87dave87's Content - PHP Freaks

Need help with sql injections

87dave87 posted a topic in PHP Coding Help

Hi, I have just written some basic PHP code and want to know if the mysql_real_escape_string will suffice against sql injection attacks... I have been told to use PDO as real escape string is deprecated however I have absolutely no idea how to code that, so if someone would be kind enough to help me out with letting me know the below is safe or rewriting as PDO it would be much appreciated. Heres my code for the insert page: - <?php $username="username"; $password="password"; $database="database"; $title=mysql_real_escape_string($_POST['title']); $first_name=mysql_real_escape_string($_POST['first_name']); $last_name=mysql_real_escape_string($_POST['last_name']); $email_address=mysql_real_escape_string($_POST['email_address']); mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO collected VALUES ('','$title','$first_name','$last_name','$email_address')"; mysql_query($query); mysql_close(); ?>

want a different font for © symbol

87dave87 replied to 87dave87's topic in CSS Help

Hi yes I have that bit but then how would I link that in?

want a different font for © symbol

87dave87 posted a topic in CSS Help

I have the following piece of code: - <div class="txtFooter">Copyright © Company 2009. All Rights Reserved.</div> I want the copyright symbol to be a different font to the rest (as the font im using doesn't display the symbol) - how can I do this? It needs to be on the same line.

updating single record

87dave87 replied to 87dave87's topic in PHP Coding Help

I now have: - <? $username="test"; $password="test"; $database="test"; mysql_connect(localhost,$username,$password); $query = "UPDATE details SET actioned='yes' WHERE id='$id[i]' LIMIT 1"; $result = @mysql_query($query); // this executes the sql query and saves the result in the variable "result" } ?> The ID is shown on the page previous to the code above. When I click the update button to action the record I get the following error: - The website cannot display the page HTTP 500 Most likely causes: The website is under maintenance. The website has a programming error.

updating single record

87dave87 replied to 87dave87's topic in PHP Coding Help

can anyone help me with this?

updating single record

87dave87 posted a topic in PHP Coding Help

Hi, I want to be able to update a single record from a list of all record output from one of my database tables to mark a record as 'actioned'. I am having trouble passing the id of a single record from the page to the database, what code would I use to do the following: - UPDATE `tablename`.`details` SET `actioned` = 'yes' WHERE `details`.`id` = (ID OF RECORD FROM LOOP) LIMIT 1 ; ? Thanks in advance.

Help with firefox/ie form issue

87dave87 posted a topic in CSS Help

I have a problem with firefox displaying my login form differently to how it should look in IE - it looks like some sort of margin problem: - The corresponding code for the form is: - <form id="customerLogin" name="customerLogin" method="post" action="http://www.crafting.co.uk/customer.php?xCmd=login&jssCart=ebbbf4176f26741b6f21bb93ea6b0976"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><br> <td><span class="loginboxtitle">Email Address</span><br><span class="loginboxsmall">e.g. name@crafting.co.uk</span></td> <td><div align="right"><img src="images/cf_login_email.png"></div></td> </tr> </table> <div><input type="text" id="xEmailAddress" name="xEmailAddress" value="" size="32"/></div> <span class="loginboxtitle">Password</span><br><span class="loginboxsmall">Enter your password below...</span> <div><input type="password" id="xCustPassword" name="xCustPassword" value="" size="32"/></div> <div align="right"><br><a href="customer.php?xCmd=register"><img src="images/cf_register.png" alt="Register" width="62" height="22" border="0"></a> <input type="image" class="button" id="submit" value="Login" src="images/cf_login.png" alt="Login"/><br> </div> </form> and the corresponding code for the CSS is: - * {padding:0; margin:0} form{ margin-top: 10px; margin-bottom: 10px; display: inline; } .loginboxtitle{ margin-top: 10px; font-size:11px; font-weight:bold; color: #ffffff; } .loginboxsmall{ font-size:9px; font-weight:none; color: #ABDCF7; }

alignment of website

87dave87 replied to 87dave87's topic in CSS Help

thats how photoshop is outputting the css - how should I be doing them?

alignment of website

87dave87 replied to 87dave87's topic in CSS Help

I have: - #content { width: 800px; margin: 0 auto } and then ive wrapped: - <div id="content"></div> around the content with no result.

