anderson_catchme

I can't use PDO here guys, because of limitation of MYSQL. Not every query supports PDO: Info here: http://stackoverflow.com/questions/13682355/pdo-and-mysql-fulltext-searches

It's a dynamic query for one, so id need to dynamically generate the question marks somehow. I just prefer strongly to filter this one, honestly. I also find PDO harder to debug.

I have a SQL statement which is difficult to use PDO on, it might not even be possible to do. So I'm filtering it like this: $search = $_GET['search']; $search = preg_replace("/[^A-Za-z0-9]/", " ", $search); $search = $mysqli->real_escape_string($search); Will this result in an acceptable level of security?

I'm sure Jacques1 is correct, but arguing on the internet is stupid and this should be closed.

Turns out user-frosting is extremely slow, at least on my end. Can anybody recommend a secure user-management script? I don't care if it isn't free.

Well what do you know, it's not just noobs, turns out my usermanagement script is vulnearble to this attack. However, this one isn't, supposedly: http://www.userfrosting.com/

Hi, So I have a private page where I have a delete button. The delete button just links to a page something like this: mysite.com/?postid=123&confirm=1 When confirm is set, the page is deleted. The problem is, a malicious person could reverse engineer the URL and trick (logged in) users of the site into clicking the link. How can I verify that the last page visited was from my site, in the private section? Possible solutions: I was thinking HTTP_REFERER (mispelled due to html standard stupidity), but heard it's not robust. Right now I'm just setting a cookie for 1 minute, to limit the likelihood of hacking, but wonder if there is a better way.

$query = "SELECT * FROM posts WHERE `posts`.`Category` IN ('1','2','3','4','5','6') ORDER BY `posts`.`image_or_not` IN (1) DESC, `posts`.`datetime` DESC "; Above is my working solution, without any JOINS. Works with no duplicates. I wanted to get this done 100% in mysql without having to rewrite my php.

$query = "SELECT * FROM posts LEFT JOIN `images` ON `images`.`post_association`=`posts`.`id` WHERE `posts`.`category` IN ('1','2','3','4','5','6') GROUP BY `posts`.`id` ORDER BY `images`.`post_association` IS NOT NULL DESC, `posts`.`datetime` DESC "; Sort of solved the duplicate rows issue w GROUP BY clause, but now getting random bad results. Possibly related to having duplicate 'id' column names. 3 am though might sleep

One issue, I am getting some extra results. My 'images' table contains multiple images per post. (one to many relationship?) These are getting filtered back to my main table, returning extra rows. Working on the issue now, but if anybody has any ideas let me know.

Not sure why left, and not right, but no matter. Works great. Thanks.

I have a table which contains a TINY INT column. If there are images associated with the post, the TINY is 1. If not, 0. I want to order results by images first, and earliest DATETIME first. Basically, like using a boolean but not. Simply ordering by the TINY INT column ASC or DESC isn't working. Not sure how to solve this. Help appreciated. Thanks!

I have a boostrap conflict regarding box sizing. I solved it with a simple CSS rule: * { box-sizing: content-box; } Now the problem is my bootstrap form isn't working. I need to make the box sizing apply to everything except the bootstrap form: <form id="contactForm" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>" method='post'> <!-- HTML HERE --> </form> Any ideas? Thanks.

Ok so I've narrowed the problem: <script type="text/javascript"> function submitform() { document.myform.submit(); } </script> <script> $(document).ready(function() { uploadObj = $("#fileuploader").uploadFile({ url:"/jquery-upload-file-master/php/upload.php", fileName:"myfile", onSuccess:function(files,data,xhr) { $('.ajax-file-upload-statusbar').delay(2000).slideUp('slow'); //Problem lies here with submitform() submitform(); }, onError: function(files,status,errMsg) { $("#status").html("<font color='red'>Upload is Failed</font>"); } }); }); </script> <br/> <form name='myform' action="createnewpost.php?4" method="POST"> <button id='my_button' name='submit' value='submit' class='btn btn-primary' onclick="event.preventDefault(); uploadObj.startUpload();"> Create Post</button> </form> </body> </html> Narrowed the problem: The form submission was interfering with fileupload. Now I just need submit get the form with submitform();

Variables are assigned from right to left in php. So you shouldn't be putting $_POST['user_id'] in your sql but $user_id. Use paramaterized queries ideally, although they are a bit harder to debug. For debugging, try: $query = "SELECT * FROM table"; // Run query if(!$query){ echo mysqli_error($mysqli); }