Jump to content

dreamwest

Members
  • Posts

    1,223
  • Joined

  • Last visited

    Never

Everything posted by dreamwest

  1. Options +FollowSymLinks RewriteEngine on RewriteRule ^fake/(.*) entry.php?id=$1
  2. I wanted to check to see how compatible this was with browser, it send a http request by a link ajax.js var object_busy= false; ShowLoading = 1 ; var MyTimer = null; Myvar = "<table align='center'><tr><td><img src='/templates/images/loading.gif' ></td></tr></table>"; function RequireAjaxData($Request, $Control) { if ($Control == "" || $Control == null) {alert ("No output specified !"); return;} var ai = new AJAXInteraction($Request, GetServerData, $Control ); ai.doGet(); } function GetServerData ($TheData, $Control){ document.getElementById($Control).innerHTML = $TheData; } function AJAXInteraction(url, callback, $Control) { var req = init(); req.onreadystatechange = processRequest; function init() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else {alert ("Your browser seems to be out of date, Please update!"); return; } } function processRequest () { if (req.readyState == 4) { if (req.status == 200) callback(req.responseText, $Control); } else callback(Myvar , $Control); } this.doGet = function() { req.open("GET", url, true); req.send(null); } this.doPost = function(body) { req.open("POST", url, true); req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); req.send(body); } } Link: <div id='MyDIV'> <a href='' onclick='RequireAjaxData("ajax_request.php?id=164", "MyDIV"); return false;'> <img border="0" src="/add.png" width="16" height="16"></a></div>
  3. Ive been using cookies pretty heavily to acces certain areas of my site but i want to convert them to sessions instead. Thought i would ask here before i did anything - which is better. I know ppl can sometimes have thier browsers to not accept cookies, but is that the only drawback to using cookies?
  4. How can i overlay 2 images without using position: absolute Basically i want to overlay img2.jpg with img1.jpg, this ocde below works but floats it outside the table, i need it to site inside the table so i can put it in a while loop <table><tr><td > <div id="placeholder" style="position:absolute; left:32px; top:100px; z-index:1"> <img class=moduleFeaturedThumb width="140" height="110" src="img1.jpg"></div> <div id="place" style="position:absolute; left:32px; top:100px; width:160; height:130; z-index:2"> <img src="img2.jpg" width="140" height="110"></div> </td></tr></table>
  5. Your going off stats from 10 whole days....Yeah ok , thats not biased at all - http://www.alexa.com/siteinfo/bing.com I think its great! Search results are a little out, but it has many unique features, and im sure itll get better over time. I especially like the video section of preview. AND if EVER i can get my site to load as fast as thiers, I WILL surely be back here to gloat about how great i really am
  6. Was easier than i thought <?php $action= $_GET['action']; $expire=time()+60*60*24*30; if($action == "off"){ setcookie("filter_badwords", "off", $expire, "/" ); echo "set to off"; }elseif ($action == "on"){ setcookie("filter_badwords", "on" , $expire, "/"); echo "set to on"; } ?>
  7. is there a way of setting a cookie with php instead of javascript
  8. Im trying to set a cookie using functions but im lost function set_cookie(object, value) { var expireDate = new Date() var expstring = expireDate.setDate(expireDate.getDate() + 500) document.cookie = object+'='+value+'; expires='+expireDate.toGMTString()+'; path=/'; $action= $_GET['action']; if($action == "off"){ function set_cookie('filter_badwords', 'off'); echo "set to off"; }elseif ($action == "on"){ function set_cookie('filter_badwords', 'on'); echo "set to on"; } This gives an error: Parse error: syntax error, unexpected ',', expecting '&' or T_VARIABLE in /user/site.com/filter.php on line 3
  9. Try this it will output what the form input is <?php session_start(); include( "connection.php" ); include( "class.inputfilter_clean.php" ); if(isset($_POST['submit'])) { $search = $_POST['myFilter']; echo $search; //take this away after testing $myFilter = new inputfilter( ); $search = $myFilter->process( $search ); $search = str_replace( "\"", " ", $search ); $search = str_replace( "?", " ", $search ); $search = str_replace( ">", " ", $search ); $sql_search_id = strip_tags( $search ); $sql=("SELECT * FROM abcxyz WHERE item_name like '%".$sql_search_id."%' OR description like '%".sql_search_id."%' "); $result = mysql_query($sql); $total = mysql_num_rows( $result ); if ( $total <= 0 ) { echo "<b>Nothing matches<b>"; }else{ echo "<table border='0' CELLPADDING=5 STYLE='font-size:16px'>"; while ($row = mysql_fetch_array($result)) { echo "<tr><td align='center'>"; echo '<a href="viewitem.php?sendto='.$row['id'].'"><img src="' . $row['imgpath'] . '" width="125" border="0" alt=""></a>'; echo "</td><td align='center'>"; echo "".substr($row['item_name'],0,50),""; echo "</td><td align='center'>"; echo substr($row['description'],0,50).'<a href="viewitem.php?sendto='.$row['id'].'" class="view_item"> ...more</a>'; echo "</td><td align='center'>"; echo substr($row['in_return'],0,50).'<a href="viewitem.php?sendto='.$row['id'].'" class="view_item"> ...</a>'; echo "</td><td align='center'>"; echo "</td></tr>"; echo '<tr><td height="19" colspan="4">'; echo '<hr width="550">'; echo "</td></tr>"; } echo "</table>"; } else { echo "No search results."; } } ?>