alignment of website

87dave87 posted a topic in CSS Help

How would I go about aligning the following website? I have tried containers and the like with no result - it stays on the left. Thanks in advance. <html> <head> <title>craftingsites</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css">  </style>  </head> <div id="content"> <body>  <div id="cf-01"> <img src="images/cf_01.png" width=996 height=46 alt=""> </div> <div id="cf-02"> <img src="images/cf_02.png" width=241 height=101 alt=""> </div> <div id="cf-03"> <img src="images/cf_03.png" width=331 height=101 alt=""> </div> <div id="cf-04"> <img src="images/cf_04.png" width=194 height=101 alt=""> </div> <div id="cf-05"> <img src="images/cf_05.png" width=230 height=71 alt=""> </div> <div id="cf-06"> <img src="images/cf_06.png" width=80 height=30 alt=""> </div> <div id="cf-07"> <img src="images/cf_07.png" width=106 height=20 alt=""> </div> <div id="cf-08"> <img src="images/cf_08.png" width=44 height=30 alt=""> </div> <div id="cf-09"> <img src="images/cf_09.png" width=106 height=10 alt=""> </div> <div id="cf-10"> <img src="images/cf_10.png" width=27 height=51 alt=""> </div> <div id="cf-11"> <img src="images/cf_11.png" width=46 height=51 alt=""> </div> <div id="cf-12"> <img src="images/cf_12.png" width=2 height=51 alt=""> </div> <div id="cf-13"> <img src="images/cf_13.png" width=89 height=51 alt=""> </div> <div id="cf-14"> <img src="images/cf_14.png" width=2 height=51 alt=""> </div> <div id="cf-15"> <img src="images/cf_15.png" width=110 height=51 alt=""> </div> <div id="cf-16"> <img src="images/cf_16.png" width=2 height=51 alt=""> </div> <div id="cf-17"> <img src="images/cf_17.png" width=94 height=51 alt=""> </div> <div id="cf-18"> <img src="images/cf_18.png" width=2 height=51 alt=""> </div> <div id="cf-19"> <img src="images/cf_19.png" width=94 height=51 alt=""> </div> <div id="cf-20"> <img src="images/cf_20.png" width=2 height=51 alt=""> </div> <div id="cf-21"> <img src="images/cf_21.png" width=76 height=51 alt=""> </div> <div id="cf-22"> <img src="images/cf_22.png" width=2 height=51 alt=""> </div> <div id="cf-23"> <img src="images/cf_23.png" width=74 height=51 alt=""> </div> <div id="cf-24"> <img src="images/cf_24.png" width=2 height=51 alt=""> </div> <div id="cf-25"> <img src="images/cf_25.png" width=63 height=51 alt=""> </div> <div id="cf-26"> <img src="images/cf_26.png" width=2 height=51 alt=""> </div> <div id="cf-27"> <img src="images/cf_27.png" width=35 height=51 alt=""> </div> <div id="cf-28"> <img src="images/cf_28.png" width=40 height=51 alt=""> </div> <div id="cf-29"> <img src="images/cf_29.png" width=212 height=51 alt=""> </div> <div id="cf-30"> <img src="images/cf_30.png" width=20 height=51 alt=""> </div> <div id="cf-31"> <img src="images/cf_31.png" width=996 height=23 alt=""> </div> <div id="cf-32"> <img src="images/cf_32.png" width=23 height=535 alt=""> </div> <div id="cf-33"> <img src="images/cf_33.png" width=730 height=421 alt=""> </div> <div id="cf-34"> <img src="images/cf_34.png" width=8 height=421 alt=""> </div> <div id="cf-35"> <img src="images/cf_35.png" width=214 height=35 alt=""> </div> <div id="cf-36"> <img src="images/cf_36.png" width=21 height=535 alt=""> </div> <div id="cf-37"> <img src="images/cf_37.png" width=214 height=88 alt=""> </div> <div id="cf-38"> <img src="images/cf_38.png" width=214 height=43 alt=""> </div> <div id="cf-39"> <img src="images/cf_39.png" width=214 height=86 alt=""> </div> <div id="cf-40"> <img src="images/cf_40.png" width=214 height=46 alt=""> </div> <div id="cf-41"> <img src="images/cf_41.png" width=214 height=93 alt=""> </div> <div id="cf-42"> <img src="images/cf_42.png" width=214 height=30 alt=""> </div> <div id="cf-43"> <img src="images/cf_43.png" width=952 height=19 alt=""> </div> <div id="cf-44"> <img src="images/cf_44.png" width=367 height=22 alt=""> </div> <div id="cf-45"> <img src="images/cf_45.png" width=177 height=90 alt=""> </div> <div id="cf-46"> <img src="images/cf_46.png" width=3 height=90 alt=""> </div> <div id="cf-47"> <img src="images/cf_47.png" width=177 height=90 alt=""> </div> <div id="cf-48"> <img src="images/cf_48.png" width=228 height=41 alt=""> </div> <div id="cf-49"> <img src="images/cf_49.png" width=367 height=68 alt=""> </div> <div id="cf-50"> <img src="images/cf_50.png" width=228 height=49 alt=""> </div> <div id="cf-51"> <img src="images/cf_51.png" width=952 height=5 alt=""> </div> <div id="cf-52"> <img src="images/cf_52.png" width=996 height=17 alt=""> </div> <div id="cf-53"> <img src="images/cf_53.png" width=996 height=21 alt=""> </div> </body> </html>

Login script - display records after login.

87dave87 replied to 87dave87's topic in PHP Coding Help

I only need for the user to login to the 1 page which will be login_success.php and then call their information on that single page - is it worth doing in this scenario?

