webref.eu

Hi All I am learning Smarty and I am trying to create a standard Smarty installation on one of my sites. So far I have: www/smarty/cache/ www/smarty/configs/ www/smarty/libs/ - I'm putting all the Smarty library files in here www/smarty/templates/ www/smarty/templates_c/ Would this be the best way of doing things? In particular, is the libs directory in the normal place? Thanks

Can I put the Smarty directories in folders inside my web accessible document route, e.g. the Smarty libs files in: www/libs/ without there being any security issue?? That's what I'm concerned about, and as I have a shared hosting account I don't think I can put them above the www/. Many thanks

I've modified your code slightly, see below. The code is "working" how I would expect it to, it depends what you want it to do ... You can see the below script running on my server at: http://www.computer-monitors.org.uk/test-simple.php Rgds <html> <body> <?php $x=$_POST['x']; if(isset($_POST['y'])) { echo $x; } else {echo "tralala";} ?> <form name="form" action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"> <input name="x" type="text"> <input name="y" type="submit" value="ok"> </form> </body> </html>

Hi All I want to try using the Smarty.net templating system. Is this something that can be installed on my shared hosting (Reseller Ac) when I don't have my own server? Thanks

You should be running some checks on the userid before allowing it to be used in the script. Should the userid always be a number? If so, you can check that it is indeed a number as per the following: http://www.webref.eu/php-script-check-id-is-a-number-for-enhanced-security.php Rgds

Can someone give me a brief description of serialization and why it's useful? Thanks

Thanks for your comments. I am already using includes with a template-page.php file, and I save the file in a different name each time I need to make a new content page. However, if I then make a change to template-page.php, I then need to go back and update all the other pages. I need it so that if I change the template, all the pages based on the template are automatically updated. Any more comments anyone? Thanks

Hi All I need to learn how to put my PHP site into a template so that when I make a change to the template page design it can instantly be reflected right across the site. Where do I start? What search terms should I use to learn about this? Thanks

Would others agree with me that because I am using mysql_real_escape_string I don't need to do anything further to protect against SQL injection attacks? Thanks

Hi All I have a free text field where users can enter a search term for my database, here's some of the code, my question is what else should I be doing to make the script secure? Getting the search query: $SearchQueryText = @$_GET['SearchQueryText'] ; //make safe for database $SearchQueryText = makeSQLSafe($SearchQueryText); $trimmed = trim($SearchQueryText); //trim whitespace from the stored variable The makeSQLSafe function: function makeSQLSafe($str) { // check the status of magic_quotes_gpc, if it this returns true // we remove the escaped characters. Allowing for the real escaping // to be done via mysql_real_escape_string if(get_magic_quotes_gpc()) { // remove the slashes. $str = stripslashes($str); } $str = mysql_real_escape_string($str); return $str; } ... and the Sql query for the MySQL database: $query = "SELECT * FROM Products where ProductName LIKE '%$trimmed%' or ProductBrand LIKE '%$trimmed%' or ProductDesc LIKE '%$trimmed%' ORDER BY ProductName"; Thanks for your comments. Rgds

Thanks for your reply. I now have this working, and post my code for those interested, the second part of the code calculates the average: //Find out if there are approved reviews for a product //Find out how many rows are in the table $sql5 = "SELECT COUNT(*) FROM Reviews WHERE ProductId LIKE $ProductId AND ReviewIsApproved=1"; $result5 = mysql_query($sql5, $connection) or trigger_error("SQL", E_USER_ERROR); $r5 = mysql_fetch_row($result5); $numrows5 = $r5[0]; //If there are approved reviews, calculate the average review rating If ($numrows5 > 0) { //Calculate AverageReviewRating $sql4 = "SELECT AVG(ReviewRating) FROM Reviews WHERE ProductId LIKE $ProductId AND ReviewIsApproved LIKE 1"; $result4 = mysql_query($sql4); //obtain while($row4 = mysql_fetch_array($result4)){ //mysql_num_rows($result4) always equal to 1 when calculating an average //echo mysql_num_rows($result4); $AverageReviewRating = $row4['AVG(ReviewRating)']; //format to 2 decimal places $AverageReviewRating = number_format($AverageReviewRating, 2); echo " Average Rating: " . $AverageReviewRating . " / 10"; } //End if there are approved reviews }