  10. If you want everthing to show delete this. group by item_name The GROUP BY statement is used to group the result-set by one or more columns.
  11. The filter strips tags ....and stuff but not normal strings Itll remove <script = hello?> but not a normal string - which most users will use hello im searching
  12. Take a step back and echo the form search.php $search = $_POST['myFilter']; echo $search;
  13. Post a link to your site and i can tell you whats happening
  14. You have no value form <input type="text" name="myFilter" size=50 id="myFilter" value=""> Now get the value: if(isset($_POST['submit'])) { $search = $_POST['myFilter']; $myFilter = new inputfilter( ); $search = $myFilter->process( $search ); $search = str_replace( "\"", " ", $search ); $search = str_replace( "?", " ", $search ); $search = str_replace( ">", " ", $search ); $sql_search_id = strip_tags( $search );
  15. Thanks. I worked it out as u posted
  16. Just had to change wildcard to right side of query $search = "a"; $sql = "SELECT * FROM tags where (tag like '".$search."%') order by tag DESC limit 10";
  17. Im trying to select rows base on a letter a. So i need to select all rows starting with the letter a id | column 1 | apple 2 | bannana 3 | orange etc So i need a query that will only select id 1 which starts with the letter a This searches for a in the whole string $search = "a"; $sql = "SELECT * FROM tags where (tag like '%".$search."%') order by tag DESC limit 10";
  18. class.inputfilter_clean.php is your best defense for users and passwod login, it doesnt need configuring at all $search = $_REQUEST['q']; // is the only thing youll need to configure
  19. class.inputfilter_clean.php <?php /** @class: InputFilter (PHP4 & PHP5, without comments) * @project: PHP Input Filter * @date: 10-05-2005 * @version: 1.2.2_php4/php5 * @author: Daniel Morris * @contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie. * @copyright: Daniel Morris * @email: dan@rootcube.com * @license: GNU General Public License (GPL) */ class InputFilter { var $tagsArray; var $attrArray; var $tagsMethod; var $attrMethod; var $xssAuto; var $tagBlacklist = array('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'); var $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc'); function inputFilter($tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1) { for ($i = 0; $i < count($tagsArray); $i++) $tagsArray[$i] = strtolower($tagsArray[$i]); for ($i = 0; $i < count($attrArray); $i++) $attrArray[$i] = strtolower($attrArray[$i]); $this->tagsArray = (array) $tagsArray; $this->attrArray = (array) $attrArray; $this->tagsMethod = $tagsMethod; $this->attrMethod = $attrMethod; $this->xssAuto = $xssAuto; } function process($source) { if (is_array($source)) { foreach($source as $key => $value) if (is_string($value)) $source[$key] = $this->remove($this->decode($value)); return $source; } else if (is_string($source)) { return $this->remove($this->decode($source)); } else return $source; } function remove($source) { $loopCounter=0; while($source != $this->filterTags($source)) { $source = $this->filterTags($source); $loopCounter++; } return $source; } function filterTags($source) { $preTag = NULL; $postTag = $source; $tagOpen_start = strpos($source, '<'); while($tagOpen_start !== FALSE) { $preTag .= substr($postTag, 0, $tagOpen_start); $postTag = substr($postTag, $tagOpen_start); $fromTagOpen = substr($postTag, 1); $tagOpen_end = strpos($fromTagOpen, '>'); if ($tagOpen_end === false) break; $tagOpen_nested = strpos($fromTagOpen, '<'); if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end)) { $preTag .= substr($postTag, 0, ($tagOpen_nested+1)); $postTag = substr($postTag, ($tagOpen_nested+1)); $tagOpen_start = strpos($postTag, '<'); continue; } $tagOpen_nested = (strpos($fromTagOpen, '<') + $tagOpen_start + 1); $currentTag = substr($fromTagOpen, 0, $tagOpen_end); $tagLength = strlen($currentTag); if (!$tagOpen_end) { $preTag .= $postTag; $tagOpen_start = strpos($postTag, '<'); } $tagLeft = $currentTag; $attrSet = array(); $currentSpace = strpos($tagLeft, ' '); if (substr($currentTag, 0, 1) == "/") { $isCloseTag = TRUE; list($tagName) = explode(' ', $currentTag); $tagName = substr($tagName, 1); } else { $isCloseTag = FALSE; list($tagName) = explode(' ', $currentTag); } if ((!preg_match("/^[a-z][a-z0-9]*$/i",$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto))) { $postTag = substr($postTag, ($tagLength + 2)); $tagOpen_start = strpos($postTag, '<'); continue; } while ($currentSpace !== FALSE) { $fromSpace = substr($tagLeft, ($currentSpace+1)); $nextSpace = strpos($fromSpace, ' '); $openQuotes = strpos($fromSpace, '"'); $closeQuotes = strpos(substr($fromSpace, ($openQuotes+1)), '"') + $openQuotes + 1; if (strpos($fromSpace, '=') !