gammaman
-
Posts
138 -
Joined
-
Last visited
Never
Posts posted by gammaman
-
-
Yes. I am doing exactly that. The next problem is that each category can have an undetermined about of sub categories. Those subcategories could also contain an undetermined amount of subcategories and so on. Any suggestion on the best way to handle this? Should I create tables for all the subcategory levels? I think this is a bit much. I was thinking of somehow assigning an index to each "category" which will determine how deeply nested it is.
-
Hello again. I am trying to pass the link text name through $_GET to display.php using a funciton which finds the link text.
<body> <ul class="sf-menu"> <li class="current"> <a href="display.php?category=">Entertainment</a> <ul> <li> <a href="#aa">menu item that is quite long</a> </li> <li class="current"> <a href="#ab">menu item</a> <ul> <li class="current"><a href="#">menu item</a></li> <li><a href="#aba">menu item</a></li> <li><a href="#abb">menu item</a></li> <li><a href="#abc">menu item</a></li> <li><a href="#abd">menu item</a></li> </ul> </li>
Let's just take this small piece for example
<li class="current"> <a href="display.php?category=">Entertainment</a> <ul> <li>
I want category here to = Entertainment. I don't just want to type it b/c what if I have thousands of category's.
Is there some way to do this?
-
I am trying to search a multi-dimentional array to see if it contains one or more values within another array.
Here is the array I am trying to search. It is a from a function which returns an array of the meta data found in a specified website
Array ( [title] => Video Games, Wikis, Cheats, Walkthroughs, Reviews, News & Videos - IGN [metaTags] => Array ( [description] => Array ( [html] => <meta name="description" content="IGN is your site for Xbox 360, PS3, Wii, PC, 3DS, PS Vita & iPhone games with expert reviews, news, previews, trailers, cheat codes, wiki guides & walkthroughs" /> [value] => IGN is your site for Xbox 360, PS3, Wii, PC, 3DS, PS Vita & iPhone games with expert reviews, news, previews, trailers, cheat codes, wiki guides & walkthroughs ) [robots] => Array ( [html] => <meta name="robots" content="noodp, noydir" /> [value] => noodp, noydir ) [copyright] => Array ( [html] => <meta name="copyright" content="IGN Entertainment, Inc." /> [value] => IGN Entertainment, Inc. ) ) )
Here is the function I am trying to use to do the search
function recursive_array_search($needle,$haystack) { foreach($haystack as $key=>$value) { $current_key=$key; if($needle===$value OR (is_array($value) && recursive_array_search($needle,$value) !== false)) { return true; } } return false; }Finally, here is the call to get the array of meta data, the array of search items to look for and the function call to the recursive_array_search
$link = getBaseURL(); $metadata = getUrlData($link); // this function returns the array of all the meta-data $needle = array("PC","abc"); if(recursive_array_search($needle,$metadata) == true){ echo "VIOLATION"; }I want this to return true b/c at least one of the items in the search items array is found within the array of meta-data.
-
Hello. I am trying to prevent sql injections on a site that I am creating. I am just not sure if my approach is correct and completely secure. I am looking for some pointers and insight. If anyone could provide some tips and pointers where I might have some security holes, it would be greatly appreciated.
