simcoweb

This code works great in FF but doesn't show in IE. Either I need to add a 'conditional statement' for it to work in IE or modify the code so it works in both. Basically it's a background color and border for an image: img.floatLeft { float: left; margin: 4px; border: 1px; border-style: dotted; color: #333333; } If you look at this page in FF you'll see it. In IE you won't. Ideas? www.calcounties.com/bios.php Thanks in advance!

Ok, changing the line to file($filename); did the trick as it now reads all the data. Now, another question on this. The info is in a pipe delimited format: some data here | their name | a link here Is there a way to separate these and not display the pipe? Right now it's just treating it all like txt, obviously, so it displays everything.

Basically i'm trying to open the file, take each line and display it in its own table cell. I'm more used to working with MySQL databases and queries. Either I convert this script to MySQL or figure how to extract each line, separate them and display in a cell. I'll try your suggestion.

I've been so busy designing that i've neglected my PHP skills (if I ever had any ) I'm hacking around in a random quote display script I downloaded whereas i'm trying to make it work for testimonials. It uses a flat txt file for storing the records. So, i'm trying to write a simple function to display all the testimonials in a formatted table setting. Here's my function: <?php function showAll() { $filename = "quotes/testimonials.txt"; $fh = fopen($filename, 'r') or die("Can't open file"); $quotes = fread($fh, filesize($filename)); echo "<table width='90%' align='center' border='0' cellpadding='1' cellspacing='2'>"; foreach($quotes as $value) { echo "<tr><td>$value</td></tr>"; } echo "</table>"; fclose($fh); } ?> I get this error message when trying to execute but the argument seems to make sense but is being reported as invalid: I'm sure it's simply my rusty code. I need to write some PHP scripts to keep in practice! Thanks in advance for your help.

So realistically there's not much I can do except tidy up a bit of the code and add in the filtering and htmlentities() to keep them from using the form for malicious use? We seem to get a lot of 'bounces' lately from these a-holes using various forms or functions on our sites to send out their crap. And just a quick question on the htmlentities() function, would that replace the strip_tags(trim()) setup i'm using now? Or add to it?

First, thanks for the suggestions. Much appreciated! Just a couple of questions on those: On this one, I looked it up in the php.net manual and apparently all it does is convert certain characters to HTML that have certain HTML qualities. Like HTML special character codes (ex: &#123; or &#x12a; ). I'm assuming that this then prevents them from using certain strings to perform functions or commands by typing them in the url? (ex: www.mysite.com/form.php?maliciousstuff&morestuff&etc) I'd consider a couple of the suggestions as better coding practices. Thanks for those. I'll check out the ini_set() function to see if that's viable. What about some way of prohibiting them from adding characters to the url? And, would some sort of referrer validation do any good?

Absolutely! Here's the whole thing in a nutshell: <?php session_start(); // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); if (isset($_POST['submitted'])) { // get form data $name = strip_tags(trim($_POST['full_name'])); $email = strip_tags(trim($_POST['email'])); $phone = strip_tags(trim($_POST['phone'])); $comments = strip_tags(trim($_POST['comments'])); $match = $_SESSION['contact']; // the code on the image $secure = strtoupper(trim(strip_tags($_POST['secure']))); $today = date("F j, Y, g:i a"); // some validation $errors = array(); // input error checking if ($name=="") { $errors[] = "Please enter your full name.<br/>"; } if ($phone==""){ $errors[] = "Please enter your phone number.<br/>"; } if ($email=="") { $errors[] = "Please provide your email address<br>"; } if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $errors[] = $email. " is not a valid email address. Please enter a valid email address.<br/>"; } } if (!$secure) { $errors[] = "No security code entered<br/>"; } if (($secure!=$match) && ($secure!="")) { $errors[] = "Security code mismatch. Please re-enter.<br/>"; } if (!$errors) { // start mail process $mailContent="--------CONTACT--------\n" ."Name: ".$name."\n" ."Date: ".$today."\n" ."E-mail: ".$email."\n" ."Phone: ".$phone."\n" ."Description: ".$comments."\n"; //---------------------------------- $toAddress="info@domainname.com"; /* change this! */ $subject="Your Site Inquiry"; /* change this! */ $recipientSubject="Your Site Inquiry"; /* change this! */ $receiptMessage = "Thank you ".$name." for inquiring at LenderFish.com's website!\n\n\nHere is the contact information you submitted to us:\n\n" ."--------CONTACT--------\n" ."Name: ".$name."\n" ."E-mail: ".$email."\n\n--------PHONE--------\n" ."Phone: ".$phone."\n" ."Comments: ".$comments."\n"; //---------------------------------- mail($email, $subject, $receiptMessage,"From:$toAddress"); //---------------------------------- mail($toAddress,$recipientSubject,$mailContent,"From:$email"); header("Location: success.php"); } } ?>

