rab
-
Posts
155 -
Joined
-
Last visited
Never
Posts posted by rab
-
-
<?php /* safe_sql($p) ** ** Argument type ** - String ** - Array ** ** Return value ** - String if string was passed ** - Array if array was passed */ function safe_sql($params) { $safe = array(); if( is_array($params) ) { foreach( $params as $p ) { $safe[] = safe_sql($p); } } else { if( get_magic_quotes_gpc() ) { $params = stripslashes($params); } $safe = "'".mysql_real_escape_string($params)."'"; } return $safe; } $safe = safe_sql("Bad input ' hax "); $_GET = safe_sql($_GET); // Get is now SQL safe, ( not recommended, sanitize individual values )Try that out, you need to wrap your values in quotes.
-
<?php error_reporting(E_ALL ^ E_NOTICE); // Put this up here require_once("class_http.php"); // MySQL Connection $link = mysql_connect('mysql6.******.com', '*****', '*****') || die('Could not connect: ' . mysql_error()); mysql_select_db('dcremax') || die('Could not select database'); // IMO, i only put the query in a variable if it's not going to be a constant $result = mysql_query("SELECT * FROM Listings") || die(mysql_error()); $num = mysql_numrows($result); for($i=0; $i<$num; $i++) { $reo = mysql_result($result,$i,"reo"); $h = new http(); $h->dir = "/home/foo/bar/"; if( !$h->fetch("http://metrolistmls.com/cgi-bin/GetOneR.cfm?County=SA&iRow=0&nJL=7&MLSNum=".$reo) ) { echo "<h2>There is a problem with the http request!</h2>"; echo $h->log; exit(); } // Grab all the info if( preg_match_all("@http://mlsmedia\.metrolistmls\.com/bigphoto/(\d+)/(.*?)\.(jpg|png|jpeg|gif)@i", $h->body, $pictures) ) $pic = $pictures[0]; if( preg_match('@<td class="PageTitle" colspan="3" align="center"><b>(.*?)</b></td>@i', $h->body, $street) ) $street = $street[1]; if( preg_match('@<td align="center" class="PageTitle" width="534"><b> (\$\s*.*?)</b></td>@i', $h->body, $price) ) $price = $price[1]; // ... more and more ... if(trim($pic) == "") $pic = "../images/nophoto1b_small.jpg"; if( !empty(trim($price) ) { $sql = sprintf("INSERT INTO listings ". "(`streetaddress`, `city`, `price`, `squarefeet`, `bed`, `Fbath`, `Hbath`, `reo`, `agent`, `pic`) VALUES ". "('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", mysql_real_escape_string($street), mysql_real_escape_string($city), mysql_real_escape_string($price), mysql_real_escape_string($squarefeet), mysql_real_escape_string($bed), mysql_real_escape_string($fbath), mysql_real_escape_string($hbath), mysql_real_escape_string($reo), mysql_real_escape_string($agent), mysql_real_escape_string($pic)); mysql_query($sql) || die(mysql_error()); } } mysql_close($link); ?>Finish the information extracting.
-
Implement a CAPTCHA system, http://www.captcha.net/.
-
<?php $loan_id = (int)$_GET['loan_id']; $sql = mysql_query("SELECT upfc FROM Loans WHERE loan_id = '$loan_id'"); if( !$sql ) die(mysql_error()); while($row = mysql_fetch_assoc($sql)) { if( $row[upfc] == 0 ) $file_name = $loan_id . "point1"; else $file_name = $loan_id . "point2"; } ?>Untested.[/code]
-
<?php $langs = 2; // Increase this if you get more languages $default_lang = 1; // Default language function GetSentence($ValueID) { global $langs, $default_lang; $_SESSION['lang'] = (int)$_SESSION['lang']; if( $_SESSION['lang'] > $langs || $_SESSION['lang'] < 0 ) $_SESSION['lang'] = $default_lang; $ValueID = (int)$ValueID; $query="SELECT L{$_SESSION['lang']} as Lsentence FROM lang WHERE id='$ValueID'"; $result=mysql_query($query); if( !$result ) return False; $line=mysql_fetch_object($result); return $line->Lsentence; } // ... later on $sentence = GetSentence(10); if( $sentence !== False ) { // No error, continue } ?>Untested, give it a try
-
include "lib/functions.php";
That?
-
case 'DATE':
Need quotes
-
check the manual, mysql_connect() takes 3 arguments.
-
Change
echo "PN: " . $pageNumber . " CR: " . $comments_remaining . " CS: " . $comment_Start;
to
echo "PN: " . $pageNumber . " CR: " . $comments_remaining . " CS: " . $comment_start;
Just a quick look over...
-
Where is $option defined? Do you mean $choice?
Also make it
if ($value == $option) { echo ' checked'; }You had a '; at the end brace
-
Just include the user's config file in the database config one.
<?PHP //------ Paramaters to change ------// include "/path/to/$user/config.php"; //-------- ------------- --------------// //tables that are used by the objects $users_table = $dbprefix."users"; $statistic_table = $dbprefix."statistic . /* ** ... */
-
Move it to one path, then use that path to copy the file to other paths.
-
function test1($b='Nothing?'){ echo $b; } function test(){ $b = "foo"; test1($b); } test();Or
function test1(){ global $b; echo $b; } function test(){ global $b; $b = "foo"; test1(); } test(); // nadda -
Please elaborate...
-
<?php switch( $_GET['c'] ) { case 'about': // about break; default: // default break; } ?> -
Don't redirect the output to /dev/null, echo it and see what it says.
-
Try a print_r() for both arrays before you do the preg_replace(). Maybe there is an error in your regexp.
-
No, with the code you posted it isn't.
If there was register_globals turned on and $email wasn't assigned before it was printed, then yes.
Example
<?php // $email was never modified so its the value you give it. print $email; // more code; ?>
Although, don't depend on register_globals.
-
$note = str_replace(array("\n", "\r", "%0a", "%0d"), "", $_REQUEST['note']); -
look at str_replace().
-
sqlite_query($handle,"YOUR QUERY");
Its needs the resource link
-
check preg_match()
-
-
<?php if( isset($_GET['submit']) ) { $used = array(); foreach($_GET['cats'] as $cat) { $cat = (int)$cat; if( !in_array($cat,$used) ) { $used[] = $cat; $searchResult = "SELECT * FROM wp_posts JOIN wp_term_relationships on wp_posts.ID = wp_term_relationships.object_id JOIN wp_DLM_DOWNLOADS on wp_posts.ID = wp_DLM_DOWNLOADS.id WHERE wp_term_relationships.term_taxonomy_id = '$cat'"; $searchResultRow = mysql_query($searchResult) or die(mysql_error()); while($row = mysql_fetch_array($searchResultRow)) echo $row['post_title']; } } } ?>Try it
Critique A Web Critique Site!
in Beta Test Your Stuff!
Posted
Your site is broken.