//test.php
<html> <head> </head> <body> <?php //contains all php work functions include("workfunctions.php"); //contains the link submition form include("submitform.php"); //will contain the html dynamic rollover menu include("example.html"); //do the sql query selectQuery(); ?> </body> </html>//the html form
<form action = "validate.php" method="post"> <input type="text" name="link"/> <input type="submit" name="Submit" value="Submit"/> </form>
//validate.php
<?php include("workfunctions.php"); //open the session session_start(); //establish a connection with the database. //get the base url by stripping slashes down to base web address. $urlExtensions = array (".com" => ".com", ".net" => ".net", ".org" => ".org", ".edu" => ".edu"); $count = substr_count_array($_POST['link'],$urlExtensions); if($count < 1) { echo "Sorry, we are unable to identify this web address. It appears you have forgotten to include the url extension:\n"; echo "1.http://www.site.ext\n"; echo "2.www.site.ext\n"; echo "3.site.ext\n"; } else{ insertQuery(); } ?>//workfunctions.php
<?php //function to do the selectQuery which will eventually be based off of the menu selection function selectQuery() { $con = new mysqli("localhost", "root", "","mysql"); $query = $con->query("select address from sites"); //$result = mysql_query($query); if(!$query){ $message = 'Invalid Query:' . mysql_error() . "\n"; die($message); } while($row = $query->fetch_assoc()){ $link = $row; $site = substr($row['address'],7); echo "<a href={$link['address']}>$site</a>"."<br />\n"; } //mysql_free_result($result); return $query; } ?> <?php //function to insert new links into the database function insertQuery() { $con = new mysqli("localhost", "root", "","mysql"); getBaseURL(); $insertQuery = $con->query("insert into sites(address)values(('".$_SESSION['newLink']."'))"); //$result = mysql_query($query); if(!$insertQuery){ $message = 'Invalid Query:' . mysql_error() . "\n"; die($message); } //mysql_free_result($result); return $insertQuery; } ?> <?php //function to get base url function getBaseURL(){ /*If string contains http:// , trim it off. Next, remove slashes from web address to get base url. Finally reatach the http:// in the front of the address */ if(substr_count($_POST['link'],'http://') > 0){ echo ("Contains http://"); if(substr_count($_POST['link'],'/')>2){ echo "Here count / is greater than 2"; $_SESSION['link'] = trim($_POST['link'],"http://"); echo ($_SESSION['link']); $_SESSION['explode'] = explode("/",$_SESSION['link']); echo ($_SESSION['explode'][0]); $_SESSION['newLink'] = ("http://" . $_SESSION['explode'][0]); echo ("The new link is" . $_SESSION['newLink']); } } /* If string does not contain http://, remove the slashes from the address Then re-attach the http:// to the front of the string */ else if((substr_count($_POST['link'],'http://') <= 0) && (substr_count($_POST['link'],'www.')>0)){ echo ("Does not contain http://"); if(substr_count($_POST['link'],'/')>0){ $_SESSION['link'] = explode("/", $_POST['link']); $_SESSION['newLink'] = ("http://" . $_SESSION['link'][0]); } } /* If string does not contain http:// or www, remove the slashes and add both http:// and www. to the front of the web address */ else if((substr_count($_POST['link'],'http://')<=0) && (substr_count($_POST['link'],'www.') <=0)){ $_SESSION['link'] = explode("/", $_POST['link']); $_SESSION['newLink'] = ("http://www." . $_SESSION['link'][0]); } return $_SESSION['newLink']; } ?> <?php // function to search web address for the existance of an url extension function substr_count_array( $haystack, $needle ) { $count = 0; foreach ($needle as $substring) { $count += substr_count( $haystack, $substring); } return $count; } ?> -
Never mind. Got it working. Turns out it was writing to the DB. On my testing page where the links are displayed is where the problem lied.
-
I am trying to strip a url submitted via a form, down to the base address and then insert it into a database.
So assuming the url submitted reads www.abc.com/123/456/789/111
The url submitted to the database should be www.abc.com
I am trying to use the explode function to achieve this. When I echo after doing the explode, the echo contains what I want. However when I try to write to the database, nothing gets written.
<?php include("connect.php"); session_start(); connect(); // session_register('link'); $_SESSION['link'] = explode("/", $_POST['link']); echo $_SESSION['link'][0]; $insertQuery = "insert into sites(address)values(('".$_SESSION['link'][0]."'))"; mysql_query($insertQuery); ?> -
OK well then I have another question. Not really related but I did not want to open a new post. Can someone please show me how to work with $_SESSION variables so that I can carry form values across multiple pages?
-
OK so I have this form with 2 input boxes and two drop downs. When a choice is made on the second drop down
I would like the page to reload keeping the values in all the fields. Then based on the value posted for that second drop down, I would like additional form fields to appear.
Can this be accomplished with just html and php? Or do I need javascript? In either case, some guidance would be appriciated.
-
my bad. In my haste I forgot to put the "location:" for the header redirect.
-
I have an index.php page which of course loads from root by default. I have code there that says if $user and $pass are not set, to redirect to login.php. It does not redirect them. Is this possible to do? How?
-
I need help inserting multiple rows into an Oracle database. I get some errors. I think it is because I need to be using a loop to do the insert but I do not know how. I could also possibly be doing the binding wrong. I start out with a form and then POST to a PHP page and go from there.