Hi everyone. Been gone for awhile but always know I can get answers here I have a script i've used over and over for processing forms. It does validation via 'if' statements and works quite well in that respect. Emails are sent to both the person completing the form and the site owner in a plain text format. And, the form has CAPTCHA security as well. However, it seems the spammers have ways to exploit the form code itself without having to deal with the CAPTCHA in many cases. I'm not sure what additional steps I can employ in the code that would prohibit header injections and other malicious crap that they use. Perhaps a referrer check of some sort? An electronic shock sent through their keyboard if they try to spam? I cruised through the boards and didn't find anything specific and wondered who has some insight and examples of this. Any help is always appreciated!

I can see making delimiter types as i've done that myself. But, I can't see it making spreadsheets with complicated formulas and cell formatting like you could if you were to create it in Excel itself.

Actually I believe it makes an Excel 'compatible' file in CSV format. I don't think it can make an .xls (Excel worksheet format) file but may be wrong.

Basically your IRC client doesn't know how to interpret those special characters. = space $#176; = degrees You might be better served to just have it say the word instead of using the symbols. °F = degrees Farenheit = try using just a keyboard spacebar

PPT is a Microsoft proprietary format. No way to make it with PHP. Powerpoint files are basically movies/slideshows.

Gentlemen, as usual..thanks to both of you! I appreciate the explanations so I 'learn'. kenrbnsn, I inserted your changes and that took care of it. My initial hunch was to use the 'isset' method but, again, wanted to get some guidance on the right way. Thanks for confirming that. hitman, thanks for that explanation and analogy. It's good to know this stuff so I can chase the problems down logically myself. Issue solved!

I'm creating a dynamic form where the fields are all populated by queries to the mysql database. Here's the error message received when doing a search without selecting any property types: which refers to this section of the form processing code (just showing the important parts): if (isset($_POST['search'])) { // query for extracting lenders from amember database $category = strip_tags(trim($_POST['category'])); $loantype = strip_tags(trim($_POST['loan_type'])); $propertytype = strip_tags(trim($_POST['propertytypes'])); [b][color=red]<-- This is line 15[/color][/b] $sql = "SELECT * FROM amember_members WHERE is_lender='Yes' AND '$category' IN (category_1, category_2, category_3, category_4, category_5) AND '$loantype' IN (loan_type, loan_type2, loan_type3, loan_type4, loan_type5) AND '$propertytype' IN (propertytype, property_type2, property_type3, property_type4, property_type5, property_type6, property_type7, property_type8, property_type9, property_type10, property_type11, property_type12, property_type13, property_type14, property_type15, property_type16, property_type17, property_type18, property_type19, property_type20, property_type21, property_type22, property_type23, property_type24, property_type25, property_type27, property_type28) ORDER BY top_3 LIMIT 10"; $results = mysql_query($sql)or die(mysql_error()); $numrows = mysql_num_rows($results); The form function itself actually works perfectly. Here's the code for it: function search_form3() { echo "<form method='POST' action='search-propertytypes.php' onsubmit='return validateIt(this)'> <select id='cat' name='category' onchange=\"opt(this.value,'cat','Select A Valid Category!')\">\r"; echo "<option selected value='ignore'>Select Category</option>"; $sql = "SELECT category FROM categories"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { while($row = mysql_fetch_assoc($result)) { echo "<option value='{$row['category']}' name='{$row['category']}'>{$row['category']}</option>\n\r"; } } } echo "</select>\n\r"; // loan type form echo "<select id=\"cat2\" name='loan_type' onchange=\"opt(this.value,'cat2','Select A Valid Loan Type!')\">\r"; echo "<option selected value='ignore'>Select Loan Type</option>"; $sql2 = "SELECT loantype FROM loan_type"; if ($results2 = mysql_query($sql2)) { if (mysql_num_rows($results2)) { while($row2 = mysql_fetch_assoc($results2)) { echo "<option value='{$row2['loantype']}' name='{$row2['loantype']}'>{$row2['loantype']} </option>\n\r"; } } } echo "</select>"; // property type form $sql3 = "SELECT propertytypes FROM property_types"; if($results3 = mysql_query($sql3)) { if(mysql_num_rows($results3)) { echo "<p class='bodytext'><b>Select property type(s):</b><br/>\n"; echo "<table width='300' border='0'>"; while($row3 = mysql_fetch_assoc($results3)) { echo "<tr><td class='bodytext'>{$row3['propertytypes']}</td><td> <input type='checkbox' name='propertytypes' value='{$row3['propertytypes']}'></td></tr>\n"; } } } echo "</table>"; echo "<input type='submit' name='search' value='Search'>\n</form>"; } Now, IF someone doesn't choose any of the property types then the error occurs. IF they DO select any or multiple selections of the property types checkboxes then no error occurs. This may be a result of the fact that 'propertytypes' should be held as an array since they can which may require that I place the array indicators [] in each checkbox for 'propertytypes'. Or, perhaps an 'if' statement that excludes it from the search if no boxes are checked. The checkboxes are not 'required' items. URL to form: http://www.lenderfish.com/brokers/search-test2.php Try a search without selecting the property types (other two selections are required). Anyway, need some assist on this to figure the right way to git 'er done! Thanks!

