psychohagis
-
Posts
80 -
Joined
-
Last visited
Never
Posts posted by psychohagis
-
-
mm well look it up. Sorry, i cant help more, i know should put them in an array but i dont know how to do that
-
you should put the variables in an array
-
but what would you do if you had a file which was in [b]/members/[/b] for example. but you wanted to include [b]/includes/errors.inc.php[/b]
-
*bump*
-
well that doesnt work me, so you could either you just type the full url from http:// or you could use the $_SERVER superglobal which i dont know much about
-
ok thankyou
id actually use
INSERT INTO `messages` ( `id` , `to` , `from` , `subject` , `message` , `received` , `read` )
VALUES (
NULL , '$to', '$from', '$subject', '$message', '$received', NULL
);
but rather than putting NULL couldnt I just do:
[code]INSERT INTO `messages` (`to` , `from` , `subject` , `message` , `received`)
VALUES (
'$to', '$from', '$subject', '$message', '$received'
);
[/code] -
[table]
[tr]
[td][b]Field[/b][/td]
[td][b]Type[/b][/td]
[td][b]Default[/b] [/td]
[td][b]Extra[/b][/td]
[/tr]
[tr]
[td][u]id[/u][/td]
[td]int(11)[/td]
[td][/td]
[td]auto_increment (primary)[/td]
[/tr]
[tr]
[td]to[/td]
[td]int(11)[/td]
[td]0[/td]
[td][/td]
[/tr]
[tr]
[td]from[/td]
[td]int(11)[/td]
[td]0[/td]
[td][/td]
[/tr]
[tr]
[td]subject[/td]
[td]varchar(50) [/td]
[td][/td]
[td][/td]
[/tr]
[tr]
[td]message [/td]
[td]longtext [/td]
[td][/td]
[td][/td]
[/tr]
[tr]
[td]received[/td]
[td]bigint(20)[/td]
[td]0[/td]
[td][/td]
[/tr]
[tr]
[td]read[/td]
[td]int(11)[/td]
[td]0[/td]
[td][/td]
[/tr]
[/table] -
I would suggest the book [b]Build your own Database Driven Website using PHP & MYSQL by KEVIN YANk[/b]
It's quite think but I found it a very easy read, and I am already very satisfied with my knowledge of PHP. It explains everything from mysql and php basics to more advanced stuff. It also covers sessions and cookies, and tells you how to format with the [bb] tags.
Its published by sitepoint: [url=http://www.sitepoint.com]www.sitepoint.com[/url] -
Ok I have a page that sends messages, or basically just inserts them into a database. I am using a sql statement in the the exact same way as to which I've used it before and had it work, except this time it is not working. can anyone help?
[code]
$sql = "INSERT INTO messages SET
to='$to',
from='$from',
subject='$subject',
message='$message',
received='$received'";
if (!@mysql_query($sql))
{
echo '<p>Error sending message' . mysql_error() . '</p>';
}
[/code]
But when I run this I get the following error:
[quote]Error sending message You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'to='1', from='1', subject='Hello', message='Hello how are
[/quote]
it should continue [b]message='hello how are you',received=[/b] and then insert the variable $received which = time()
-
if its linked from a script then theres will work ^^
but if you just wanna stop people typing in file names and downloading then then you should look up [b].htaccess[/b] -
so sorry. do i use all of that or are they seperate examples.
does the last one just loop through all you posted variables and clean them? cos then presumably I could just go [b]$blah=$_POST['blah'];[/b] and it would already be clean? -
I agree with whoever said "If youve been learning for a year and you dont know this stuff, then you havent applied yourself"
Ive been learning for about four months and although im not fluent, im farely confident, and i actually know what those things are -
should I do that with every variable before i run it through sql? and presumably i can replace $value with my own variables
-
I am currently building a site, and I am becoming worried about putting it online because Ive heard a lot of people talking about security.
I can see how someone could just type sql into an field and hack the server, so want I wanna know is. what is/are the best way/s to keep my database secure, and how can I strip sql out of inputs? -
well surely you could do this on the page they are sent to so:
[code]
If ($_POST['whatever']='' or $_POST['whatever']='' or $_POST['whatever']'')
{
echo echo '<meta http-equiv=refresh content=0;URL=http://www.YOURSITE.COM/YOURPAGE.php?error=some or all fields were left blank>';
}
[/code] -
what d'u mean mines wide open? how can i fix this?
-
In the user_auth_fns.php file, try using [code]exit('Could not log you in.');[/code] By doing that you stop the rest of the script from running if you hit an error.
-
I dont know much about this, but I thought session ids were saved in cookies
-
oh yh and [quote] is it possible to log the players IP addresses[/quote]
[url=http://www.phpfreaks.com/forums/index.php/topic,121140.0.html]http://www.phpfreaks.com/forums/index.php/topic,121140.0.html[/url] -
this is the wrong place to post this.
i say screw e-books.
I recently bought:
[b]Build your own Database Driven Website using PHP & MYSQL by Kevin Yank.[/b]
Which I read in about a week and within about 2 weeks felt very comfortable with php and was already under way making my site. To be fair I did already know asp, which helped, but it is a very good book and I reccomend it.
Its published by sitepoint:
[url=http://www.Sitepoint.com]http://www.Sitepoint.com[/url] -
why are you using cookies? sessions are more secure? I have a script that works fine for me.
[b]Logging in:[/b]
[code]
$server = "YOUR SERVER"; // server to connect to.
$database = "DATABASE"; // the name of the database.
$db_user = "USERNAME"; // mysql username to access the database with.
$db_pass = "PASSWORD"; // mysql password to access the database with.
$table = "TABLE"; // the table that this script will set up and use.
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
//selects from database using the password and username provided and pulls out verified and id
$match = "select id,verified,rank from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
//send query
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
//turns id verified and rank in to variables
while ($idgrab = mysql_fetch_array($qry)) {
$userid= $idgrab['id'];
$verified= $idgrab['verified'];
$rank= $idgrab['rank'];
}
//checks that a record was found for the username. If not returns you to sign in with error
if ($num_rows <= 0) {
echo '<meta http-equiv=refresh content=0;URL=http://www.YOURSITE.com/signin.php?error=9>'; /*I have a seperate script for printing errors, you may want to do this differently*/
exit;
} else {
//checks whether thse users email is verified (you may want to edit this out)
if ($verified!=1)
{
echo '<meta http-equiv=refresh content=0;URL=http://www.YOURSITE.com/signin.php?error=10>';
} else {
//sets session variables
session_start();
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $_POST['username'];
$_SESSION['rank'] = $rank;
//send them to the nect page if everything is fine.
echo '<meta http-equiv=refresh content=0;URL=http://www.YOURSITE.com/index.php>';
}
}
[/code]
[b]Then to check whether someones logged in:[/b]
[code]
//start session
session_start();
//check for prescence of session variables
if (!isset($_SESSION['userid']) or $_SESSION['userid'] =='')
{
echo '<meta http-equiv=refresh content=0;URL=http://www.YOURSITE.com/signin.php?error=12>'; //ask you to sign in if you are not
}
[/code] -
thanks, seems farely obvious, ill try it out
-
I want to know how you can get a visitors ip adress. I know it can be done because a site I use sometimes block people from the whole site if they dont get the message to follow the rules (not speaking from experience).
Does anyone know how to do this. Im guessing its a global or something but i dont know what it is. -
no. I wrote this code myself. I am certain that the variables are named correctly
Noob Help
in PHP Coding Help
Posted