CloudSex13

Hi all, Thanks for reading. I have this code: $message = strip_tags($_POST['message'], '<p><strong><em>'); My question is however, is there a way that I could disable the onmouseover features in those tags? Thank you.

Is that a forbidden variable? Is this a moment?

Okay guys, check this out. So my POST variable was named "search", right? I changed the name of it to something else (and the PHP variable) and now everything works perfectly!

@gizmola I ran the query in phpMyAdmin and all the accounts showed up. It's definitely not a whitespace error it seems. How would I check to see if it's myisamchk? It's definitely the MyISAM format. Thanks to everyone for their suggestions so far.

@jdavidbakr Yes, I originally had them sanitized. But I limited my code to see if they were causing an issue. When I echo the $search variable, it returns the correct entered data (e.g. entered in "Bob Jones", "Bob Jones" is outputted. When I echo out the query, I get "Resource id #11". Additionally, there is no MySQL_error. @Rifts I want a result to simply echo the name in a database if it's found, so simply "Bob Jones" if "Bob Jones" if found. However, "Bob Jones" is in the database and is not being echoed for some odd reason. However, the first 4 names before "Bob Jones" are being echoed properly on search. Additionally, I tried to simplify my code as I stated above, so $results = 1 was a leftover nothing. Thanks for the tip to remove. @Pikachu2000 I ran the results in phpMyAdmin and they were indeed found. When running a name that displays, I received this with the var_dumps: string(16) "Name: John Jones" | string(10) "John Jones" When running a name that doesn't display, I get: string(50) "Your search returned no results. Please try again." | string(4) "Badd"

Hi all, Thanks for reading. I'm hella frustrated at this script I wrote: for some reason, it will not work correctly. Basically, it works. The first 4 names in the table on the database show up when searched. But, anything past these four names in the database will not show up as a result when searched! I'm pulling my hair out here! It's really simple - take a gander: if (isset($_POST['submit'])) { $search = $_POST['search']; $searchQuery = mysql_query("SELECT * FROM Accounts WHERE FullName='$search'"); if (mysql_num_rows($searchQuery) == 0) { $result = "Your search returned no results. Please try again."; } else { $results = 1; while ($getSearchResults = mysql_fetch_array($searchQuery)) { $fullName = $getSearchResults['FullName']; $result = "Name: ".$fullName.""; } } } ?> ...and the HTML form... <form action="search.php" method="post"> <p>Search: <input type="text" name="search" size="35" maxlength="100" /></p> <p><input type="submit" value="Search" name="submit" /></p> <?php echo $result; ?> </form> Does anyone have any ideas?

After further thought, the above probably only displays the happenings already displayed because the <div> ID is the same, however, I plan to implement pagination for all the happenings and would need all these in that one <div>. Hope that helps to clarify.

I came up with an idea of adding a field to the Happenings table in my database called HappeningTodayDisplayed. If it's set to 1, then the auto-refresh script should not fade in/out. But, if HappeningTodayDisplayed is set to 0, then is should fade in/out. I placed these queries separately in the getrows.php file using the GET method, and have links like the following: <script type="text/javascript"> $(document).ready(function() { $("#responsecontainer").load('getrows.php?alreadydisplayed'); var refreshId = setInterval(function() { $("#responsecontainer").fadeOut("fast").load('getrows.php?justadded').fadeIn("slow"); $("#responsecontainer").load('getrows.php?alreadydisplayed'); }, 5000); $.ajaxSetup({ cache: false }); }); </script> However, I'm frustrated to see this only displays the events already displayed...

Hi all, Thanks for reading. I'm running a script using jQuery that auto-refreshes a <div> on the index page from an external PHP script to get all the rows in a database and display them on the index page. The script works great - here it is as follows: <script type="text/javascript"> $(document).ready(function() { $("#responsecontainer").fadeOut("fast").load("getrows.php").fadeIn("slow"); var refreshId = setInterval(function() { $("#responsecontainer").fadeOut("fast").load('getrows.php').fadeIn("slow"); }, 5000); $.ajaxSetup({ cache: false }); }); </script> The getrows.php script I'm working with looks like this: <?php $rowsQuery = mysql_query("SELECT * FROM Happenings WHERE HappeningDate='$today'"); if (mysql_num_rows($rowsQuery) == 0) { $happeningsToday = "There are no happenings today."; } else { $allHappeningsToday = 1; while ($getHappeningsToday = mysql_fetch_array($rowsQuery)) { $happeningName = stripslashes($getHappeningsToday['HappeningName']); $happeningDate = $getHappeningsToday['HappeningDate']; $happeningDescription = $getHappeningsToday['HappeningDescription']; if ($allHappeningsToday == 1) { $happeningsToday .= " <div class=\"box\"> <p>".$happeningName." | ".$happeningDate." | ".$happeningDescription." </div>"; $allHappeningsToday = 2; } else { $happeningsToday .= " <div class=\"box\"> <p>".$happeningName." | ".$happeningDate." | ".$happeningDescription." </div>"; $allHappeningsToday = 1; } } } echo $happeningsToday; ?> This script works great as well. Currently, the auto-refresh jQuery script as you can see if getting and fading in/out all of the rows. Off of the above getrows.php script, is there a way after I could get only the newly created rows since the last refresh and only fade those in and out while leaving the others already loaded by the auto-refresh script to not fade in/out? Any ideas, thoughts or suggestions would be unbelievably helpful. Thank you very much.

