rickyj

okay, its a simple question, but I have no idea how to search for this. How can I put a forward slash within quotes. I have a problem, a string gets converted to "xyz/" and is then put in an sql querry, how can I detect the slash, I cant use: strpos($encPass, "\" ) > -1 Since the \ makes the quotation a non surrounding quotaion.. so what can I use to detect a forward slash?

a simple java solution would be: (after splitting Srch into array) this_column.indexOf(splitSrch) != -1 but have no idea how to put this into an sql statement. Please HELP..

for example : WHERE this_column Like '%srch%"' solves if srch = "puzzle" and this_column = "a puzzle search phrase" but doesnt solve the case where for instance if srch = "this is a puzzle" and on one of the rows this_column = "a puzzle search phrase" - It might be possible to split srch, via ' ', and then check for each of the arrays eg: $splitSrch = split(' ', $srch) and then use: WHERE (this_column Like '%splitSrch[0]%' Or this_column Like '%splitSrch[1]%' ...) but $srch may not always contain two words... hmm, must be an easier way of doing this

Does anyone know how to put the following in to a query WHERE At least one of the words in the phrase "srch" must contain at least on of the words in "this_column" for instance if srch = "this is a puzzle" and on one of the rows this_column = "a puzzle search phrase" so the where statement is true for this row.

my above code was supposed to say str_replace (The edit function was not working for me?). preg replace doesnt seem to work here for some reason? However, It should be noted, before I use these variables, I get them via this method: stripslashes((get_magic_quotes_gpc()) ? $_POST[$MyString] : addslashes($_POST[$MyString])));

Thanks for the help, I tried this but get the following for: 1st line new line third line gets converted to :1st line\r\nnew line\r\nthird line\r\n (looking at the database: looks exactly the same) i.e., it doesn’t get converted at all. yet, $string = preg_replace('\r', '<br>', $string); works but leave /n at the start of each line, and $string = preg_replace('\r\n', '<br>', $string); works, but deletes n's off of the start of a new line if its present <-- this I find really odd!

Hi there, I’m having a real bit of trouble, and I cant narrow it down. I’m trying to get a form to post a message to a mySQL data base, and replace the users input new lines into <br> - But this doesn’t seem to be working as expected. - I have tried lots of things, but they all give strange results. - the Mysql column is a text column - I have tried using nl2br, but this does nothing to the text. Im currently using: function nl2br2($string) { $string = str_replace('\r\n', '<br>', $string); $string = str_replace('\r', '<br>', $string); $string = str_replace('\n', '', $string); return $string; This works perfect, unless the new line start with an n, if the new line starts with an n the n gets striped: first line new line third gets converted to first line<br>ew line<br>third if I use this: function nl2br2($string) { $string = str_replace('\r\n', '<br>', $string); $string = str_replace('\r', '<br>', $string); return $string; I get: first line \nnew line \nthird I cant figure out whets going on here? I have also tried using variations, but get exactly the same result: function nl2br2($string) { $string = str_replace('\n\r\n', '<br>', $string); $string = str_replace('\r\n\n', '<br>', $string); $string = str_replace('\r\n', '<br>', $string); $string = str_replace('\r', '<br>', $string); $string = str_replace('\\n', '', $string); $string = str_replace('\nn', ' n', $string); $string = str_replace('\n', '', $string); return $string; gets converted to first line<br>ew line<br>third function nl2br2($string) { $string = str_replace('\n\r\n', '<br>', $string); $string = str_replace('\r\n\n', '<br>', $string); $string = str_replace('\r\n', '<br>', $string); $string = str_replace('\r', '<br>', $string); $string = str_replace('\\n', '', $string); $string = str_replace('\nn', ' n', $string); return $string; I get: first line \nnew line \nthird Any on know what is happening?

Referer is not used by all browsers (and can easily be faked)

Sorry, cant do that, but I can give examples (as the one above) Im bassically asking it there is a way of grabing the full url, since $_SERVER['PHP_SELF'] only grabs "/this.php" from www.example.come/this.php?other=things&more=1 If I could grab the full url I would be able to show that 'other' and 'more' are or are not set without using isset, or get. I dont like using isset($_GET['a'] ) since if the user manipulates the a variable to "a = ']) && more code //", this is unsafe!

The problem is, I really dont want to use isset and then get (I cant trust users input so do a lot of stipping of characters). I was initially using isset, and then relised the security flaw

I need it to go to the second page, and then display the contense, its just looping at the moment

is there a way to redirect www.example/this.php to www.example/this.php?a=1&b=2 I have tried using: but this results in a loop, any ideas?

yup, you where exactly right Thanks

hmm, "INSERT INTO sigparsed (a, b, c, d) VALUES ('2', '1', '$var1', '0' )WHERE userid = '$UserID' " hmm getting there, but I cant use the where statment like this can I? how can I do the above?

yes, I shouldnt be using insert, But I have made some progress thanks to you guys, cheers

opps i should be replacing not inserting, hmm

hmm now Im getting : abDuplicate entry '119' for key 1 what does this mean, my querry is now: print 'a'; $Querry = "INSERT INTO sigparsed (a, b, c, d, e ) VALUES ('2', '$var1', '1', '$var2', '0' ) "; $result= mysql_query($Querry) or die(mysql_error()); print 'b'; $Querry2 = "INSERT INTO usertextfield (f, g) VALUES ('$var3', '$var4') "; $result2= mysql_query($Querry2) or die(mysql_error()); print 'c';

this is the shothand sqlquerry(after connecting to the database an table): and my error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' But I see nothing wrong with my syntext

Thanks, unfortunately I doubt my server has the php GD2 library (im not hosting this one myself). $_SESSION[] looks like a good idea to implement though : http://uk3.php.net/function.session-register

Hi, Im thinking of writting my own Text(picture) verification I know there are methods out there, but I dont want to use standards (since i know the common ones always get hacked eventualy). Im thinking of writting this in php, where the php gets a image number (say from the milliesecond that the user has gone to the registration of this page) eg, 01 millseconds = pic 1 (an algorithum will modify this, but you get the idea) But I have then run into security problems, with various approaches: 1. onSend the javaScript can verify that the image the same as the input eg 01img = Myinput - security problem, javascript can be searched 2. imageNumber can be varified by php that imageNumber corresponds to Myinput - cant see anyproblems with this so far Anyone done this before, any infomation on this sort of thing would be appreciated, thx

from a securit point of view how is it possible to make sure that any post data only comes from one site (that you define) for instance if I had a example.MyRegistrationForm.php, which posts to example2.MyUserCreation.php How could I make sure that the data is only posted from example.MyRegistrationForm.php I dont want to send this in the post request (since post request can be manipulated), i need to find a way for example2.MyUserCreation.php to know it come from example.MyRegistrationForm.php Any ideas?

the above didnt work, it just set it to the first one, regardles of it already being present in the database! but I used: why dont these posts merge

I have something else that does the inserting, so the follwing code should work? foreach ($ltURLarray as $ltURL) { $fetch=mysql_fetch_assoc(mysql_query("SELECT `LT_URL` FROM `lt_users` WHERE `LT_URL`='".$ltURL."'")); if (empty($fetch['LT_URL'])) { break; } } // so now $ltURL is set to $ltURLarray (where ltURLarray is not found) (sorry for me being a bit dumb and spelling it out in full), do you think this will work?

dow! break... thats what i was looking for, just forgot, thanks

Thanks for the quick response Will foreach not go through each one(regardles of result), I want to stop if the 1st is not found in the colum, or if not try second....