Jump to content

PFMaBiSmAd

Staff Alumni
  • Posts

    16,734
  • Joined

  • Last visited

  • Days Won

    9

Everything posted by PFMaBiSmAd

  1. I just editing my post above concerning numerical data.
  2. @Nodral, your cleanInput() function only protects against sql injected in string data (i.e. a value put into a query in between single-quotes.) As has been written many times before, mysql_real_escape_string does nothing to prevent sql injection in a numerical value because it is possible to use a hex value to inject sql, which mysql automatically converts to a string, that contains no quotes in it so there is nothing for mysql_real_escape_string to escape. The GetSQLValueString() function that hoponhiggo does have in his code, provided it is being used correctly, does protect against sql injection in numerical data, because it casts numerical data as the correct numeric data type and strips out everything but the numerical value.
  3. So, is this thread solved or not? There's a "Topic Solved" button at the lower left-hand side of the page, in case you missed it?
  4. What does a .php script with a phpinfo statement in it show for those settings?
  5. A) If possible, you should redirect all non- www. requests to www.domain.com (for consistency, SEO) B) See the domain parameter at this link - http://www.php.net/manual/en/function.session-set-cookie-params.php
  6. The error message for a permission problem would indicate that it is a permission problem. Are you sure about the spelling and capitalization of the path and the file you are trying to include?
  7. You would typically make a unique word list (from your $row['short_story'] and $row['full_story'] content) and then query the database table for just that list of words. Translating something implies displaying the translated words. The code you have posted is simply converting the original found words into links with with an id. That would require that someone click on each link/word to do something. Is that what you want? I would think that you would either want to replace the words or perhaps display the translation of the word when you hover the mouse over each original word? Perhaps, if you post a short example showing what a typical $row['short_story'] would be and what the final output should be?
  8. There's no (good) reason to be retrieving and displaying 83000 pieces of information on one web page. You should be using pagination to display a manageable amount of information at one time. See this link - http://www.phpfreaks.com/tutorial/basic-pagination
  9. You are missing some () to force the correct operator precedence. The !== has higher precedence than the = and the fgets($handle) !== false is evaluated before the = assignment) - while(($buffer = fgets($handle)) !== false){
  10. xc0n, are you a sociology class conducting an experiment? I can think of no other reason why you are taking code and information given in the responses and altering it so that it does not match the database table you have and even changing where you are putting the statements in the program, from what you had earlier in the thread, so that the code cannot work without errors.
  11. ^^^ To do that, you should convert the current code into a function that accepts the year and month you want to display. You would then simply loop the correct number of times and call the function - <?php function display_month($year,$month,$data){ // you code that displays a calendar for the year and month that was supplied... } list($year,$month) = explode('-',date('Y-m')); // get the starting year, month for($x = 0; $x <= 4; $x++){ display_month($year,$month,$data); list($year,$month) = explode('-',date('Y-m',strtotime("$year-$month-01 + 1 month"))); // get the next year, month } ?> The $data array in the above code is missing, read on to find out what it should be - ^^^ To do that, you should execute one query that gets all the data you want from your database table and store it into the $data array that gets passed to the display_month() function. I would use the date "yyyy-mm-dd" as the array index. See the two threads that the following posts of mine are in for more information - http://www.phpfreaks.com/forums/index.php?topic=338516.msg1595240#msg1595240 http://www.phpfreaks.com/forums/index.php?topic=330865.msg1557351#msg1557351
  12. Any chance that you also had that file open in an editor or in an editor session that died with an error of some kind?
  13. You likely already have the file open and it is locked by the operating system and then you attempt to open it again or if this is a file that gets requested by a browser, the web server is reading it and it is locked for writing when your script attempts to open it. Is that fopen() inside of a loop?
