aftab_jii
Members-
Posts
30 -
Joined
-
Last visited
Never
Everything posted by aftab_jii
-
yes...escape_data is defined.. but i have another problem..look at the screen shoot.. [img]http://aftab.watapage.com/1.JPG[/img] and in addtion i am getting an error thats says: [quote]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('Array'), 'sadsdsadsa')' at line 1[/quote] i am wondering..if this is the correct way to check for the $problen variable: [quote]if (eregi ("^[[:alpha:].' -]{2,100}$", stripslashes(trim($_POST['problem'])))) { $problem = escape_data($_POST['problem']); } else { $problem = FALSE; echo '<p><font color="red" size="+1">Please select the problem area!</font></p>'; } [/quote]
-
okey... that problem is fixed.. now i have another problem..i am getting an undefined variable error on the following line: [quote]if ($first_name && $last_name && $email && $city && $overige_informasjon) { // If everything's OK. [/quote] here is the whole code: [quote]<?php # Script 12.6 - register.php // This is the registration page for the site. // Include the configuration file for error management and such. require_once ('config.php'); // Set the page title and include the HTML header. //$page_title = 'Register'; //include ('includes/header.html'); if (isset($_POST['submit'])) { // Handle the form. //require_once ('../mysql_connect.php'); // Connect to the database. // Check for a first name. if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) { $first_name = escape_data($_POST['first_name']); } else { $first_name = FALSE; echo '<p><font color="red" size="+1">Please enter your first name!</font></p>'; } // Check for a last name. if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) { $last_name = escape_data($_POST['last_name']); } else { $last_name = FALSE; echo '<p><font color="red" size="+1">Please enter your last name!</font></p>'; } // Check for an email address. if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) { $email = escape_data($_POST['email']); } else { $email = FALSE; echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>'; } if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['city'])))) { $city = escape_data($_POST['city']); } else { $city = FALSE; echo '<p><font color="red" size="+1">Please enter your city!</font></p>'; } if (eregi ("^[[:alpha:].' -]{2,100}$", stripslashes(trim($_POST['problem'])))) { $problem = escape_data($_POST['problem']); } else { $problem = FALSE; echo '<p><font color="red" size="+1">Please select the problem area!</font></p>'; } if (eregi ("^[[:alpha:].' -]{2,250}$", stripslashes(trim($_POST['overige_informasjon'])))) { $overige_informajon = escape_data($_POST['first_name']); } else { $overige_informasjon = FALSE; echo '<p><font color="red" size="+1">Please enter the extra information!</font></p>'; } if ($first_name && $last_name && $email && $city && $problem && $overige_informasjon) { // If everything's OK. // Make sure the username is available. //$query = "SELECT user_id FROM users WHERE username='$u'"; //$result = @mysql_query ($query); //if (mysql_num_rows($result) == 0) { // Available. // Add the user. //$query = "INSERT INTO users (username, first_name, last_name, email, password, registration_date) VALUES ('$u', '$fn', '$ln', '$e', PASSWORD('$p'), NOW() )"; //$result = @mysql_query ($query); // Run the query. $query = "INSERT INTO info_fra_bruker (first_name, last_name, city, email, problem, overige_informasjon) VALUES ('". $_REQUEST['first_name']."', '".$_REQUEST['last_name']."', '".$_REQUEST['email']."', '".$_REQUEST['city']."', implode('".$_REQUEST['problem']."'), '".$_REQUEST['overige_informasjon']."')"; $result = mysql_query($query) or die(mysql_error()); if ($result) { // If it ran OK. // Send an email, if desired. echo '<h3>Thank you for registering!</h3>'; exit(); } else { // If it did not run OK. // Send a message to the error log, if desired. echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; } //} else { // The username is not available. // echo '<p><font color="red" size="+1">That username is already taken.</font></p>'; //} mysql_close(); // Close the database connection. } else { // If one of the data tests failed. echo '<p><font color="red" size="+1">Please try again.</font></p>'; } } // End of the main Submit conditional. ?> <h1>Register</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <p><b>First Name:</b> <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p> <p><b>Last Name:</b> <input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p> <p><b>Email Address:</b> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p> <p><b>City:</b> <input type="text" name="city" size="30" maxlength="30" value="<?php if (isset($_POST['city'])) echo $_POST['city']; ?