Jump to content

MadTechie

Staff Alumni
  • Posts

    9,409
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by MadTechie

  1. try this SELECT * FROM search_video WHERE BINARY id = '%s'
  2. if you want someone to write the code please post in the freelance section, if you have problems with your code then please post the code and the the problems you are facing
  3. Cool and your welcome replace if ( preg_match('/^[0-9]+$/',$code) ) { with //remove anything thats not a number $code = preg_replace('/[^\d]/i', '', $code); //61593aa42377 becomes 6159342377 //check its valid if (preg_match('/^\d{10}$/i', $code)) { //checks code is 10 "numbers" from start to end or if you know letters are always in the same place try if (preg_match('/^\d{5}\w{2}\d{5}$/i', $code)) { here a revised version using 2 database <?php if (!isset($_POST["submit"])) { echo "Prize infomation"; }else{ $code = $_POST['code']; $ans = "blank"; if ($code == null) { $message = "<font color=red><strong>Please enter your code.</strong></font>"; }else { $valid="<font color=red>Please enter a valid code.</font>"; if ($code ==! null) { $database = "database"; $dbname = "database username"; $dbpass = "database password"; $link = mysql_connect($database, $dbname, $dbpass) OR die(mysql_error()); mysql_select_db($database) or die("Unable to select database"); $i = 0; //? no idea why it wasn't set! //Added protection and limited to 1 result //Database 1 $query = sprintf("SELECT * FROM dbA WHERE code = '%s' LIMIT 1", mysql_real_escape_string($code)); $result = mysql_query($query) OR die(mysql_error()); $num=mysql_num_rows($result); if($num>0) { $foundin = "A"; $sCode = mysql_result($result, $i, "code"); $sWinner = mysql_result($result, $i, "winner"); $sName = mysql_result($result, $i, "name"); $sEntered = mysql_result($result, $i, "entered"); } //Database 2 $query = sprintf("SELECT * FROM dbB WHERE code = '%s' LIMIT 1", mysql_real_escape_string($code)); $result = mysql_query($query) OR die(mysql_error()); $num=mysql_num_rows($result); if($num>0) { $foundin = "B"; $sCode = mysql_result($result, $i, "code"); $sWinner = mysql_result($result, $i, "winner"); $sName = mysql_result($result, $i, "name"); $sEntered = mysql_result($result, $i, "entered"); } //Database 3 $query = sprintf("SELECT * FROM dbC WHERE code = '%s' LIMIT 1", mysql_real_escape_string($code)); $result = mysql_query($query) OR die(mysql_error()); $num=mysql_num_rows($result); if($num>0) { $foundin = "C"; $sCode = mysql_result($result, $i, "code"); $sWinner = mysql_result($result, $i, "winner"); $sName = mysql_result($result, $i, "name"); $sEntered = mysql_result($result, $i, "entered"); } //-------------defaults--------- $Sorry = "<font color=red><strong>Sorry!<br>sorry you already entered this number this month.</strong></font>"; $no="<font color=red>We are sorry but you are not a winner this month. Keep checking to see if you have won!</font>"; $yes="<font color=red>We are happy to confirm that you are a winner! You will be contacted shortly by email informing you of your prize.</font>"; $nocode="<font color=red size=3>Unfortunately the Number that you entered is invalid. </font>"; //---------------------- switch($foundin) { case "A": $Sorry = "<font color=red><strong>Message from database A Sorry $sName!<br>sorry you already entered this number this month.</strong></font>"; break; case "B": $Sorry = "<font color=yellow><strong>Sorry $sName!<br>Message from database B sorry you already entered this number this month.</strong></font>"; break; case "C": $Sorry = "<font color=blue><strong>Sorry $sName!<br>Message from database C sorry you already entered this number this month.</strong></font>";# break; } mysql_close(); if ($sEntered == "yes") { $message = $Sorry; }else { if ($code ==! $sCode) { $message = $nocode; }else{ $prize=false; switch($sWinner) { case "psp": $prize = "a Sony PSP"; break; case "bc": $prize = "a Baseball Cap"; break; } $message = (!$prize)?"<font color=red size=3>Congratulations! You have won...</font><br><font color=black size=3>$prize!</font>":$no; } } }else{ $message = $valid; } } //Added the } below } ?> EDIT: Ahh see what you mean by searching one or the other depending on if it had letters.. (do the database use is different in mine)
  4. As your only doing html and not using attachments, try this trimmed and cleaned up rewrite, if this is okay then i can add a extra routine to add attachments <?php class mime_mail { var $parts; var $to; var $from; var $headers; var $subject; var $body; function mime_mail() { $this->parts = array(); $this->to = ""; $this->from = ""; $this->subject = ""; $this->body = ""; $this->headers = ""; } function send() { $mime = "MIME-Version: 1.0\r\n"; $mime .= "Content-type: text/html; charset=iso-8859-1\r\n"; if (!empty($this->to)) $mime .= "To: ".$this->to."\r\n"; if (!empty($this->from)) $mime .= "From: ".$this->from."\r\n"; if (!empty($this->headers)) $mime .= $this->headers."\r\n"; $success = mail($this->to, $this->subject, $this->body, $mime); if (!$success) { echo 'Mail: Warning, mail could not be sent'; }else{ //echo 'Thank you for registering. Please check your e-mail to finalise the registration procedure.'; } } } ?> **UNTESTED**
  5. Not validation but the probable bug fix, change $query="SELECT * FROM july08 WHERE code = $code"; to $query="SELECT * FROM july08 WHERE code = '$code' ";
  6. I am not 100% sure what you mean, but heres 1.5 examples, if this is wrong and you give some examples what input your getting and if they should be valid or invalid (and why) <?php $var = "thisisokay"; //1 OK $var = "thiswillfail"; //2 Fail $var = "0123456789"; //3 Ok $var = "12345abc67890"; //4 Fail (uncomment replace line to make this work) $var = "abcdefghij"; //Ok //$var = preg_replace('/[^\d]/i', '', $var); //Remove letters (to make 4 work) if (preg_match('/^\w{10}$/i', $var)) { echo "Valid"; } else { echo "InValid"; } ?> Hope this helps EDIT: you could do if (preg_match('/^\w{1,10}$/i', $var)) to make numbers less than 10 characters long work (but atleast 1)
  7. MadTechie

