Jump to content

Snatch

Members
  • Posts

    48
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

Snatch's Achievements

Member

Member (2/5)

0

Reputation

  1. Ok I see what you mean - but that's just sticking it on top of the navbar? Is there a way of actually making it a part of the navbar?
  2. Ok thanks. I'm planning on designing the navbar in photoshop. Does anyone know any tutorials that will show me how to put the form in the navbar?
  3. I'm not sure if we've got out wires crossed? I'm not looking to make an auto complete search box, just how to implement a normal search box into a navigation bar? All the auto completion tutorials i'm looking at don't explain this.
  4. I've tried seaching google, but mentioning ajax and search boxes just seems to bring up auto completion tutorials....
  5. Hi, I am able to create a search box using PHP that references a mysql database. I am wondering though, how would I integrate it into a navigation bar? Like the one on apples site for example? Could anyone point me in the direction of a good tutorial please? Apologies if this hasn't been posted in the correct thread. Thanks in advance!
  6. Hi, using the code below how would i display $xml and $xml2 in one page? <?php $xsl=simplexml_load_file ("fragment.xslt"); $xml=simplexml_load_file ("http://www.nytimes.com/services/xml/rss/nyt/HomePage.xml"); $xml2=simplexml_load_file ("http://newsrss.bbc.co.uk/rss/sportonline_uk_edition/front_page/rss.xml"); /* create the processor and import the stylesheet */ $proc = new XsltProcessor(); $xsl = $proc->importStylesheet($xsl); /* transform and output the xml document */ $newDoc = $proc->transformToDoc($xml); print $newDoc->saveXML(); ?>
  7. Hi i'm using the following XSL to display an XML page: <?xml version="1.0"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:output method="xml" encoding="ISO-8859-1" version="1.0" omit-xml-declaration="yes" media-type="text/html" indent="yes" /> <xsl:template match="/"> <html> <head> <title>Shaw News</title> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <style type="text/css"> body {background-image: url(images/main-bg.gif); } </style> </head> <body> <p> <a href="index.php">Home</a> </p> <xsl:for-each select="catagory/news [importance='High']"> <p> <xsl:value-of select="@id" /><br /> Title: <xsl:value-of select="title" /><br /> Author: <i><xsl:value-of select="author/firstname"/>:<xsl:value-of select="author/lastname"/></i><br /> Story: <xsl:value-of select="content"/> </p> </xsl:for-each> </body> </html> </xsl:template> </xsl:stylesheet> It works fine in IE but not in FireFox (displays as one long string). Can anyone tell me why this is please?
  8. Snatch

