wildteen88
Staff Alumni-
Posts
10,480 -
Joined
-
Last visited
Never
Everything posted by wildteen88
-
Just start your links with a / <a href="/tr/categorias/listar_Ordenador.php">Blah</a>
-
Yes, you need to dynamically generate your query, eg. $domains_list = implode("','", array_map('trim', $lines)); $query = "SELECT domain FROM domains WHERE domain IN('$domains_list')"; $result = mysql_query($query); That will query the database for all entered domains. You should validate the domains the user has entered. Drop any invalid domains before querying the database.
-
code will not SUM negative number in mysql field? :( pls help!)
wildteen88 replied to tobitimac's topic in PHP Coding Help
VARCHAR is for storing string data not numbers! MySQL has special data types for numbers. Either set the data type to FLOAT or INT. -
They must of either configured php to not display errors or set error_reporting so it ignores notices.
-
You have left off the semi-colon at the end of the line.
-
code will not SUM negative number in mysql field? :( pls help!)
wildteen88 replied to tobitimac's topic in PHP Coding Help
What data type have you set the quantityHand field to? It you have set to INT then it'll remove anything after the decimal point. If you are storing numbers such as 12.99 then you need to set the data type to FLOAT instead. Or you can format $row['quantityHand'] as a float, eg echo sprintf('%01.2f', $row['quantityHand']); -
You need to check that the variables $_SERVER['HTTP_CLIENT_IP'] and $_SERVER['HTTP_X_FORWARDED_FOR'] exist before using them.
-
Your quotes are the wrong way round $username = $assoc['username']; Also this line will return an error too because you have left off ")); at the end of it $parseRank = mysql_fetch_assoc(mysql_query("SELECT * FROM ranks WHERE id = '{$ranknum}'
-
I maybe wrong but because your computers are behind a router. You may need to configure your routers firewall so it forwards all port 80 requests to your computers LAN address.
-
If you have named your submit button in your form then check for the $_POST['submit_button_name'] variable in exists in upload.php, eg if(isset($_POST['submit'])) { // add the code for uploading the images here } else { // display error or redirect back to form.php here }
-
You should not be using file system paths for the links in your webpages.
-
You need to reset the internal data pointer. Look into using mysql_data_seek.
-
Only guessing but maybe change $information[] = array($action, $action_details[$k]); to $information[$action][] = $action_details[$k]; If not what is $news['action_id'] and $news['details'] set to?
-
checking for illegal characters in an input
wildteen88 replied to knobby2k's topic in PHP Coding Help
You can use trim which will remove any white space before/after a string. Or iif you don't want any spaces within a username you can use preg_replace $username = 'Bad Username'; echo preg_replace('~\s+~', '', $username); -
The basic code I gave you does what you want, you need to modify it slightly so it works with your existing code. I'm not going to do this for you. If you want someone else to modify your existing code you need to post in freelance board.
-
checking for illegal characters in an input
wildteen88 replied to knobby2k's topic in PHP Coding Help
Yes, passwords stored in your database should be hashed. Therefore when you compare the passwords within your query you need to encrypt it before hand. -
That sounds to me you are creating new MySQL user accounts for each user that registers to your site? You should not be doing this. Your user accounts should be stored within your own database. And code your own system for logging in users.
-
checking for illegal characters in an input
wildteen88 replied to knobby2k's topic in PHP Coding Help
Using mysql_real_escape_string will help to prevent sql injection attacks. Just encrypt the password straight away using md5 or sha1 encryption. These only return hashes that contain letters and numbers regardless of what characters the user has in their passwords. Example echo sha1('mybad"password"'); echo "<br />"; echo md5('mybad"password"') Will return the following hashes 107577e77c5ef454152af92f84ab36f5a9fdae75 <- sha1 hash 0c2f336b9977f0c40f1782e43f57e2e2 <- md5 hash -
Where are you getting this data from? Where are these arrays?
-
This is the basic code you'll need to authenticate a user from a database if(isset($_POST['Submit'])) { $username = mysql_real_escape_string($_POST['access_login']); $password = mysql_real_escape_string($_POST['access_password']); $query = "SELECT user_login_username, user_login_password FROM user WHERE user_login_username = '$username', user_login_password = '$username'"; $result = mysql_query($query); // check that the query executed if($result) { // check that the query returned a result. if(mysql_num_rows($result) == 1) { // user entered correct username/password credentials // consider them logged in $_SESSION['isLoggedIn'] = true; $_SESSION['username'] = $username; } // No results was returned. Display error message else { echo "Sorry the username/password you entered is incorrect"; } } // query failed for some reason, probably due to an error lets see why else { die('MySQL Error: ' . mysql_error() . '<br />Query: ' . $query); } } That code should be enough. However when dealing with passwords you should be storing them in their encrypted form rather than as plain text. The most popular are MD5 or SHA1 hashes. If you decide to store the users passwords in encrypted form you'll need to modify the code so it compares the passwords in their encrypted form rather than plain text. If the passwords are stored in the database as md5 hases then you'll chang the following line $password = mysql_real_escape_string($_POST['access_password']); to $password = md5($_POST['access_password']); Now query will compare the hashes. Now to check if a user is logged in you'd use the following code in any page that requires the user to be logged in. <?php session_start(); if(!isset(_SESSION['isLoggedIn']) || (isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn'] != true)) { header('Location login.php'); } ?>
-
I meant the quotation mark, not the actual code I quoted. Sorry for not being clear. I have edited my post to make it more clear.
-
Remove the highlighted quote. This is ending the link too early and thus the shortname is not shown in the url. Also a neater to way to do $img[rand(0, (count($img)-1))]. would be to use array_rand
-
You can use a ternary operator echo (($submit) ? $name : $row['dnname']);