    regex

    heres another example (will only match what you asked) <?php $url = "http://www.xxxxx.com"; //will work $url = "http://www.blar1234.com"; //will work $url = "http://www.xxxxx.coms"; //will fail $url = "http://www.xxxxx.com test"; //will fail $url = "test http://www.xxxxx.com"; //will fail if (preg_match('%^http://www\.\w+\.com$%i', $url)) { echo "Valid http://www.DOMAIN.com"; } ?>
  8. LOOL, also had some spare time.. theirs probably a better why but try this <?php $year = 2008; $month = 1; //Aug $day = 1; $startDate = mktime(0, 0, 0, $month, $day, $year); $NoD = date( "t", $startDate); While(date( "D", $startDate) != "Fri") //find first Friday { $day++; $startDate = mktime(0, 0, 0, $month, $day, $year); } $day--; $days = ceil(($NoD-$day)/7); echo "$days Fridays"; ?>
  9. .inc files will NOT be parsed unless you add the .inc as a php handler on the apache server. if you have access to the system files on the server or using cPanel you can fix this. if i have lost you then just rename the file to "error-handler.inc.php" (infact i would do that in anycase)
  10. Nope i'm still lost.. i took another look at effigy code and from what i can tell this is how it would work [url=http://www.somewebsite.com]skip1[/url] http://www.somewebsite.com <-- Find 1 [url=www.somewebsite.com]skip2[/url] www.somewebsite.com <-- Find2 [url=http://somewebsite.com]skip3[/url] http://somewebsite.com <-- Find 3 urls tagged in url tags are found and outsides are skipped, and your saying you have a problem matching "skip2" but skip1 works fine.. I don't see how skip1 would work with a negative lookbehind of "url"
  11. check this line $uploaddir = '/www/codehouse.100webspace.net/ '; //I assume this is the upload path 1. theirs a space at the end ? 2. does it exist ? 3. is it writable ?
  12. yes but see the javascript section! (if you want to use JS then post in the JS section)
  13. The code i posted will work fine no matter what order of the array.. and i'm sorry but i can see how you have a next/prev in your current code.. maybe read up on "php pagination" for some examples as i think your trying to do this the hard way
  14. regex example <?php $str = "My Name is (WOOLYG)"; if (preg_match('/\(([^)].*?)\)/si', $str, $regs)) { $result = $regs[1]; } else { $result = ""; } echo $result; ?>
  15. i really need an example of what your doing but this should work <?php $C = 5; $a = array(3,4,5,7,11); $item = current($a); echo "start:"; echo key($item); echo "<br>"; while($item != $C) { $item = next($a); } echo "current:".key($item)."<br>"; echo "end:"; echo key(end($a)); echo "<br>"; ?>
  16. Surely your check it every hour or so and then workout the percentage of up time!
  17. Okay effigy is much better at RegEx then I, I am not sure what you mean by linked and unlinked ! reading effigy regex i would guess you could do this ### Protocol or start. (?: (??:https?|ftp)://) | www\. ) to ### Protocol or start. (?: (??:https?|ftp)://) | www\. | (??:https?|ftp)://)www\. ) which means must start with www. or http:// or or http://www. (http could also be https or ftp) their are others ways of thing this but the above should work fine
  18. try this <?PHP $str = 'LPPT 0 0 N38°46'27.00" W009°08'03.00" LISBOA'; preg_match_all('/\s([^\s]*?")/si', $str, $result, PREG_PATTERN_ORDER); $result = $result[1]; $Latitude = $result[0]; $Longitude = $result[1]; echo "Latitude = $Latitude <BR>Longitude = $Longitude"; ?> *untested*
  19. yeah we need some more details but try this change $query = "INSERT INTO members (id, fname, lname, uname, password, email, address, city, country, date, ip) VALUES ('', $fname, $lname, $username, $password, $email, $address, $city, $country, $date, $ip)"; to $query = "INSERT INTO members (id, fname, lname, uname, password, email, address, city, country, date, ip) VALUES ('', '$fname', '$lname', '$username', '$password', '$email', '$address', '$city', '$country', '$date', '$ip')";
