-
Posts
1,025 -
Joined
-
Last visited
Never
Posts posted by Caesar
-
-
<?php $code = '<h1>hello world</h1>'; echo $code; ?>
-
One way I suppose could be...
<?php $html = "<p>first paragraph</p>\n"; $html .= "<p>second paragraph</p>"; $html_array = explode("\n",$html); $adsens = "<script>.........</script>"; $html_array[1] = str_replace('</p>', '</p>'.$adsens, $html_array[1]); ?>
-
A lot changed...but start with checking basic things like, whether your old script requires register_globals to be enabled.
-
Would make it more enticing to help if you pasted the error that query is yielding for you. Would save a little time.
-
<?php //Reverse the effect htmlsepcialchars() on a string you return from your database ($str) $html = htmlspecialchars_decode($str); ?>
-
If I understood you correctly...maybe something like...
<?php if(isset($_POST['state']) && $_POST['state'] != '') { $query = $DB->query("SELECT `name` FROM `states_cities` WHERE `type`='city' AND `state_abbr`='FLA'"); echo'<select name="cities">'; while($row = $DB->fetch_array($query)) { echo'<option value="'.$row[1].'">'.$row[1].'</option>'; } echo'</select>'; } ?>
states_cities Table....
id | name | type | state_abbr ================================================ 1 Florida state FLA 2 Miami city FLA 3 Orlando city FLA
-
Details, details! :-P Good point though. Was a crude example
-
<?php $ogname = $_FILES['photo1']['name']; $xplode = explode('.',$ogname); $nuname = 'caca'; $nufile = $nuname.$xplode[1]; ?>
-
Windows or Linux? Is PHP running in CGI mode or as an Apache module? Do you have multiple queries being done, and if so are you on a shared hosting account?
-
I can see many problems arising from this. (I work for a company that writes ecommerce software....our software is among the top 5 sold in a certain price range.)
-
You're probably better off using form processing classes or functions, rather than seperate pages.
Example...
<?php class forms { function process($vars) { //Do your thang } } $f = new forms; if(isset($_POST['submit']) && $_POST['submit'] != '') { $f->process($_POST); } ?>
-
Or...on page two, you can redefine the post variable. It will post to page three just fine.
Example:
Page#2..
<?php $_POST['caca'] = $_POST['caca']; ?>
-
If that software came with a config file, you'll want to verify what you put in there. It's currently not able to connect using the information you provided.
-
Grant me shell or FTP access (Temporarily) and I will help you.
-
Haven't looked through your code but try trimming any and all white space on both the username in the db and the username you are submitting/posting. If anything, just to test. You'll want to print out all the vars in question just to make sure they are set. On my way out so can't comb through your code. Hope that helps.
<?php $query = $DB->query("SELECT * FROM `users` WHERE TRIM(`username`)='".trim($username)."' AND `id`='".$id."' "); ?>
-
Hmmm....you mean something like:
<?php if(isset($_POST['submit'])) { process_form('userinfo'); } echo' <form method="post" action="'.$_SERVER['PHP_SELF'].'" /> <table> <tr><td><input type="text" name="name" value="'.$_POST['name'].'" /></td></tr> <tr><td><input type="submit" name="submit" value="Submit" /></td></tr> </table> </form>'; ?>
Where the form submits to the same page and the user's info is still retained in the form?
-
Why do you have PHP tags inside PHP syntax?
if ($action == 'edit'){
echo "<table width='100%' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td>value="<?php echo $tpname?>"</td>
</tr>";
}
Without me really checking your other code...Try....
<?php if ($action == 'edit'){ echo " <table width='100%' align='center' cellpadding='0' cellspacing='0'> <tr><td>value=\"$tpname\"</td></tr>"; } ?>
Also...where's the closing table tag?
-
Oh...you want to put every word into an array?
<?php $str = "This is a sentence that I'm using to test"; preg_match_all('/[aA-zZ\'\.]+/', $str,$words); ?>
Above returns....
Array ( [0] => Array ( [0] => This [1] => is [2] => a [3] => sentence [4] => that [5] => I'm [6] => using [7] => to [8] => test ) )
-
Bad grammer? Or grammar in general?
<?php //Strip out anything that's not a number. $nustr = preg_replace('/[^0-9]/','',$str); ?>
-
<?php echo' <table class="main"> <tr><td>'.$variable.'</td></tr> <tr><td>Something here</td></tr> <tr><td>Something here</td></tr> <tr><td> <table> <tr><td>Something here</td></tr> </table> </td></tr> </table>'; ?>
Added PHP for sanity's sake.
-
If you want to remove the invalid characters, then you would do something like...
<?php function clean_it($input) { return $output = trim(preg_replace('/[^aA-zZ0-9]/','',$input)); } ?>
BUt I guess I'm wondering if you want to strip out certain characters...or just escape the string/input.
-
There are always creative ways around things such as this. I wouldn't assume that anything that is passed via url or user input, is not exploitable. There really is never good enough reason not to take extra steps to ensure exploits aren't possible.
<?php if(isset($_GET)) { foreach($_GET as $get_clean) { $key = key($_GET); $_GET[''.$key.''] = trim(htmlentities(strip_tags($_GET[''.$key.'']))); next($_GET); } } ?>
...or something. You can always do a lot more like look for specific things and disallow them. Like I said....I just can't think of good reasons not to cleanse anything that will be used in a db query.
-
If you're going to perform queries using values from $_GET...then yes. No reason not to. The very least check to make sure nothing invalid is being passed
-
papaface is correct. No need to use one million echos. You can use one echo and come in and out of quotes if you use variables.
<?php echo' <div id="test"> <span>Hello world. My name is '.$name.'</span> </div>'; ?>
[SOLVED] curl results
in PHP Coding Help
Posted
If you want to store php code in a variable or database, look into using eval().