codebyren

In this case I think the requirement was only to check if a string looked like a steam id in general (not to capture values from it). That being said, I have never seen the sscanf function before and it looks very useful so cheers for that.

Good to know. I've been using '/' so long that I thought it was a requirement.

Not sure where you got the '#' characters from but the rest is fairly close. Here's what I would probably use based on what you said a steam id looks like: <?php $steam_id = "STEAM_0:0:000000000"; $pattern = '/^STEAM_[0-9]:[0-9]:[0-9]{1,9}$/'; if (preg_match($pattern, $steam_id)) { // Great } ?> There's a heap of regrex tutorials out there so I'm not going to go into details about each part of the pattern. There's also a dedicated regex child board on this forum. Hope that helps.

You'll want to sanitize whenever you are passing user-generated values to a database query. You can get a bit more info about why on this page: http://php.net/manual/en/function.mysql-real-escape-string.php So on your viewinfo.php page, you're taking the authid from the $_GET array and then using it in a query. This is completely normal but you absolutely must sanitize the data as a user could easily manipulate the authid in the URL. $steamid = 'A value passed in the URL ($_GET)'; # Not safe (yet) since user can easily manipulate this. // Connect to the db as normal // Sanitize data before running any queries $clean_steamid = mysql_real_escape_string($steamid); $query = "SELECT whatever FROM whatever WHERE a.authid = '$clean_steamid'"; # NOTE: we use the sanitized version here. // Carry on as normal You could also look into using a regular expression (google it) to check that the data in $steamid actually looks like a steam id before using it in the query but that's probably for another day. Lastly, any user-generated data can also be dangerous if you are echo-ing it in your HTML. So you'll probably want to look into Cross Site Scripting (XSS) attacks next. Enjoy.

Well, you don't really need a foreach statement here (assuming I understand what you're looking for). Try something like this: <?php // Snippet of your original code with some modifications $result = mysql_query($query) or die ('Failed to query ' . mysql_error()); $form_counter = 1; # a counter to increment for each of your forms while ($row = mysql_fetch_assoc($result)) { $steamid = $row['authid']; // etc. ?> <!-- here we append the form_counter variable to the form name etc. --> <form name="view<?php echo $form_counter; ?>" action="./viewinfo.php" method="post"> <input type="hidden" id="authid" name="authid" value="<?php echo "$steamid" ; ?>" /> </form> <td align="center"><a href="#" onclick="document['view<?php echo $form_counter; ?>'].submit()"> <?php echo "$name" ; ?></a></td> <?php // your code continues... // ... // Then increment the form_counter variable for the next run of 'while' $form_counter++; } ?> That should get you going but just as a heads-up: the standard way to do this sort of "view user" thing would be to pass the user's steam (or authid whatever) in the URL. No forms required: <a href="viewinfo.php?authid=<?php echo $steamid; ?>"><?php echo htmlentities($name); ?></a> This would churn out something like http://yoursite.net/viewinfo.php?authid=1234 Then get the id from the url on trhe viewinfo.php page like so: if (isset($_GET['authid'])) { $steamid = $_GET['authid']; } else { $steamid = False; } // Now get the user info from the db if ($steamid) { // Remember to sanitize $steamid before using it in a db query... } Hope that helps.

If you followed any sort of tutorial when creating your "statements" table in MySQL, you would probably have created an "id" or "statement_id" column that auto increments when a new statement is entered into the database. If this is the case, when you query the database for a statement for the user to vote on, you can also grab that statement's id - along with the username, positive and negative votes etc. Then when you build the voting form, you include that id hidden in the form as I showed you: <form method="post" action="vote.php"> <input type="hidden" name="statement_id" value="<?php echo $statement_id_from_database; ?>" /> <input type="submit" name="no_submit" value="Disagree" /> <input type="submit" name="yes_submit" value="Agree" /> </form> Once the form has been posted, you can access the statement id like this: $statement_id = (int) $_POST['statement_id']; // (int) insists that the value be an integer $negative = "UPDATE statements SET negative = negative + 1 WHERE ID = $statement_id"; // etc. This sort of thing is generally covered by most tutorials so you may want to follow a few of those to get a better understanding.

You could put the ID of the statement in a hidden field in the form. This way it is also posted with the user's positive or negative vote. <input type="hidden" name="statement_id" value="<?php echo $res['ID']; ?>" /> Just remember that the user can still edit the ID in the hidden field if they know what they are doing - so you will need to sanitize/validate it before using it in a database query.

Your code didn't work like I expected it to either... But I've never actually used preg_replace so that's not saying much. You could try: $string = 'cheese'; $pattern = '/[a-zA-Z0-9]/'; echo preg_match($pattern, $string) ? 'matched' : 'not matched'; This will show that the string matched. Hope it helps.