  20. why are you doing this ? $query = "FLUSH PRIVILEGES"; mysql_query($query) or die('Error, insert query failed'); does the account have access to do it.. why do you need it ?
  21. If the function exists in the code then theirs a risk.. you can reduce the risk by adding filters but remove the risk by not having it their! in this case the function will be using data from the database thus their are many ways to input data (miss one and all hell breaks loss, database & php) if you don't have eval and miss an input filter/validation then database wise (all hell breaks loss) but atleast if they injected something php commands it wouldn't do any harm.. Personally.. if i don't have to use eval or exec/shell etc i try not to.
  22. Eval will execute anything thats passed to it.. so its like allowing anyone to upload a php script and run it.. (not a good idea) note you can add filters etc but if you don't need eval.. then don't use it.. oh as a side note to use eval you would need to do this //echo $row['Link']; //replace with below eval ("echo {$row['Link']};");
  23. if thats true then instead of adding a security risk.. try <a href="page.php?page=$Page">Test</a> $Page = $row['Name']; $data = str_replace('$Page', $Page, $row['Link']); echo $data;
  24. you have a few mistakes, try this PHP code **UNTESTED* <?php // Check if the form has been submitted. $uploaddir = '/home/www/uploads/'; //I assume this is the upload path if (isset($_POST['submitted'])) { //Check for an uploaded file. if(isset($_FILES['upload']['name'])) { $uploadfile = $uploaddir . basename($_FILES['upload']['name']); // Validate the type. Should be jpeg, jpg, or jif. $allowed = array('image/gif', 'image/jpeg', 'image/jpg'); if (in_array($_FILES['upload']['type'], $allowed)) { // Move the file over if (move_uploaded_file($_FILES['upload']['tmp_name'], $uploadfile)) { echo ' <p> The file has been uploaded!</p>'; } else { // Couldn't move the file over. echo '<p> <font color="red">The file could not be uploaded because: <b>'; // Print a message based upon the error switch($_FILES['upload']['error']) { case 1: print 'The file exceeds the upload_max_filesize setting in php.ini.'; break; case 2: print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.'; break; case 3: print 'The file was only partially uploaded.'; break; case 4: print 'No file was uploaded.'; break; case 6: print 'No temporary folder was available.'; break; default: print 'A system error occrured.'; break; }// End of move... IF. print '</br></font>.</p>'; } } else { // Invalid type. echo '<p><font color="red">Please upload a JPEG or GIF image.</font></p>'; echo'<p><font color="red">Please upload a JPEG or GIF image.</font></p>'; unlink($_FILES['upload']['tmp_name']); // Delete the file } } else { // No file uploaded echo 'Please upload a JPEG'; } } // End of the submitted conditional. ?>
  25. For MySQLi try <?php $link = mysqli_connect("localhost", "user", "password", "database"); if ($result = mysqli_query($link, "SELECT * from table WHERE username = '$username' ")) { $num_rows = mysqli_num_rows($result); mysqli_free_result($result); if($num_rows > 0) { die("User already exists"); } } ?> OR <?php $mysqli = new mysqli("localhost", "user", "password", "database"); if ($result = $mysqli->query("SELECT * from table WHERE username = '$username' ")) { /* determine number of rows result set */ $num_rows = $result->num_rows; $result->close(); if($num_rows > 0) { die("User already exists"); } } ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.