.josh

Post your updated code

In addition, there are a number of other things off with your code. 1) You have database connection code in both your scripts. In at least the first one, you aren't using it at all, based on the fact that you do a header redirect. You probably aren't even using it in the 2nd file either, but not enough context to know. So.. why do you have that in there? You shouldn't make your script connect to a database if you aren't going to actually do anything with it in the script. On that note... 2) You shouldn't have your database connection info in a publicly accessible script at all. If your server for whatever reason fails to parse the php in the file, it's going to output the whole file - including your php code - as plain text to the user. This can happen for many reasons..like improperly changing the mime type config for what server should do with files of certain extension, or improperly updating php engine on your server, etc.. At a minimum, you should store your db connection stuff outside of the public web directory structure, and then include it on the pages (that actually use it). 3) While we're still on the subject of database code.. the mysql_xxx functions are deprecated. At a minimum, you should update your db syntax to use the mysqli_xxx functions (notice the "i"), though I personally like the PDO functions better. Not that you're actually using your db in these scripts.. but I'm mentioning it anyway since I figure you probably are in fact using it on some final form submission script. 4) You have session_start in both your scripts, but don't appear to be utilizing sessions. Now, I did suggest in my previous post that you should utilize session vars instead of passing form data along to the next step with url params and hidden fields, so if you want to move forward with that, then they should stay there. However, in your 2nd script, you have it placed at a point in your script that's after you already started outputting stuff to the browser. If you had your error level settings set properly for development, php should have given you a "headers already sent" warning about this. If you do not want to move forward with using session vars to pass data back and forth, you should remove those session_start lines. 5) In your 2nd script, you have 2 lines that look like this: $_SERVER['first'] = $_GET['first']; I don't even know what you are attempting to do here.. My best guess is maybe this was your attempt to set a session variable? $_SERVER is a superglobal that contains information about the request to the server/script. In practice, $_SERVER should be a read-only variable. Also, any data in that variable is only within the scope of the currently executing script. IOW this is not what you use for sessions. For sessions, you use $_SESSION.

On a side note.. while your method of carrying over previous form data to new form (for what I assume is a multi-step process) "works", perhaps you should consider instead carrying over the previous data with session variables instead of outputting them as hidden form fields. This will make them more easily accessible, especially concerning the user going back a step in the form.

looks like you have your parameters and values backwards, and you have the file extension in the wrong place... $url = "form3?$first=first&$last=last.php"; should be $url = "form3.php?first=$first&last=$last"; same thing with your other $url assignments.

This is an extremely common problem among newer coders. We have a README: PHP Resources & FAQs sticky for a reason.

use prepared statements. Example insert: $db = new PDO('mysql:host=localhost;dbname=mydb;charset=utf8', 'username','password'); $query = $db->prepare("INSERT INTO table (column) VALUES (:column)"); $query->bindValue(':column', 'some value'), PDO::PARAM_STR); $query->execute(); Example select: $db = new PDO('mysql:host=localhost;dbname=mydb;charset=utf8', 'username','password'); $query = $db->prepare('SELECT * FROM table where column=:column'); $query->bindValue(':column', 'some value', PDO::PARAM_STR); $query->execute(); $row = $query->fetch(PDO::FETCH_ASSOC); echo $row['column']; This will prevent sql injection. However, you should still have logic in place to validate the user input, for the sake of your script functioning properly. For example, if you expect a user to provide a url or email address or zip code or whatever.. you should validate that it's a proper format so that you can properly do something with it. For example, using the above will prevent sql injection, but letting a user enter in arbitrary value in those fields will not prevent other attacks, such as cross-site scripting attacks. I could enter in your form some javascript and it'll sit in your db and not directly harm your db but if you turn around and output it on some page without validation or escaping, I could make your site output arbitrary js and find other ways to hack your site. So for instance, if you ask for a (US) zipcode, validate that they entered in 5 digits and nothing else, etc..

<?php $createuserfile = $_GET['userID']."-file.txt"; echo $_GET['userID']; $user = new Some_Class(); echo "<br/>"; echo "prop: ".$user->userfile; class Some_Class { public $userfile; function __construct() { $this->userfile = $_GET['userID']."-file.txt"; } } And then if i go to script.php?userID=foobar, it outputs: foobar prop: foobar-file.txt So there's something else going wrong in your code, wherever you are actually trying to use $this->userfile, that you're not showing.