I'm not sure I understand the problem 100% You're saying you have a page (example.php) which contains a form that is submitted via ajax - and you want to make sure that the form is only ever submitted from example.php on your server? When you show the form, add a hidden field with a random token in it that is also stored in the user's session. Then in the code handling the ajax post, compare the token posted with the form to the token stored in the user's session. If they're not the same or one is missing etc. then you know that the post was not made from your page. Sorry if I misunderstood...

I agree with the hover suggestion. The problem is that when it's in color you can see how hurriedly I cleared the background in photoshop. Another thing to fix then. Thanks for the feedback.

The main problem I can see with your code is: if(isset($_POST['yes_submit'])) { $negative = "UPDATE statements SET positive = positive + 1"; } if(isset($_POST['no_submit'])) { $negative = "UPDATE statements SET negative = negative + 1"; } Now what? You've built the SQL statement. You need to execute it: $result = mysql_query ($negative); if (mysql_affected_rows() < 1) die("No update was made"); Also, I don't see any primary key as such in your statements table. When you say: $negative = "UPDATE statements SET negative = negative + 1"; MySQL won't know which specific statement to update the vote count for. You want a WHERE clause like: $query = "UPDATE `statements` SET positive = positive + 1 WHERE statement_id = 1"; Otherwise, I think MySQL will update the positive vote count in all rows. This should get you going. Then you can start thinking about deterring spammers.

Generally you would need to connect to a payment gateway which has connectivity to several banks - I don't think there are many (if any) banks that have an API that you could connect directly to to process payments etc. (I expect they deliberately only connect to gateways that meet pretty crazy security requirements) That being said, it looks like things are starting to open up in this field: http://www.mastercard.com/us/company/en/newsroom/mc_launching_new_open_api_developer_portal.html But for the moment, you would most likely need a set of API credentials from a payment gateway linked to a merchant account (from a bank) in order to process transactions. It can be pretty expensive when compared to something like PayPal if you are only doing a few transactions - but the more you process, the more cost effective the payment gateway option gets. A good place to start would be to google "payment gateway" or check wikipedia.

Yes, if you want a voting system that isn't easy to cheat then it is quite complex (see ignace's posts above). If you just want a basic voting system without creating any new tables to log IP addresses etc. then you may be able to set a cookie when the voting page loads and only allow people with this cookie set to vote (then update the cookie to record if they've voted). This way a user will need to both accept and then delete the cookie (as opposed to just blocking cookies outright) between every vote if they want to spam votes. It's entirely possible, but the question is... How much do you care? As for the database query, jcbones already had you covered there in his post. Basically this isn't as easy as you're hoping it will be. Hope this clears things up a bit though.

As for the query being blank, it may be best to setup some logging to try notice a pattern as to when the database doesn't return a response for a $txn_id. Log the query string (including the dynamic $txn_id) and the number of rows that MySQL returns. You can use a tool like phpMyAdmin to re-run any suspect queries. Usually something like this might happen if the database is queried for a txn_id before it has had a chance to finish writing that txn_id to the database. But this seems unlikely since the user would have gone through an entire payment process at paypal by then... It's a bit weird. Usually it would be better to generate the pin when the user returns from making payment - but if you are sticking to doing it this way, your best bet is probably to have an additional tinyint(1) field in the pin table called 'busy' or something. Then when you send someone off to paypal to pay for a pin, set busy to 1 for that pin. If another person comes along to buy a pin, only let them buy a pin where busy = 0 in the database. You'd then have to run an additiontal query to change 'busy' back to 0 if the customer's payment doesn't complete etc.

I'm just going to throw this out there since it's a common problem between developers and payment gateways: Are you expecting AlertPay to be able to make a POST to a page on your localhost? Keep in mind that there's no way their servers can reach, for example: http://127.0.0.1/test/callback_page.php - so your script is possibly never even being hit.

Does it need to be posted? Can't you just use a hyperlink to the edit page with the user id in it (http://www.yoursite.com/userEditPage.php?id=123) so that you can re-query the database for the user's details on the edit page? Something like: <?php foreach ($user_records as $user) : ?> <tr> <td><a href="editUserPage.php?id=<?php echo $user['id']; ?>">edit</a></td> <td><?php echo $user['first_name'], " ", $user['last_name']; ?></td> <td><?php echo $user['login']; ?></td> <td><?php echo $user['privilege']; ?></td> </tr> <?php endforeach; ?> Then on the editUserPage.php you can query the database for the user id passed in the URL (remember to sanitize/validate) and pre-populate the edit form with the values from the database: // editUserPage.php $id = isset($_GET['id']) ? (int) $_GET['id'] : false; if ( ! $id) die('No user id specified to edit'); // query database for user's details // generate html form with users details in it for editing. // etc. Hope this makes sense to you.

