webref.eu

Hi You need to break your questions down to step by step. Tell us the first step that you are trying to achieve, with more background details, and someone here may be able to help. Rgds

$FirstLetter = $variable[0]; I can't give you the exact SQL but a guess is: $query = "SELECT username FROM users WHERE username LIKE '" . $FirstLetter . "%'"; the above is probably rather wrong syntax-wise but you get the idea (please feel free to correct anyone). Just use a LIKE statement, then the FirstLetter followed by a wildcard match. Rgds

echo $variable[0]; will echo the first character of a variable, so you can use something similar in your code to retrieve the first letter of user input. Rgds

So you just need to: - Get first letter of user input. - Write a query that selects all Usernames beginning with that letter. Correct? Rgds

OK, thanks for your help Dezkit, I went for a slight change on the Month and Day as I needed the leading zeros: //Y Year in four digits //m Month 01 to 12 //d Day of the month 01 to 31 //H Hour 00 to 23 //i Minutes 00 to 59 //s Seconds 00 to 59 $DateAndTime=date("Y-m-d H:i:s"); echo $DateAndTime . "<br>"; Rgds

Thanks for your help dezkit, your code is echoing the date and time for me which is great, however, I have to investigate which way round my database field is, it's probably: yyyy-mm-dd hh:mm:ss but I have to confirm that. My MySQL server is running on a US host so I just need to make sure the month and day are the way round in the database that I expect. Many thanks.

The attachment shows the ReviewDate field in my MySQL database, which is a date and time field. The format is: 0000-00-00 00:00:00 Can someone give me the code to get the current date/time and insert it into the database in the format shown ... before I manage to Google it. Many thanks all. [attachment deleted by admin]

Thanks everybody for your suggestions. cooldude832 querying the database is a great suggestion, thanks.

If I'm doing this: $ProductId = $_GET['ProductId']; which will populate a hidden field in my "Add a Review" form, and then get inserted into the Reviews table of my database in the ProductId field, what do I need to do to make sure I have cleaned the querystring? I will be using mysql_real_escape_string when inserting into the database, so do I have to do anything more than this?? Thanks all.

Hi All Has anyone got any recommendations as to what should be the minimum allowed password length for my login script? At the moment I'm going for 6 characters. I'd just like to follow best practice. Rgds

OK, I found the solution, it was because I had the page encoding set to: charset=utf-8 when the MySQL connection was using: ISO-8859-1 changing the page encoding to: charset=ISO-8859-1 ... solved it. Rgds

Not quite sure, but just wanted to say, does the domain's MX record, which controls the mailserver location through the DNS system, come into play here? Rgds

Sorry guys but I'm still struggling with this. Rgds

How about inserting data into a database? Rgds

If so, how? Have you guys now started to code with magic quotes permanently switched off? Thanks All.

OK, so if I use this code: echo "Password before check: " . $Password . "<br>"; echo "strlen: " . strlen($Password) . "<br>"; echo "mb_strlen: " . mb_strlen($Password) . "<br>"; var_dump($Password); ... and enter the Password in my form field as: test£test£ The output I get is: Password before check: test£test£ strlen: 12 mb_strlen: 12 string(12) "test£test£" I expected mb_strlen to give 10 not 12. mb_strlen is giving the same result as strlen, why isn't it working? Thanks All for any advice. Rgds

Moderators, are we allowed to post links to other php tutorial sites here? Just wondering? Rgds

Hi All I have this code: if(strlen($Password) > 10) { $ErrorMsg = $ErrorMsg . "Your Password is too long, please shorten it.<br>"; //need to prepare strings before putting them back in form field because of magic quotes and to handle special characters $Password = PrepareForForm($Password); $ConfirmPassword = PrepareForForm($ConfirmPassword); } $Password is set by a form field. If I input into the field: test$test$ The script is happy and I don't get an error, as expected because this string is not greater than 10 characters long. However, if I input: test£test£ I trip the error "Your Password is too long, please shorten it." ??? I would not expect this because test£test£ is not great than 10 characters long, so what is happening? Many thanks all.