Property declarations can only be declared with a constant value. You can assign it that value by doing it in your __construct method. class Foo { public $var; function __construct() { $this->var = $_GET['value']; } }

I feel your pain and I sympathize, but this isn't a "write my script for me" site. It's a learning site. Which means you must make an effort to write your own script, and we will try and help you if you get stuck. You get what you pay for. If you want the "write my script for me" option, you'll have better luck if you offer to throw money at a freelancer. But to prove I'm not just being a douche, here is a tl;dr about how you should approach this, should you endeavor to attempt this yourself. One cheap and easy way to do it is to enable directory listing for the folder you intend to put your stuff in. How you do this varies depending on what server it is (e.g. apache vs. IIS), but here is example with apache: In your apache config file you should have something similar to this: <Directory /home/mywebuser/public_html> Options Indexes </Directory> If you see this and there's a - in front of Indexes, that means it's currently disabled. Remove the - sign. If you do not see something like that in there, add it in. /home/mywebuser/public_html should be the server path to your public web directory. If it's there and already looks like that, congrats, you have nothing to change on that count. Restart apache if changes have been made. An easy way to see if this is already enabled or not, is to go to a directory on your site that does not have an index.html or index.php type file in it. If you just get a page that looks like the contents of the directory are listed, then congrats, this step is already done. But if it automatically serves up a specific page (even a generic page by your host, or automatically serves up some 404 page) then it is currently not enabled. Alternatively, your host may not allow you access to this (you don't really get access to it unless you have a virtual private server or dedicated server). So instead, you can put it in the .htaccess file in the folder like this (notice it is not wrapped in directory tag here): Options Indexes This will cause your server to output a listing of the files in the directory when you navigate to the directory, and they will be linkified, so that if you click on one, it will navigate to the file itself, instead of default to serving up index.html or w/e. Then to password protect it, basically you just need to add some more code to .htaccess and also create a .htpasswd file with a [username]:[encrypted password] entry in it. Here is an article that explains how to do this. Alternatively, if you don't want to do all that, and wish to instead have a script that lists the contents, well that's fairly easy to make as well. You don't need anything that constantly polls to update the list. Instead, the script would just read the contents of the directory at the time the script is executed. Basically you'd use any number of built in php functions such as glob, opendir/readdir, or RecursiveDirectoryIterator and loop through the results returned from it, outputting a link, using the path/to/filename as the href and link text. And as far as password protecting the script, you can do something as simple as wrapping the whole thing in a condition such as if ($_GET['user']=='username']&&$_GET['pass']=='password') { // stuff to list contents } And then you'd go to http://www.yoursite.com/script.php?user=username&pass=password. This isn't the most secure thing in the world, but maybe it's secure enough for your needs. I'd recommend at least changing the user/pass parameters to something more obscure like 'q1=xxx' and 'q2=xxx' where q1 is your user name and q2 is your password. Now, that will only protect the script itself. Anybody would be able to go directly to the files without authentication if it's in a public directory. So if you want to go this route, you'd have to put your files outside of the public directory structure and then make your script serve up the file when the link is clicked. How you do this kind of depends on what the files actually are. You could do something as simple as use file_get_contents and just echo it out and hopefully the browser will be intelligent enough to guess the content type and act appropriately. I better way would be to also use header to output correct content type, based on the file, which basically involves having a lookup table of file type vs. content type. And that list will basically be what kind of files you actually have. And since the files themselves aren't in public dir, someone can't go directly to them. They'd have to go the password protected script to have them served up.

It sounds like you are asking for help on how to use this plugin. Is there no documentation for it?

i thought about that.. but he said it works perfectly fine when the exact same url is hardcoded.

1) where is COOKIE_FILE defined? 2) you may wanna try setting curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, '1'); 3) since it's an https location, you're going to have to set a handful of curl settings that either deal with ssl authentication, or ignore it. The *easier* (though NOT recommended, except to narrow down the issue) method is to attempt to ignore it by setting CURLOPT_SSL_VERIFYPEER to false. If all is said and done and this is what finally makes it work, do NOT do this. Instead, work on using the correct curl options to validate ssl certs. If you simply turn off validation, this is what leads to man-in-the-middle attacks.

well, I'm stumped. At face value from what's presented here, I can't think of any reason it would do that :/

so just to be clear.. your php var domain vs. the hardcoded one is the SAME domain, and it is the SAME domain as the page's domain? Because I can't think of any reason it could possibly fail, except that maybe in the php version, you are using a domain that's not the same as the page's domain, which would constitute as cross-site scripting.

