The14thGOD

I just looked and it is turned on. So my data is being escaped twice then? That's why it's in the DB. So just to make sure I have this straight, if I were to switch to mysql_real_escape_string() (could they make that longer..geez) I can just disable the magic_quotes_gpc and remove addslashes/stripslashes all together from my scripts right? I don't think I need to worry about sql injection (the site is just reading (the mod_rewrite is very restrictive on what it 'accepts' ) and the editor section has a pretty secure login (im not security expert)). Again, thanks for the help =) Justin

hmm, i was taught to put addslashes($var) on anything that could potentially have escapable characters. thats what ive been doing, does PHP 5 now do this automatically or something then? cause when I do addslashes() i see the \ in the database like I'd expect. It's just when the above code is ran that character is no longer there (which I'm assuming is because of PFMaBiSmAd's post).

The data is put into the database just fine with slashes and everything I have a CMS and this preview function I built, there are 3 options: Publish, Save Draft, and Undo. There are 2 tables, preview, and website. When I select Undo, it will take the website data and dump it into the preview table. Vice versa for Publish. When this happens it takes out the '\'s. I don't THINK this will be a problem because when edited it will be put back in. But does anyone know why this is happening? Shouldn't it copy it directly into the db? here's the code so you can see I'm not doing anything that would strip slashes. Undo (publish is basically the same thing) <?php import_request_variables('pg'); include('connect.php'); include('urlpathback.php'); include('adminloggedin.php'); //Grab Info from databases $website_query = "SELECT * FROM website WHERE url='$_SESSION[theurl]' ";//$_SESSION['theurl'] is what the old url used to be from edit.php $website_result = mysql_query($website_query); $website_row = mysql_fetch_assoc($website_result); $preview_query = "SELECT * FROM preview WHERE url='$_GET[url]' ";//$_SESSION the new url which is stored in preview's db $preview_result = mysql_query($preview_query); $preview_row = mysql_fetch_assoc($preview_result); $query2 = "UPDATE preview SET pageid='$website_row[pageid]',navtitle='$website_row[navtitle]',title='$website_row[title]',keywords='$website_row[keywords]',description='$website_row[description]',url='$website_row[url]',headline='$website_row[headline]',body='$website_row[body]',status='enabled' WHERE url='$_SESSION[theurl]' "; mysql_query($query2); unset($_SESSION['editdraft'],$_SESSION['oldnavtitle'],$_SESSION['oldparent'],$_SESSION['status'],$_SESSION['weight'],$_SESSION['parent'],$_SESSION['theurl'],$_SESSION['draft'],$_SESSION['uid'],$_SESSION['editurl']); header("Location: $url"); exit(0); ?> Thanks for any and all help.

basically $_SERVER['PHP_SELF'] tells the page to call itself, myscript.php will call myscript.php. If you change myscript.php to newscript.php then the action will be broken since myscript.phph doesn't exist anymore. $_SERVER['PHP_SELF'] is just a better way to make sure you dont make mistakes like that and have to go back in and edit the form action anytime you change the script name.

Ok, that's what I thought, but for some reason on another server I remember running into issues. But that really only applied to the new variable names, I didn't recall having issues with unset but I came across something the other day about it not working for session variables. Decided I should post and get it checked out. Thanks again. Jusitn

Due to time and some server issues and the way the computer is set up I can not test this out till Monday, but I've read some posts about: <?php unset($_SESSION['variable1']); ?> not working for some people, is this not the right way to unset session variables? i saw something with $_SESSION = array(); but wouldn't that wipe out the entire $_SESSION variable? I just want to target about 6 variables and clear them. Also, is there some issue with making $_SESSION variables away from the intial start of the session? Im calling a script that checks to see if an admin is logged in near the top of the page, but then later on in the script i have session variables being created if it gets down through the IF's etc. so for example: <?php include('somescript.php');//this checks to see if user is logged in and is where session_start() lies //several //lines //down if($something = true){ //things happen here //another if or so if($this=$this){ $_SESSION['variable'] = 'hi'; } } ?> Thanks for any help, Justin

