.josh

we have a tutorials section on the main site, and we are (were?) working on moving them to within the IPB ecosystem. Once upon a time we did have an Author member group but interest in it was pretty much non-existent so we kinda dropped it. I would love to allow people to submit (and people can..just not formally atm) but yeah.. you are literally the first person in like 3 years who has expressed interest :/

$string = preg_replace('~\brand\(~','new',$string);

Yes it's possible. It can possibly be as simple as using file_get_contents but may be difficult and require some advanced cURL trickery. The important thing though is making sure you do not violate their ToS.

This is true, but to be fair, this is the Clientside > Javascript forum..

did you read the forum sticky about this very thing?

Basically whenever I see a "Can javascript do this.." or "I'm trying to do this, and my syntax seems right, but it's not working.." questions, it almost always has to do with violation of some security/privacy policy. So that is the overall theme you're basically going to see here. This is mostly a top-level "What you can and can't do with javascript" list. While I have provided some details for answering "why", or for pointing you in the right direction for a next-step on "how", this list isn't meant to be a comprehensive tutorial to fully explain the why's and hows of limitations and how to get around them, etc.. It's simply an entry point for figuring out a next step. Here is a list of common questions about javascript that I've seen come up a lot over the years Q: Can I execute php (or other server-side) code with javascript? A: No. Not directly. But you can setup a server-side "controller" script to accept requests with info and do things based on that info. Read up on AJAX Q: Can I use javascript to interact with my database? A: No. Not directly. See above. Q: I'm trying to use AJAX to request a script and it won't work A: 9/10 times this is because you are attempting to request something on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). It is possible for a server to be setup to allow for it, but by default servers are not setup for this and 99.99% of servers do NOT allow this. And even then, the browser my still reject it, depending on the security/privacy settings set in the browser. One trick to get around this is to output a regular javascript tag (you can even make one with js and append it to the DOM). There are limitations to this, but it may be enough, depending on what you are actually trying to accomplish. If it is on the same domain and it's not working, then post your issue. Q: I'm trying to get or change the contents of an iframe and it's not working A: 9/10 times this is because you are attempting to access iframe contents hosted on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Also the same restrictions apply for javascript running on an iframed page whose parent is not of the same domain. Q: I'm trying to use javascript to read/write a cookie and it's not working A: 9/10 times this is because you are attempting to access a cookie for a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Cookies set on the same root domain, but with different subdomains also fall under this restriction. For example, if you set a cookie on "foo.yoursite.com" and then try to read it on "bar.yoursite.com" you will get an error. However, you CAN set your cookie to just be the root ".yoursite.com" domain and then both subdomains can access the cookie. Q: Is javascript a form of java? A: No. They happen to share the same name because someone thought it would be cute to confuse everybody. Q: Can I use javascript to execute programs or read/write to files on someone's computer? A: The shorter and technically accurate answer is yes - if you count cookies and local storage. Cookies and local storage are files on the user's computer, but they are heavily isolated. The longer answer to the question you're really asking is, no, not directly. Javascript can invoke certain other things such as an ActiveX or Java applet, and those scripts can do this sort of thing. However, default browser settings are set to either prompt the user to allow them to be run (along with a very strongly worded warning), or outright prevent it. So even if you get the user to run the ActiveX or Java applet, those are the things that can access it, not javascript itself. Q: Can I use javascript to disable or change certain browser features like print, email, rightclicking, browser history, etc.? A: Short answer is no. Javascript has very limited (and usually no) access to "browser level" stuff. Basically, if you are asking this question then you are almost certainly trying to do something you can't do. Common examples: - Printing/Emailing: You can invoke the browser's print function, which will in turn invoke whatever the user has setup to happen when they would normally print, but you cannot see or control what actually happens, what program is invoked, etc. same thing with emailing, etc.. - Browser History: You can use javascript to for example simulate a forward or backward click on the browser history but you can't actually read the urls in the history or alter them. - Disabling Rightclick: Javascript does have limited ability to disable rightclicking, but it's not reliable across browsers, and if nothing else, the user can just disable javascript. - Exiting the site: Javascript does have limited ability to prevent a user from navigating away from the page. For example, you can write javascript to stop links from working as intended, or you can write code to initiate a popup (the infamous "are you sure you want to leave?" popup), etc. but this doesn't work across all browsers, and newer browser versions will even ask the user if they want to prevent the javascript from doing it. And there is nothing you can do to prevent a user from simply closing their browser. Also, it's incredibly rude to try and trap a user on your site, and is a really good way to ensure they will never return and also tell everybody they know to avoid your site! - Accessing browser bookmarks/favorites: javascript cannot read bookmarks (as in, the user's bookmarks) at all. Some browsers/versions do allow you to invoke the bookmark/favorite dialog (equivalent of ctrl+d shortcut), but this isn't the same as directly adding a bookmark, and some browsers do not even support this much. - Disabling javascript: You cannot force the browser to run javascript. If a user disables it, it is disabled, end of story. Q: Can I use javascript to validate my form values? A: Yes! But do not rely on this! It is perfectly acceptable to do some pre-validation to cut down on wasted requests to your server but you should never rely solely on javascript for form validation. It is ridiculously easy to bypass it. But also, javascript can't directly validate stuff that you would need to lookup in a file or database (e.g. correct username/password). Q: Can I use javascript to control the keyboard, mouse, webcam, etc.? A: No. You can use javascript to detect when (most) keyboard keys or mouse buttons are pressed, or current x,y coords when a mouse is moved, but only when the page the javascript is running on has focus. You cannot simulate an actual key press or button click, though you can do things like auto-pop form fields with values or invoke the click event on a form button or link. IOW you can change the state of something on your page with javascript, but you can't use javascript to act as if a user had actually pressed a button or moved the mouse. For example, you can't make the mouse curser move to another position, or you can't invoke an alt+tab or ctrl+alt+delete sequence. As far as webcams, there is no javascript interface; you can't use javascript to activate a webcam, record, receive data from it, can't even detect if it's there, etc. Q: Can I use javascript to prevent people copying my html/javascript/images? A: No. You can obfuscate your code ("security through obscurity") but this is not the same as preventing theft. Q: Can I use javascript to read request/response http headers? A: No. Many addons (e.g. firebug, httpfox, web developer) can do this because their code is within a higher scope than javascript. An addon is essentially extending the actual browser (which is why they are also known as browser extensions). Q: Can I use javascript to detect what plugins/add-ons/extensions the user's browser has? A: The short answer is no, not reliably. Firstly, take some time to read up on what the difference between a plugin, add-on and extension is. Different browsers use these terms differently. But in general, the short answer is that there is no reliable way to get a list from any browser for any of those, though it's more or less reliable to detect one if you specifically look for it, in pretty much any browser except Internet Explorer.