Here is a short hand form. Not the full code.
for($i=0;$i<=10;$i++) { <input fname="first[]/> <input lname="last[]"/> <input age ="age[]"/> }$fname = $_POST['first']; $lname = $_POST['last']; $age = $_POST['age']; ** NOTE: These are now arrays. ***** I think somewhere here I need to do a loop for the insert $result = oci_parse($conn, 'INSERT INTO TABLE (first,last,age) VALUES (:first,:last,:age)'); **** I get an error on the binds saying I cannot have an array to string conversion. oci_bind_by_name($result, ':first',$first); oci_bind_by_name($result, ':last',$last); oci_bind_by_name($result, ':age',$age);
Since all of the fields are not null and I have ten rows in the form according to the for loop, I would like to somehow check to see which rows are blank. Meaning that they were not filled out and get rid of them. Otherwise there would be an error on insert becasue the fields are not null.gammaman
-
Yes exactly. Obviously in a real world situation I would be submitting more than just a name to the form.
-
Ok I have a form as follows
echo '<form action = "test.php" method="pos">'; echo 'name:<input name ="id" type="text">'; echo '<input name="Submit1" type="submit" value ="submit"/>';
//test.php
mysql_select_db("whatever") $name = $_POST["id"]; // then do some table insertHow would I do multiple values at once. Can I use an array somehow and then use a foreach to loop through?
What would this look like?
-
Ok this is somewhat confusing but I will try to make the best of it.
I have these two html pages inside php includes that appear and go away under certain condi
tions.
one of those pages is just la long list with a bunch of <a#> tags. And is displayed by default.
So if I was on the main page I would see this long list on the right and on the left I would click a link say "K"
and so the page would jump down on the list to where #K is, changing the address of the page from
abc.htm to abc.htm#K.
Now say I want to do something else. I click a different link. An href that looks like this.
<a href=abc.htm?name=test>test</a>
I have some php code that says as long as $_GET is NOT SET. It loads the long list above, which of course happens by default when $_GET does not yet exist. I continue the php code to say if it is set, say for example
else if ($_GET[ 'name'])=='test') include "xyz.htm")
this will take away that long list and put the new page in its place.
This will now change the link from abc.htm#K to abc.htm?test.
But what happens if I click one of the anchor links on the left again. Say K.
Now instead of the page being abc.htm#K it is abc.htm?test#K. In effect it still loads the list but the content from the else if include above , xyz.htm is still on the page.
-
This is really more of an html question but involves php.
Is it possible to put a page within a page using a php include without the use of frames?
Something like this
//page1.htm
This is the page that should include another.
<div align: right>
<?php include("page2.htm")?>
</div>
//page2.htm
This is the page that goes in the first
-
Still need some help. On the second page after inserting the new record I do the following.
$var="set";
echo "<a href=\"addStudent.php?val=$var\">Add Student</a>";
The variable gets sent to the first page and I do an if statment to unset the sesssions and it works. However if I leave the page and come back into the form, it resets because the condition evaluates to false because it is not retaining the get value and it repopulates the form again. Is there a special function in php to handle this problem
<?php include("code1.php"); $value=$_GET['val']; if($value !="set") { $fname=$_SESSION['first']; $lname=$_SESSION['last']; $phone=$_SESSION['phone']; } else { unset($fname); unset($lname); unset($phone); } echo '<form action="checkaddStudent.php" method="post">'; echo 'Student ID: <input name ="sid" type="text">'. "<br />"; echo 'First Name:<input name="first" type="text" value="'.$fname.'">'."<br />"; echo 'Last Name:<input name="last" type="text" value="'.$lname.'">'. "<br />"; echo 'Phone Number:<input name="phone" type="text" value="'.$phone.'">'."<br />"; echo 'Password: <input name ="pwd" type="text">'."<br />"; echo "<br />"; echo '<input name="Submit1" type="submit" value="submit" />'."<br />"; echo "</form>"; echo "<br/>"; echo "<a href=\"admin.php\">Admin Page</a>"; ?> -
Ignore, accidental post
-
I have a form which uses sessions. When it is submitted to the next page it checks if the data is valid. If it is not is comes back to the form with the correct fields filled out and the incorrect fileds blank. However if the data is submitted correctly and the user returns to the form at a later point, the information is still in the form.
