jakebur01

What would be the correct way to do this? $result = mysql_query("SELECT * FROM extreme where `State` = 'AK' and `Store` = 'B & R' and`Store` = 'Extreme' order by City", $db) or die(mysql_error());

I have a data page(imcs.php) that contains xml data that used in a flash map on locator.php. I need a way to protect imcs.php to where someone cannot access it directly. I tried putting an if statement on imcs.php to see if the http_referrer is locator.php, but it did not work on several computers. Is there another way of protecting imcs.php? locator.php: <script type="text/javascript"> var uid = new Date().getTime(); var flashProxy = new FlashProxy(uid, 'us/with_javascript/js/JavaScriptFlashGateway.swf'); var tag = new FlashTag('us/us.swf?data_file=us/imcs.php', 480, 325); tag.setFlashvars('lcId='+uid); tag.write(document); </script> and part of imcs.php: <?xml version="1.0" encoding="iso-8859-1"?> <us_states> <state id="range"> <data>0</data> <color>000000</color> </state> <state id="outline_color"> <color>777777</color> </state> <state id="default_color"> <color>000000</color> </state> <state id="background_color"> <color>D2D2CA</color> </state> <state id="default_point"> <color>ca6011</color> <size>2</size> </state> <state id="scale_points"> <data>50</data> </state> <?php require '../connect/data.php'; //........................

$_SERVER["HTTP_REFERER"]; worked on safari/mac, but did not work on ie. Is their anything else I can do that would work similar to this?

I need to add pagination to this script that retrieves all the zip codes with a given range. I have done basic pagination on testimonial pages and photo pages. But, never anything like this. $zips = $z->get_zips_in_range($formzip, $formrange, _ZIPS_SORT_BY_DISTANCE_ASC, true); if ($zips === false) echo 'Error: '.$z->last_error; else { echo "<h4>You have selected $formzip and $formrange miles.</h4><br /><br />"; foreach ($zips as $key => $value) { $result = mysql_query("SELECT * FROM extreme WHERE Zip = '$key'", $db); while($myrow = mysql_fetch_array ($result)) { $Dealer=$myrow['Dealer']; $Address=$myrow['Address']; $City=$myrow['City']; $State=$myrow['State']; $Zip=$myrow['Zip']; $Phone=$myrow['Phone']; echo "<b>$Dealer</b><br />$Address<br />$City, $State $Zip<br />$Phone<br />You are $value miles away from this $dname dealer.<br /><br />"; } }

i put <?php if($_SERVER['HTTP_REFERER'] != "http://www.example.com/locator.php") { die("Go away"); } ?> at the top of imcs.php and everything seems to work fine. The data does not display in the browser if the page is attempted to be accessed directly and the data is still being pulled into locator.php. Do I still need to implement the define('AUTH_TOKEN',1); code?

That did not work. Here is the flash map code on locator.php: <script type="text/javascript"> var uid = new Date().getTime(); var flashProxy = new FlashProxy(uid, 'us/with_javascript/js/JavaScriptFlashGateway.swf'); var tag = new FlashTag('us/us.swf?data_file=us/imcs.php', 480, 325); tag.setFlashvars('lcId='+uid); tag.write(document); </script> and part of imcs.php: <?xml version="1.0" encoding="iso-8859-1"?> <us_states> <state id="range"> <data>0</data> <color>000000</color> </state> <state id="outline_color"> <color>777777</color> </state> <state id="default_color"> <color>000000</color> </state> <state id="background_color"> <color>D2D2CA</color> </state> <state id="default_point"> <color>ca6011</color> <size>2</size> </state> <state id="scale_points"> <data>50</data> </state> <?php require '../connect/data.php'; //........................

Hello.. I have a page that contains a flash map called locator.php. This map pulls data from a page called ims.php. I am wanting to protect our dealer list. We do not want someone to see ims.php in the source code and try to pull that page up in their browser directly. Is their any way we could have ims.php check to see if locator.php is the one requesting the page. ex. if page requester == locator.php then display data else display nothing

I think it is just the program on my mac. It connects pretty fast on navicat on my pc laptop. I will try reinstalling navicat on my mac. Thanks for the help.

connection and queries are slow.. the test came from speakeasy.. and I connect to a server that a friend manages in a data center through an ip

The last month Navicat has been taking forever to connect to servers and databases. I am running on mac and my internet speed is about 3000down 500up. Any thoughts?

thank you. - Jake

Thank you for the info. Do you know of anything I could view the page in that does not do redirects? I would like to see the last security problem in action.

but, you would need to have a form to hack it wouldn't you? You couldn't hack that using the url could you?

I was hoping I could test this in my browser by turning off redirects somewhere in the preferences. I am on a mac. Do you know of any program I can use to see this in action. Thanks, Jake

How do you ignore a redirect?

