webref.eu

Hi All I have this bit of code that controls a redirect after successful login. It's some way down in the script, it works in Firefox, but it doesn't work in Google Chrome, any ideas why, and what it should be changed to: /* Quick self-redirect to avoid resending data on refresh */ echo "Login successful! Redirecting ..."; echo "<meta http-equiv=\"Refresh\" content=\"2;url=http://www.reviewby.me" . $redirect . ">"; return; Thanks

I agree with madtechie. My view would be you can't equate "person uniqueness" with "IP uniqueness". As you already have said, multiple users might have the same IP, and also, the same user might have access to multiple IPs. So using IP as uniqueness doesn't really work. If you are letting users be anonymous, you aren't identifying them uniquely, and therefore you cannot establish whether they have voted already. Rgds

Yes, I agree with the above, create a separate UserDefinedDetails table and then you can pull the required items from it by UserId. Rgds

Hi All If I am on the page: http://www.mysite.com/site-page.php and I use $_SERVER['HTTP_HOST'] in the code it returns: www.mysite.com but how do I only return: mysite.com I guess I could use a string formatting to take away www. but is there a simpler way? I can't just delete the first four characters as it might not be there if someone is browsing at: http://mysite.com/site-page.php Thanks All

If I want to get a .php script to run daily, how do I do that with a cron job? Below is a link to what I have available in my cPanel control panel, and I see I have a field for "Command to run", but what command should I be entering? http://www.webref.eu/images/standard-cron-manager.gif Many thanks

Thanks for this suggestion, this is what I'm implementing. Rgds

If I use this code on say: http://www.mysite.co.uk/show-review.php Then $domain will return as: www.mysite.co.uk What technique should be used ??? if you just want to return: mysite.co.uk Many thanks

I hope to be able to work it out step by step. I was just hoping to invite others thoughts and comments before I spend too much time on one particular technique. Rgds

OK, that seems like a possible technique. Does anyone else have any thoughts or comments? Rgds

If you are trying to display the name of the category for a given item in your content, the way this would normally be achieved is by writing an SQL statement that lifts all your content items, with a JOIN on the categories table via Category Id. Then every time the content item is lifted, the SQL statement is joined to the categories table via Category Id, so the category name can be retrieved for that given row. What I am trying to say is that you need to use a different SQL statement that refers to both your categories and content tables and uses a join on them via Category Id. Hope that helps. Rgds

Once a user has registered on my site, I want to send them an e-mail to validate their e-mail address exists. What techniques are normally used to achieve this? Please let me know any suggestions. Thanks

See also: http://www.learnphponline.com/security/sql-injection-prevention-mysql-php Rgds

Thanks for your comments guys. I think I will stick with dot decimal format for now. If I use varchar length 15, I assume that will cover all possible current IP addresses. Would it cope with IPv6 when that is introduced or is that not worth worrying about? Rgds

I know how to add data into database fields, but is there any special formatting or validation usually necessary when adding IP addresses. I'll just use an integer field, right? Thanks Guys

The basic technique is to attempt to create user names that will add SQL code to your SQL query, e.g. usernames that append the DROP database command etc. Hackers will form the username such that it adds onto your SQL and causes dangerous SQL to be executed. Rgds

Hi All I want to log the user IP address in my database when they register for my site. Can anyone give me the best technique? Thanks

One other question. I'm writing a script for user reviews. Do you think if I insist that cookies are turned on for them to be able to post a review this will be workable, i.e. I won't alienate too many potential users? Thanks

OK guys, I've come up with the solution and put together an explanatory tutorial: http://www.webref.eu/php-script-remember-checkbox-status-on-postback.php It works as I wanted, but if anyone has any comments, please post here. Rgds

Some code that you can adapt: <?php include('inc-dbconnect.php'); //store the SQL query in the result variable $result = mysql_query("SELECT * FROM Reviews ORDER BY ReviewDate DESC"); if(!$result) die("Query Failed."); if(mysql_num_rows($result)) { echo ("<table border='1' cellpadding='3' cellspacing='0'>"); echo ("<tr><td>Review Id</td><td>Review Rating</td><td>Review Desc</td><td>Review Date</td></tr>"); //output as long as there are still available fields //while($row = mysql_fetch_row($result)) //associative array allows you to use field names to get results while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { /* $row[0] now contains the first column of the current row, index 1 is the second, etc. */ echo ("<tr>"); echo '<td>' . $row[ReviewId] . '</td>'; echo '<td>' . $row[ReviewRating] . '</td>'; echo '<td>' . nl2br($row[ReviewDesc]) . '</td>'; echo '<td>' . $row[ReviewDate] . '</td>'; echo ("</tr>"); } } //if no fields exist else { echo ("There is nothing in the database"); } echo ("</table>"); //echo ("Username: $username "); mysql_close(); ?>

Check that you don't have a problem with array types. There are two types of array, associative and numeric. If you have an associative array you have to use field names to display data, if numeric then you have to use field array positions. http://www.w3schools.com/PHP/func_mysql_fetch_array.asp So check that the type of array you are calling and the technique to display your data (field name or field array positions) match. Rgds

I don't know exactly how good the techniques used in the below are, but I expect the below tutorial will at least be of interest to you: http://www.evolt.org/PHP-Login-System-with-Admin-Features Rgds

Yes, thank you. Rgds

Thanks for your reply. To clarify, I meant to remember whether that the user had decided to check the checkbox or not. i.e. if they check it and then postback the form, and the form has to be redisplayed because of an error in another field, the form should redisplay with the checkbox checked. Rgds

I am not an expert in this area but my view would be no, it's not easy to fake the session variable logged_in. That's because it's your php code that determines whether the logged_in session variable is set. You will only set it after a successful login, so as long as your login code is robust, your site should be secure. What I am trying to say here is that a hacker can't just say, hey, I think I'll set a session variable of logged_in and give it a value of 1. The only thing that can decide to do this is your code that is running on the server during the login routine, so as long as you make your login routine safe, your site should be safe too. Rgds

Hi All If I have a checkbox in a form like: <input type="checkbox" name="RememberMe" /> What is the best technique to ensure if the user checks it, this is remembered when the form is posted back on itself. Thanks for any advice. Rgds