you are trying to mix php and javascript in a way that can't be done. php is server-side and is evaluated on the server. Once the script is executed, php then passes the output to the client (your browser). javascript functions and code is just plain text as far as the server and php is concerned. Then in your browser, as far as javascript is concerned, php and your server no longer exist. So you can't call a php function from javascript because it doesn't exist to javascript. If you want to bridge the gap, then you need to look into using AJAX. Basically the idea is to use javascript to make a request to the server, passing a value (e.g. the function name) and then have your php script execute the specified function based on the value passed. php runs the function, outputs the results, and those results are returned to javascript and you can do something with them. But it's important to understand that you cannot directly execute php code with javascript or visa versa. You're simply passing text along in the request and receiving text as a response and it's up to the other end to do something with it. Setup a switch or a bunch of if..else, or just output the code and run it through eval() to be executed as code (note: do NOT do this - HUGE security risk). TL;DR: next step: find a basic AJAX tutorial (there are tons).

Okay, well that looks like a serialized multi-dim array. Looks like you should be able to do something like this: <?php $data = file_get_contents('test.txt'); $data = unserialize($data); $found = false; foreach ($data as $row) { if ( ($row['ID']==$_POST['username']) && ($row['password']==$_POST['password']) ) { $found = true; break; } } if ($found) { header('Location: invoice.php'); exit(); } else { header('Location: registration.php'); exit(); } ?> (assumed your form names are 'username' and 'password')

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false) But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this. 3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field. 4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning. 5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

okay well uh, in your code you posted, you have an opening html comment tag <!-- N.L.Browne(print... and no closing comment tag anywhere so it's commenting out everything past that point

@cyberRobot I *assume* (yeah, I know what they say) all that is sorted, since the OP said the problem was getting to only show when it was set. IOW it sounded like the data showed up alright when it was there.. but he didn't want it to output anything if it wasn't.

because you changed the code I posted. Inside the echo you changed it from {$rows['Notes']} to {$rows['$Notes']} which is not the same thing unless $Notes happens to contain the value "Notes".. which I'm guessing it doesn't, seeing as how you said it don't work.

If all you are doing is echoing out an empty string if there aren't notes, then there's no reason to write for that; just echo out the notes if there are notes: if ( isset($rows['Notes'])&&trim($rows['Notes'])!='' ) echo "<td colspan='5'>Notes: {$row['Notes']}</td>"; the first part checks if the 'Notes' array index is set, and the 2nd part checks to make sure it's not just set to an empty string (or just stet to whitespace chars) Also, I don't think your html table is right. Looks like that first tag should be a <tr> not <td>

We're here to help teach you things and help you when you are coding and get stuck. We aren't really here to do the work for you. I suggest you post in the freelance forum or on some freelance site (IOW offer up some money) if you aren't looking to get your hands dirty.

no. Putting $num by itself at the top doesn't define it. What exactly is the echo supposed to output? You declare it but you didn't assign anything to it so not only does $num not have a value, but php doesn't even know what type of variable it's supposed to be. Which isn't the end of the world in this case, since php does loose type casting/comparison. Which is why it's a "notice" and not something more serious like a "fatal" level error. IOW it's akin to the asshole grammar nazi wagging his finger at the improper use of "their vs. they're vs. there" - people usually know wtf you meant, but you're technically wrong and there's always someone with nothin' better to do than point it out. If you want to declare and define it, you need give it a value. Since you're using numbers, you should do $num = 0;

If it were me, I'd look into changing how it's output from wherever it is outputting the original value. But here is an example of how to do it: <span class='rating'>10</span> <span class='rating'>4.5</span> <span class='rating'>2</span> <script type='text/javascript'> $(document).ready(function() { $('.rating').each(function() { var rating = Math.ceil(Number($(this).html()) / 2); $(this).html('<img src="'+rating+'"star.jpg" />'); }); }); </script>

Sweet! I'm here for the.. oh.. wrong topic ... well this is awkward.

