MiCR0

Like I Select 15 27 Hit Enter all is fine it posted back the correct selections however. If i hit Enter Again I get all of the following values which I have not selected. 15 16 17 18 19 20 21 22 23 24 25 26 27 Its all of the boxes between the values I have selected are then selected and I can not see how this is doing this can anyone? As this is really doing my head in now. Thanks in Advance.

$flag = "INSERT INTO `users` (`id`, `username`, `password`, `firstname`, `lastname`, `email`, `role`, `time`, `signup`, `gender`, `ip`, `dobmonth`, `dobday`, `dobyear`) VALUES('$id', '$username', md5('$password'), '$firstname', '$lastname', '$email', '$role', '$time', '$signup', '$gender', '$ip', '$dobmonth', '$dobday', '$dobyear')" or die (mysql_error()); ??? your setting a string not querying yet

I am getting this odd thing happen after i post it again after, Can anyone see why? I select using say NAME=lines & UID=4 & V=on NAME=lines & UID=14 & V=on NAME=lines & UID=21 & V=on 4/14/21/ All is correct however If I try posting again after an update ALL are selected and V = there uid very odd anyone see where I gone wrong? function Checkbox3($DISPLAY_TEXT,$NAME,$CHECKED,$REQUIRED,$DISPLAY_END_TEXT,$TABLE_NAME){ if ($CHECKED == TRUE) { if ($REQUIRED == TRUE) { $sql = 'SELECT * FROM classifieds__data_grid WHERE TABLE_NAME = '.$TABLE_NAME; $result = mysql_query($sql); $results = mysql_fetch_object($result); $NAME = data_safe($results->NAME); $THERE = FALSE; $sql = 'SELECT * FROM data_array__'.$TABLE_NAME; $resultZ = mysql_query($sql); $SELECTED = NULL; while ($row = mysql_fetch_object($resultZ)) { //print_r($row); foreach ($_POST as $k => $v) { $data = explode("/", $k); $UID = (int) intval($data[1]); if (data_safe($NAME) == $data[0] && $UID == $row->UID) { ECHO 'NAME='.$NAME. ' & UID='.$UID.' & V='.$v.'<BR/>'; $SELECTED .= $UID.'/'; } } } print_r($SELECTED); if ($SELECTED == NULL) { $ERROR = ' <span style="color:#FF0000"><strong>Required An Selection Of One!</strong></span> '; } } } $sql = 'SELECT * FROM data_array__'.$TABLE_NAME; $result = mysql_query($sql); $count = 0; $display .= '<span style="font-weight: bold;">'.$DISPLAY_TEXT.'</span><br/>'; $display .='<table cellspacing="0" cellpadding="0" border="0">'; while ($row = mysql_fetch_object($result)) { $is_selected = FALSE; $count++; if ($count == 1) { $display .='<tr>'; } $selected_array = explode("/", $SELECTED); foreach ($selected_array AS $selected) { if ($selected == $row->UID) { $is_selected = TRUE; } } if ($is_selected == TRUE) { $display .= '<td><label><input name="'.$NAME.'/'.$row->UID.'" type="checkbox" value="" checked="checked" /> '.$row->CATEGORIES.'</label>'.$DISPLAY_END_TEXT.'</td>'; }else { $display .= '<td><label><input name="'.$NAME.'/'.$row->UID.'" type="checkbox" value=""/> '.$row->CATEGORIES.'</label>'.$DISPLAY_END_TEXT.'</td>'; } if ($count == 3) { $display .= '</tr>'; $count = 0; } } $display .= '<input name="'.$NAME.'" type="hidden" id="'.$NAME.'" value="'.$NAME.'" /> </table> '.$ERROR.'<br/>'; return $display; }

nah best way to do that is the following on every user. Time of last update get Time Now, work out how many mins have passed from last update. If greater then 1 min change last update to time now. Give what ever resources * mins passed.

Anyone know if it can be done?

no one know?

