-
Posts
16,734 -
Joined
-
Last visited
-
Days Won
9
Everything posted by PFMaBiSmAd
-
I'll second that ^^^ You won't always be on a server where you will have the ability to change the short open tag setting, so it is worth your time to just fix the code so that the php tags will always work and you won't need to go through this every time you switch to a different server. Most programing editors and/or operating system search/replace utilities can globally search/replace in all the files and folders starting at some folder location. 1) Change all <? to <?php 2) Change all <?phpphp to <?php 3) Change all <?php= to <?php echo
-
Is the image getting saved to the - $dir ="C:/xampp/htdocs/WroxPhp6.0/img"; location?
-
$_SESSION iS part of register_globals, that's why so many scripts were taken over. Hackers set the session variables saying they were logged in as the administrator to scripts, simply by putting same name get parameters on the end of URLs. Register_globals were turned off by default over 8 years ago and since the code you are writting should not be using register_globals methods and/or you should not still be using any old code that is dependent on register_globals, there's no point in the code you have shown in this thread. It does not belong in any current script.
-
The UPDATE query in check_image.php is incorrectly written. The closing double-quote is at the end of some php code (making the php code part of the query string.) The closing double-quote on that query should be at the end of the query. And I see how this might have occurred. There should be a double-quote in the query, right before the dot in: . $last_id; There are two single-quotes instead. Change the two single-quotes to a double-quote and remove the double-quote that you added after the imagedestroy($image);"
-
If register_globals are on, the posted code unsets any program (global) variables that match any of the $_REQUEST, $_SESSION, $_SERVER, $_FILES key names. While that does have the affect of preventing a hacker from setting your program variables, it would also prevent your code from working correctly if there are any external variables with the same name as your program variables at the point in your code where you run the posted logic. You access form variables using the correct $_GET or $_POST variable name ($_REQUEST should not be used because it is about as insecure as having register_globals on.)
-
help with code - $variable_name = $connection->Execute(
PFMaBiSmAd replied to Terry Cragg's topic in PHP Coding Help
There's a green 'Mark Solved' button on the lower left-hand side of the page. -
Since display_errors should be off on a live server, there is no point in putting an @ in any code.
-
Well the code you did post produces a fatal php parse error because those are NOT double-quotes and since you did not post your code or answer how you are retrieving and displaying the results, no one here can directly help you with what your code is doing that is causing the problem.
-
The code you did post is using smart/curly quotes and is probably causing the date format string some difficulty. Also, what is your code between that point and the query that is inserting the data into your table and how are you retrieving and displaying the results? Any of those things could be causing the problem.
-
MySQL table cells look blank, but contain CHAR(13)
PFMaBiSmAd replied to mrherman's topic in MySQL Help
Unless you had one long line in the file, each line had some kind of a new-line (cr/lf) on the end of it to cause the next line to be a separate line. Those new-line character(s) got inserted into your database unless you did something to remove them. -
The following line is missing the closing ) - ('SDhanasingh','Dhanasingh','Sukanthan','Inspector','Mr.','1977/10/27 00:00:00',
-
If you append the date/time to each of those status messages, you will be able to see when each one was processed. Web servers are not designed to output content to the browser incrementally.
-
You should be using isset() to test if an optional variable exists before you access the value in that variable.
-
I Need Help With Code To Prevent SQL Injections!
PFMaBiSmAd replied to designer76's topic in PHP Coding Help
Unfortunately, that code has a logic error in it (it's setting $search, then setting $search again from the original $_GET value.) It also sounds like you don't have a mysql connection at that point in your code? That code should be doing the following and you must have a mysql connection at the time you use mysql_real_escape_string() - if(get_magic_quotes_gpc()){ $_GET['search'] = stripslashes($_GET['search']); } $search = mysql_real_escape_string($_GET['search']); -
I Need Help With Code To Prevent SQL Injections!
PFMaBiSmAd replied to designer76's topic in PHP Coding Help
If get_magic_quotes_gpc() is true, you need to use stripslashes() on the data, then use mysql_real_escape_string() on the data. Doing so will remove the escaping that magic_quotes_gpc is doing, then escaping the data correctly using mysql_real_escape_string(). Also, mysql_real_escape_string() is only helpful for string data (i.e. data that is put into a query in between single-quotes. It does nothing for numerical data (i.e. data that is NOT put into a query in between single-quotes.) For numerical data, you must either validate it as a number or cast it as a number in order to prevent sql injection. -
PHP in Windows returning a \r\n when processing download handler.
PFMaBiSmAd replied to Yevgeni's topic in PHP Coding Help
You didn't indicate if the \r\n was at the start of the data or at the end. The problem is likely a new-line in your download .php file, either before the opening <?php tag or after the closing ?> php tag. -
String problems when trying to insert to SQL!
PFMaBiSmAd replied to greens85's topic in PHP Coding Help
The logic using $count would not do anything for detecting what is or is not already in the database. -
In order to generate and return the userId, the query in the public function save(){} in the class User must execute without error. In briefly looking at it, you are missing the closing ) that is part of the VALUES () term. You should echo $query inside that function to see exactly what it contains and you can echo mysql_error() to find out why your query is failing. Edit: Your public function setInactive(){} also needs some error checking logic in it. You are calling $this->save(); (which in the current code is returning a false value), but you are not checking that and blindly executing the INSERT INTO %sPENDING ... query. You should not be executing that query unless $this->save() returns a true value.
-
If you directly want help with what your actual code is doing, it would be quickest if you just posted all the relevant code and stated exactly what symptom you are getting that makes you think it is not working (perhaps you are overwriting the variable somewhere?) You are posting a few lines of your code taken out of context and asking someone who is not standing right next to you to tell you why your program is not doing what you expect.
-
Actually that would be unwise because that looses the history of what you have tried and how you got to this point. Stick to one thread for the duration of one problem. It's the same error you posted in this thread, if you had bothered to read it.
-
The defintion of mysql_result() - Assuming that the code you posted is the code producing the error, it means that your query failed due to an error and returned a FALSE value. For debugging purposes, echo mysql_error(); on the next line after the line with your mysql_query() statement, it will tell you why the query failed.
-
This topic has been moved to PHP Coding Help. http://www.phpfreaks.com/forums/index.php?topic=311176.0
-
Yes, but did you try reading a php/mysq tutorial so that you would know how to retrieve data from a result resource? You must fetch the data. See any of the mysql_fetch_xxxxxx() instructions in the php.net documentation. And since this is actually a php coding problem, moving thread to the php help forum section...