Login script - display records after login.

87dave87 replied to 87dave87's topic in PHP Coding Help

hmm, can i not just pass the username through to the loginsuccess page and then call the data for the usernames row?

Login script - display records after login.

87dave87 replied to 87dave87's topic in PHP Coding Help

<?php session_start(); print $_SESSION['username']; ?> & <?php session_start(); echo $_SESSION['username']; ?> That doesn't throw up an error but doesn't show the username onto the page...?

Login script - display records after login.

87dave87 replied to 87dave87's topic in PHP Coding Help

thanks - and enjoy your macs

Login script - display records after login.

87dave87 replied to 87dave87's topic in PHP Coding Help

Okay, so how would I post $result from checklogin.php to login_success.php?

Login script - display records after login.

87dave87 posted a topic in PHP Coding Help

Hi, I have the following login script, once logged in I want to display the information that is present in the row for the 'username' that is logged in, how would I display that information. I just need each field displaying - not in any loop: - <?php $host="localhost"; // Host name $username="xxxx"; // Mysql username $password="xxxx"; // Mysql password $db_name="xxxx"; // Database name $tbl_name="xxxx"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?>

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

I tried the above code, if the user/pass is wrong it redirects, BUT it still redirects if the user/pass is right. See: http://www.buttonbash.com/vortexvideos/index.php type anything in the login box to see what happens with the wrong user/pass.

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

any help would be appreciated

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

this is what I now have then: - <? $name_query = "SELECT firstname FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"; $details_query = mysql_query("SELECT memberid, firstname, surname, DATE_FORMAT(joined, '%d %b %Y'), rentals FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $due_query = mysql_query("SELECT rentalsdue, DATE_FORMAT(rentalsduedate, '%d %b %Y') FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $result = mysql_query($name_query); ?> <p class="heading"> <? if(!$result){ echo "<script>window.location='index.php'</script>"; } while ($name = mysql_fetch_row($result)) { echo "Hello "; foreach ($name as $field) echo "$field"; } ?> It logs in, but the redirect isnt working now ???

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

it works fine without, if I add that it shows an error.

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

Hi, I tried the above, this is my code: - <? $name_query = mysql_query("SELECT firstname FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $details_query = mysql_query("SELECT memberid, firstname, surname, DATE_FORMAT(joined, '%d %b %Y'), rentals FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $due_query = mysql_query("SELECT rentalsdue, DATE_FORMAT(rentalsduedate, '%d %b %Y') FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $result = mysql_query($name_query); ?> <p class="heading"> <? if(!$result){ echo "<script>window.location='index.php'</script>"; } while ($name = mysql_fetch_row($name_query)) { echo "Hello "; foreach ($name as $field) echo "$field"; } ?> It redirects even if the username/password is correct.

problem with simple login script, not displaying data.

87dave87 replied to 87dave87's topic in PHP Coding Help

hey that fixed it, thanks! What code would I need to use on that members page to say 'if username = username from the form and password = password from the form' then carry on, else 'user not found message'?

problem with simple login script, not displaying data.

87dave87 posted a topic in PHP Coding Help

Hi, I am trying to create a very simple login page, where the user types their details into this form: - <form method="post" action="members.php" onsubmit="return dis(this)"> <div class="heading">Members Area</div> Username <input name="username" type="text" size="15"> Password <input name="password" type="password" size="15"> <input type="submit" value="Login"> </form> It then should match the results on members.php to those details entered, I want to then display information about the user from the database, see this query example: - <? $name_query = mysql_query("SELECT firstname FROM members WHERE username = '%".mysql_real_escape_string($_POST["username"])."%' and password = '%".mysql_real_escape_string($_POST["password"])."%'") or die( mysql_error() ); <p class="heading">Hello <? while ($name = mysql_fetch_row($name_query)) { foreach ($name as $field) echo "$field"; } ?> </p> ?> All that displays though is 'Hello' and not the first name, which should output: Hello John

basic record display problems

87dave87 replied to 87dave87's topic in PHP Coding Help

Thanks, that works great but is it possible to not check each field, and just check the whole row for no record? although they each record contains a userid and a temp field which contains 'NULL' for each record.

basic record display problems

87dave87 replied to 87dave87's topic in PHP Coding Help

where would that be placed? When I try to use it I just get: - -- TEST -- -- TESTEND -- -- TEST -- -- TESTEND -- -- TEST -- -- TESTEND --

Sign In

87dave87

Posts

Joined

Last visited

Content Type

Profiles

Forums

Everything posted by 87dave87

Need help with sql injections

want a different font for © symbol

want a different font for © symbol

updating single record

updating single record

updating single record

Help with firefox/ie form issue

alignment of website

alignment of website

alignment of website

Login script - display records after login.

Login script - display records after login.

Login script - display records after login.

Login script - display records after login.

Login script - display records after login.

Login script - display records after login.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

problem with simple login script, not displaying data.

basic record display problems

basic record display problems

Browse

Activity

Important Information