Basically the issue (probably) boils down to a mis-communication between character encoding vs. that symbol (e.g. the email client trying to use ISO-8859-1 encoded pound sign in a UTF-8 encoded page or visa versa). 1) Try using £ or £ instead of the actual symbol, eg: $email_message .= "Bring both parts of licence (if no they have aggreed £3 charge): ".clean_string($lipart). "\n\n"; 2) Also, you seem to have a typo in your $headers. You didn't .= the 2nd "From:" line, so it's overwriting your first "Content-Type:" line and so the charset isn't being specified. 3) sidenote: I notice in your $email_message, you end in \n\n instead of \r\n\r\n. This may or may not cause your email to show up without linebreaks, depending on what OS someone is viewing the email on.

Your script works fine to me.. are you sure if( $("#dig6").val() ) { Is really triggering during your efforts to QA the $domain echo? try commenting out that condition and see if it makes a request.

Okay so the point of abstract classes and interfaces is to guarantee certain methods/properties exist. This isn't terribly useful when you're working on your own code by yourself. But it does become useful when you're working with a bunch of other people and their own code. For example, if you create a CMS or some other script that allows for other people to develop plugins for it, they need to know how to integrate their plugin with your script. And they need a level of guarantee that if you decide to change up your code, that their plugin isn't going to suddenly break, because some random $this->someFunction() no longer exists or whatever. Or alternatively.. if you, as the creator of the script, provide functionality for people to create plugins for it, and so you setup your own script to depend on them doing something in their plugin, it's a level of guarantee that they will do it. So essentially, abstract classes and interfaces are sort of a contract between two pieces of code, that says "I don't care what you do on your side of the fence, and you don't care what I do on my side of the fence, as long as we are in agreement that we communicate with each other via these set methods." Using gizmola's example with animals.. let's say you want to make a generic animal class and then child classes for different animal types. The animal class should define methods and properties that are applicable to all animal types. And then you'd leave it up to the child classes to define stuff specific to them. So the point of making the ones a child class should define abstract, is to ensure that they actually define it, to protect against your own code breaking. For example, properties like how old an animal is, its weight, etc.. should go in some child class. But you may have a method in the parent class that makes use of those properties for something common among all animals. But if the child class fails to define those properties, then the parent class code will break. So if the parent class declares it as abstract, it forces the child class to define it. A more practical example.. Adobe Marketing Suite is a set of reporting tools for analysts and marketers. It's like Google Analytics, except GA is free and therefore has a lot of limitations. Adobe Marketing Suite is what the big boys use; it's enterprise level. Visitors go to a site, data about the visit is collected. Reports are rendered and analysts and marketers can see how many people go to their site and where they hang out on it and when/where they generally leave and then use that to try and figure out how to make their site better so that you buy their shit instead of walk out the door (sidenote: Yes, that really is what the tracking shit boils down to. So, the next time you go to a site and are trying to figure something out or buy something, but site is unclear, confusing, not working properly or w/e.. the best feedback you can give is to stop using addons that block or hide your visit activities on their site! Companies don't pay attention to emails people send to webmaster@mysite.com. They pay attention to their analytics reports.) Anyways, so there's all that data in the reports and reporters want it to be classified, and they have their rules for how to classify it. So I have this script I wrote that well accept files with the raw data sent to my server from Adobe Marketing. The script then generates classification data based on the raw data vs. the defined business rules. The script then writes that to a file and sends it back to Adobe Marketing, and bam, reporters now have their data classified into whatever categories they want. Well, the process is a bit more complicated than that, but that's the gist. So the way the script works (and again, I'm oversimplifying for the sake of example) is that I have a core class that does the generic stuff like receive the file, read through each row, generate new file and send back. Then I have a child class to define the business rules. For example, one method isValidImportRow determines whether a given imported row should be parsed or skipped over. Another method getClassifications generates the classification data for valid rows. Etc.. But the main "engine", the loop that goes through each row of data is in the parent class. So in the parent class, inside that loop, I call isValidImportRow and getClassifications. So my parent class depends on that child class defining those methods and giving it something to work with. This is where abstraction and interfaces come in handy. In the parent class I can declare abstract private function isValidImportRow(); abstract private function getClassifications(); And this will force the child class to define those methods, so that the code in the parent class doesn't break when it calls them. So whenever some coder needs to create a new classification process with my script, they just need to define the child class that focuses only on translating the business rules to code. And if they don't define those methods, php yells at them.