Thanks for fixing them errors darkdreaks But how would i change: var marqueewidth="300px"; To var marqueewidth="100%"; And for it to work?

i am trying to work out how i can make the marquee width="100%" But everything i have tried its totally messed up... Question is does anyone know a JS script that will let me use % on width or know how to convent this script as I am totally stuck. <script language="JavaScript1.2"> //Specify the marquee's width (in pixels) var marqueewidth="300px" //Specify the marquee's height var marqueeheight="25px" //Specify the marquee's marquee speed (larger is faster 1-10) var marqueespeed=2 //configure background color: var marqueebgcolor="#DEFDD9" //Pause marquee onMousever (0=no. 1=yes)? var pauseit=1 //Specify the marquee's content (don't delete <nobr> tag) //Keep all content on ONE line, and backslash any single quotations (ie: that\'s great): var marqueecontent='<nobr><font face="Arial">Thank you for visiting <a href="http://www.dynamicdrive.com">Dynamic Drive.</a> If you find this script useful, please consider linking to us by <a href="../link.htm">click here.</a> Enjoy your stay!</font></nobr>' ////NO NEED TO EDIT BELOW THIS LINE//////////// marqueespeed=(document.all)? marqueespeed : Math.max(1, marqueespeed-1) //slow speed down by 1 for NS var copyspeed=marqueespeed var pausespeed=(pauseit==0)? copyspeed: 0 var iedom=document.all||document.getElementById if (iedom) document.write('<span id="temp" style="visibility:hidden;position:absolute;top:-100px;left:-9000px">'+marqueecontent+'</span>') var actualwidth='' var cross_marquee, ns_marquee function populate(){ if (iedom){ cross_marquee=document.getElementById? document.getElementById("iemarquee") : document.all.iemarquee cross_marquee.style.left=parseInt(marqueewidth)+8+"px" cross_marquee.innerHTML=marqueecontent actualwidth=document.all? temp.offsetWidth : document.getElementById("temp").offsetWidth } else if (document.layers){ ns_marquee=document.ns_marquee.document.ns_marquee2 ns_marquee.left=parseInt(marqueewidth)+8 ns_marquee.document.write(marqueecontent) ns_marquee.document.close() actualwidth=ns_marquee.document.width } lefttime=setInterval("scrollmarquee()",20) } window.onload=populate function scrollmarquee(){ if (iedom){ if (parseInt(cross_marquee.style.left)>(actualwidth*(-1)+) cross_marquee.style.left=parseInt(cross_marquee.style.left)-copyspeed+"px" else cross_marquee.style.left=parseInt(marqueewidth)+8+"px" } else if (document.layers){ if (ns_marquee.left>(actualwidth*(-1)+) ns_marquee.left-=copyspeed else ns_marquee.left=parseInt(marqueewidth)+8 } } if (iedom||document.layers){ with (document){ document.write('<table border="0" cellspacing="0" cellpadding="0"><td>') if (iedom){ write('<div style="position:relative;width:'+marqueewidth+';height:'+marqueeheight+';overflow:hidden">') write('<div style="position:absolute;width:'+marqueewidth+';height:'+marqueeheight+';background-color:'+marqueebgcolor+'" onMouseover="copyspeed=pausespeed" onMouseout="copyspeed=marqueespeed">') write('<div id="iemarquee" style="position:absolute;left:0px;top:0px"></div>') write('</div></div>') } else if (document.layers){ write('<ilayer width='+marqueewidth+' height='+marqueeheight+' name="ns_marquee" bgColor='+marqueebgcolor+'>') write('<layer name="ns_marquee2" left=0 top=0 onMouseover="copyspeed=pausespeed" onMouseout="copyspeed=marqueespeed"></layer>') write('</ilayer>') } document.write('</td></table>') } } </script>

Do not take this the wrong way but i think your trying to run before you can walk.... Best to use a Whole session Class system and then work along side that DB Esession is a very good and very easy session system to add into any website. You see your going along the lines of comparing sessions which is best done with a Database with session cookie comparing and so on etc.

ok then u just remove the last char of the string $piearray = substr($piearray, 0, -1);

in your while loop add $piearray .= $Count."*"; and then u have the string u want

I have to do that sort of stuff every time when take over a new site so I know what a pain it is but Notepad++ can hold open a good 500 pages throw wine at the same time and open 50 pages at once at the same time use that and then replace all on open doc's job done !