  14. The isset(), if I remember correctly was for the following cases - Your code that tests if the visitor is logged in for setting the $toplinks variable - if(isset($_SESSION['customer_id'])) { In your error_for() function - if(isset($errors[$name])){ And for each of your form field value="" attributes - <input type="text" name="name" value="<?php echo h(isset($_POST['name']) ? $_POST['name'] : ''); ?>" /> BTW, for a type='file' form field, you cannot set the value. To prevent the user from needing to re-enter and re-upload the file each time you redisplay the form, you should probably save a successful file upload in a session variable and output a message next to the file box in the form that the file has already been uploaded. I would suggest something like the following - In your validation section - <?php if($image['error'] == UPLOAD_ERR_NO_FILE){ // no file was selected. If there is no saved file, this is an error, if there is a saved file, not an error if(empty($_SESSION['saved_image'])){ $errors['file'] = "No Image was selected"; } } else if($image['error'] != UPLOAD_ERR_OK){ // generically handle other upload errors. Real code would display a useful message (file was too large, upload was incomplete, a server error occurred) $errors['file'] = "An error occurred uploading the image - Error code: {$image['error']}"; } else { // the image upload was successful ($image['error'] is equal to UPLOAD_ERR_OK) // put your application level filtering, conditioning, and validation of the uploaded file information here... (mime type, filename, extension, filesize, image size) // note: if the image upload was successful, you should process it (storing it in a session variable), even if there are other validation errors, so that the user does not need to keep reselecting the image file // if you successfully process the uploaded image here, you should display a message near the form's file selection field telling them they don't need to reselect the file if(is_uploaded_file($image['tmp_name'])){ $_SESSION['file'] = $image; // save the uploaded file information (name, mime type, filesize) $_SESSION['saved_image'] = file_get_contents($image['tmp_name']); // save the actual file } } At the point where you have successfully used the form information - <?php // form processing is finished without any errors unset($_SESSION['file']); unset($_SESSION['saved_image']); Your file form field - <label align="left" for="Image">Upload Image:</label> <input name="file" type="file" size="25" /><?php if(!empty($_SESSION['saved_image'])){ echo "* Image {{$_SESSION['file']['name']}} has already been uploaded. You may select a different Image if you want.";} ?><br />
  15. Here's the list I posted - 1) You should test if the current visitor is logged in before you do any operations on the page. You should not display the form or execute the form processing code if the visitor is not logged in. 2) Textareas don't have value='' attributes. You output the existing content between the <textarea></textarea> tags. 3) If you are not getting a large number of 'undefined' error messages and some depreciated errors, something in one or the other of your include files is disabling the error reporting/display errors settings. 4) You need to use isset() to test if variables exist before referencing them to avoid generating undefined variable error messages. 5) You are filtering your $_POST data after you have validated it. You should filter it first so that the validation will check the filtered content. 6) You are not filtering the price, zipcode, or category_id. 7) You are still using some ereg_replace functions (instead of preg_replace.) Your preg_replace code for the $_POST fields doesn't work. It needs delimiters around the match pattern (you cannot just change the name 'ereg' to 'preg'). 9) Your code is currently displaying the 'Cannot move imagename.ext' because you have two move_uploaded_file() statements and after the first one is executed, the tmp file no longer exists and cannot be moved again. 10) Your code is not using any of the uploaded image information in any of the queries. 11) You need to indent your code so that lines at the same block level are indented the same amount and clean up the excess white space. 12) You have three copies of $_SESSION['customer_id'] by different names. You should just use $_SESSION['customer_id'] where you need it or get your code under control and use just one copy of it. 13) Your upload error messages are being handled differently from the other error messages. You are also not displaying the $error_msg variable, so any of the upload errors aren't being displayed, so you won't know why your code is failing. Use the $errors array method for all the user error messages.
  16. You can get php to tell you why the move_uploaded_file statement is failing by developing and debugging your code on a system with error_reporting set to E_ALL (or even better a -1) and display_errors set to ON. Add the following two lines of code immediately after your first opening <?php tag - ini_set("display_errors", "1"); error_reporting(-1);
