per1os

Hi All, I am working on a project with a session shopping cart. Basically no user registration and hopefully no database period. It does everything on the fly. The issue I am currently having is that I cannot see a way to pass the serialized item data from the unsecured site to the secure site. Get won't work because there could potentially be too many items. A hash won't work for the same reason. Right now the only way I can see doing this is having a database that houses the sessionid, time and the serialized item data, than creating a script on the unsecured site in which the secure site is passed the sessionid and from there it requests a page called get_items.php which returns the serialized data from the database and is then able to unserialize it and process it. I was hoping to keep the database out of it, I know I could probably use the same scheme with flat files, but what I am curious about is there a way that one could pass data (no matter the size) from one site to other without having to do the remote request? I do not think there is, but figured I would give it a shot and ask. If anyone knows of a way, I would be appreciative of links I could read up on it. Thanks!

You could use javascript to setup the post variables and "submit" the form which is just an auto redirect. Other than that I do not think there is any other way to do it.

<?php $num = rand(0,2); // for now since there are only 3 items switch($num) { default: case 0: $location1 = 'shop_01_20_2007'; $location2 = 'shop_01_20_2007.swf'; break; case 1: $location1 = 'benny_animation'; $location2 = 'benny_animation.swf'; break; case 2: $location1 = 'tv_screen_off'; $location2 = 'tv_screen_off.swf'; break; } ?> <script type="text/javascript"> AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','320','height','240','title','Introduction','src','shop/store_templates/FLASH/<?php echo $location1 ?>','loop','false','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','menu','false','movie','shop/store_templates/FLASH/<?php echo $location1 ?>' ); //end AC code </script> <noscript> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="320" height="240" title="Introduction"> <param name="movie" value="shop/store_templates/FLASH/<?php echo $location2 ?>" /> <param name="quality" value="high" /> <param name="LOOP" value="false" /> <param name="menu" value="false" /> <embed src="shop/store_templates/FLASH/<?php echo $location2 ?>" width="320" height="240" loop="False" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" menu="false"></embed> </object> </noscript> For starters the script data needs to be outside the case statement. Also you never reopened the <?php tag at the end of the script for the extra }. Try the above, I changed the rand to be from 0,2 so we know we will have a result since there are only 3 cases.

Reply to SkunKbad Yes that is bad because you are using the get data directly in your script, you never know what someone could append to tippage or currenttipcat. <?php if (isset($_GET['tip'])){ $tippages = array("page1", "page2", "page-3"); $cattippages = array("catpage1", "catpage2", "catpage-3"); $tippage = $_GET['tip']; $currenttipcat = $_GET['cat']; if (!ereg("([A-Za-z0-9_-]*)", $tippage) || !ereg("([A-Za-z0-9_-]*)", $currenttipcat)) { $tippage = 'default'; $currenttipcat = 'default'; }elseif (!in_array($tippage, $tippages) || !in_array($currenttipcat, $cattippages)) { $tippage = 'default'; $currenttipcat = 'default'; } include('C:\wamp\www\site\root\tipstext\\' . $currenttipcat .'\\'. $tippage . '.php'); } ?> That should secure you.

That should explain why you have to wait to access the cookie until the page reload.

$price = array("item" => array(10, 15, 16), => "item2" => array(13, 14, 15));

$emailedyet="false" if($submiting=="gen"){ //The error line, it was ment to check if we where actuly submiting the page & not some person paying a random visit You missed the semi-colon after "false"

black background? That would kill my eyes, I tried that a long time ago, never stuck. My favorite program is Notepad++ for small projects and see my sig for eclispe for bigger projects. Loops are actually pretty easy, but most people struggle with them. I remember a time when I used to get infinite loops, but now it just never happens. Anyhow best of luck in your coding endeavors, remember to post here for help.

www.php.net/date It should have h for hours i for minutes s for seconds and there should be an am/pm key too. Look through that table to find the combination you need.

You don't need to set the cookie. Using session_Start does it for you as long as session_use_cookies (or something like that) is set. <?php session_start(); if (!isset($_SESSION['test'])) { $_SESSION['test'] = "This is a test"; echo '<a href="' . $_SERVER['PHP_SELF'] . '">Click here to reload</a>'; }else { echo 'It freaking worked! Test is ' . $_SESSION['test']; } ?> Nice little test script.

im falling...in love with youuuu....good song =P Sorry for the tease, I saw that and I just had to reply to it =) Felt bad i didn't even give it a shot, try this out: change this: echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=admin_modprocess.php?id='.$id.'&table=jobs\">"; //this is the link that shoudl use the id and redirect to this: echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=admin_modprocess.php?id=" . $id . "&table=jobs\">"; //this is the link that shoudl use the id and redirect See if that tickles your fancy.