Bug in your post backs $m = $_POST["month"]; $d = $_POST["Day"]; $y = $_POST["year"]; Try to remember to use print_r($_POST); and then copy the output and then use that output to make your processes code

you have removed all of the &#160; from your running script correct?

hi James well all that means is that it needs to access MySQL and as it is using the LD_LIBRARY_PATH which means it needs to access the "libmysqlclient_r.so" file. U can search for it and then u know what path to use as you not posted what Linux system its hard to guess as all change try /usr/lib/mysql/lib Hope that helps MICR0

A Series of if statements on their own with a validate function I would use, if (check_if_null($_POST['somedata'])) { $nameerrormessage = 'You can not leave Name Blank'; } // check length same way etc function check_if_null($string) { if ($string == NULL) { return false; } } As for the whole security side of it use this function at the top of your page. if ($_POST) { foreach ($_POST as $k => $v) { $_POST[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v)))); $length = strlen($v); if ($length > 20 ) { $v=""; } if (is_numeric ($v)) { $length = strlen($v); if ($length > 11 ) { $_POST[$k]=""; } $_POST[$k] = intval ($v); } } } function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(&#0{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; }

Please let me know of your views of our new website. Please try to be nice... http://metalfrogstudios.com

frameworks are like QT4 to C++ they can be good and speed things up however if you new to php I recommend that you build it your self and learn how to do it your self as codeing with a framework you need to learn there API anyways so best start from basic PHP. as for the login system well Download db esession class this is a great class there is 1 Vulnerability but its a quick fix, this class is great to work with a will sort the whole user session system out for you and from there u can build your login and access role control and move forward fast.

<?php for ($x = 1980; $x = 2010; $x++) // bug $x = 2010; { echo "<option"; if ($x == $year) { echo " selected"; } echo ">$x</option>"; } ?> for ($x = 1; $z <= 24; $x++) // $z <= 24; I think this should be $x { echo "<option value=\"$x\">$x</option>"; } // vulnerabilitys <form method=\"post\" action\"".htmlentities($_SERVER["PHP_SELF"])."\"> $m = $_POST["m"]; $d = $_POST["d"]; $y = $_POST["y"]; // I think the above are int's so set them like this $m = intval($_POST['m']); $m = (int) $m; $m = mysqli_real_escape_string($m)

/** * Strip punctuation from text. */ function strip_punctuation( $text ) { $urlbrackets = '\[\]\(\)'; $urlspacebefore = ':;\'_\*%@&?!' . $urlbrackets; $urlspaceafter = '\.,:;\'\-_\*@&\/\\\\\?!#' . $urlbrackets; $urlall = '\.,:;\'\-_\*%@&\/\\\\\?!#' . $urlbrackets; $specialquotes = '\'"\*<>'; $fullstop = '\x{002E}\x{FE52}\x{FF0E}'; $comma = '\x{002C}\x{FE50}\x{FF0C}'; $arabsep = '\x{066B}\x{066C}'; $numseparators = $fullstop . $comma . $arabsep; $numbersign = '\x{0023}\x{FE5F}\x{FF03}'; $percent = '\x{066A}\x{0025}\x{066A}\x{FE6A}\x{FF05}\x{2030}\x{2031}'; $prime = '\x{2032}\x{2033}\x{2034}\x{2057}'; $nummodifiers = $numbersign . $percent . $prime; return preg_replace( array( // Remove separator, control, formatting, surrogate, // open/close quotes. '/[\p{Z}\p{Cc}\p{Cf}\p{Cs}\p{Pi}\p{Pf}]/u', // Remove other punctuation except special cases '/\p{Po}(?<![' . $specialquotes . $numseparators . $urlall . $nummodifiers . '])/u', // Remove non-URL open/close brackets, except URL brackets. '/[\p{Ps}\p{Pe}](?<![' . $urlbrackets . '])/u', // Remove special quotes, dashes, connectors, number // separators, and URL characters followed by a space '/[' . $specialquotes . $numseparators . $urlspaceafter . '\p{Pd}\p{Pc}]+((?= )|$)/u', // Remove special quotes, connectors, and URL characters // preceded by a space '/((?<= )|^)[' . $specialquotes . $urlspacebefore . '\p{Pc}]+/u', // Remove dashes preceded by a space, but not followed by a number '/((?<= )|^)\p{Pd}+(?![\p{N}\p{Sc}])/u', // Remove consecutive spaces '/ +/', ), ' ', $text ); }

; Maximum allowed size for uploaded files. upload_max_filesize = 32M

http://pootato.org/tutorials/css/css-progress-bar/

Just make a basic HTML/CSS Progress Bar

& your code has a number of vulnerabilities.. $_POST["user_name"] $_POST["psswrd"] there is no validation security..

Error with : $manyObjects[] = &$obj; Should be $manyObjects[] = $obj;