.josh

Yes it's possible. It can possibly be as simple as using file_get_contents but may be difficult and require some advanced cURL trickery. The important thing though is making sure you do not violate their ToS.

This is true, but to be fair, this is the Clientside > Javascript forum..

Basically whenever I see a "Can javascript do this.." or "I'm trying to do this, and my syntax seems right, but it's not working.." questions, it almost always has to do with violation of some security/privacy policy. So that is the overall theme you're basically going to see here. This is mostly a top-level "What you can and can't do with javascript" list. While I have provided some details for answering "why", or for pointing you in the right direction for a next-step on "how", this list isn't meant to be a comprehensive tutorial to fully explain the why's and hows of limitations and how to get around them, etc.. It's simply an entry point for figuring out a next step. Here is a list of common questions about javascript that I've seen come up a lot over the years Q: Can I execute php (or other server-side) code with javascript? A: No. Not directly. But you can setup a server-side "controller" script to accept requests with info and do things based on that info. Read up on AJAX Q: Can I use javascript to interact with my database? A: No. Not directly. See above. Q: I'm trying to use AJAX to request a script and it won't work A: 9/10 times this is because you are attempting to request something on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). It is possible for a server to be setup to allow for it, but by default servers are not setup for this and 99.99% of servers do NOT allow this. And even then, the browser my still reject it, depending on the security/privacy settings set in the browser. One trick to get around this is to output a regular javascript tag (you can even make one with js and append it to the DOM). There are limitations to this, but it may be enough, depending on what you are actually trying to accomplish. If it is on the same domain and it's not working, then post your issue. Q: I'm trying to get or change the contents of an iframe and it's not working A: 9/10 times this is because you are attempting to access iframe contents hosted on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Also the same restrictions apply for javascript running on an iframed page whose parent is not of the same domain. Q: I'm trying to use javascript to read/write a cookie and it's not working A: 9/10 times this is because you are attempting to access a cookie for a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Cookies set on the same root domain, but with different subdomains also fall under this restriction. For example, if you set a cookie on "foo.yoursite.com" and then try to read it on "bar.yoursite.com" you will get an error. However, you CAN set your cookie to just be the root ".yoursite.com" domain and then both subdomains can access the cookie. Q: Is javascript a form of java? A: No. They happen to share the same name because someone thought it would be cute to confuse everybody. Q: Can I use javascript to execute programs or read/write to files on someone's computer? A: The shorter and technically accurate answer is yes - if you count cookies and local storage. Cookies and local storage are files on the user's computer, but they are heavily isolated. The longer answer to the question you're really asking is, no, not directly. Javascript can invoke certain other things such as an ActiveX or Java applet, and those scripts can do this sort of thing. However, default browser settings are set to either prompt the user to allow them to be run (along with a very strongly worded warning), or outright prevent it. So even if you get the user to run the ActiveX or Java applet, those are the things that can access it, not javascript itself. Q: Can I use javascript to disable or change certain browser features like print, email, rightclicking, browser history, etc.? A: Short answer is no. Javascript has very limited (and usually no) access to "browser level" stuff. Basically, if you are asking this question then you are almost certainly