== FALSE) { if (($openQuotes !== FALSE) && (strpos(substr($fromSpace, ($openQuotes+1)), '"') !== FALSE)) $attr = substr($fromSpace, 0, ($closeQuotes+1)); else $attr = substr($fromSpace, 0, $nextSpace); } else $attr = substr($fromSpace, 0, $nextSpace); if (!$attr) $attr = $fromSpace; $attrSet[] = $attr; $tagLeft = substr($fromSpace, strlen($attr)); $currentSpace = strpos($tagLeft, ' '); } $tagFound = in_array(strtolower($tagName), $this->tagsArray); if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod)) { if (!$isCloseTag) { $attrSet = $this->filterAttr($attrSet); $preTag .= '<' . $tagName; for ($i = 0; $i < count($attrSet); $i++) $preTag .= ' ' . $attrSet[$i]; if (strpos($fromTagOpen, "</" . $tagName)) $preTag .= '>'; else $preTag .= ' />'; } else $preTag .= '</' . $tagName . '>'; } $postTag = substr($postTag, ($tagLength + 2)); $tagOpen_start = strpos($postTag, '<'); } $preTag .= $postTag; return $preTag; } function filterAttr($attrSet) { $newSet = array(); for ($i = 0; $i <count($attrSet); $i++) { if (!$attrSet[$i]) continue; $attrSubSet = explode('=', trim($attrSet[$i])); list($attrSubSet[0]) = explode(' ', $attrSubSet[0]); if ((!eregi("^[a-z]*$",$attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on')))) continue; if ($attrSubSet[1]) { $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]); $attrSubSet[1] = preg_replace('/\s+/', '', $attrSubSet[1]); $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]); if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'")) $attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2)); $attrSubSet[1] = stripslashes($attrSubSet[1]); } if ( ((strpos(strtolower($attrSubSet[1]), 'expression') !== false) && (strtolower($attrSubSet[0]) == 'style')) || (strpos(strtolower($attrSubSet[1]), 'javascript:') !== false) || (strpos(strtolower($attrSubSet[1]), 'behaviour:') !== false) || (strpos(strtolower($attrSubSet[1]), 'vbscript:') !== false) || (strpos(strtolower($attrSubSet[1]), 'mocha:') !== false) || (strpos(strtolower($attrSubSet[1]), 'livescript:') !== false) ) continue; $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray); if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) { if ($attrSubSet[1]) $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"'; else if ($attrSubSet[1] == "0") $newSet[] = $attrSubSet[0] . '="0"'; else $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"'; } } return $newSet; } function decode($source) { $source = html_entity_decode($source, ENT_QUOTES, "ISO-8859-1"); $source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source); $source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source); return $source; } function safeSQL($source, &$connection) { if (is_array($source)) { foreach($source as $key => $value) if (is_string($value)) $source[$key] = $this->quoteSmart($this->decode($value), $connection); return $source; } else if (is_string($source)) { if (is_string($source)) return $this->quoteSmart($this->decode($source), $connection); } else return $source; } function quoteSmart($source, &$connection) { if (get_magic_quotes_gpc()) $source = stripslashes($source); $source = $this->escapeString($source, $connection); return $source; } function escapeString($string, &$connection) { if (version_compare(phpversion(),"4.3.0", "<")) mysql_escape_string($string); else mysql_real_escape_string($string); return $string; } } ?> search.php include( "class.inputfilter_clean.php" ); $myFilter = new inputfilter( ); $search = $myFilter->process( $search ); $search = str_replace( "\"", " ", $search ); $search = str_replace( "?", " ", $search ); $search = str_replace( ">", " ", $search ); $sql_search_id = strip_tags( $search ); //group by title - important to go before sortby and after where clause, otherwise distinct * wont work $sql = "SELECT distinct * FROM table where (title like '%".$sql_search_id."%') group by title ";
  20. Yeah i found a example that works, but i still dont fully understand it. I think i need to learn a bit of javascript/ajax to customize it
  21. Thats it. All you need is the search query - simple $sql_search_id = strip_tags( $_REQUEST['search_id'] ); //group by title - important to go before sortby and after where clause, otherwise distinct * wont work $sql = "SELECT distinct * FROM table where (title like '%".$sql_search_id."%') group by title ";
  22. http://www.tizag.com/mysqlTutorial/mysqlselect.php
  23. Take away the define for testing . it wouldnt be too difficult to have the full path in the header without variables <link rel="stylesheet" type="text/css" href="http://site.com/style.css" /> If you cant do this make a header.php page and include it
  24. if youve rewritten you page to http://site.com/extra/ and have a link: style.css its gonna look for the css in http://site.com/extra/style.css not http://site.com/style.css You can do this but i have never tried it, and you could make it worse - but its worth a shot RewriteRule ^$ /
  25. It wouldnt do that, you have wrong path for your css. Is it style.css instead of /style.css post a link
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.