I've tried several different ways to get something similar to work but none of them came out successful. basically i have this: RewriteEngine On RewriteRule ^products/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^solutions/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^services/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^news/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^company/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^lab/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^contact/([a-z0-9-]+) page.php?theurl=$1 [L] RewriteRule ^products/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^solutions/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^services/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^news/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^company/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^lab/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] RewriteRule ^contact/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$1/$2 [L] and want to transform it into something smaller like: RewriteEngine On RewriteRule ^(products)|(solutions)|(services)|(news)|(company)|(lab)|(contact)/([a-z0-9-]+) page.php?theurl=$2 [L] RewriteRule ^(products)|(solutions)|(services)|(news)|(company)|(lab)|(contact)/([a-z0-9-]+)/([a-z0-9-]+) page.php?theurl=$2/$3 [L] I think the above got me to the closet working but it was breaking css or something (its not broken at all with the top one so it shoudln't be a path or anything like that issue). Can anyone help a mod_rewrite newb out? it would be even better if i could get it on one line but i'm not sure if thats possible due to the database and what it's getting, the extra / in the url would have to be optional/only put if there is a 3rd argument. Thanks!, Justin

thx!

More confusion to the confusing regex =P I want to match all non alpha-numeric and hyphens, i read this does it: <?php $string = preg_replace('/[^a-zA-Z0-9-]/','',$string);?> Why does this do it? is it cause of the ^ in the brackets? I thought that was used as the starting point of the string (but I also havn't seen it inside the brackets, i think it's normally outside?). So is ^ inside [] == ! ? Thanks! Justin

Thank you all for your replies. Sorry I havn't had internet for the last couple of days so I was unable to look at these and respond in a reasonable amount of time. Garethp, this looks pretty good (I'm not amazing at RegEx, and I'll have to look up some things again to fully understand it). roopurt18, that's a good idea and a lot easier to read haha. thebadbad, thank you, when I have a chance I might dip deeper into this, though I don't know if I'll need that much URL validation . Does anyone have any suggestion on how I could put this together as a hyperlink (html). I'd rather avoid the full url as the actual link cause it can look kinda ugly. I'd like it to be something like: URL: http://www.somerandomsite.com/stuff/hi.html <a href="http://www.somerandomsite.com/stuff/hi.html">somerandomsize.com/stuff/hi.html</a> Slightly better to look at. It would be idea to just fit it into the text (instead of being the url it's shorten to "this site" or something) but I don't think that's possible...I can think of a way but I don't think it would be very user friendly and probably be more work than it's worth. CMS's are fun!

Sorry couldn't resist. I'm looking to have a preg_replace that matches all the ways to match a url and then replace it with a working link (yep...) Here's what I got so far. <?php $row['body'] = preg_replace('/^(https?:\/\/)|(www.)?([a-z0-9\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/','<a href="\\1\\2" target="_blank">\\2</a>',$row['body']); ?> I'm not sure how on how to make it so that either the http or www part can both be there, one or the other, or neither be there. I'm not sure I even have it written right (probably not) I also am not sure how to write the 2nd part since the http(s)/www is optional. I think it could be like this, but it is kind of long, I'm assuming it could be chopped down a bit? <?php $row['body'] = preg_replace('/^(https?:\/\/|https?:\/\/www.|www.)?([a-z0-9\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/','<a href="\\1\\2" target="_blank">\\2</a>',$row['body']); ?> Any help/improvements is greatly appreciated. Justin

I haven't actually tried this but it's in my bookmarks. http://dev-tips.com/featured/send-hassle-free-and-dependable-html-emails-with-php

I know the recent trend is putting JS at the bottom (just before the closing body tag) so that the page loads faster (user can access content faster, and functionality/quirks are loaded last). However, I've noticed that when I do this you tend to see a lot of "oh oh's." Aka a stack of images that goes down on the page that vanishes after the JS is loaded or other things of similar nature. What's the best way to hide these "oh oh's"? I know you can do it in CSS but what if you don't have JS enabled. Then the user never knows it's there (anyone got a percentage of how many ppl actually have JS disabled and any sort of demographic?)

because I thought this would be the quickest way to create this CMS for a site with a bunch of different layouts and other variables and to avoid mod_rewrite (I'm not great at that yet...)