What will the ultimate purpose of this query be? i.e. why do you need to do it? I suggest you write some pseudo code logic, i.e. write out the logic that you want your programme to follow, break it down into small steps, and then maybe people on here will be able to help you with executing each step. Rgds

Hi All I have a Reviews table where people can rate products out of 10. I need to calculate the average review rating for a particular product. I think I can do this using the following MySQL query: $sql4 = "SELECT avg(ReviewRating) FROM Reviews WHERE ReviewIsApproved=1 AND ProductId=" . $ProductId . ";"; but how do I actually get the result of this query to display on my page?? Many thanks

Here's the answer guys: $sql3 = "SELECT Reviews.ReviewId, Reviews.UserId, Reviews.ReviewRating, Reviews.ReviewDesc, Reviews.ReviewDate, Users.Username FROM Reviews LEFT JOIN Users ON Reviews.UserId = Users.UserId WHERE ProductId LIKE $ProductId AND ReviewIsApproved=1 ORDER BY $sortby $sortdirection LIMIT $offset, $rowsperpage"; Rgds

Hi All I have the following sql query: $sql = "SELECT ReviewId, UserId, ReviewRating, ReviewDesc, ReviewDate FROM Reviews WHERE ProductId LIKE $ProductId AND ReviewIsApproved=1 ORDER BY $sortby $sortdirection LIMIT $offset, $rowsperpage"; which I need to modify so that I can also retrieve the Username by linking the query to my Users table and using the UserId to retrieve the Username. So, how do I modify the query? I believe I need a join using the UserId as index, but I'm not sure of the syntax, please help. Rgds

OK, thanks, the code I needed was: echo "Date Added: " . date('M d Y', strtotime($row[ProductDateAdded])) . "<br /><br />"; Rgds

Hi All I'm lifting a date and time field from my database and displaying it on the page with: echo "Date Added: " . $row[ProductDateAdded] . "<br /><br />"; which gives me date and time results like: 2009-06-02 11:38:35 However, I just want the date formatted to an American standard as follows: Jun 2 2009 So what's the code to do that please? Many thanks

Thanks for the comments so far. Rgds

Thanks, changing as you suggested made it work. Thanks for the other reply too. Rgds

I tried changing it to this: $query = "select * from Products where (ProductName like \"%$trimmed%\" or ProductBrand like \"%$trimmed%\ or ProductDesc like \"%$trimmed%\") but it doesn't like that. Rgds

Hi All I have the following MySQL query: $query = "select * from Products where (ProductName like \"%$trimmed%\" or ProductBrand like \"%$trimmed%\") order by ProductName"; I want to modify it to include an or ProductDesc like \"%$trimmed%\, so how do I do this? Thanks

Hi All Someone earlier kindly gave me a simple file upload script, which is fine for what I need. I will be using this script in an Admin area of my site, which is within a folder protected by .htaccess. I post the script below for your reference, and would like to know if this is ok security wise considering it will be located in a .htaccess protected directory? Thanks for any comments. Rgds <?php //retrieve the value of ProductId $ProductId = $_GET['ProductId']; //Protection from hackers. Check ProductId is just a number $TestForNumber = is_numeric($ProductId); If ($TestForNumber == 0) { echo "Sorry, the Product Id tried is not allowed."; exit(); } if(isset($_POST['submit'])) { $dir = "../images/products/"; // this directory needs to exist and permissions need to be 0777 $imagename = basename($_FILES['image']['name']); $newimage = $dir.$imagename; move_uploaded_file($_FILES['image']['tmp_name'], $newimage); echo "Image uploaded. <a href='control-panel.php'>Return to Control Panel</a>."; exit(); } ?> <form method="POST" enctype="multipart/form-data" action=""> <p>Please upload a file called <?=$ProductId?>.jpg:</p> <input type="file" name="image" /><br /><br /> <input type="submit" name="submit" value="Upload Image" /> </form>

That's great, thanks very much. Rgds

Hi All I add products to my database, and allow auto increment to assign the ProductId as follows: Once the script has successfully added the product, I then immediately need the script to retrieve its ProductId, so what's the best way of doing that? Many thanks

Hi All I need a script that can simply upload one image that I pick from my local computer to a folder on my server. Where do I start? Many thanks