premiso
Members-
Posts
6,951 -
Joined
-
Last visited
-
Days Won
2
Everything posted by premiso
-
increasing column value by one (if exist)
premiso replied to 2millionways's topic in PHP Coding Help
It was a typo I just saw at the top of the script I posted you. If you fixed before you ran it, great than that is not the problem. However if you did not and you do have a table named "heck" then yea that is the problem. Other than that I looked over my code, and there are no issues as far as I can tell. For some reason it is showing a non-valid column name as being set. -
You have to grab the whole page first, than parse it with either preg_match or split to pull out the data you need.
-
Let's say you do not check your data going into the DB. $sql = "SELECT * FROM table_name WHERE username = '" . $_POST['username'] . "'"; On the post form username, I add the ' OR 1=1 OR x='x for the username the query now becomes SELECT * FROM table_name WHERE username = '' OR 1=1 OR x='x' So now, if this is a login function, it will return a valid useranme and essentially "login" this random person to the site.
-
Someone inputs on an unchecked/unescaped form this: ' OR 1=1 AND From there it returns a row and can essentially validate them. That is a "good" example. They can wipe out entire databases if that is allowed. The best protection against SQL injection: mysql_real_escape_string on any data going into a DB, along with a good validation of inputted data.
-
Ah, now that makes sense lol. I am sure there is a function to do this somewhere...but this might work. <?php function keepKeySort($array) { $array2 = $array; sort($array); foreach ($array as $key => $val) { $newKey = array_search($val, $array2); $returnArray[$newKey] = $val; } return $returnArray; } ?> Not sure if that will work, but if not maybe you can tweak it to work.
-
How is SQL injection possible with magic quotes on?!
premiso replied to razta's topic in PHP Coding Help
Yes, and it is actually preferred to do so. http://us3.php.net/magic_quotes magic_quotes is depreciated as of 5.3 as an fyi. If you can use .htaccess add this to it php_flag magic_quotes_gpc Off And if that does not work try this method -
How is SQL injection possible with magic quotes on?!
premiso replied to razta's topic in PHP Coding Help
magic quotes do not escape all possible scenarios for SQL injection. It is best practice to use that if magic_quotes are on either turn them off or stripslashes on the data then use mysql_real_escape_string on the data for database entry. This will ensure anything harmful to mysql will be escaped to prevent SQL injection. That and the fact addslashes is said to be depreciated in PHP6. EDIT: A side note, this is the function I use: function myEscape($string) { return (get_magic_quotes_gpc())?mysql_real_escape_string(stripslashes($string)):mysql_real_escape_string($string); } Works great. -
krsort Look at the sorting functions at the php.net manual. You are bound to find it by looking....
-
increasing column value by one (if exist)
premiso replied to 2millionways's topic in PHP Coding Help
$sql="SELECT * FROM hesk_tickets"; You had a typo in your first SQL statement. heck vs hesk. -
Fatal error: Allowed memory size... BUT, not the typical problem
premiso replied to jonw118's topic in PHP Coding Help
Most likely the browser timed out. Anything over 2MB php has a hard time handling due to the browser timing out and the fact that the default upload_max_filesize is 2MB. <?php ini_set("upload_max_filesize", "16M"); ?> Try adding that somewhere and see if it allows your upload. Also remember slow connections can make the browser timeout and if the uploads take longer than 30 seconds, php will time out unless you set the set_time_limit I would read up more on file uploading =) -
rsort That should do it. EDIT: Removed the other portion, it was irrelevant.
-
Javascript. <body onload="document.getElementById('yourfieldidhere').focus();"> I believe that would do it.
-
Same way. ASC and DESC in the ORDER BY work the same on numbers and alpha. You just have to sort it by the right column.
-
Yea, it makes it return an associative array instead of both. It saves memory space. That had nothing to do with why this was not working.