I created a CMS that makes new pages from existing pages. It makes almost exact duplicates except that an ID is added and a variable is changed. I downloaded the created files and they are perfect duplicates of the pre-existing files. The problem is it would ignore my includes, so I changed them to absolute paths and it worked. Now I'm glad that it works but I want to know why the includes have to be absolute paths? They are in the same folder as the rest of the pages using the same lines so it's not a path issue? The code is identical. On top of this my Database calls have to be put directly into the file (thus defeating the include purpose...). Is there any kind of correction I need to put into the following code so I don't have to make them absolute paths? Or is there a different way to create pages from existing ones than the method below? <?php import_request_variables('pg'); if($send=='send'){ include('db connection script'); //Insert data into databases $newpage = "$page_link".".php"; $query = "a query') "; mysql_query($query); include('includes/random_gen.php'); $pageid = get_rand_id(10); $query2 = "a query"; mysql_query($query2); //create new files //create new pages, front end page, back end page switch($layout){ case 1: $filename = '../templates/three_cols.php'; $filename2 = 'templates/three_cols.php'; break; //etc etc } //open files for reading $fh = fopen ($filename, "r") or die ("couldn't open file"); $fh2 = fopen ($filename2, "r") or die ("couldn't open file"); //get data from files $data = fread($fh,filesize($filename)); $data2 = fread($fh2,filesize($filename2)); //close files fclose($fh); fclose($fh2); //new files $fh = fopen("../$newpage","w") or die ("couldn't make file"); $fh2 = fopen("$newpage","w") or die ("couldn't make file2"); //replace content in the data $data = str_replace('0000000000',"$pageid",$data); $data2 = str_replace('0000000000',"$pageid",$data2); //Proper navigation heading? switch($parent_page){ case 1: //home $data = str_replace('<body>','<body id="page1">',$data); $data2 = str_replace('<body>','<body id="page1">',$data2); break; //etc } //write the data into the files fwrite($fh,$data); fwrite($fh2,$data2); //close files fclose($fh); fclose($fh2); //set permissions chmod("../$newpage",644); chmod("$newpage",0644); //end file creation header("Location: $newpage"); exit(0); } ?> The include code is a normal include: <?php include('includes_folder/file.php') ?> I don't see how this would break it but does it matter if the pre-existing files are in a "templates" folder? There is no "includes" folder in there but I'm just copying the data of the files and putting it outside the "templates" folder where the include path is correct. If there are any improvements that can be made please let me know, I'd really like to just use relative paths for future changes/maintenance etc. Any and all help is much appreciated, Thanks, Justin

Perhaps I should rephrase this... I'm creating pages from templates using PHP for a CMS. However when I go to view the pages created the PHP doesn't run so I'm left with half a page. Is there something else in the code to create a file that I need to specify in order for the PHP code to run? <?php //open files for reading $fh = fopen ($filename, "r") or die ("couldn't open file"); $fh2 = fopen ($filename2, "r") or die ("couldn't open file"); //get data from files $data = fread($fh,filesize($filename)); $data2 = fread($fh2,filesize($filename2)); //close files fclose($fh); fclose($fh2); //new files $fh = fopen("../$newpage","w") or die ("couldn't make file"); $fh2 = fopen("$newpage","w") or die ("couldn't make file2"); //replace content in the data $data = str_replace('0000000000',"$pageid",$data); $data2 = str_replace('0000000000',"$pageid",$data2); //Proper navigation heading? switch($parent_page){ case 1: //home $data = str_replace('<body>','<body id="page1">',$data); $data2 = str_replace('<body>','<body id="page1">',$data2); break; //etc etc.... } //write the data into the files fwrite($fh,$data); fwrite($fh2,$data2); //close files fclose($fh); fclose($fh2); //set permissions chmod("../$newpage",0644); chmod("$newpage",0644); ?>

I am creating new pages from "templates" (not actual .tpl files) however when I go to view the page, the page just shows the html portion. None of the includes are triggered to bring in the css/js head links, navigation, or the footer. I download the files from the server and everything is right. I tried setting permissions to 755 and 644 (this is what all the files i uploaded via ftp appear as) using: <?php chmod("../$newpage",0644); chmod("$newpage",0644);?> But that's not doing anything. Does anyone know what I have to do in order to get the PHP code to work? Thanks for any and all help, Justin

