
Voodoo Jai
Members-
Posts
125 -
Joined
-
Last visited
Never
Contact Methods
-
Website URL
http://www.lostmymenu.com
Profile Information
-
Gender
Not Telling
Voodoo Jai's Achievements

Regular Member (3/5)
0
Reputation
-
Where can I read all about safely creating, validating and sanitizing a form used to access a db. A good upto date tutorial would be good, how do I find out how upto date a web pages tutorials are.
-
Tried to set it to none but I cant get it to work, should I be editing the function poorman_toggle(id). I have tried replacing none with visible and hidden but still no go. VoodooJai
-
I have found a script that I want to use but I want it tpo hide the tables row and then show it if the icon is clicked, the reverse of what it does now. I can see which part does this but dont know how to reverse it. <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title> Show hide row </title> <script type="text/javascript"> function poorman_toggle(id) { var tr = document.getElementById(id); if (tr==null) { return; } var bExpand = tr.style.display == ''; tr.style.display = (bExpand ? 'none' : ''); } function poorman_changeimage(id, sMinus, sPlus) { var img = document.getElementById(id); if (img!=null) { var bExpand = img.src.indexOf(sPlus) >= 0; if (!bExpand) img.src = sPlus; else img.src = sMinus; } } function Toggle_trGrpHeader1() { poorman_changeimage('trGrpHeader1_Img', 'images/toggleDLminus.gif', 'images/toggleDLplus.gif'); poorman_toggle('trRow1'); } </script> </head> <body> <div align="center"> <table width="650" border="1"> <tr id="trGrpHeader1"> <td colspan="4"> <span onClick="javascript:Toggle_trGrpHeader1();"> <img src="images/toggleDLminus.gif" name="trGrpHeader1_Img" width="21" height="23" id="trGrpHeader1_Img"/>Header for row 1 </span> </td> </tr> <tr id="trRow1"> <td width="150"> Hello</td> <td width="100" class="number">10</td> <td width="200" class="number">1999-11-17 00:00:00</td> <td width="200" class="number">1999-12-15 00:00:00</td> </tr> </table> </div> </body> </html> I think that this is the code which show or hides the rows function poorman_toggle(id) { var tr = document.getElementById(id); if (tr==null) { return; } var bExpand = tr.style.display == ''; tr.style.display = (bExpand ? 'none' : ''); } could someone please explain it to me. Many thanks VoodooJai
-
I want to be able to show or hide a tables row/s that are created dynamically from a database. I dont know how many rows are returned but I just would like to be able to hide them from by using a checkbox. How would I do this, I have been looking at code that just hide a particular row but I cannot find multiple row hide examples. VoodooJai
-
I have tried this piece of code in a form field and all I get is the following output when I echo the var in the next page using the post variable does this mean that my page is a bit secure from an SQL attack or does this show its vulnerable. I see it has escaped the single quote so is all ok with my security.
-
I have a form that I think I have coded right but I want to test it against SQL injection. What would be a safe (ie no deleting of info) test statement to try in the form. I am very interested to see how my page would stand up against this type of attack. VoodooJai
-
I have a piece of code that I have been writing but I think its not secure and tatty, could you please check it for me and advise of possible problems. <?php require_once('Conn/Menu_con.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if (isset($_POST['postcode'])) { $PostCodeVAR_Adverts = (get_magic_quotes_gpc()) ? $PostCodeVAR_Adverts : mysql_real_escape_string($PostCodeVAR_Adverts); } $PostCodeVAR_Adverts = $postcode; $postcode = $PostCodeVAR_Adverts; mysql_select_db($database_Menu_con, $Menu_con); $query_PostCodeSearc = "SELECT TakeawayID, Post_Code, Takeaway_Name, location, t.CountyID, t.LocationID, t.City, t.FreePhone, t.TextOrder, t.List_Type , t.EnhancedListing FROM takeaway t, location WHERE t.Post_Code like '$postcode%' AND t.locationID = location.town_cityID ORDER BY t.EnhancedListing DESC, t.List_Type DESC, location, Post_Code ASC"; $PostCodeSearc = mysql_query($query_PostCodeSearc, $Menu_con) or die(mysql_error()); $row_PostCodeSearc = mysql_fetch_assoc($PostCodeSearc); $totalRows_PostCodeSearc = mysql_num_rows($PostCodeSearc); if (isset($_POST['postcode'])) { $PostCodeVAR_Adverts = (get_magic_quotes_gpc()) ? $PostCodeVAR_Adverts : mysql_real_escape_string($PostCodeVAR_Adverts); } $query_Adverts = sprintf("SELECT AdvertID, Link, districtCode FROM adverts, postcodedistrict WHERE districtCode = %s AND adverts.PostalDistrict = postcodedistrict.PostCodeID;", GetSQLValueString($PostCodeVAR_Adverts, "text")); $Adverts = mysql_query($query_Adverts, $Menu_con) or die(mysql_error()); $row_Adverts = mysql_fetch_assoc($Adverts); $totalRows_Adverts = mysql_num_rows($Adverts); ?> I have changed some of the connections details. Many thanks in advance VoodooJai
