hoopplaya4

Hi all, I have just a basic question: Can a MySQL Injection (of any sort) be used to modify/append code to an existing PHP file on one's server? For example, I found an extra line of code on a few php files on my test server which created an iframe (1x1 in size) pointing to a fake mirosoft site. Not sure if this is a co-worker pranking or result of MySQL injection. Thanks.

Hi all, I'm wondering if anyone can provide some direction (or recommend a good tutorial) on creating a catchall (not sure if this is what it's actually called) that can add information to a database. For example, a user is sending an email to a client and decides to cc: "catch@mydomain.com" When received, this would add the text to a database that could be saved Any ideas on how to implement this? Thanks.

Hey PFMaBiSmAd, That conversion you gave me worked perfect. Thanks for bringing that to my attention!

Sorry, id is an issue as well. In the database, "id", "start", and "end" are all INT (15) column types. I did notice this on the PHP: json_encode (http://usphp.com/manual/en/function.json-encode.php#86513) page. So, perhaps I need some help writing a function that recognizes the "id" "start" and "end" fields prior to encoding. Just not sure where I'd start with that.

Hi All, I'm currently querying my database to encode into json array. If I hard-code the JSON array (without using any database), this is what it should look like: <?php echo json_encode(array( array( 'id' => 201, 'title' => "My Title", 'start' => 1244941200000, //notice there are no "quotes" around numbers. 'end' => 1244947500000, //notice there are no "quotes" around numbers. 'details' => "Details", 'location' => "Location" ), )); What I am currently using to grab the data from the DB and encode in a json array is: <?php $sql = "SELECT * FROM event"; require("connection.php"); $result = mysql_db_query($DBname,$sql,$link) or die(mysql_error()); $rows = array(); while($r = mysql_fetch_assoc($result)) { $rows[] = $r; } print json_encode($rows); Now, this works fine, however, it is printing my 'start' and 'end' fields as strings (as if they had quotes around them). How would I output it without the "quotes"? Or should I go about this a different way? Thanks very much!

Hi All, Does anyone know of any online applications (preferably PHP and open source) that will help with inventory management of technical equipment? I am looking for something with the following: 1) Track current inventory of equipment that can be rented out to end users. 2) Front end where users can make requests to rent/check-out equipment for an extended period of time, e.g.-- a user can reserve a camcorder for June 15, from 10am - 12pm. Thanks!

Thanks for the help, however, I am getting the following error: Parse error: syntax error, unexpected T_DOUBLE_ARROW Line 33 [referring to the line: foreach ($timeOfDay => $amOrPm) ] Any ideas?

Hi All, I'm creating a calendar and when a user adds an event, they have the ability to select (from a <select> box) a start time and select from another box an end time. I have one quick question: 1) What is the easiest way to code in the values in fifteen minute incrementals? In other words, instead of doing the following: <select> <option value="12am">12:00 AM</option> <option value="12:15am">12:15 AM</option> <option value="12:30am">12:30 AM</option> <option value="12:45am">12:45 AM</option> ... so on How could I use PHP to take up less space? Thanks!

Thanks for the reply, premiso. I'll probably create a download script.

Hi All, I've got a current website where users login, and then have the ability to upload files for other members of the website. When a user uploads a file, it is uploaded to http://www.mydomain.com/secure/uploads/abc.doc My question is: How do I make these files secure (ex. abc.doc) so that they can only be downloaded by members of the site, and not some random person who happens to make a google search for "abc.doc" and happens to come across my site. Thanks!

Got it figured out! Here's the statement I used: UPDATE profilePics SET def = '0' WHERE filename = ( SELECT filename FROM ( SELECT * FROM profilePics ) AS temp WHERE usrID = '25' AND def = '1' ) Thanks everyone.

Thanks for the help mrMarcus. This has certainly cured my syntax issue!! But, I'm now getting the following MySQL error: You can't specify target table 'profilePics' for update in FROM clause I'm not sure what this means off-hand. If anyone does, that'd be great. Otherwise, I'm gonna see what I can find. Thanks again!

Thanks for the reply Ober, I tried your example verbatim, and I'm still getting the same syntax error. So this time, I tried removing the or die altogether: <?php $data = mysql_query("UPDATE profilePics SET def='0' WHERE filename= (SELECT filename FROM profilePics WHERE usrID='$usrID' AND def='1'")); And with this one, I am still getting the same error as well. :-\

I'm having some difficulty with the Syntax on this statement: <?php $data = mysql_query("UPDATE profilePics SET def='0' WHERE filename= (SELECT filename FROM profilePics WHERE usrID='$usrID' AND def='1'")) or die(mysql_error()); I get the following error: What am I doing wrong here? Thanks!

Hey crayonviolent, thanks for the reply. I just figured that out as you were posting. I wasn't giving it a filename. Thanks.

Thanks for the reply. Okay, so I've added/modified the code to the following: <?php $save_file = "/home/username/public_html/jcrop/saved"; imagepng($dst_r,$save_file,$jpeg_quality) But, it is not saving to the "saved" folder. This folder is set to 777 permissions. All it does is load the page, and then display the URL: http://www.mydomain.com/jcrop/crop.php (Interestingly, I cannot copy/paste this text. Not sure what I'm doing wrong here. Any ideas?

