Jump to content

hitman6003

Members
  • Content count

    1,807
  • Joined

  • Last visited

Community Reputation

2 Neutral

About hitman6003

  • Rank
    Prolific Member

Profile Information

  • Gender
    Not Telling
  1. hitman6003

    Changing text colour of an error

    What other text? The variable assignments aren't printed to the screen...the contents of the variable may/may not be echo'd or printed to the screen. I'm surprised that your sessions and redirect headers are working since there is data being sent to the browser before those are called.
  2. It's always easier to store who has seen something like a thread than who hasn't. I've never looked at phpBB's code, but I would imagine they associate the user to the thread when it's been read. So, when I click on it, a row in a table is inserted that says "hitman6003 has read thread xyz at 0230GMT".
  3. hitman6003

    Changing text colour of an error

    Why wouldn't you change the text color using CSS? <style> body { color: #FFFFFF; }
  4. meh... Are you hurting for space, than an extra MB or two (cause a row of 2 int columns doesn't take much room) is really gonna make a difference? Use an index and don't worry about it. Doing it the second way, if you wanted to query "Who's friends list is user 123 on?", you would have to query an expand everyone's list to get that information.
  5. hitman6003

    Fixing SQLi Vulnerability Help

    StackOverflow's top voted php post is about SQL injection: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
  6. hitman6003

    Fixing SQLi Vulnerability Help

    Just sanitize your input. Check to make sure the user(s) provide input that is correct/valid and use the "real_escape_string" functions before doing inserts. http://php.net/mysql_real_escape_string http://php.net/mysqli.real_escape_string
  7. hitman6003

    how to display date in dd-mm-yyyy

    use the DateTime object. $date = new DateTime($row['etd']); print $date->format('d-m-Y'); http://php.net/datetime.format Edited to change format from "Y-m-d" to "d-m-Y".
  8. hitman6003

    statement not working (again)

    http://bit.ly/1buzMMy
  9. hitman6003

    POST with image not working

    well...after further investigation, I appear to be wrong about that. I think the problem is that you are checking for "$_POST['submit']" to exist, but the image input type doesn't pass a value.
  10. hitman6003

    POST with image not working

    The HTML input tag does not have an image type that is also a submit button. http://www.w3schools.com/tags/tag_input.asp You could change the look of the button using CSS, or use javascript to submit the form when the image is clicked.
  11. hitman6003

    List upload and echo

    If they are on separate lines, use the explode function on the input... $songs = explode("\n", $_POST['songs']);Just make sure you sanitize the input before doing anything with it.
  12. hitman6003

    Real Escape String - can't get it to work

    Provide the connection variable with mysqli_real_escape_string.. mysqli_real_escape_string($con, $_POST['ecuid'])
  13. if you start with the object style mysqli, you have to use it...can't switch between them...so your use of mysql_i_connect_error() won't ever return anything. Aside from that, add in some debug to check for expected results: <?php function login($username, $password) { $con = new mysqli("db_server.com", 'User', 'plain text password', 'whateverdb'); if ($con->connect_errno) { die($con->connect_error); } $pass = md5($password); $query = "SELECT * FROM user WHERE username = '$username' AND password = '$pass'"; if ($result = $mysqli->query($query)) { if ($result->num_rows > 0) { print "<pre>got the following results:\n\n"; while ($row = $result->fetch_assoc()) { print_r($row); } } else { print "no rows were returned!"; } } else { die($con->error); } }
  14. You're still not using the mysqli object correctly...it has four options: hostname, username, password, database. http://php.net/mysqli.__construct mysql_error will not work when using mysqli...use mysqli->connect_error or mysqli_connect_error(). http://php.net/mysqli.connect_error You're using "mysql_query" instead of the mysqli object's "query" method. http://php.net/mysqli.query
  15. If you are going to use it like that, you'll need to adopt the object oriented style... $con = new mysqli($host, $user, $pass, $database); $result = $con->query("SELECT something FROM somewhere"); if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo $row['something'] . "\n"; } }
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.