Thanks for the tip!

MasonPrice, I really, really, really want ribs now. Darn. Anyway, thanks very much for the coding example. It's really spawned some great ideas on how I can approach the situation. Thanks again!

Thanks for your reply, MasonPrice. In a nut-shell, yes. But I'm looking to add some sort of Session variable to prevent duplicate profile views. I don't want a user to be able to refresh they're profile and be able to add a count to it. Maybe I could prevent the user from doing this. Basically, a guest browser (someone without an account) - the session profile view should increase each visit. Any suggestions and ideas are welcome. Thank you!

Thanks for explaining that out to me, Pikachu2000. I really appreciate that. If anyone else has any sort of suggestion as to how I can approach my profile views script, please feel free to let me know. I've begun the process of pulling my hair out. x.x

I mean, should a session variable do the trick, or would anyone have any better ideas they could point me in the direction of?

Thorpe, I tested the idea just now and realized it's not what I'm looking for. I'm looking for user's to be able to access their profile from a link like this one: http://www.example.com/userscustomurl Right now, they can access their profile from a link like this one: http://www.example.com/profile.php?id=1001 If you or anyone else has any further ideas how I could make this happen, please let me know. I appreciate your help!

Thorpe, Thanks for your reply! That makes perfect sense, and it's so simple. Thanks again.

Hi, I've been searching the web for a way to make the mod-rewrite rule work with custom URL's that the user picks. I found one to shorten the page to just the user ID... RewriteEngine On RewriteRule ^([^/]*)$ /userprofile.php?userid=$1 [L] ...but I was hoping to get it to work with a custom URL a user has picked. For example, a user's profile link is userprofile.php?userid=1001. They've picked "example" to be their custom URL, so the URL now would be www.example.com/example, which be a mask for userprofile.php?userid=1001. This custom URL they picked would be stored in the database under their account. Would anyone have any ideas? Thank you!

Pikachu2000, Thanks very much for the help. That certainly does make sense... I didn't consider that the user could do SQL injection or something bad like that into the URL. I do have a question about your code for learning purposes. I tried Googling it, but it didn't seem to help. Where you have... $userID = (int) $_GET['userid']; What does the (int) do? Thank you.

Was having a blank on how to get the ID. This should do it, right? $userID = $_GET['userid']; ...and $userID would be what I'd need to use in the mysql_query strings?

Hi all, I'm trying to create a PHP script for user's profile to display the amount of times they've been viewed. I'm looking to have this script increase on a unique view, and it should update the variable in the database. Profiles are accessed by the following link: userprofile.php?userid=X (where X is the ID, e.g. 1, 2, 1001, 345982, etc.). The database variable I'm looking to update is called ProfileViews. I began developing the script, which is as follows: $_SESSION['Viewed'] = 0; if ($_SESSION['Viewed'] == 0) { $profileViewsQuery = mysql_query("SELECT ProfileViews FROM Users WHERE UserID='????'"); $getProfileViews = mysql_fetch_array($profileViewsQuery); $profileViews = $getProfileViews['ProfileViews']; $profileViews = $profileViews + 1; mysql_query("UPDATE Users SET ProfileViews='$profileViews' WHERE UserID='????'"); $_SESSION['Viewed'] = 1; } However, I'm stumped on a couple things. Could you possibly help me out? 1. How can I get the script to recognize the link accessed's ID? E.g. when a user goes to userprofile.php?userid=1001, how can I get the script to identify the ID to update should be 1001? This is where the "????" would be replaced in the code. 2. On page load, the variable is always going to be $_SESSION['Viewed'] = 0, which isn't going to produce unique hits. Do you have any recommendations how I could achieve unique hits using this method? Thanks very much for reading.

Thanks very much! I now understand.

BlueSkyIS, AbraCadaver: Brilliant replies - thank you kindly for the suggested feedback! Additionally, the PHP.net manual seems to state that Magic Quotes are now deprecated. Is this still the most efficient way to manage secure POST variables? I'm sure I'm just missing something, as my knowledge with "Magic Quotes" is limited. Ref: http://php.net/manual/en/security.magicquotes.php Thank you again.

Hi all, Thanks for reading. I'm developing my first website with user registration, login, and account settings, and I was wondering what the best way would be to prevent the site from security flaws, SQL injection, etc. I've read up on it, but, as an example, would the following be suitable? $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); I guess what I'm asking is, is the above normal? Is there a simpler way to make input from the user secure? Thank you.

Thanks, dawg. Here's the code I found online if you're using a Linux machine: Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^example.(.*) RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Hi, thanks for reading. I have a website, let's call it www.example.com. When www.example.com is accessed, a user can log in to the site and it will set a PHPSESSID session cookie. My session cookie code is: session_start(); session_regenerate_id(); $_SESSION['username'] = $username; $_SESSION['accountid'] = $accountid; $_SESSION['loggedin'] = true; header("Location: main.php"); die(); When the cookie is set, the host parameter of the cookie is: www.example.com When a user goes to example.com and logs in, a session cookie is set, but the host parameter of the cookie is: example.com A user can log into www.example.com and example.com with two separate sessions, and this screams insecure. Could anyone suggest a way to only have the session cookie be set for www.example.com? Thanks if so.