You'd have to check at the PHPBB forums to see if there's a mod already for that. Otherwise, what you'd need to do is modify the current registration form to add the field and make it required. Then, modify the database to accept and store that form field data. Not that difficult really.

Something like: $name = $_POST['name']; $sql = "SELECT * FROM tablename WHERE name='$name'"; $results = mysql_query($sql) or die(mysql_error()); if($results){ echo "Exists!"; } else { echo "Does NOT exist!"; }

Using this: echo "$row3['property_type'] <input type='checkbox' name='{$row3['property_type']}' value='{$row3['property_type']}'>"; throws and error in my code editor: T_ENCAPSED_AND_WHITESPACE expected T_VARIABLE or T_STRING or T_NUM_STRING

I'm creating a 3-part search form where the fields are dynamically generated off the database entries for these fields. In the code below it shows i'm running 3 separate queries in order to obtain the required data. The first 2 work fine and create the required form field and values perfectly. The 3rd one creates just the one checkbox and no values. Need a bit of help on this one function search_form3() { echo "<form method='POST' action='search.php' onsubmit='return validateIt(this)'> <select id='cat' name='category' onchange=\"opt(this.value,'cat','Select A Valid Category!')\">\r"; echo "<option selected value='ignore'>Select Category</option>"; $sql = "SELECT category FROM categories"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { while($row = mysql_fetch_assoc($result)) { echo "<option value='{$row['category']}' name='{$row['category']}'>{$row['category']}</option>\n\r"; } } } echo "</select>\n\r"; // loan type form echo "<select id=\"cat2\" name='loan_type' onchange=\"opt(this.value,'cat2','Select A Valid Loan Type!')\">\r"; echo "<option selected value='ignore'>Select Loan Type</option>"; $sql2 = "SELECT loantype FROM loan_type"; if ($results2 = mysql_query($sql2)) { if (mysql_num_rows($results2)) { while($row2 = mysql_fetch_assoc($results2)) { echo "<option value='{$row2['loantype']}' name='{$row2['loantype']}'>{$row2['loantype']} </option>\n\r"; } } } echo "</select>"; $sql3 = "SELECT * FROM property_types"; if($results3 = mysql_query($sql3)) { if(mysql_num_rows($results3)) { echo "<p>Select property types<br/>\n"; echo "<table width='500' border='0'>"; while($row3 = mysql_fetch_array($results3)) { echo "<tr><td class='bodytext'>"; echo "".$row3['property_type']." <input type=\"checkbox\" name=\"{$row3['property_type']}\" value=\"{$row3['property_type']}\">"; echo "</td></tr>"; } } } echo "</table>"; echo "<input type='submit' name='search' value='Search'>\n</form>"; }

I'm writing a query to create a table but want to also provide entries into those fields as values at the same time. I know the syntax for the table creation but can't find a reference anywhere (include mysql site and cheat sheets, etc.). Here's a sample of what I have. Just looking for the right syntax to insert the values at the same time of creation.

Is the folder writeable?

It's not redirecting to a blank page, the script 'dies'. That's why you don't put that 'or die' there.

I just tried your form again. Produced this error:

But is the page still going blank?

Take the 'or die...' off the end of this: $num_rows = mysql_num_rows($qry) or die(mysql_error()); If it didn't die on the statement above then it's definitely not going to on this one. I just had this happen to me the other day on a similar situation where the page would just go blank. Took out that clause and worked like a charm.

There's literally 100's of PHP based shopping carts available that you could further customize. But, most have login features already and work off databases. Unless, of course, you want to code the whole thing yourself. http://www.hotscripts.com/PHP/Scripts_and_Programs/E-Commerce/index.html