Are you sure $id contains a value. If it is coming from get I would suggest adding this: $id = isset($_GET['id'])?$_GET['id']:0; if ($id > 0) { $fetch=mysql_fetch_assoc(mysql_query("SELECT `email` FROM `crush2` WHERE `id`='$id'")); $email = $fetch['email']; if(mail ($email, $emailsubject, $body, "From: your site <crushreply@****.co.uk>")) include("crush/done.php"); }else { echo 'invalid id'; }

www.php.net/file www.php.net/file_get_contents www.php.net/str_replace www.php.net/ereg_replace www.php.net/eregi_replace www.php.net/preg_match All should help you on your merry way!

lol, well look at it this way, steelmanronald used it, and hes an admin. =) I just thought it was funny that it actually linked to a pr0n site.

Its not different by much. <?php $num = rand(0,10); switch($num) { case 0: ?> <script type="text/javascript"> AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','320','height','240','title','Introduction','src','shop/store_templates/FLASH/shop_01_20_2007','loop','false','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','menu','false','movie','shop/store_templates/FLASH/shop_01_20_2007' ); //end AC code </script> <noscript> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="320" height="240" title="Introduction"> <param name="movie" value="shop/store_templates/FLASH/shop_01_20_2007.swf" /> <param name="quality" value="high" /> <param name="LOOP" value="false" /> <param name="menu" value="false" /> <embed src="shop/store_templates/FLASH/shop_01_20_2007.swf" width="320" height="240" loop="False" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" menu="false"></embed> </object> </noscript> <?php break; case 1: //etc break; case 2: //etc break; } ?>

lol I would highly suggest not clicking the xxxx link, well unless you want to see some pr0n! lol.

Post some of your code. I use mysql_connect and my page load is very low. It sounds like you are running a lot of unnecessary trips to the database. The goal is to get as much as you can in one query and than use PHP to process it. Also using * is less efficient in defining the column names etc. It sounds like it is more of a coding issue than something that can be solved by using a single connection. Unless you are connecting to remote database server.

As long as you are referencing it by $_GET, your not using www.php.net/eval on the get variable or www.php.net/include or www.php.net/require (using the get's value) you should be fine. It is when you try to use the $_GET variable to include a file is when you can get hijacked. IE (this is bad!) <?php include($_GET['page']); // asking for trouble. ?>

www.php.net/session Session variables are the way to go. <?php session_start(); // must be at the top of the page BEFORE any output and on any other page you want to reference session variable at $_SESSION['lval'] = 1; $_SESSION['msg'] = $msg; header("Location: ../message/detail.php"); Should work.

If you have the array this would work: <?php for ($i=0; $i < count($array) - 1; $i++) { rename_function($array[$i], $array_to[$i]); } ?> That should work.

Generally speaking, yes. Arrays are very nice because they are easily looped through, where as just a static variable, well you cannot really loop it etc. You will find arrays have many uses, and make life much easier for the most part. Especially with x-dimensional arrays =)

Thats the spirit! Just make sure you post the finished product for all to use somewhere =)

Interesting. I could have sworn I have done that before, but maybe I am wrong. I will have to look more into it. I know something similar is possible, cause if it wasn't SQL Injection wouldn't be a huge issue as it is.

Thats when you get creative with the code. <?php for ($i=0; $i<50; $i++) { $questions[$i] = isset($_POST['question'.$i]):$_POST['question'.$i]:''; } echo 'First Question: ' . $questions[1]; ?>

You can run multiple queries via mysql_query with the semi-colon operated. Thats not a subquery. SELECT * FROM table_name WHERE table_2_id_col IN(SELECT id FROM table2 WHERE x=1); That is what mysql <= 3.x cannot handle. SELECT * FROM table_name WHERE table_2_id_col = 1; SELECT * FROM table_name2; "Should" work. That is why SQL Injection is such a worry because if someone did this: $_GET['id'] = "' OR 1; DELETE FROM table_name; SELECT * from table_name WHERE id = '1"; SELECT * FROM table_name WHERE table_2_id_col = '$_GET['id']' Could potentially trash your table. But as far as I know the ; separator should work for ya, again I am unsure but it should.