Would be more helpful if you posted the code that uses it. It can mean different things, depending on the context. But most likely since you mentioned array, it was probably used to reference the original array. For example, if you are looping through an array using a foreach loop, and want to alter the value of the array, you'd do something like this: $array = array(1,2,3,4,5); foreach ($array as &$val) { $val++; } This will go through the whole array and increment each value by 1

define "not working". Do you get an error message? Or what is it doing vs. what should it be doing?

you can do it that way if you want. Alternatively you can have your setter method take 2 arguments: 1 being the property to set, and 2 being the value to set it. But the point of setter and getter methods is to not allow direct access to the property. If the only thing your setter method is going to do is this: function setVar($var) { $this->var = $var; } If that's all you're going to do in your setter method, then there's no point in having a setter method at all. The point of a setter method is to validate the value so that the property only contains expected values. For example, let's say you had $this->someNumber and it needs to be a number. But let's say some other code attempts to assign a string to it. And then let's say you have another piece of code that attempts to perform an operation based on that variable, and it breaks, because it expected a number, not a string. That's the point of setter method: to provide a level of validation and/or formatting to ensure that other pieces of code will get expected values. So in practice, you'd do something like this: function setSomeNumber($num) { if (ctype_digit($num)) $this->someNumber = $num; else return false; } Actually what you'd really want to do is throw an exception instead of return false, but this is just demonstrating the principle that the setter function is there to validate and reject bad values, or otherwise guarantee that the property will always be what it's supposed to be. IOW it's pretty much the same concepts/principles as what you normally do with user input from form submits, just a slightly different context.

yes.

put placeholders in your email message and then use str_replace to replace the placeholders with the values from the variables. example: $content = "Hello {{NAME}}, your email address is: {{EMAIL}}"; $name = 'your name'; $email = 'yname@gmail.com'; $replace = array( '{{NAME}}' => $name, '{{EMAIL}}' => $email // etc.. ); $content = str_replace(array_keys($replace),$replace,$content);

well, you could probably just use file_get_contents as-is, but using cURL may be a better future-proof approach. If the server you are making the request to decides to change things up by putting up a login barrier or check if request is made from a browser, etc.. you will more easily get around that using cURL than file_get_contents.

I agree that the "standard" ("standard" meaning de facto standard that most people use) is #2. However, I personally favor #1. IMO it's easier to read. But overall, I agree that the only true "right" way is to consistently use one style or the other. If you're on a project that has code using #1, use that. If you're on a project that uses style #2, use that.

yeah.. anonymous functions are 5.3+ If you can't upgrade right now, do it like this instead: $data='{"success":1,"return":{"test":{"marketid":"32","label":"test\/TEST1","primaryname":"TestItem","primarycode":"ABC","secondaryname":"Tester","secondarycode":"TES","sellorders":[{"price":"0.00002894","quantity":"13.31323200","total":"0.00038528"},{"price":"0.00002895","quantity":"92.80350000","total":"0.00268666"},{"price":"0.00002897","quantity":"392.60350000","total":"0.01137372"},{"price":"0.00002900","quantity":"392.50350000","total":"0.01138260"},{"price":"0.00002902","quantity":"785.40700000","total":"0.02279251"}],"buyorders":[{"price":"0.00002734","quantity":"93.16130210","total":"0.00254703"},{"price":"0.00002733","quantity":"2.00000000","total":"0.00005466"},{"price":"0.00002731","quantity":"2.31057540","total":"0.00006310"},{"price":"0.00002599","quantity":"3.73174150","total":"0.00009699"}]}}}'; $data=json_decode(trim($data),true); $key2 = key($data['return']); function sell_sort($a,$b) { if ($a == $b) return 0; return ($a['price'] < $b['price']) ? -1 : 1; } usort( $data['return'][$key2]['sellorders'], 'sell_sort' ); function buy_sort($a,$b) { if ($a == $b) return 0; return ($a['price'] < $b['price']) ? 1 : -1; } usort( $data['return'][$key2]['buyorders'], 'buy_sort' ); $lowest_sellorder = $data['return'][$key2]['sellorders'][0]['price']; $highest_buyorder = $data['return'][$key2]['buyorders'][0]['price'];