Found the problem (for those who may find it useful) <?php $data = fread($fh,filesize($fh)); $data2 = fread($fh2,filesize($fh2)); ?> should be: <?php $data = fread($fh,filesize($filename)); $data2 = fread($fh2,filesize($filename2)); ?>

further troubleshooting has lead to $data/$data2 being empty, code for this: <?php switch($layout){ case '1': $filename = '../templates/three_cols.php'; $filename2 = 'templates/three_cols.php'; break; case '2': $filename = '../templates/two_cols.php'; $filename2 = 'templates/two_cols.php'; break; case '3': $filename = '../templates/three_separate_cols.php'; $filename2 = 'templates/three_separate_cols.php'; break; case '4': $filename = '../templates/one_col.php'; $filename2 = 'templates/one_col.php'; break; } //open files for reading $fh = fopen ($filename, "r") or die ("couldn't open file"); $fh2 = fopen ($filename2, "r") or die ("couldn't open file"); //get data from files $data = fread($fh,filesize($fh)); $data2 = fread($fh2,filesize($fh2)); //close files fclose($fh); fclose($fh2); ?> Are the paths supposed to be absolute or full path on server? The relative paths are correct. From the examples I've seen it's relative...

ok i changed the folder permissions to 755 and now the page is created but I get a blank screen (it's not getting passed the code) so here it is: <?php //new files $newpage = "$page_link".".php"; $fh = fopen("../$newpage","w") or die ("couldn't make file"); $fh2 = fopen("$newpage","w") or die ("couldn't make file2"); //replace content in the data $data = str_replace('0000000000',"$pageid",$data); $data2 = str_replace('0000000000',"$pageid",$data2); //Proper navigation heading? switch($parent_page){ case '1': //home $data = str_replace('<body>','<body id="page1">',$data); $data2 = str_replace('<body>','<body id="page1">',$data); break; //etc etc.... } //write the data into the files fwrite($fh,$data); fwrite($fh2,$data2); //close files fclose($fh); fclose($fh2); ?>

I tested out the above (to some extent, I changed it to match my application more, but the same basic code is there) and I got: Page not found The requested URL /beta/admin/test.php was not found on this server. It's having problems making the files so I'm guessing there is a server setting I need to set up? It can find and read the "template" files I have made already. I added the "or die" to the fopen()'s that were trying to make the new files and it showed up but had no problem with the fopen()'s that were reading the existing files.

whoops, um I used template there very loosly, sorry. it's just a php file and i stuck it in a folder named templates but I might be able to use some of that code you provided already. <?php $file = "myfile.php"; $title = "New title!"; $fh = fopen($file, "r"); $data = fread($fh, filesize($fh)); fclose($fh); $newfile = "newfile.php"; $fh = fopen($newfile,"w"); $data = str_replace("::TITLE::", $title, $data); fwrite($fh,$data); fclose($fh); ?> would the above work?

I've done searches on google (also tried finding other posts on this forum but my searches are too generic) and it got me started on how to access existing files but I can't seem to find out how to make a new file using the same contents of that file. And once I do that I also need to edit a line of code that holds a variable that is associated to the database. Basically I have a form set up for a user to make a new page and based on some options it will select a template and make a brand new page. I then need to edit a couple of lines in that document. Both of these I don't know how to do. Google just keeps leading me back to how to open files. All i have set up so far is (as far as opening and getting ready to modify the page) <?php case '1': $frontend_filename = '../templates/three_cols.php'; $backend_filename = 'templates/three_cols.php'; $frontend = fopen ($frontend_filename, "r+"); $backend = fopen ($backend_filename, "r+"); break; ?> Any and all help is appreciated, Thanks, Justin **edit if anyone has links to tutorials that would be good too, I dont mind doing tutorials, I just cant find one... (I know there are other ways to achieve a similar effect like storing the template data in a database, but I have to do it this way for a number of reasons).

Oops, I meant before the idea of making a form submit twice when clicked once(which I don't know if it's possible. I don't think it is, I tried to do something similar but it had AJAX and other crap involved, it was a mess haha). So in IE6 what did you have to do to make it work. Double click submit or single click then wait for a reload then click again?

damn...hmm IE is usually picky like that so that's just what came to mind. Another thing is the "c_options[$i]" field also has the same syntax on it as the hidden field. Also try changing the input tags to: <?php echo"<input type=\"hidden\" name=\"tag_name[$i]\" value=\"".$row['tag_name']."\" />"; ?> Even if it doesnt do anything, at least it's more valid xhtml When you say submit the form twice, do you mean double click submit, or hit submit, wait for a reload of the page and then click submit again?