trying to do something you can't do. Common examples: - Printing/Emailing: You can invoke the browser's print function, which will in turn invoke whatever the user has setup to happen when they would normally print, but you cannot see or control what actually happens, what program is invoked, etc. same thing with emailing, etc.. - Browser History: You can use javascript to for example simulate a forward or backward click on the browser history but you can't actually read the urls in the history or alter them. - Disabling Rightclick: Javascript does have limited ability to disable rightclicking, but it's not reliable across browsers, and if nothing else, the user can just disable javascript. - Exiting the site: Javascript does have limited ability to prevent a user from navigating away from the page. For example, you can write javascript to stop links from working as intended, or you can write code to initiate a popup (the infamous "are you sure you want to leave?" popup), etc. but this doesn't work across all browsers, and newer browser versions will even ask the user if they want to prevent the javascript from doing it. And there is nothing you can do to prevent a user from simply closing their browser. Also, it's incredibly rude to try and trap a user on your site, and is a really good way to ensure they will never return and also tell everybody they know to avoid your site! - Accessing browser bookmarks/favorites: javascript cannot read bookmarks (as in, the user's bookmarks) at all. Some browsers/versions do allow you to invoke the bookmark/favorite dialog (equivalent of ctrl+d shortcut), but this isn't the same as directly adding a bookmark, and some browsers do not even support this much. - Disabling javascript: You cannot force the browser to run javascript. If a user disables it, it is disabled, end of story. Q: Can I use javascript to validate my form values? A: Yes! But do not rely on this! It is perfectly acceptable to do some pre-validation to cut down on wasted requests to your server but you should never rely solely on javascript for form validation. It is ridiculously easy to bypass it. But also, javascript can't directly validate stuff that you would need to lookup in a file or database (e.g. correct username/password). Q: Can I use javascript to control the keyboard, mouse, webcam, etc.? A: No. You can use javascript to detect when (most) keyboard keys or mouse buttons are pressed, or current x,y coords when a mouse is moved, but only when the page the javascript is running on has focus. You cannot simulate an actual key press or button click, though you can do things like auto-pop form fields with values or invoke the click event on a form button or link. IOW you can change the state of something on your page with javascript, but you can't use javascript to act as if a user had actually pressed a button or moved the mouse. For example, you can't make the mouse curser move to another position, or you can't invoke an alt+tab or ctrl+alt+delete sequence. As far as webcams, there is no javascript interface; you can't use javascript to activate a webcam, record, receive data from it, can't even detect if it's there, etc. Q: Can I use javascript to prevent people copying my html/javascript/images? A: No. You can obfuscate your code ("security through obscurity") but this is not the same as preventing theft. Q: Can I use javascript to read request/response http headers? A: No. Many addons (e.g. firebug, httpfox, web developer) can do this because their code is within a higher scope than javascript. An addon is essentially extending the actual browser (which is why they are also known as browser extensions). Q: Can I use javascript to detect what plugins/add-ons/extensions the user's browser has? A: The short answer is no, not reliably. Firstly, take some time to read up on what the difference between a plugin, add-on and extension is. Different browsers use these terms differently. But in general, the short answer is that there is no reliable way to get a list from any browser for any of those, though it's more or less reliable to detect one if you specifically look for it, in pretty much any browser except Internet Explorer.