    RSS Feed

    Do you mean the ?> I tried taking out the question mark but it still gives the same error.
  9. Hi, i'm trying to create a dynamic RSS feed for my site but i'm getting the following error: Parse error: syntax error, unexpected T_DNUMBER in C:\xampp\htdocs\website\rss.php on line 11 The code i'm using is: <?php $connection = mysql_connect("localhost", "root", ""); mysql_select_db("shaw", $connection); $select = "SELECT * FROM news ORDER BY id DESC LIMIT 5"; $query = mysql_query($select) or die(mysql_error()); $file = fopen("rss.xml", "w"); fwrite($file, "<?xml version="1.0"?> <rss version="2.0"> <channel> <title>The Shadow Fox Feed</title> <link>http://www.shadow-fox.net</link> <description>Feed Description</description> <language>en-us</language>"); while($array = mysql_fetch_array($query)){ extract($array); $content = htmlentities($content); fwrite($file, "<item> <title>$title</title> <link>http://www.shadow-fox.net/index.php?blog=post&id=$id</link> <description>$content</description> </item>"); } //end of while loop fwrite($file, "</channel></rss>"); fclose($file); ?> Can anyone tell me whats going wrong please?
  10. if(isset($_SESSION['user_id'])) { header("Location: ".$afterlogin); }else{ if(isset($_COOKIE['user_id'])) { // Read cookie, make session $sql = "SELECT id,state,password,active FROM `".$db_tbl."` WHERE id='".$_COOKIE['user_id']."'"; $query = mysql_query($sql); $row = mysql_fetch_object($query); $id = htmlspecialchars($row->id); $status = htmlspecialchars($row->state); $dbpass = htmlspecialchars($row->password); $actief = htmlspecialchars($row->active); if($dbpass == $_COOKIE['user_password'] AND $actief == 1) { $_SESSION['user_id'] = $id; $_SESSION['user_status'] = $status; ?> <script language="Javascript" type="text/javascript"> location.href='<?= $afterlogin ?>'; </script> <? }else{ echo $login_cookiefalse; setcookie("user_id", "", time() - 3600); setcookie("user_password", "", time() - 3600); } }else{ if(isset($_POST['submit'])) { // Login $sql = "SELECT id,name,password,state,active,cookie_pass FROM `".$db_tbl."` WHERE name='".$_POST['user']."'"; $query = mysql_query($sql); $count = mysql_num_rows($query); if($count == 1) { $row = mysql_fetch_object($query); $dbpass = htmlspecialchars($row->password); $userpass = md5($_POST['pass']); $cookiepass = htmlspecialchars($row->cookie_pass); $userid = htmlspecialchars($row->id); $userstatus = htmlspecialchars($row->state); $useractief = htmlspecialchars($row->active); if($dbpass == $userpass) { if($useractief == 1) { $_SESSION['user_id'] = $userid; $_SESSION['user_status'] = $userstatus; if($_POST['cookie'] == "do") { if($cookiepass == "") { $cookiecode = mt_srand((double)microtime()*100000); while(strlen($cookiecode) <= 10) { $i = chr(mt_rand (0,255)); if(eregi("^[a-z0-9]$", $i)) { $cookiecode = $cookiecode.$i; } } $sql = "UPDATE `".$db_tbl."` SET cookie_pass = '".$cookiecode."' WHERE name = '".$_POST['user']."' LIMIT 1"; mysql_query($sql); $cookiepass = $cookiecode; } setcookie("cookie_id", $userid, time() + 365 * 86400); setcookie("cookie_pass", $cookiepass, time() + 365 * 86400); } echo $loginsucces;
  11. Hi, i'm using the below code for my search wrapper. It works but instead of showing the users id how would i show the users name? I had a stab in the dark at using user_name but as I expected it didn't work. <?php if(!isset($_SESSION['user_id'])){ // check if the user is logged in // the user is not logged in // just display the search box ?> <script type="text/javascript" src="./js/cleardefault.js"></script> <form method="get" action="search.php"> <input name="search" type="text" size="35" value="click here to search" class="cleardefault" /> </form> <?php } else { // the user is logged in // display the search box, name of user and logout ?> <script type="text/javascript" src="./js/cleardefault.js"></script> <form method="get" action="search.php"> <table width="755" border="0"> <tr> <td width="331" height="24"><input name="search" type="text" size="35" value="click here to search" class="cleardefault" /></td> <td width="350">You are currently logged in as: <?php echo "$_SESSION[user_id]"; ?></td> <td width="60"><a class="one" href='logout.php'>Logout</a></td> </tr> </table> </form> <?php } ?>
  12. Thanks redarrow, my code now looks like this: //Get the word submitted by the form $searchTitle = $_GET["search"]; $searchTitle = strip_tags($searchTitle); //strip tags $searchTitle = preg_replace("/[^a-zA-Z0-9\s]+/", "", $searchTitle); // Regex, only allow alphanumeric Again, it seems to be working. Any other suggestions, or is there a more efficient way to write the code?
  13. Ok I think I've sussed strip tags, I did this and it seems to be working: //Get the word submitted by the form $searchTitle = $_GET["search"]; $searchTitle = strip_tags($searchTitle); // strip tags if (!empty($searchTitle)) { print " Looking for products containing $searchTitle <br><br/>"; //Get the order method if one has been passed to this page $order = $_GET["order"]; // create query - This query combines data from the film table and the director table $query = "SELECT * FROM products WHERE name like '%$searchTitle%' or brand like '%$searchTitle%'"; //Use the ordering if an order has been passed if (!$order=="") { $query = $query." order by $order "; } //print $query; // execute query $result = mysql_query($query) or die ("Error in query"); // see if any rows were returned if (mysql_num_rows($result)>0) { echo "<div id=sortactions>". Is there anything else I should do to make it secure?
  14. Hi, I've implemented a search box in my site for users to search for products using the following code: //Get the word submitted by the form $searchTitle = $_GET["search"]; if (!empty($searchTitle)) { print " Looking for products containing $searchTitle <br><br/>"; //Get the order method if one has been passed to this page $order = $_GET["order"]; // create query - This query combines data from the film table and the director table $query = "SELECT * FROM products WHERE name like '%$searchTitle%' or brand like '%$searchTitle%'"; //Use the ordering if an order has been passed if (!$order=="") { $query = $query." order by $order "; } //print $query; // execute query $result = mysql_query($query) or die ("Error in query"); // see if any rows were returned if (mysql_num_rows($result)>0) { echo "<div id=sortactions>". "Order results by: ". "<a href='search.php?search=$searchTitle&order=name'>Name / </a>". "<a href='search.php?search=$searchTitle&order=price'>Price</a></div>"; while ($row = @ mysql_fetch_array($result)) { //while($row = mysql_fetch_row($result)) { echo "<div id=browsestyle><table width=80% border=0>" . "<tr>" . "<td width=10% valign=top rowspan=9><span id=imgpad><img src=".$row["image"]." height=50 width=50 /></span></td></tr>" . "<tr><td width=25% valign=top><strong>Brand: </strong></td><td width=75% valign=top>". $row["brand"] ."</td></tr>" . "<tr><td width=25% valign=top><strong>Name: </strong></td><td width=75% valign=top><a href = 'getprod.php?prodid=" . $row["id"] ."'>". $row["name"] ."</a></td></tr>" . "<tr><td width=25% valign=top><strong>Price: </strong></td><td width=65% valign=top>" . $row["price"] . "</td></tr>" . "</table></div>" ; } } else { // print status message echo "No Results Found!"; } // free result set memory mysql_free_result($result); // close connection mysql_close($conn); } I've been told this isn't secure. I'm guessing I need something like strip tags in the code? Please could someone suggest what needs to be done to make it secure an if possible point me to an example? Mucho gracias!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.