, though when you think about it, it's plausible, though there may be another way to declare it... Rw
  10. public static function getEmail(stdClass $result, Array $YourArray) Having it like that should generate an error now if you pass anything OTHER that an array because using Array will invoke the error if a string is passed by mistake. Have fun. Rw
  11. T'is a reserved word I believe... Rw
  12. Your calling that using the scope resolution operator ( I am just wondering what level of error_reporting you have on? Having the public static declaration is correct, so is there anything being passed into the _object($query); there, ie what is in the var your passing? This doesn't sound right to me... It shouldn't give an error I don't think.. Rw
  13. The usual way to use the exit function is just after a header call, or in if else chains when you don't want to display the caught exception and the html together, but in your case, I would just try it with & then without to see if there is any discernible difference, which I suspect as there wouldn't be. Exits and die are pretty much the same in operation, they kill the script. Rw
  14. The former rather than the latter. Well that's the way I would try it! The latter version isn't a multidimensional array anyway, that's just dynamically altering the key name of the array: ergo: 1 dimensional. Rw
  15. Just treat the $_SESSION array as you would a normal array, just remember to use session_start() at the beginning of each page using the values, as long as they are set, you can use them where you want as they are globals. Rw
  16. <?php define('DB_HOST', 'localhost'); define('DB_USER', 'myusername'); define('DB_PASSWORD', 'mypassword'); define('DB_DATABASE', 'mydatabase'); session_start(); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Failed to connect to server: ' . mysql_error()); mysql_select_db(DB_DATABASE, $link) or die("Unable to select database"); Try that, the rest of the connections to the DB will inherit the connection reference from the mysql_select_db function. function clean($str){ $str = trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } $str = strip_tags($str); return mysql_real_escape_string($str); } Just one word of advice, $_POST and $_GET are super global's, so realistically you can access them anywhere in the scope of your script, providing they are set. So you DON'T need to pass them into a function. So you could do this instead (only a suggestive piece of code though):- function clean(){ $_GET = array_map('mysql_real_escape_string', $_GET); $_GET = array_map('strip_tags', $_GET); return $_GET; } And when using mysql_real_escape_string, ensure that there is a valid connection handle going, or else the script will throw an error.. Rw
  17. Usually the order of doing this is:- SELECT FROM table1<--On success of this instruction Proceed to the next INSERT INTO table2<-- On success of this instruction, optionally do the next, but it is good house keeping... DELETE FROM table1<--On completion of the above, you can display a nice little message to screen This is kinda a pseudo way of doing a MOVE as there isn't a specific 'MOVE' command that I have found. Hope that makes sense. Rw
  18. Why do people do this:@$_GET['src'] I never quite understand why people do this, why suppress errors? Surely you want to know EVERYTHING that could be erroneous with your code... The only exception I know to this 'rule' is some of the XML functions, that even php.net documentation state, that in order to get it to functional you will need to use the @ symbol to get the desired functionality. Secondly: Word of advice (though using older versions should be ok) If you put error_reporting(E_ALL|E_DEPRECATED); on in the file you are working on, you should get a notice to say that ereg_ functions are now deprecated, this means that, should you come to migrate servers in the future, some of the functionality of you code won't or wouldn't perform as desired. [EDIT] Then I re read the first post and wish I had pressed preview instead of post! Read some preg stuff from the manual Rw
  19. rwwd

    silly question

    Hello all. Silly question i know, but i want to move data from one table field to another, is this possible and if so what is the syntax?? I imagine it would be along the lines of - MOVE values one FROM colum_1 to colum_2 LIMIT 1, so in theory i have moved one from colum_1 one to colum_2. I hope that im in the right ballpark!! Cheers for the continued help. Rwwd
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.