you are trying to mix php and javascript in a way that can't be done. php is server-side and is evaluated on the server. Once the script is executed, php then passes the output to the client (your browser). javascript functions and code is just plain text as far as the server and php is concerned. Then in your browser, as far as javascript is concerned, php and your server no longer exist. So you can't call a php function from javascript because it doesn't exist to javascript. If you want to bridge the gap, then you need to look into using AJAX. Basically the idea is to use javascript to make a request to the server, passing a value (e.g. the function name) and then have your php script execute the specified function based on the value passed. php runs the function, outputs the results, and those results are returned to javascript and you can do something with them. But it's important to understand that you cannot directly execute php code with javascript or visa versa. You're simply passing text along in the request and receiving text as a response and it's up to the other end to do something with it. Setup a switch or a bunch of if..else, or just output the code and run it through eval() to be executed as code (note: do NOT do this - HUGE security risk). TL;DR: next step: find a basic AJAX tutorial (there are tons).

Okay, well that looks like a serialized multi-dim array. Looks like you should be able to do something like this: <?php $data = file_get_contents('test.txt'); $data = unserialize($data); $found = false; foreach ($data as $row) { if ( ($row['ID']==$_POST['username']) && ($row['password']==$_POST['password']) ) { $found = true; break; } } if ($found) { header('Location: invoice.php'); exit(); } else { header('Location: registration.php'); exit(); } ?> (assumed your form names are 'username' and 'password')

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false) But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this. 3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field. 4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning. 5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

okay well uh, in your code you posted, you have an opening html comment tag <!-- N.L.Browne(print... and no closing comment tag anywhere so it's commenting out everything past that point

@cyberRobot I *assume* (yeah, I know what they say) all that is sorted, since the OP said the problem was getting to only show when it was set. IOW it sounded like the data showed up alright when it was there.. but he didn't want it to output anything if it wasn't.

because you changed the code I posted. Inside the echo you changed it from {$rows['Notes']} to {$rows['$Notes']} which is not the same thing unless $Notes happens to contain the value "Notes".. which I'm guessing it doesn't, seeing as how you said it don't work.

If all you are doing is echoing out an empty string if there aren't notes, then there's no reason to write for that; just echo out the notes if there are notes: if ( isset($rows['Notes'])&&trim($rows['Notes'])!='' ) echo "<td colspan='5'>Notes: {$row['Notes']}</td>"; the first part checks if the 'Notes' array index is set, and the 2nd part checks to make sure it's not just set to an empty string (or just stet to whitespace chars) Also, I don't think your html table is right. Looks like that first tag should be a <tr> not <td>

We're here to help teach you things and help you when you are coding and get stuck. We aren't really here to do the work for you. I suggest you post in the freelance forum or on some freelance site (IOW offer up some money) if you aren't looking to get your hands dirty.

no. Putting $num by itself at the top doesn't define it. What exactly is the echo supposed to output? You declare it but you didn't assign anything to it so not only does $num not have a value, but php doesn't even know what type of variable it's supposed to be. Which isn't the end of the world in this case, since php does loose type casting/comparison. Which is why it's a "notice" and not something more serious like a "fatal" level error. IOW it's akin to the asshole grammar nazi wagging his finger at the improper use of "their vs. they're vs. there" - people usually know wtf you meant, but you're technically wrong and there's always someone with nothin' better to do than point it out. If you want to declare and define it, you need give it a value. Since you're using numbers, you should do $num = 0;

If it were me, I'd look into changing how it's output from wherever it is outputting the original value. But here is an example of how to do it: <span class='rating'>10</span> <span class='rating'>4.5</span> <span class='rating'>2</span> <script type='text/javascript'> $(document).ready(function() { $('.rating').each(function() { var rating = Math.ceil(Number($(this).html()) / 2); $(this).html('<img src="'+rating+'"star.jpg" />'); }); }); </script>

Sweet! I'm here for the.. oh.. wrong topic ... well this is awkward.

Also, this should get your code "working" but there are a lot of improvements that can be made to your script. The very first thing is better form validation. Checking if the form fields are empty is great from a business perspective, but it is nowhere near secure from a coding perspective. As it stands now, your script is vulnerable to sql injection. You should read up on how to properly guard against that.

That error usually means your opening/closing brackets don't match up, as in you have more { than } or visa versa. You have this twice, lines 23/24 and then 28/29 if ($_SERVER["REQUEST_METHOD"] == "POST") { But there's a few other issues here: First, where did your form fields go? I just showed you updated code for what you output in your error spans.. you still need to have your form input fields..otherwise, how is the user supposed to fix their mistake(s)? 2nd, you were supposed to wrap your query stuff around all of your query stuff, not just the query string.. what you did is just going to cause your code to attempt a query with no string whenever a user has any errors! Also as I mentioned before, you should move your database connection stuff inside the condition as well, so your script doesn't waste time and resources connecting to the database unless the form is actually validated (move lines 12-17): <?php if (count($errors)==0) { $con = mysqli_connect("localhost","root","","nib"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con); } // end if $errors == 0 ?>