Here is the form
<?php include("code1.php"); $fname=$_SESSION['first']; $lname=$_SESSION['last']; $phone=$_SESSION['phone']; echo '<form action="checkaddStudent.php" method="post">'; echo 'Student ID: <input name ="sid" type="text">'. "<br />"; echo 'First Name:<input name="first" type="text" value="'.$fname.'">'."<br />"; echo 'Last Name:<input name="last" type="text" value="'.$lname.'">'. "<br />"; echo 'Phone Number:<input name="phone" type="text" value="'.$phone.'">'."<br />"; echo 'Password: <input name ="pwd" type="text">'."<br />"; echo "<br />"; echo '<input name="Submit1" type="submit" value="submit" />'."<br />"; echo "</form>"; echo "<br/>"; echo "<a href=\"admin.php\">Admin Page</a>"; ?>The page the form goes to
<?php include("code1.php"); function is_valid($text) { return preg_match('/^[a-zA-Z][a-zA-Z\d%#~]{5,}$/', $text) && // starts with a letter, followed by 5 // characters in the set [a-zA-Z\d%#~] preg_match('/\d/', $text) && // contains a number preg_match('/[a-z]/', $text) && // contains a lower case letter preg_match('/[A-Z]/', $text) && // contains an upper case letter preg_match('/[%#~]/', $text); // contains one of %, # or ~ } $conn=mysql_connect("localhost","fierm","13183"); if(!$conn){ echo "failed"; } else{ mysql_select_db("fierm"); $StudentID = $_POST["sid"]; $FirstName=$_POST["first"]; $LastName=$_POST["last"]; $Phone=$_POST["phone"]; $Password=$_POST["pwd"]; $_SESSION['first']=$FirstName; $_SESSION['last']=$LastName; $_SESSION['phone']=$Phone; $_SESSION['admin']['admins']; $_SESSION['admin']['adminpass']; $var = is_valid($Password); $result=mysql_query("select studentID From Student Where studentID = '$StudentID'"); $cou=mysql_num_rows($result); echo "$cou"; if($cou>0) { echo "Student ID already exists, return to ADD Student"; echo "<a href=\"addStudent.php\">Add Student</a>"; } elseif($var==true){ $fname=ucfirst(ltrim($FirstName)); $lname=ucfirst(ltrim($LastName)); $result=mysql_query("Insert into Student (studentID,lastName,firstName,phoneNUM,password) Values ('$StudentID','$lname','$fname','$Phone','$Password')"); echo "New Student Was Added"; echo "<br />"; echo "Return to Admin Page"; echo "<a href=\"admin.php\">Admin Access</a>"; } else{ echo "Password was invalid, Return to add student"; echo "<a href=\"addStudent.php\">Add Student</a>"; } } #end if ?> </body> -
What am I doing wrong.
<?php mysql_connect("localhost","fierm","13183"); $dbc = mysql_select_db(fierm); mysqli_autocommit($dbc); mysqli_query("BEGIN"); $result = mysqli_query("Update Bank set balance='5000.00' where accID='6'",$dbc); echo "here"; if($result){ echo "table updated"; mysqli_commit($dbc); } else{ mysqli_rollback($dbc); } ?> -
It is still not working, but I should have mentioned that the page now loads blank which inicated a syntax error. I copied your code exactly, are you sure there is no error in your code.
-
That did not work. Could it be due to the type of database I am using.
-
My table is not updating why?
Here is the create table stuff
mysql> create table Bank(
-> accID int not null,
-> balance float (10,2) not null,
-> Primary Key (accID));
Query OK, 0 rows affected (0.06 sec)
mysql> Insert into Bank (accID,balance) values (6,1000.00);
Query OK, 1 row affected (0.01 sec)
mysql> Alter table Bank ENGINE=innoDB;
Query OK, 1 row affected (0.06 sec)
Records: 1 Duplicates: 0 Warnings: 0
mysql> Set autocommit=0;
Query OK, 0 rows affected (0.00 sec)
Here is the code:
<?php mysql_connect("localhost","fierm","13183"); mysql_select_db(fierm); mysql_query("BEGIN"); $result = mysql_query("Update Bank set balance='5000.00' where accID='6'"); echo "here"; if($result){ mysql_query("COMMIT"); } else{ echo "failed"; } ?> -
Why does this function not work
<?php function string($string) { $x=strlen($string); if($x>=6){ return true; }else{ return false; } } $words="This is a String"; string($words); ?> -
Thank you that did it.
function to pass link "text" as variable
in PHP Coding Help
Posted
Awesome, thanks!!!.