Jump to content

gizmola

Administrators
  • Content Count

    4,918
  • Joined

  • Last visited

  • Days Won

    47

gizmola last won the day on August 2

gizmola had the most liked content!

Community Reputation

166 Excellent

2 Followers

About gizmola

  • Rank
    Prolific Member

Contact Methods

  • AIM
    gizmoitus
  • Website URL
    http://www.gizmola.com/

Profile Information

  • Gender
    Male
  • Location
    Los Angeles, CA USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The 2 things have nothing to do with each other, but I will say this about SQL Injections. Forget about mysqli_real_escape_string or any attempt to escape anything, and use parameters. Use parameters and bind the values. This eliminates the possibility of SQL Injections, because no interpolation is being done, and you also no longer have to care about escaping quotes or other characters special to SQL. https://www.php.net/htmlspecialchars is something you can use to combat XSS, or https://www.php.net/manual/en/filter.filters.sanitize.php. For XSS the best solution is to store the input in the DB as is, and then do your filtration/conversion when you are going to present the string on your site/within your application.
  2. You replaced Wordpress with what? I don't know how you get the entry from the DB, or what templating looks like but let's assume you are just using something like pure PHP. I'll assume that there's a variable named "$soundFile" available with the existing URL. <?php /// various code ?> <audio controls> <source src="<?= $soundFile ?>" type="audio/mpeg"> </audio> <?php /// more php code if needed Your type#2 url's that just have the url to the .mp3 will work perfectly. Only your entries that have encoded the url inside an anchor tag would be a problem. What I'd do is fix them in the DB with a SQL statement. Tip: Anytime you do a global UPDATE like this you need to be very careful to test and have a backup. I usually will make a backup table using something like this: CREATE TABLE t_atable LIKE atable; INSERT t_atable SELECT * FROM atable; So in this example, I assume your table is named `sound` and the column to have it's data fixed is named mp3_file. UPDATE sound SET mp3_file = SUBSTR(mp3_file, POSITION('http:' IN mp3_file), (POSITION('.mp3' IN mp3_file)+4 - POSITION('http:' IN mp3_file) )); Here is a dbfiddle that proves this will work with versions as old as MySQL 5.5. Hopefully you get the idea that it locates the 'http:' and the '.mp3' and uses those positions to carve out a substring with just the URL. It works fine if there is only the url pre-existing in the column. It's also impervious to small details like whether or not the url inside an anchor tag src has quotes around it or not. Assuming you are just putting new url's in the column in the future, you would only need to run this once to clean up your db.
  3. gizmola