-
I have a piece of code that I have been writing but I think its not secure and tatty, could you please check it for me and advise of possible problems. <?php require_once('Conn/Menu_con.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if (isset($_POST['postcode'])) { $PostCodeVAR_Adverts = (get_magic_quotes_gpc()) ? $PostCodeVAR_Adverts : mysql_real_escape_string($PostCodeVAR_Adverts); } $PostCodeVAR_Adverts = $postcode; $postcode = $PostCodeVAR_Adverts; mysql_select_db($database_Menu_con, $Menu_con); $query_PostCodeSearc = "SELECT TakeawayID, Post_Code, Takeaway_Name, location, t.CountyID, t.LocationID, t.City, t.FreePhone, t.TextOrder, t.List_Type , t.EnhancedListing FROM takeaway t, location WHERE t.Post_Code like '$postcode%' AND t.locationID = location.town_cityID ORDER BY t.EnhancedListing DESC, t.List_Type DESC, location, Post_Code ASC"; $PostCodeSearc = mysql_query($query_PostCodeSearc, $Menu_con) or die(mysql_error()); $row_PostCodeSearc = mysql_fetch_assoc($PostCodeSearc); $totalRows_PostCodeSearc = mysql_num_rows($PostCodeSearc); if (isset($_POST['postcode'])) { $PostCodeVAR_Adverts = (get_magic_quotes_gpc()) ? $PostCodeVAR_Adverts : mysql_real_escape_string($PostCodeVAR_Adverts); } $query_Adverts = sprintf("SELECT AdvertID, Link, districtCode FROM adverts, postcodedistrict WHERE districtCode = %s AND adverts.PostalDistrict = postcodedistrict.PostCodeID;", GetSQLValueString($PostCodeVAR_Adverts, "text")); $Adverts = mysql_query($query_Adverts, $Menu_con) or die(mysql_error()); $row_Adverts = mysql_fetch_assoc($Adverts); $totalRows_Adverts = mysql_num_rows($Adverts); ?> I have changed some of the connections details. Many thanks in advance VoodooJai
-
If I have the genereal public access my db with a user that has only view access rights, does this mean that an SQL injection could not happen. Or is an injection only possible with a user that has been granted more than just view right to the database. Many thanks VoodooJai
-
[SOLVED] Problem passing dynamic data into a confirm button
Voodoo Jai replied to Voodoo Jai's topic in PHP Coding Help
Many thanks yes that works great I just coould not figure out ho to write it, thanks again. Also the pages are for restricted users so should I still clense them, if so what should I be doing. -
I want to pass a dynamic value into a confirm button so I get the correct form value. The form uses this script <script type="text/javascript"> function go_there() { var r=confirm("Printing a receipt confirms the payment has been received!" + '\n' + " PRINT A RECEIPT!"); if (r==true) { window.location="http://localhost/mark-paid.php?PaperworkID=<?php echo $row_PreviousInvoices['PaperworkID']; ?>&ID=<?php echo $row_Recordset1['TakeawayID']; ?>"; } } </script> and this to start it <FORM> <INPUT TYPE="button" value="Print a receipt!" onClick="go_there()"> </FORM> I want to pass a dynamic piece of data into the input button that is then used in the script. Something like this <FORM> <INPUT TYPE="button" value="Print a receipt!" onClick="go_there(<?php echo $row_PreviousInvoices['PaperworkID']; ?>)"> </FORM> which is then used in the script like <script type="text/javascript"> function go_there($DYNAMIC_DATA) { var r=confirm("Printing a receipt confirms the payment has been received!" + '\n' + " PRINT A RECEIPT!"); if (r==true) { window.location="http://localhost/mark-paid.php?PaperworkID=$DYNAMIC_DATA&ID=<?php echo $row_Recordset1['TakeawayID']; ?>"; } } </script> I have highlited the DYNAMIC_DATA in lime green to show you how and what I want to pass. Basically can I pass a variable into the confirm submit button and the pass this into the next page for use. Complicated but many thanks in advance VoodooJai
-
[SOLVED] define a variable to a float type
Voodoo Jai replied to Voodoo Jai's topic in PHP Coding Help
Got it eventually thanks all $ListFee = 58.00; $BorderFee = 12.00; $TotalAmount = $ListFee + $BorderFee; $Amount = printf("%01.2f", $TotalAmount); -
[SOLVED] define a variable to a float type
Voodoo Jai replied to Voodoo Jai's topic in PHP Coding Help
This still does not give me the ZERO's after the INT didgits. Have looked at the PHP manual but don't understand what I am looking for exactly. Cheers all. -
Hi again all I have 2 variables that I take from my database that are of the type FLOAT what I want to do is add them together to give a FLOAT value. My problem is that I want it to show the figures after the decimal point even if they are ZERO figures. <?php $ListFee = "58.00"; $BorderFee = "12.00"; $TotalAmount = ($ListFee + $BorderFee); echo $TotalAmount; ?> the output gives me 70 I want 70.00 Many thanks in advance again VoodooJai
-
[SOLVED] Can this be turned into a function
Voodoo Jai replied to Voodoo Jai's topic in PHP Coding Help
Got a typo, comma missing feeling daft again. Got it working now. Thanks guys N girlz VoodooJai