Can someone explain this please: I have a password field in my form: <input type="text" name="txtPassword" size="10"> Which gets collected as follows: $Password=$_POST['txtPassword']; and then inserted into MySQL. If I input the following: testtest£ It appears in the database as: testtest£ Why is this happening? Many thanks all.

Practice makes perfect. There is a wealth of php tutorial information online, start with a very basic script and take it from there. I find Googling better than books, but sure, books help - check Amazon and I'm sure you'll find some interesting reading material. I wouldn't try to have learnt everything before you get a job. Just get some basic coding abilities and then see if you can get a junior position. Rgds

I would probably focus on learning how to insert data into MySQL first, as there's a lot you can do with this. Work out how to do the so-called CRUD operations, CREATE, READ, UPDATE, DELETE: http://en.wikipedia.org/wiki/Create,_read,_update_and_delete If you then look at some of the sites where you can hire programmers, you'll get an idea of what's often requested in terms of development. There's a section on these forums here: http://www.phpfreaks.com/forums/index.php/board,8.0.html and you can find links to some more of these sites here: http://www.webref.eu/outsourcing-development.php Finally, joining some open source php projects such as phpbb might help you improve your coding skills. Good luck. Rgds

- So, it's not bad practice to not specifically state the connection? - The function will automatically use whatever connection is open at the time, correct? - I was going to put the makeSQLSafe function into my shared functions file, inc-functions.php. Is this something you would normally do? Is this a good technique? Many thanks for your help guys, I appreciate it. Rgds

Can experts please tell me if they agree with the below. - Before adding form input into a database, you should check whether magic quotes is on. If it is, remove the backslashes with stripslashes. - Then use mysql_real_escape_string in the query to insert the data into the database. mysql_real_escape_string will escape any characters whilst the query is performed, BUT THIS IS NOT CARRIED THROUGH INTO THE DATA IN THE DATABASE, i.e. you do not see any backslash escape characters in your database. - All this can be done with a function like the below: function makeSQLSafe($str) { // check the status of magic_quotes_gpc, if it this returns true // we remove the escaped characters. Allowing for the real escaping // to be done via mysql_real_escape_string if(get_magic_quotes_gpc()) { // remove the slashes. $str = stripslashes($str); } $str = mysql_real_escape_string($str); return $str; } - Then the query would be: //database query $query = "INSERT INTO Users (Username, Password, Email, SubscribeToNewsletter) VALUES ('" . makeSQLSafe($Username) . "', '" . makeSQLSafe($Password) . "', '" . makeSQLSafe($Email) . "', '" . makeSQLSafe($SubscribeToNewsletter) . "')"; - So, do you agree with all the above. One other question I have is should mysql_real_escape_string have a connection indicated, i.e. should: $str = mysql_real_escape_string($str); actually be: $str = mysql_real_escape_string($str, $conn); Thanks all for any comments.

Hi All I'd still like some further advice on how mysql_real_escape_string works. This is what I think happens: Imagine magic quotes is OFF. Field input into txtPassword is: test"test Then: $Password=$_POST['txtPassword']; Now do: echo mysql_real_escape_string($Password, $connection) You'll see: test\"test i.e. backslash escaped as you would imagine. Now insert into database with something like: //database query $query = "INSERT INTO Users (Username, Password, Email, SubscribeToNewsletter) VALUES ('" . mysql_real_escape_string($Username, $connection) . "', '" . mysql_real_escape_string($Password, $connection) . "', '" . mysql_real_escape_string($Email, $connection) . "', '" . mysql_real_escape_string($SubscribeToNewsletter, $connection) . "')"; Now look at database field containing the Password with MySQL Query Browser, I see: test"test i.e. no longer backslash escaped, even though mysql_real_escape_string was applied. I think however, the database field contents is as it should be, but please could someone explain to me why this is the case in as much detail as possible. I appreciate I have had a brief explanation above but I really need to have a thorough understanding of this and would appreciate some more input. Many thanks all.

OK, thanks. So, to summarise, mysql_real_escape_string will guard against SQL injection attacks but the data will not look any different because of it when viewed in the database? Rgds