Also, this should get your code "working" but there are a lot of improvements that can be made to your script. The very first thing is better form validation. Checking if the form fields are empty is great from a business perspective, but it is nowhere near secure from a coding perspective. As it stands now, your script is vulnerable to sql injection. You should read up on how to properly guard against that.

That error usually means your opening/closing brackets don't match up, as in you have more { than } or visa versa. You have this twice, lines 23/24 and then 28/29 if ($_SERVER["REQUEST_METHOD"] == "POST") { But there's a few other issues here: First, where did your form fields go? I just showed you updated code for what you output in your error spans.. you still need to have your form input fields..otherwise, how is the user supposed to fix their mistake(s)? 2nd, you were supposed to wrap your query stuff around all of your query stuff, not just the query string.. what you did is just going to cause your code to attempt a query with no string whenever a user has any errors! Also as I mentioned before, you should move your database connection stuff inside the condition as well, so your script doesn't waste time and resources connecting to the database unless the form is actually validated (move lines 12-17): <?php if (count($errors)==0) { $con = mysqli_connect("localhost","root","","nib"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql="INSERT INTO tbl_club_contacts (CompanyName, FirstName, Address1, Address2, Area, City) VALUES ('$_POST[companyname]','$_POST[firstname]','$_POST[address1]','$_POST[address2]','$_POST[area]','$_POST[city]')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con); } // end if $errors == 0 ?>

It would be easier to put your error messages into an array so that you don't have to check for each individual error variable. For example: // init error array $errors = array(); if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["companyname"])) {$errors['companyname'] = "company name is required";} else {$companyname = test_input($_POST["companyname"]);} // do the same thing as above for the rest of your fields } Then in your form, do like this: <td><span class="error">* <?php if (isset($errors['companyname'])) echo $errors['companyname']; ?></span></td> Then wrap your sql query stuff in this: if (count($errors)==0) { // do query stuff } Also, you should move your database connection stuff inside that last condition, just before the query stuff, so that you don't use resources and time connecting to the database unless the form is actually validated.

Where do I even begin... I count at least a dozen basic syntax errors, and that's not even counting logic errors,straight up missing needed code for other code to function, no error checking, no input validation... and judging by what I see here, my money is on there being massive errors in the code you didn't post. I strongly advise you to step back and invest some time in learning the basic syntax rules of javascript and php, and also take some time to learn the methods of debugging javascript and php code How to check for errors. How to find out what the errors mean, etc.. You can't just copy and paste other people's code and expect it to work. You're trying to run before you've learned to walk or even crawl. You have to take the time to actually learn the language so that you can understand what it is doing and what is wrong with it.

not to mention the fact that anybody can fake that header easy enough. Like I said:

You can name your checkboxes whatever you want, but most people do checkboxes like that, yes. Sidenote: a lot of people explicitly set the index as well, because it's fairly common to want to know which checkboxes weren't checked. So it would look something like this: <input type="checkbox" name="makes[0]" value="1"> <input type="checkbox" name="makes[1]" value="4"> <input type="checkbox" name="makes[2]" value="7"> $_POST will be an array of the posted form values, yes. With the format above, if you check all 3 of them, that print_r($_POST); I mentioned earlier will look like this: Array ( [makes] => Array ( [0] => 1 [1] => 4 [2] => 7 ) ) To get them in a comma delimited list, you can do like this: // string value of "1,4,7" $list = implode(',',$_POST['makes']);

The short answer is there is no absolute 100% way to prevent it. But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

Are you only interested in just generating the xml file, not having to manipulate it later? If so then you can more or less do what you're already doing except assign the stuff to a string and then save it to the file instead of outputting it to the screen. It would basically look something like this: <?php $xmlData = <<<EOF <?xml version="1.0" encoding="UTF-8"?> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1"> EOF; // code to connect to the database here $getURLS = mysql_query("SELECT * FROM urls", $url); while($row = mysql_fetch_array($getURLS)) { $URL = $row['url']; $xmlData.=<<<EOF <url> <loc>{$URL}</loc> <changefreq>monthly</changefreq> <priority>0.50</priority> </url> EOF; } // end while $xmlData.="</urlset>"; file_put_contents("sitemaps/sitemap.xml", $xmlData); ?> I uh, suppose this might have to be modified to write one chunk at a time if this is going to generate a big file, but I've never really seen huge sitemap files before so this should probably be fine. Now.. if you are wanting to be able to manipulate the xml file, you would be better off using something like the SimpleXML class.