This is the login-check.php page, which is the only thing check to see if the user is logged in. This is required at the top of all the admin pages. require "client-info.php"; session_start(); $ses_id = session_id(); $db = mysql_connect("localhost",$dbusername,$dbpassword); mysql_select_db($database,$db); $sql="select ses_id from $users_table where user_name like '$login'"; $result=mysql_query($sql,$db); $myrow=mysql_fetch_array($result); if($ses_id==$myrow[ses_id]) {} else { header( 'Location: index.php' ) ; }

Hello, I have a friend whose login has been getting hacked into. There is not any evidence that they have been posting a username and password. We are thinking they could be getting in using a cookie or session somehow. <?php require 'client-info.php'; if($submit) { $db = mysql_connect("localhost",$dbusername,$dbpassword); mysql_select_db($database,$db); $sql="select * from $users_table where user_name='$login'"; $result=mysql_query($sql,$db); $myrow=mysql_fetch_array($result); if($myrow['user_password']==$password and $myrow['user_name']==$login) { session_start(); $ses_id = session_id(); $sql2 = "UPDATE $users_table SET ses_id='$ses_id' where user_name like '$login'"; $result2=mysql_query($sql2); require 'admin-panel.php'; } else { echo "<br><br><tr><td align=center><font face=arial size=4 >"; echo "Incorrect login information. Hit your back key to try again."; echo "</font><br><br></td></tr>"; } } else { session_start(); $ses_id = session_id(); $db = mysql_connect("localhost",$dbusername,$dbpassword); mysql_select_db($database,$db); $sql="select ses_id from $users_table where user_name like '$login'"; $result=mysql_query($sql,$db); $myrow=mysql_fetch_array($result); if($ses_id==$myrow[ses_id]) {require 'admin-panel.php';} else { require 'login-form.php';} } ?> Thanks, Jake

There are thousands of hosting companies out there. I am trying to get opinions of the best.

I could not find a hosting section to post under, so I figured I would be ok posting here in PHP Help. I am currently hosting with a guy who has a windows server that he manages that is located in a data center in Dallas, TX. He is currently charging my clients $20 a month and giving me half. I am considering switching to another host where I do not have to call him for every little thing. I manage about 15 companies, each have PHP & MySQL. I am looking for some insight for the best host for PHP and ease of managing 10 - 15 seperate companies. Thanks, Jake

So are you saying that even though the html redirect is at the bottom of the pup page that it could actually execute before the page finishes loading?

What is the best way to redirect to a new page after the page has fully loaded? Would this require javascript. I realize I header redirect must be put before all other code, but I need it at the bottom of the script. - Jake

Something isn't right. I'm getting PHP Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 840 bytes). Something else must be out of place. It won't even do one row if I change $rows_per_loop to 1. I also changed if ($limit_end==$total_rows) { $s=$rows_per_loop; } } to if ($limit_end==$total_rows) { $i=$rows_per_loop; } }

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OFFSET ''' at line 1 I also added a missing bracket in the first if statement near $_GET.

I am having trouble putting this together. I have tried a few things, but I have not been able to figure it out. 1. I am trying to run 25 rows. 2. Pass where I am at to the next page using $_GET and run the next set of 25 rows. 3. and continue until finished <?php if (isset($_GET['limit_start'])) { $limit_start=$_GET['limit_start']; $limit_end=$_GET['limit_end']; } ini_set('max_execution_time', '999'); // example of how to use basic selector to retrieve HTML contents include('simple_html_dom.php'); $source_file = "C:/Inetpub/Websites/edit.com/echo.txt"; $fp= fopen("$source_file", "a"); $other="\n"; $db = mysql_connect('localhost', 'xx', 'xx') or die(mysql_error()); mysql_select_db('xx') or die(mysql_error()); $total_rows = mysql_num_rows(mysql_query("SELECT * FROM zip_code where `state_prefix` = 'OK'", $db)); $rows_per_loop = 25; $total_loops = ceil($total_rows/$rows_per_loop); // run the loop, while loop counter is less than the total number of loops: for($s=0; $s<$total_loops; $s++) { // get the numbers for the limit, // start is just the current loop number multiplied by the rows per loop // and end is loop counter + 1, multiplied by the rows per loop $limit_start = $rows_per_loop*$s; $limit_end = $rows_per_loop*($s+1); $result = mysql_query("SELECT * FROM zip_code where `state_prefix` = 'OK' LIMIT $limit_start, $limit_end") or die(mysql_error()); while($myrow = mysql_fetch_array ($result)) { $zip=$myrow['zip_code']; // get DOM from URL or file $html=file_get_html("http://www.mysite.com/selector.php?transaction=search&template=map_search&search1=0&pwidth=400&pheight=700&proxIconId=400&proxIcons=1&search2=0&search3=1&country=US&searchQuantifier=AND&address=&city=&stateProvince=+&postalCode=$zip&radius=500&x=78&y=16"); $i = 0; $tmp = $html->find('span[class=mqEmp], span[class=Black11]'); $cnt = count($tmp) - 1; foreach($tmp as $e) { if($i > 0 && $i < $cnt){ $outputstring=$e->plaintext; $outputstring=$outputstring. "\t"; fwrite($fp, $outputstring, strlen($outputstring)); if ($i % 8 == 0) { fwrite($fp, $other, strlen($other)); } } $i++; } } // now that we've run those, let's clear the results so that we don't run out of memory. mysql_free_result($result); // show where we are at echo $limit_start,' - ',$limit_end,'<br />'; sleep(1); // give PHP a little nap to keep from overloading server ob_flush(); // as recommended by MadTechie, in case we go beyond the max execution time flush(); // add flush, to make sure it is outputted header( "location:http://www.edit.com/selector.php?limit_start=$limit_start&limit_end=$limit_end" ); } fclose($fp); ?>

dude... I edited it so everybody wouldn't see exactly all of my business. 1. I am just trying to run 25 rows. 2. Pass where I am at to the next page using $_GET and run the next set of 25 rows. 3. and continue until finished