It would be easier to put your error messages into an array so that you don't have to check for each individual error variable. For example: // init error array $errors = array(); if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["companyname"])) {$errors['companyname'] = "company name is required";} else {$companyname = test_input($_POST["companyname"]);} // do the same thing as above for the rest of your fields } Then in your form, do like this: <td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td> Then wrap your sql query stuff in this: if (count($errors)==0) { // do query stuff } Also, you should move your database connection stuff inside that last condition, just before the query stuff, so that you don't use resources and time connecting to the database unless the form is actually validated.

not to mention the fact that anybody can fake that header easy enough. Like I said:

The short answer is there is no absolute 100% way to prevent it. But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

sounds more like a memory problem, not an ftp program problem. By "map" I assume you mean folder or directory, right? you may need to ftp from command line or write your own script that ftps to it..IOW a method that doesn't involve trying to grab and display a list of the working directory/folder. And then NOT do things like list or display dir content.

Except that lying to get free shit (which is the same as stealing) is wrong. Even moreso since you can afford it.

Hello All, We have a http://forums.phpfreaks.com/topic/273124-readme-everything-youd-want-to-know-about-php-freaks/#entry1405504'>sticky that explains what the badges under members' names are, but a Guru in particular is basically anybody who has demonstrated that they are actively trying to be a part of the phpfreaks community and in general know wtf they are talking about. You don't have to be some super ninja expert at everything, nor do you have to be posting 100 posts a day to achieve this rank. Traditionally the process for "gaining rank" around here involves you joining our community and making an effort to help others out with their questions. And after a while of this, one or more members of the staff (guru, mod or admin) may take notice of your efforts and then nominate you to join the ranks (this happens internally). In addition, we try to look at things like rep and posts marked solved to find you. But maybe you feel like you've been making an effort for naught. Most of us don't regular all the forums; we just hang around the ones we are the strongest at or most interested in. So maybe the one thing you're really good at is the one forum nobody else really hangs out in. Or maybe the stars just don't seem to align right or something. So, in order to ensure that nobody feels like they are going unnoticed, I want to extend the nomination process to the entire community. If you feel like you've been hanging around and helping out for a while and have what it takes to wear a Guru badge, or if you know someone around here who does, please post your nominations here, as a way to ensure yourself or someone else is on our radar. .josh

Are you requesting an OOP Tutorial? We do have a multi-part "OO PHP" Tutorial, as well as a multi-part "Design Patterns" tutorial. If you have read those and still don't understand OOP, perhaps you can be more specific about what you don't understand? Feel free to post asking questions (but not in this forum; go to the Application Design forum)

No, the mbstring regex functions are not deprecated. Was that an oversight, or did they specifically decide to make an exception?

We get posts asking about this error on a fairly regular basis, so here's a sticky detailing the error and what to do to fix it. PHP has a number of POSIX regex functions for performing regex matching/replacing/splitting. All of these functions are deprecated, which means they are currently still available in php, but are going to eventually be removed from a future version of PHP. This is an "annoyance" to you now, because it causes an error, which may or may not show up, depending on what your error reporting settings are. This is bad news for you in the future, because your code will break when you upgrade to a future version of PHP that no longer supports these functions. The solution is to convert the POSIX functions to one of the PCRE regex functions instead. Here is the manual entry summarizing the differences, as well as what the PCRE function replacements are. For most cases, you simply have to pick the PCRE equivalent and wrap a delimiter around your pattern. You may also need to use the i modifier if you are using a case-insensitive POSIX function (eg: eregi vs. ereg). Example: Check if a username is only numbers, letters (case-insensitive) and 6-12 chars long. POSIX regex if ( eregi("[a-z0-9]{6,12}",$username) ) { // good username! } else { // bad username! } PCRE regex if ( preg_match("~[a-z0-9]{6,12}~i",$username) ) { // good username! } else { // bad username! } In the PCRE regex example, I use ~ as the delimiter and added the i modifier to make the regex case-insenstive. If doing this doesn't fix your problem, then more than likely your pattern itself has POSIX-specific stuff in it, and you will need to change that, in which case, feel free to post in this forum asking for help.