It looks like it is your heredoc syntax causing the problem. See here: http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc I can't recall if you can use the '_' character in the heredoc trigger. Try without it and also make sure there is no whitespace whatsoever before the closing heredoc tag: print <<<EOT your stuff here.. EOT; // notice how there is no space before EOT; Hope this helps.

Thanks, I understand what you're saying. I've got a couple more design-oriented jobs lined up so hopefully I can add those in before long and illustrate that I offer more than payment handling. Glad you like the look of the site though, it was the most tedious few hundred lines of codes in my life. Cheers

Thanks, had a couple of other people say the same but I can't easily see where to include more color that doesn't actually make it look worse. I'll work on this.

Have you tried something simple to make sure things are working as expected? Like this: $test = "AT&T caps data plan, introduces iPhone tethering"; $decoded_string = htmlspecialchars_decode($test); echo $decoded_string; // outputs "AT&T caps data plan, introduces iPhone tethering" Sorry for going a bit off track here but do you not have access to PHP5? It would make thins a LOT easier on you. For example: // Get the XML source $xml = file_get_contents("http://www.meltwaternews.com/magenta/xml/html/37/10/150061.html.XML"); // Make it PHP5 friendly $simplexml = simplexml_load_string($xml); // Get all news documents as a SimpleXML object that you can loop through $documents = $simplexml->feed->documents->document; // the arrows (->) pretty much follow the XML nesting ?> Then in the HTML: <html> <head> <title>Project: Parse XML 4</title> </head> <body bgcolor="#FFFFFF"> <center><h1>Title</h1></center> <br/> <table align="center"> <tr> <th>Title</th> <th>Date</th> <th>Source</th> <th>Ingress</th> <th>link</th> </tr> <?php foreach ($documents as $document) : ?> <tr> <td><?php echo $document->title; ?></td> <td><?php echo date('m/j/Y', strtotime($document->createDate)); ?></td> <td><?php echo $document->sourcename; ?></td> <td><?php echo $document->ingress; ?></td> <td><a href="<?php echo $document->url; ?>">read</a></td> </tr> <?php endforeach;?> </table> </body> </html> I hope this helps...

Thanks for the reply. Yes, I developed the sites that the images click through to - with the exception of OpenCart which i just developed a payment extension for. I will fix the link to point straight to my extension as soon as OpenCart's extension upload system comes back online. What I get from your feedback is that I need to clarify what my work is though. Thanks.

Hi guys, I'm busy finishing up (hopefully) my one-page freelancer website: http://www.codebyren.com I'm primarily a developer (as opposed to designer) so unfortunately my previous work is generally under the hood somewhere. I do plan to overhaul the personal sites I have showcased once I finish up some development on them though. So yeah, it's simple but I'd appreciate any feedback anyway. Cheers.

Yes, when you say: foreach ($bucket_contents as $file) ... you are effectively returning each top-level array in $bucket_contents (as $file). So the foreach loop basically does: $file = $bucket_contents['CagedDVD.flv']; // this is an array containing 'name', 'time', size' and 'hash' $file = $bucket_contents['CagedDVD.mov.red.zip']; $file = $bucket_contents['CagedDVD.mov.zip']; // ... // .. // etc. Except you obviously get to do something with the current state of $file during the foreach loop before it is re-assigned the next array in $bucket_contents. Hope this clears it up...

As kenrbnsn said, it comes down to the indices: echo $bucket_contents['name']; ...will be invalid while echo $bucket_contents['CagedDVD.flv']['name']; // or echo $bucket_contents['CagedDVD.mov.red.zip']['name']; // etc. ... should work fine. There is that extra level to the array that you are missing. This should also show why $bucket_contents[$i] doesn't work: $i in your example is an incrementing number and there are no numeric indices in the array. Hope this helps.

I can't immediately see why it wouldn't be working. You might have spaces in some of the fields which would then throw the ( ! $variable) check because it does actually contain something (spaces). You could try something (which I haven't tested here and now) like: // Function to fetch values in $_POST array. // Returns NULL if value doesn't exist (wasn't submitted) or was only spaces. function get_post($post_value) { if (isset($_POST["$post_value"] AND strlen(trim($_POST["$post_value"])) != 0)) { return trim($_POST["$post_value"]); } else { return NULL; } } $subject = get_post('subject'); $name = get_post('name'); // etc... if ( ! $subject OR ! $name) { // etc... echo "bad..."; } This is pretty shallow in terms of validation checks but it might be fine. As for spam... that's a bit more complicated. There are lots of PHP classes/libraries etc. that help with this: http://recaptcha.net/ http://www.phpcaptcha.org/ etc. Some sites will get by with something as simple as a hidden field that shouldn't be filled in (because it's hidden). Spam bots will generally fill this out automatically - so you can assume that it's spam if it's filled out... Not a 100% solution but it works for a lot of basic sites. It obviously won't deter human spammers though. The spam question is pretty big... Hope this helps.