-
$query = "SELECT * FROM `tbl_vehicles`"; $result = mysql_query($query) or die (mysql_error()); if (mysql_num_rows($result) > 0) { echo "<table> <tr> <td><strong>REG</strong></td> <td><strong>MAKE</strong></td> <td><strong>MODEL</strong></td> <td><strong>COLOUR</strong></td> <td><strong>REG</strong></td> <td><strong>STATUS</strong></td> <td><strong>LOCATION</strong></td> <td><strong>MILEAGE</strong></td> <td><strong>FUEL TYPE</strong></td> <td><strong>TRANSMISSION</strong></td> <td><strong>OFF FLEET DATE</strong></td> </tr>"; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $make_id = $row['MAKE_ID']; echo "<tr><td>{$row['REG']}</td>"; $makeRes = mysql_query("SELECT `NAME` FROM `tbl_veh_make` WHERE `ID` = '$make_id'"); $make = mysql_fetch_assoc($makeRes); $make = $make['NAME']; echo "<td>$make</td> </tr>"; } echo "</table>"; } Sorry about the formating. I would suggest using [ code] over [ php]
-
increasing column value by one (if exist)
premiso replied to 2millionways's topic in PHP Coding Help
Your code is wrong. /* check if column step_status exist if does add 1 */ $sql="SELECT * FROM heck_tickets"; $result=mysql_query($sql); if ($row = mysql_fetch_array($result)) { $bTrue = true; $i=1; while ($bTrue) { if (!isset($row['step_status' . $i])) { $bTrue = false; $columname = 'step_status' . $i; }else { $i++; } } $sql = "alter table hesk_tickets add column $columname enum ('0','1')"; } Would be the proper way. However, this is not good on the server and each time you add a new column to the table, it adds it to each row. So yea. I would do a separate table as suggested as it will save you time, efficiency and in the long run it will make your life a TON easier. -
How is it "not working" ? What is it doing/not doing?
-
imho the best way to learn PHP is find a code and disect it. Look at what is it doing and why it does it and research the functions via php.net. What type of program are you wanting to write? Google it and see if a script is already made (or perhaps a tutorial). If so use that script and just read over it. Find out why it does what it does. Then make it better, update it and make it more efficient with different things. The best way to code is to just code. Sure 2-3 years down the line you will learn more and realize your initial code, sucked, and laugh at it. But at that point you are a coder =P So yea. That is my 2cents. I never picked up a book. I just leaped into it one day after finding a cool script while looking for a javascript =)
-
You would need to use javascript onChange event that when the drop down is changed it posts back to the page and at the top of your page, check for that post data. If the post data is there then add what was selected to the end of the ORDER BY, if nothing was selected make it the default of `price`.
-
The issue you are having is common if your site recently generated a lot of traffic. Especially with free/cheap hosts it is even more seen cause they do not care to fix it unless you pay more. If you had a dedicated you can change the max number of MySQL connections easily and it fixes the problem. I had this when my site started getting 10,000+ hits a day and had to change the max connections in MySQL and have not had that problem since. Unfortunately without a dedicated server you will have to ask them to change it, and they probably will not. Oh and the pconnect, I do not think would help, because it seems he has more than a few hundred users that connect at a time, which is what is causing the issue. This is assuming you are really only opening one connection per page and no more. If you are opening more than 1 per each page, do as Russell said and re-design your script to use 1 database call per connection.
-
If you created your own module you would still have to enable that too. What is the difference? Other than this one is fully built working and has been tested. Yours isn't.
-
how to make thumbnail for youtube and any other video site using php
premiso replied to dustro's topic in PHP Coding Help
http://www.hotscripts.com/Detailed/74479.html A simple google of "youtube php webfetch" would have pulled up plenty of results of scripts made to do just that. -
hi premiso i moved the chmod line before the move_upload file portion. still get the same error. Warning: chmod() [function.chmod]: Operation not permitted in /home/gadgetso/public_html/admin/add_special_offer.php on line 10 Warning: move_uploaded_file(../graphics/lg_logo.gif) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/gadgetso/public_html/admin/add_special_offer.php on line 11 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpMr5bY8' to '../graphics/lg_logo.gif' in /home/gadgetso/public_html/admin/add_special_offer.php on line 11 <?php require_once("../config.php"); if(!isset($_SESSION['ADMIN_ACCESS'])) header("Location:index.php"); $msg=""; if(isset($_REQUEST['submit'])) { $loc=$_REQUEST['offer_loc']; $path=$_FILES['offer_image']['name']; chmod("../graphics/", 0777); move_uploaded_file($_FILES['offer_image']['tmp_name'], "../graphics/" . $_FILES['offer_image']['name']); $qry="insert into special_offers(location,offer_image) values('$loc', '$path')"; if(mysql_query($qry)) $msg="Offer Inserted successfully"; else $msg="Error Inserting Offer"; } ?> vineet Operation not permitted means you cannot use CHMOD through the script, you have to do it through the FTP program if you want this functionality and it will have to stay at 0777.
-
Is $error being populated on the same page?
-
Not sure but wouldnt it be: <?php if (!empty($error)){ echo "<div class='error_message'>"; $nr = count($error); for ($row = 0; $row < $nr; $row++) { echo"<p><img src='images/icons/".$error[$nr]['icon']."' width='16' height='16' /> ".$error[$nr]['text']."</p>"; } //close error box echo "</div><!-- end error_message -->"; } ?>