Jump to content

secweb

Members
  • Content Count

    29
  • Joined

  • Last visited

Community Reputation

0 Neutral

About secweb

  • Rank
    Member
  1. Its on my list of things to do... But from a quick search and everybody else seems to always pass 7 arguments whereas you have 6, I dunno if that's the issue or not though http://stackoverflow.com/questions/13407085/how-do-you-make-a-table-like-this-with-fpdf-using-php http://www.fpdf.org/en/script/ Then again, in the doc's this line is commented: // Move to 8 cm to the right $pdf->Cell(80); http://www.fpdf.org/en/doc/cell.htm But then again, your header has different widths than the following cells?
  2. No expert on this but looks like you need the COLATE keyword http://dev.mysql.com/doc/refman/5.0/en/case-sensitivity.html http://stackoverflow.com/questions/6448825/sql-unique-varchar-case-sensitivity-question The second link has an example: CREATE TABLE WORDS ( ID BIGINT AUTO_INCREMENT, WORD VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_cs NOT NULL UNIQUE, PRIMARY KEY(ID) );
  3. A 20 minute video about CSP at DefCon:
  4. Just tried to send you a PM but you not accepting... or not allowed. If no-one else has done this for you by tonight, I'll have a crack. I'm at work and this requires me to spend some time and start a project, which I can't at the moment.
  5. You're still using the session stuff, the IPN backend process will have a separate session, so all this will be in error So at the top of your code it looks like this: $account = $_SESSION["acc"]; if ($_SERVER['REQUEST_METHOD'] == "POST") { if ($account == "111111" || $account == "1") { $error='Dla bezpieczeństwa ten numer jest zablokowany!'; } elseif (empty($account)) { $error='Podaj Numer Konta!'; } elseif (!is_numeric($account)) { $error='Numer konta może składać się wyłącznie z cyfr!'; } if (empty($error)) {$query=mysql_query('SELECT * FROM accounts WHERE (id = '.$account.')'); if (mysql_num_rows($query) == 0) {$error= "Numer nie istnieje";} } $query2 = mysql_query("SELECT `bonus` FROM `accounts` WHERE (`id` = '$account') ") or die(mysql_error()); ... On my test server here if I try to access a non existent $_SESSION variable I get an error printed to screen,in your case that'll break the whole process because its sending output back to PayPal that it isn't expecting, so they won't then confirm it. $account = $_SESSION["acc"]; When I did this I made a new database table that I dumped feedback to, or in the PayPal example I believe they log to a file.
  6. For my purposes hidden files are fine and allowed, also dot n double dot are handled elsewhere (and in my file manager are actually used). I like your name list, I will really look into that, but other checks are made as parsing the potential list which filter out empties and such. I'm hearing you on the passwords and will change it. All the tests are in a single function because this is part of a larger chain (form class, custom $_REQUEST wrapper), so in many cases the logic of deciding which test would be replicated elsewhere. I do however have the intent to change the strings to some form of enum, either via a class with constants or using defines (messy). Thankyou
  7. Do you need to know that files are new or could you just rebuild the list each time? In reality, the script would only need to use say scandir(), there's some examples on the manual page: http://php.net/manual/en/function.scandir.php
  8. To me this is saying its finding no results for the query... I'm of the type who doesn't like using PHP objects in strings... so the following looks odd to me: $sql2 = "SELECT O_ID FROM owners WHERE name = '$_POST[name]'"; The string 'name' is a string to me and should be quoted as such... but I will yield to wiser users, but try instead: $sql2 = "SELECT O_ID FROM owners WHERE name = '".$_POST['name']."'"; If still no joy, try echo'ing out $_POST['name'] to check if its what is expected...
  9. test it by having a little look see: print_r($result1);
  10. Try changing it to how you do it above...? $sql2 = "SELECT O_ID FROM owners WHERE name = '$_POST[name]'"; $result1 = mysqli_query($conn , $sql2); if ($result1==false) { die("failsd".$conn->error); } $row = mysqli_fetch_array($result1)) $own = $row['O_ID'];
  11. We were all there once, its a funny old game
  12. The results returned from the following aren't single variables but a mysql result: $sql2 = "SELECT Owner_ID FROM owners WHERE name = $_POST[آName]"; $sql3 = "SELECT Pr_ID FROM property WHERE PR_num = $_POST[PR_num]"; $own = mysqli_query($conn , $sql2); $pro= mysqli_query($conn , $sql3); Here's the manual: http://php.net/manual/en/mysqli.query.php First you need to get the result array: $result = mysqli_query($conn , $sql2); $row = $result->fetch_object() And then you can access the variable(s): $own=$row->Owner_ID; Or something like that lol, so long since I've not used my wrapper class
  13. secweb

    urlencode

    Just put into practice and I got issues, mainly because I don't use a schema on my links (http / https). So after rawurlencode did its thing, it then treat the link as relative rather than absolute. return htmlspecialchars($link."?".http_build_query($args), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.