    phpdoc not work

    This is an ongoing problem with phpDocumentor and the JMS Serializer package. See this: https://github.com/phpDocumentor/phpDocumentor2/issues/1868 You would probably have more luck working directly through the Github issue tracker.
  4. Seems like you figured out that you needed to find where the $base variable was being set, and change that. Congrats on figuring it out, and on behalf of the the others who aided, you're most welcome.
  5. To add to what Mac said, usually there are some configuration files involved. We have no way of saying for sure without code to look at, but a typical strategy would be to set up a variable or constant that contains the site root. Mac helpfully highlighted the differences for you. You should do a search through the source files for '/home/sites' and make sure that is replaced with '/home/customer/www'. Sometimes these configurations are stored in database tables, so that might be the problem if it's not hardcoded. There is no way for us to know for sure again without looking at some of the sourcecode for the site.
  6. You might reach out and ask them if they would share info with you, unless of course you are trying to clone the site. If you're not planning on direct competition, they might be willing to share with you, but obviously the site has a lot of moving parts, and from a UI standpoint it appears to me to be a bunch of custom javascript, with some bootstrap, and as I said previously, RESTful ajax calls for data submission. It really doesn't look to me like something you can go find on github.
  7. My best guess is that it is something customized. The site is highly commercialized, and ironically exactly what the founder stated he didn't like in an interview I found: http://www.english-test.net/esl-cafe/24/index.html There are a gazillion adnetworks, with extensive monitoring and tracking. I did see that at some point they had a full time SEO person involved, as well as a distributed development team. Clearly it's nothing out of the box, but at least as a non-member, the site looks ugly and distracting to me, with the content hard to find within all the add banners, panels and modal windows. The other thing I can tell you is that it's using a REST api setup, and mapping the *.htm extension to something, which could be essentially anything on the serverside. They have taken a number of steps to obfuscate what they are using, so that indicates they don't want you to know.
  8. How about just using serialize() and unserialize(). This is what php session handling does.
  9. Yes absolutely. PyCharm is simply an editor/Integrated Development Environment. You need some sort of server environment to test. It's possible to make it work in a localhost or virtual server on your workstation, but for a smallish project like this one, probably not worth the trouble.
  10. maxxd, From what I've seen, it's more a matter of the php team wanting to give developers the same tools and capabilities that exist in other languages. Adding syntax to easily use anonymous functions is yet another step in furthering that longtime goal. With that said, the associative array assignment syntax does make this a change that will cause some head scratching for long time PHP developers.
  11. Note: I edited the original post and removed the comments about the code block. I also removed the email and site url specifics. This is the line that sets that: // Enter your email addresses: @required $emailTO[] = array( 'email' => 'stefan@...', 'name' => 'Stefan' ); If that is your email address, then I don't see any obvious coding issues. So to gw1500se's point, this would suggest a configuration issue with the server, where the Mail Transfer Agent which will be delivering your mail needs to be setup and working. There are many things involved in getting a working MTA. You'll likely need support from your hosting company.
  12. This is the modern/functional programming way of handling a problem like this. I'm not a huge javascript fan, but having to practice it on occasion certainly opened my eyes to the use of filter/map/reduce and other mainstays of functional programming. I've also found this guy's youtube channel to be both educational and inspirational. You do have to do a bit of research for the php functions that are similar, but in the case of arrays there are ones like array_filter that I find are great as glue for so many smallish tasks as demonstrated by Barand's code.
  13. Good find. There are actually many of these errors where it's requesting http over https which the browser won't allow. Either the server needs to be configured to serve https or the code/configuration needs to be changed so that it uses relative paths or for some of the included external javascript and css, to use '//....' rather than 'http://'. The login fails for the same reason, as it's attempting an ajax call to: http://....com/requests.php?f=login which is denied.
  14. I'm not a big fan of extract or anything that could make a bunch of odd variables when you can just use: 'pagecontent' => html_entity_decode($row['pagecontent']), With that said, I didn't see anything exceptionally broken in your code. Probably the issue is that you aren't setting the HTTP Header to indicate you are returning json. Before your echo: header('Content-Type: application/json'); If something else is broken, you should have a message in your logs.
  15. This appears to be what you have now on submit: $sql = "INSERT IGNORE INTO bookingcategory SET bookingid=$bookingid, categoryid=$catID"; So there are 2 things to note here: On a new booking a booking row gets created and you get the id of this new booking row and store it in $bookingid For each category selected a row is inserted in bookingcategory with the bookingid and the categoryid So, the first issue you need to deal with is how will php get the bookingid that has just been created? Your primary options are either to redirect to the same script, only passing a url parameter like ?bookingid= Set a cookie with the booking id there Use a session variable I would suggest that you use sessions, since they have the advantage of hiding the bookingid from the user. If you pass a parameter, anyone looking at your system could just change the booking id parameter and see other bookings, however, if this is an admin system, perhaps that doesn't matter as much. Still sessions have great utility and may help with other problems you'll face. Now assuming, you want to be able to add to this script, the logic you described, what is missing is that you need to SELECT the booking and related information so you can refill the form variables or otherwise display the booking data which has now been saved. It should be obvious to you that you can't do that unless you have access to the saved booking id. Getting a list of the preselected categories would require a query like: SELECT c.* FROM bookingcategory bc JOIN category c ON c.id = bc.categoryid WHERE bc.bookingid = $bookingid The actual query may be slightly different as there is no way to intuit the actual column names from your posted code. The results of that query can be used to set the selected categories in your form/UI.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.