Michael Lasky
Members-
Posts
22 -
Joined
-
Last visited
Never
Everything posted by Michael Lasky
-
[SOLVED] define root directory for images
Michael Lasky replied to cheeseus's topic in PHP Coding Help
How does it not work? Do you get an error? Does the image just not show up? If it's the latter, check to make sure both your $image_root and $myrow['image'] are set correctly . Or just check the whole string. $imageurl = image_root . $myrow['image']; echo "$imageurl <br>"; echo "<div id=left><img src='$imageurl' border=1></div>"; Make sure imageurl is correct -
[SOLVED] What does it mean by this error:
Michael Lasky replied to ted_chou12's topic in PHP Coding Help
Try using rmdir() http://us2.php.net/manual/en/function.rmdir.php -
V(oice)XML/MySQL/PHP, how to fetch out variables ?
Michael Lasky replied to Lind/swe's topic in PHP Coding Help
Sorry, I'm not too versed with mysql (besides basic data manipulation). But I'd start by double checking that the user has access from any ip. Maybe try to connect to mysql from a different computer (ip) via the command line to see if you can get in. Hope someone with more mysql knowledge comes by to help you out Mike -
$query = $query_post [$name]; What is $query_post? If you overwrite your sql statement ociParse won't be able to parse it.
-
anyone please recommend an advanced php book?
Michael Lasky replied to DanDaBeginner's topic in PHP Coding Help
I highly recommend http://www.amazon.com/Advanced-PHP-Programming-George-Schlossnagle/dp/0672325616 I'm about 3/4 through it and have loved every second. -
That is not necessarily true. It is better to know what you are getting yourself into than to "over sanitize". PHP provides a wonderful function called get_magic_quotes_gpc http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php What this does is tell you if your server is setup to automatically escape data from a form, if it is than you are free and clear on the injection. A good method to sanitize data would be something like this: That way if the data is already escaped it does not double escape it which makes for cleaner data and you know your data will be escaped properly. While I agree, I do think it's good to know how to sanitize data and what get_magic_quotes_gpc is doing before one should rely on it. Though I usually sanitize data myself, maybe I'm just over paranoid.
-
Also, remember that the php functions, like mysql_real_escape_string, help... but it's no excuse to not read up and learn all you can about it. It's always better to over-sanitize data than to rely only on the php functions.
-
V(oice)XML/MySQL/PHP, how to fetch out variables ?
Michael Lasky replied to Lind/swe's topic in PHP Coding Help
$connection = mysql_connect("http://**my_IP****", "***", "****"); mysql_select_db("test",$connect); should be $connection = mysql_connect("http://**my_IP****", "***", "****"); mysql_select_db("test",$connection); If that's not the answer, post the error you're getting. -
Some things to be aware of. Google "SQL Injection" and be aware of the risks. Also, make sure any delete or update statements you send to the db have a WHERE clause. Otherwise it'll delete or update the whole table. SQL Injection vulnerabilities may not be too important for your current project (especially if you're doing it to learn php), but it's good to be aware of it and develop good practices to defend against it while you're still learning.
-
[SOLVED] warning: session_start error?
Michael Lasky replied to fazzfarrell's topic in PHP Coding Help
Check your php ini to see where it's trying to store the session files. You (or actually the php process?) probably don't have access to that directory. The second error is related to the first... probably because it's outputting the session error message and then trying to send a header. That might not be the answer, but it's where I'd start looking. -
Caching is a pretty broad topic (which I unfortunately don't know enough about to give you a really good answer). I highly suggest this book though: http://www.amazon.com/Advanced-PHP-Programming-George-Schlossnagle/dp/0672325616 It devotes a whole section on caching and application performance. It's worth the price of the book just for that section alone.
-
% is the modulus operator in php. You could do something like this instead. $num = 100; echo $num - ($num * 0.1);
-
see: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html Also, if you want to redirect without using header() you could always do something like this <?php echo "<script language='javascript' type='text'/javascript'>location.href='url_to_redirect_to.php'</script>"; exit(); ?> Remember though, that won't work for people who turn javascript off or don't have it available.
-
You're trying to bind 2 variables to the oracle placeholder :var_no. And with the second one you're calling ociExecute instead of ociBindByName. Try replacing OCIBindByName($stmt,":var_no", &$no,50) or die ('Can not bind variable'); OCIExecute($stmt, ":var_no", &$name,50) or die ('Can not Execute statement'); with OCIBindByName($stmt,":var_no", $no, -1) or die ('Can not bind variable'); // <-- repeat this for each variable. Each one should have a different place holder. OCIExecute($stmt) or die ('Can not Execute statement'); Might help if you specify which line you get the parse error on and the actual error message.
-
http://us.php.net/strlen
-
[SOLVED] Problem: Select 10 Newest Members
Michael Lasky replied to Trium918's topic in PHP Coding Help
You're most likely correct, but I'm not 100% sure on that and don't have time to research it now. -
[SOLVED] PHP form problem. Need some urgent help if poss please
Michael Lasky replied to TrevMac's topic in PHP Coding Help
Assuming your form is using method="post" you can simply replace the call to mail with this: if ($_SERVER['REQUEST_METHOD'] == 'POST') { mail($to, $subject, $message, $headers); } That way it will only send the mail when the page is being displayed after submitting the form. I find that putting this super simple function in a library somewhere for the site saves a bit of typing: function is_post() { return $_SERVER['REQUEST_METHOD'] == 'POST'; } Then whenever you want a block of code to ONLY be executed after a form post you just include the file with this function in it and if (is_post()) { do_some_cool_stuff(); } -
[SOLVED] Problem: Select 10 Newest Members
Michael Lasky replied to Trium918's topic in PHP Coding Help
Another simple way to do it is to make he column an integer type and just store the timestamp returned by mktime() (number of seconds passed since Jan 1, 1970). -
Warning: Cannot modify header information
Michael Lasky replied to sonnyboy's topic in PHP Coding Help
Output buffering will solve it too. http://us2.php.net/manual/en/ref.outcontrol.php -
[SOLVED] Problem: Select 10 Newest Members
Michael Lasky replied to Trium918's topic in PHP Coding Help
Thanks Barand, i missed that one. -
[SOLVED] Problem: Select 10 Newest Members
Michael Lasky replied to Trium918's topic in PHP Coding Help
The result returned by mysql_fetch_array is an array. var_dump($row); That will spit out all the contents of the array (in an ugly manner). Useful for debugging. You are just trying to print (echo) an array. What you want to do is print the values in the array. echo"<a href =" ">$row[0]</a> "; That will print the value of the first column returned ($row[1] contains the second column, and so on). You can also specify that mysql_fetch_array returns an associative array. This allows you to reference the array values by the column name they come from. Example: Suppose you have this table layout, the table is called USERS. USERS FIRST_NAME LAST_NAME TELEPHONE_NUMBER and you want to display the first names. The sql query is "SELECT FIRST_NAME FROM USERS"; This will select all the first names in the database. Then, when you want to display this data: for($i = 0; $i < $num_result; $i++){ $row = mysql_fetch_array($result, MYSQL_ASSOC); echo"<a href =" ">$row['FIRST_NAME']</a> "; } Note the addition of MYSQL_ASSOC. This allows you to reference $row['COLUMN_NAME']; rather than $row[0]. Hope that helps. Mike