  17. Seriously, did you look at YOUR data that was displayed to see what was wrong with it? The date index is only "2011-07-". How is that going to match the $day variable which would have values like "2011-07-01". The LEFT(res_log.timestamp, as tstamp term in your query is only giving "2011-07-". Since I don't know if/how/or what mysql 3 returned for a DATE/DATETIME/TIMESTAMP data type, you would need to change any usage of LEFT(..., to LEFT(...,10) or you can just use the mysql DATE() function to get the date part of a DATETIME/TIMESTAMP data type.
  18. echo '<pre>'; var_dump($reservations); echo '</pre>';
  19. A do/while loop is almost never used because it requires extra code to setup the data before the first pass through the loop. I'm not sure you are doing that before the start of the loop in the code you posted, but you ARE fetching a row from the result set INSIDE of the loop and also in the while() statement, thereby skipping over every other row. When fetching multiple rows from a query, you should almost always use a while(){} loop - <?php mysql_select_db($database_encomSQL, $encomSQL); $query_rs1 = "SELECT service_id, date_format(service_date,'%D %M %Y') AS 'fdate',service_date FROM service ORDER BY service_id ASC"; $rs1 = mysql_query($query_rs1, $encomSQL) or die(mysql_error()); $totalRows_rs1 = mysql_num_rows($rs1); // I'm going to assume that your actual code is using this value? date_default_timezone_set('Europe/London'); // you would only do this ONCE, before the start of the loop // code to do things before the start of the loop goes here... while($row_rs1 = mysql_fetch_assoc($rs1)){ // code to do things for each row in the result set goes here... if($row_rs1['service_date'] < date('Y-m-d',strtotime('-30 day'))){ echo "More than 30 days ago"; } else if($row_rs1['service_date'] < date('Y-m-d',strtotime('-14 day'))){ echo "More than 14 days ago"; } else if($row_rs1['service_date'] < date('Y-m-d',strtotime('-7 day'))){ echo "More than 7 days ago"; } else { echo "Within the past 7 days or in the future"; } } // code to do things after the end of the loop goes here... ?>
  20. Did your mysql get upgraded too? You didn't exactly state so. It's more likely that you either don't have any matching data (or no data at all) in your database or that the conditions being produced by php (the strftime() statements) going into the query statements are not what you think. Have you echoed out the sql query statement(s) to see what they actually are and used print_r or var_dump on the data to check if it is what you expect?
  21. <?php mysql_select_db($database_encomSQL, $encomSQL); $query_rs1 = "SELECT service_id, date_format(service_date,'%D %M %Y') AS 'fdate',service_date FROM service ORDER BY service_id ASC"; $rs1 = mysql_query($query_rs1, $encomSQL) or die(mysql_error()); $totalRows_rs1 = mysql_num_rows($rs1); date_default_timezone_set('Europe/London'); $row_rs1 = mysql_fetch_assoc($rs1); if($row_rs1['service_date'] < date('Y-m-d',strtotime('-30 day'))){ echo "More than 30 days ago"; } else if($row_rs1['service_date'] < date('Y-m-d',strtotime('-14 day'))){ echo "More than 14 days ago"; } else if($row_rs1['service_date'] < date('Y-m-d',strtotime('-7 day'))){ echo "More than 7 days ago"; } else { echo "Within the past 7 days or in the future"; } ?>
  22. Any content/data that you output on a web page needs to be passed through htmlentities with the second parameter set to ENT_QUOTES, so that any special characters in the content are converted to HTML entities so that they don't break the HTML on your page (if you do a 'view source' in your browser, you will see that the data is there but the quotes in it is causing the browser to stop rendering the output.) If you already have the previously entered values saved in session variables, why go to the trouble of putting them back into hidden form fields? Since they are being passed through the form, you must re-validate them on each form submission since they can be altered by the visitor before the form gets submitted.
  23. Old implies dates in the past. Do you actually want to test if something is in the future (greater than today's date) or in the past (less than today's date)? If it seems like all I am doing is asking questions and not offering anything that helps, we cannot help in coding without an exact statement of the problem. In any case, you can only do greater-than or less-than comparisons between textual dates when the format of the dates is something like date('Y-m-d') because the fields must be left to right, most significant part (year) to least significant part (day.) Edit: If you need to display the dates using your "D-M-Y" format, continue to SELECT that using the date_format(), but for date manipulation in the php code, you should also SELECT the raw service_date column.
  24. Do you only want to retrieve data that is more than 7 days from todays date or do you want to retrieve all the data and do one thing if the data is more than 7 days from todays date and do something else if it is not?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.