Jump to content


  • Posts

  • Joined

  • Last visited


Posts posted by kmaid

  1. Still stuck on this one ://. Should I be doing this as two separate queries? I really don't want to use multiple queries unless I absolutely need to. Goes against the grain to have to manipulate data like this after using a query.

  2. Most backups are simply SQL dumps to recreate all the tables. Decompress it if required using 7zip if your archiver doesn't support the format. Once you have a .sql files or whatever open it up the file in your favorite text editor and cut out the insert portions. If you just run the queries in order it won't put the duplicate fields in twice so use the latest one first. Hope that helps


    Edited for *better* clarity

  3. Hi all I could use some help with this query i am working on. I have a transaction table with the following structure.


    TransactionID - int(11), Primary

    Date - datetime

    ClientID - int(11)

    PaymentType - varchar(50)

    Reference - varchar(200)

    AmountUSD - decimal(8,2)

    AmountGBP - decimal(8,2)

    Amount - decimal(10,2)

    Currency - varchar(4)


    I am trying to get a monthly total of all transactions not marked as an expense or target and then attach that month's target to the result which is marked with 'Target' in the PaymentType. aka Month, Sum(`GBPAmount`), `Target`


    Here is my query so far. I think i am nearly there but its doing my head in.

    SELECT date( T1.Date ) AS Date,
    sum( T1.AmountGBP ) AS Sales
    FROM transactions AS T1
    INNER JOIN transactions AS T2 
    ON month( T1.Date ) = month( T2.Date )
    WHERE T1.PaymentType NOT IN ('Target', 'Expense')
    AND T2.PaymentType = 'Target'
    GROUP BY month( T1.Date )


    its valid but doesnt return any results. If i remove the "AND T2.PaymentType = 'Target'" part i get a huge sum from joining every record to each other. I think i may need a subquery rather than a join but it seeemed overkill initially. Any help even if its just a pointer would be most appreciated :)


    Edit: MySQL client version: 5.1.41

  4. Hi


    I am making a validation function which will strip any dangerus code from an array or string. The problem is when i create a 2D array it screws up



        function cleanInput($Data) 
    	$Data = mysql_real_escape_string(stripslashes($Data));
    	$search = array(
    		'@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    		'@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    		'@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    		'@<![\s\S]*?--[ \t\n\r]*>@');         // Strip multi-line comments
    	return preg_replace($search, '', $Data);
    function libStripInputSlashes($Data)
        if (is_array($Data)) 
            foreach($Data as $var=>$val) 
                $output[$var] = cleanInput($val);
           return cleanInput($Data);
        return $output;
    $Data = libStripInputSlashes(array(array('<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT','<HTML> \' REALINPUT'),array('<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT', '<HTML> \' REALINPUT','<HTML> \' REALINPUT')));
    Echo $Data; 



    Any ideas how I could fix this?




  5. I find the best way to learn is to read code from open source applications and understand how it works not that i know if rapidleach is open source!


    I am sorry i have not done something like this before however it has interested me so take what i say with a pinch of salt :D! If you need to simulate logging in by a user try using CURL. That will allow you to post username and password and then can print the response while it receives it. When i first used the Curl libary it was a learning process but turns out it is quite easy to use! I would take a look at rapidleach anyway to see how they do it. Even if you don't understand everything it should at least point you in the right direction.


    Good luck!

  6. Hi all,


    My current PHP project requires me to cache data for 5 minuets after which IF the data is requested again the data needs to be requested from another server.


    I store the DateTime when the data was last requested and what I would like to do is make an SQL query which returns true/false depending on if 5 minuets have passed since the stored DateTime.


    Is this possible and are there any examples of this or should I just convert the DateTime into a php date time and do it in PHP?






    My bad didnt read sticky mysql version 5.0.51b-community-nt

  7. Actually i *belive* that MD5 is nolonger secure as the previosly mentioned website solved an MD5 hash of two MD5ed strings.


    I take it back must have been lucky.



    You are missing the point of storing your password in MD5. The reason is that should someone know the hash they dont know the phrase to make the hash. Either store the password in plaintext in your database or save the password in their session when they login and use that.



  8. I haven't used Cpanel but i suggest you use Curl. With this you should be able to authenticate yourself and then parse the XML. Personally i wouldn't bother updating all of the records rather when a user logs update your table and a timestamp and only get new data after 5mins or something.

  9. I read that having magic quotes on could actually be the issue. How is this normally worked around?


    Its really lame but i may have found another solution though. In the comments of the PHP manual i found a function that will only add the backslashes once. Does mysql_real_escape_string do anything other than add back slashes to 's?


    Here is the code anyways


    function addslashes_once($input)
            //These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
            $pattern = array("\\'", "\\\"", "\\\\", "\\0");
            $replace = array("", "", "", "");
            if(preg_match("/[\\\\'\"\\0]/", str_replace($pattern, $replace, $input)))
                return addslashes($input);
            else return $input;

  10. The data is validated in a save function so each time the data is saved it updates the table with the additional slashes. This means if one of my user's added a ' into their first name every time they saved changes to their profile with ' or \ it would add more slashes as it would need to be re-validated.


    I guess i could remove the slashes before i display the data but for that i would still need stripslashes  ::)

  11. Hi,


    I am trying to sanatize single variables or arrays of variables from SQL injection and CSS. I have been working on this for a while and seem unable to get the StripSlashes function to work. Here is my code


    function cleanInput($input) 
    	$search = array(
    		'@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    		'@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    		'@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    		'@<![\s\S]*?--[ \t\n\r]*>@');         // Strip multi-line comments
    	return preg_replace($search, '', $input);
    function libStripInputSlashes($Data)
        if (is_array($Data)) 
            foreach($Data as $var=>$val) 
                $output[$var] = libStripInputSlashes($val);
            $Data = stripslashes($Data);
            $Data  = cleanInput($Data);
            $output = mysql_real_escape_string($Data);
        return $output;


    The problem is if i put "Test's" into the script the first time it runs the output is correct with "Test\'s" but each additional run on "Test\'s" adds more unrequired slashes. I have tried using pregreplace but it doesnt seem to like backslahses either. Any suggestions?

  12. Have you seen rapidleach?


    If you are looking to achive the same thing i suggest you alter the header and then print out the contents of the file which will "stream" the file through your server. This could use allot of bandwidth and may be restricted on shared hosts.




    If memory serves me correctly you should just be able to fopen the file using the full address *shrugs*

  13. I have just about completed a substantial project which will be for profit and I am looking to get my code checked for security issues or obvious bugs. I have heard from a friend that there are freelancers which will look over your code as well as check for security issues and I was wondering where you would find one of those or what members of this forum have done in similar situations for their own projects.





  14. That is most of the function however i cut off the top :x


        function libStripInputSlashes($Data)
            $input_arr = array();
            foreach ($Data as $key => $input_arr)
    		$Data[$key] = stripslashes($Data[$key]);
    		$Data[$key] = htmlentities($Data[$key]);
    		$Data[$key] = mysql_real_escape_string($Data[$key]); 
    	return $Data; 


    I am afraid i dont remember why i put that in i wrote this code a while ago only to deal with $_POST and $_GET but have since needed more from it. I worked from http://uk3.php.net/foreach and have been playing with it for a bit my original idea was to temporarily store the variables in $input_arr and then save them back into the original array. However I have been staring at this code for a bit and it seems to make less and less sense

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.