waynewex
-
Posts
2,405 -
Joined
-
Last visited
Posts posted by waynewex
-
-
What bad practises/mistakes/misconceptions do you see time and time again - in regards to PHP?
inb4 or die(mysql_error())
-
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURSITE\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png|swf)$ /images/NOSHOW.jpg [L]
NOSHOW.jpg is the file that they'll be shown instead.
-
Why not store the references in MySQL?
-
Use can set a time limit for your scripts: http://php.net/manual/en/function.set-time-limit.php
-
You can stop hotlinking by putting this into a .htaccess file and uploading it to the main document root of your website:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURSITE\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/goatse.jpg [L]
[/quote[
-
You're going track each variable back to its original source. If you do that, I promise you'll find the problem. You're very liberal with how you copy your variables.
-
I love it. However a little bit more space could be used between the items in the right column.
-
Where are you getting $print_pur_po_total from?
-
1 MILL GET
-
are you implying that I am businessman?
Quotes.....?
-
are you implying that I am businessman?
No. Never.
-
Postgresql allows prepared statements http://www.postgresql.org/docs/8.1/interactive/sql-prepare.html
Other than that, you can whitelist items. If you have a checkbox, make sure that what the user has submitted is actually in those checkboxes. Numbers? Parse them as integers.
-
-
Firstly, you're not cleaning those incoming POST variables with mysql_real_escape_string().
Secondly, have you thought about hashing your passwords so that they don't get stored as plaintext (md5, sha1 etc)?
Thirdly, have you made sure that two accounts can't have the same login combination? That can be done by not allowing email addresses that are already registered or by requiring the user to verify his/her email address before loggin in. Two or more accounts having the same login on your system would cause all of those accounts to get "locked out".
Fourthly, you should be checking for errors in your queries by doing this:
$obtainlogin=mysql_query("SELECT * FROM networks WHERE username='$user' && password='$pass'") or trigger_error(mysql_error());
-
there were a lot of hidden features that were hidden
CV.......... ???????
-
I know, and I think waynewex is not entirely too smart.
Sorry man. I get put off when somebody bashes something, only to prop it up a few posts later.
-
Oh and I have a session class too.
O RLY?
-
Oh and I have a session class too.
-
Open source is for communists.
-
I have this problem ALOT. Even on "established" hosting services. 755 usually doesn't work for me.
-
If you become very familiar with the PHP AND MySQL date functions, you'll have no problem. Focus on those.
-
He said HTML arrays.
-
-
Obviously this "scraping" of pricing data is being carried out by a cron job, or something along those lines. Simply implement the scraper script before the results are taken out of your database.
Dynamically Created Charts/Graphs, How And What?
in PHP Coding Help
Posted
I use http://www.jgraph.com/