CMC

Hi, Right so tonight I was working on my installer script, and I've run into a problem. Part of my installer script takes data inputted through a form and writes it to a config file. Since the config file already has data in it, I set fwrite to r+. The problem is, the written data from the install form overwrites some of the existing data in the config file. Ideal Here is what the finished copy of the config file should look like (after being written too) <?php $db_host = 'localhost'; $db_user = 'data'; $db_passwrd = 'data'; $db_name = 'data'; $vb_prefix = 'vb'; $vb_dir = '/data/vb/'; $ga_dir = '/data/ga/'; $html_title = 'Gangsta Giveaways'; $site_name = 'MAXGames'; $connect = mysql_connect($db_host,$db_user,$db_passwrd); if(!$connect){ $gen_message = 'An error was encountered while accessing the database. The connection to the database failed. Please try again later.'; $email_message = $gen_message."\n".mysql_error(); #ReportAdmin($admin_email,$email_message); die($gen_message); } blah blah blah... rest isn't important as it shows up fine ?> Initial config (before data is written) $connect = mysql_connect($db_host,$db_user,$db_passwrd); if(!$connect){ $gen_message = 'An error was encountered while accessing the database. The connection to the database failed. Please try again later.'; $email_message = $gen_message."\n".mysql_error(); #ReportAdmin($admin_email,$email_message); die($gen_message); } ?> Reality: Final config: Here is the problem. the fwrite cuts of part of the data already in the config file. $db_host = 'localhost'; $db_user = ''; $db_passwrd = ''; $db_name = ''; $vb_prefix = 'vb'; $vb_dir = '6'; $ga_dir = '/ho'; $html_title = 'Gangsta Giveaways'; $site_name = 'MAXGames'; ge = $gen_message."\n".mysql_error(); #ReportAdmin($admin_email,$email_message); die($gen_message); } See the [icode]ge = $gen_message."\n".mysql_error();[/icode]. It should start with [icode]$connect = mysql_connect...[/icode]. Not sure what's going on. install.php with fwrite $config_data = "<?php\n\$db_host = '{$clean['host']}';\n\$db_user = '{$clean['user']}';\n\$db_passwrd = '{$clean['passwd']}';\n\$db_name = '{$clean['name']}';\n\n\$vb_prefix = '{$clean['vbpre']}';\n\$vb_dir = '{$clean['vbdir']}';\n\$ga_dir = '{$clean['gadir']}';\n\n\$html_title = '{$clean['title']}';\n\$site_name = '{$clean['sname']}';\n\n\n"; $fwrite = fwrite($fh,$config_data,strlen($config_data)) or die('Config file was opened but not be written to.'); I've used this method before with installers and I'vee never encountered this problem. Anyone have any ideas? Thanks -CMC

Hello everyone, I'm working on a site that will have user input which will then be outputted back (as most sites do) and all data will be stored in a database. I'd just like to hear your thoughts on the following question: should I filter data on input or output, or both? Just like to clarify exactly what I mean by filtering (to me filtering is different than securing data). Filtering = converting input to various types (BBCode to HTML, newlines to HTML, htmlentities(), word matching etc.) Securing data = type checking (int when it is supposed to be int) and blanks, mysql_real_escape_string. I've always been filtering it on input, and storing it in the DB ready for immediate output. However, I have read a few posts around here about security and I've seen a few recommendations to filter on data output. Of course, SQL injection filtering would need to be done on input, but is there any advantage to doing the rest on data output (say converting BBCode, caps, etc.). The only advantage I can think of would be perhaps a smaller database size overall. Thoughts?

Why don't you just delete all the records from the database and make a script that will go through the directory, automatically adding each file to the database? That way you know for sure that all the files will be in the database. Probably the easiest method too.

Here, download this PDF tutorial. I couldn't find the link (site is www.scanit.be) I originally downloaded it from so I just re-uploaded onto one of mine. When I created my first upload script I followed the security measures shown in the tutorial. Basically, the size, file headers, file extensions are checked. Here's the download http://www.flawclan.com/dc/?cat_id=misc&file_id=32

Ah thanks, I was just actually thinking of trying exactly that

Hi, Is there a built-in function to add 1 to a row without having to query the db, return a value, add 1 to it, and update the row? I've been looking all over but I haven't been able to efficiently phrase my question so I get optimal results on a search engine :/ Thanks for any input

Thank you very much! The answer is so much simpler than I thought it would be. Thanks foxtrowhiskey

Hi, I've made an image upload/view script that works nicely but now I'm trying to have the view script generate nice URL's. i.e: instead of view.php?id=some_id have something like /images/some_id.file_extension (/images/23.gif). The files are stored in a database. Does anyone know if this is possible? I've been looking around and doing a lot of reading but I haven't found anything suggesting if it's possible. I haven't tried either because I am unsure of how to approach the coding aspect. I have basic mod_rewrite knowlede but what is stumping me is how to pass the .gif part. The .gif part will not be used in retrieving the actual image, it's just there to make the URL look nice Also, everything is dynamic; so if the image was a PNG then it would be /images/24.png. Am I making sense?

Post the code you have so far.

Here is the documentation for exactly that. I've integrated my site with SMF and it was very easy. http://docs.simplemachines.org/index.php?topic=789

mysql_query("UPDATE Ysers SET Comments='$CF $Commy' WHERE email='$Friend'"); That's because you're updating the columns instead of adding new ones. Is that what you mean?

echo "onclick=\"location.href='http://www.ezarttrader.com/sellart.php'\"";

You could create a script that would dump your database, and then have that script run by a cron job at timed intervals. The system function mysqldump() can dump the DB info into a file for you and save it to a directory of your choosing (preferably out of access) That's what I do to backup my databases. http://dev.mysql.com/doc/refman/5.0/en/mysqldump.html

as Barand helpfully pointed out: Maybe you want repeated values. $array = array("apple" => "green", "apple" => "red", "strawberry" => "red" ); Are you trying to see how many times apple is in the array, or red? apple = key red = value

You've got part of it right. Store the URL's in the DB, then call the previous and next URL from the DB to create previous/next links. You'll have to order the articles somehow and figure out how to number them.