>" /></p> <p><b>Problemområdet: (velg minst en)</b><br> <select name="problem[]" size="10" multiple> <option value="Hardware"<?php if (in_array("Hardware", $_REQUEST['problem'])) { echo " selected"; } ?>>Hardware</option> <option value="Sofware"<?php if (in_array("Software", $_REQUEST['problem'])) { echo " selected"; } ?>>Software</option> <option value="Internett"<?php if (in_array("Internett", $_REQUEST['problem'])) { echo " selected"; } ?>>Internett</option> <option value="Web_browser"<?php if (in_array("Web_browser", $_REQUEST['problem'])) { echo " selected"; } ?>>Web-browser</option> <option value="Internett"<?php if (in_array("Internett", $_REQUEST['problem'])) { echo " selected"; } ?>>Internett</option> <option value="Operativsystem"<?php if (in_array("Operativsystem", $_REQUEST['problem'])) { echo " selected"; } ?>>Operativsystem</option> <option value="Instantmessenger"<?php if (in_array("Intantmessenger", $_REQUEST['problem'])) { echo " selected"; } ?>>Instant Mesenger</option> <option value="Andre"<?php if (in_array("Andre", $_REQUEST['problem'])) { echo " selected"; } ?>>Andre</option> </select> <p><b>Øvrige informasjon om problemet</b> <textarea type="text" name="overige_informasjon" value="<?php echo $_REQUEST['overige_informasjon']; ?>"></textarea><br> </fieldset> <div align="center"><input type="submit" name="submit" value="Register" /></div> </form><!-- End of Form --> <?php // Include the HTML footer. //include ('includes/footer.html'); ?>[/quote] here is the mySQL table [quote]CREATE TABLE `info_fra_bruker` ( `first_name` varchar(50) NOT NULL default '', `last_name` varchar(50) NOT NULL default '', `email` varchar(100) NOT NULL default '', `city` varchar(50) NOT NULL default '', `problem` varchar(255) NOT NULL default '', `overige_informasjon` text NOT NULL, `id` int(10) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- [/quote]
-
i need help with the santax of the following $query: [quote]$query = "INSERT INTO info_fra_bruker (first_name, last_name, city, email, hobbies, overige_informasjon) VALUES ('". $_REQUEST['first_name']"', '"$_REQUEST['last_name']"', '"$_REQUEST['city']"', '"$_REQUEST['email']"', implode('"$_REQUEST['problem']"'), '"$_REQUEST['overige_informasjon']"')"; $result = mysql_query($query) or die(mysql_error()); [/quote]
-
help making the santax of strip_tags corect...
aftab_jii replied to aftab_jii's topic in PHP Coding Help
come on... isnt there anyone who can help me with the problem!!!! anyone at all!!!! -
hi... i need some serious help with strip_tags.. i have copied follwing code from php.net [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--] <?php //tags.php //Allow these tags $allowedTags = '<u><i><b><a><img><br><p><table><tr><td><ul><li><pre><hr><blockquote>'; //Disallow these attributes/prefix within a tag $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'. 'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup'; //remove evel tags function removeEvilTags($source) { global $allowedTags; $source = strip_tags($source, $allowedTags); return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); } //remove evil arrtibutes function removeEvilAttributes($tagSource) { global $stripAttrib; return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource)); } ?> [/quote] and now i want to apply the defined functions to the following echos: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<input id="searchkeywords" type="text" name="keywords" <?php if (isset($_GET['keywords'])) { echo ' value="' . htmlspecialchars($_GET['keywords']) . '" '; } ?>[/quote] and [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<p> Body:<br> <textarea class="body" name="body" rows="10" cols="60"><?php echo htmlspecialchars($body); ?></textarea> </p>[/quote] I have tried doing it the following way: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--] require_once('tags.php'); . . . <input id="searchkeywords" type="text" name="keywords" <?php if (isset($_GET['keywords'])) { echo ' value="' . removeEvilTags(htmlspecialchars($_GET['keywords']),TRUE) . '" '; } ?>[/quote] and [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--] require_once('tags.php'); . . . <p> Body:<br> <textarea class="body" name="body" rows="10" cols="60"><?php echo removeEvilTags($body, TRUE); ?></textarea> </p>[/quote] but its not correct since the search felt and the textarea still accepts the evilTags... need help tp solve the problem... i hope i get some quick answers soon...