Hi All, I'm currently using jCrop, a jquery tool to crop images. I have no problems cropping the image, however, I'm not sure how I would save the image to a certain directory. Here is my current code which exports the PNG file and displays it, but I'd like to save it to a directory: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $targ_w = $targ_h = 48; $jpeg_quality = 90; $src = 'demo_files/flowers.jpg'; $img_r = imagecreatefromjpeg($src); $dst_r = ImageCreateTrueColor( $targ_w, $targ_h ); imagecopyresampled($dst_r,$img_r,0,0,$_POST['x'],$_POST['y'], $targ_w,$targ_h,$_POST['w'],$_POST['h']); header('Content-type: image/jpeg'); imagepng($dst_r,null,$png_quality); exit; } ?> Would I need to use fwrite? If so (or if not), how would I implement it into my current code? Thanks.

What I've tried is this: <?php $start= "08:00:00"; $end= "10:00:00"; $dow = "Monday"; $sql = "SELECT * FROM table WHERE start>= '$start' AND end<= '$end' AND dayofweek= '$dow'"; However, this does not work, because someone who has the following schedule: 22 07:30:00 11:00:00 Monday Would not be SELECT'd from the db. Thus, the results would be somewhat skewed. Any ideas? ???

Thanks all! Last method worked perfect for me.

How would I go about removing the last comma in the following code: <?php $sql = "SELECT * FROM tblUsers"; require("../connection.php"); $rs=mysql_db_query($DBname,$sql,$link) or die(mysql_error()); while($row = mysql_fetch_assoc($rs)) { $users = $row['usrID']; echo $users; echo ","; } It outputs: 1,4,6,8,9, However, I need to remove the last comma, and I'm not sure how to do this within a "while" statement. Thanks.

Okay, so what I've been finding is that the method that was provided, in a sense, does the opposite of what I'm trying to do. All of my database entries are "busy" times, so thus, the returned entries from the array are people that already have appointments. I'm trying to find times that they're open. Would I have to do a SQL query within the query to return the users that have openings? I'm a bit lost, and trying to think how I could achieve this. Thanks.

Hi Ayon: Thanks for the reply. I'll play around with that notion and see if I can get it to work. I'll post back if I can find anything or have some issues. Thanks for the idea!

Hello Everyone, I need some help here on how to determine the logic/syntax/math to SELECT a value from my MySQL database based a on a few parameters. My MySQL DB consists of the following 4 fields: usrID, Start, End, and DayofWeek. Essentially, these are appointments for specific users at any given time. For example, the DB might have the following values: usrID Start End DayofWeek 22 08:30:00 08:45:00 Monday 25 11:35:00 12:22:00 Wednesday 22 14:30:00 15:30:00 Saturday 21 21:10:00 23:45:00 Sunday Now, what I'm trying to do, is, let's say I have a form that I can submit, and I want to see what user is available on Monday between 8:15am and 8:55am on Monday. I would like the data to display back that user 25 and 21 are available. (22 is not because he's booked from 8:30-8:45 on Monday). Does this make sense? Any tips on getting off the correct way? Thanks!

Any ideas?

Hey All, I'm currently trying to create a PHP calendar. Everything is going great so far, but I am having issues figuring out the logic for events that "wrap" or overflow to the next week below (for events that are multiple days). The basic structure of the code is using <DIVS>, each consisting of a day. For example, <div id="day1">, <div id="day2">, etc... Then, the displayed events are <DIVS> within the day <DIV>. Here's the code showing the basic structure: (some parts have been removed to save space on this post): <?php $events = mysql_query("SELECT * FROM event WHERE month = '$month' AND year = '$year' ORDER BY starttime"); function isMultiDay($event) { return $event['day'] != null && ($event['dayend'] - $event['day'] >= 1); } while ( $event = mysql_fetch_array($events) ) { $event_type_id = $event['event_type_id']; $event_type = mysql_query("SELECT * FROM event_type WHERE id = '$event_type_id'"); $event_type = mysql_fetch_array($event_type); //SET UP Database Entries in MM/DD/YY Format $startDate = $event['month']."/".$event['day']."/".$event['year']; $endDate = $event['monthend']."/".$event['dayend']."/".$event['yearend']; if ( ($event['day'] == 1) && (!isMultiDay($event)) ) { $day[0] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\'>'.$event['name'].'</div></div>';} if ( ($event['day'] == 1) && (isMultiDay($event)) ) { $day[0] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\' style="width:'.$dayLength.'%;>'.$event['name'].'</div></div>';} if ( ($event['day'] == 2) && (!isMultiDay($event)) ) { $day[1] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\'>'.$event['name'].'</div></div>';} if ( ($event['day'] == 2) && (isMultiDay($event)) ) { $day[1] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\' style="width:'.$dayLength.'%;>'.$event['name'].'</div></div>';} if ( ($event['day'] == 3) && (!isMultiDay($event)) ) { $day[2] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\'>'.$event['name'].'</div></div>';} if ( ($event['day'] == 3) && (isMultiDay($event)) ) { $day[2] .= '<div id="event'.$event['id'].'" style="height:17px;"><div id=\'header'.$event['id'].'\' style="width:'.$dayLength.'%;>'.$event['name'].'</div></div>';} //etc..... Any ideas on how to help with events overflowing to the next week? Maybe I'm doing this completely wrong, already? Thanks!