dannyb785
-
Posts
544 -
Joined
-
Last visited
Posts posted by dannyb785
-
-
if 'site_users' is the name of the table, and it's the only table you're using, don't use site_users.column_name. Just do the column name for example: site_users.su_f_name='$f_name' turns into su_f_name='$f_name'.
I'd also say make for sure that $su_id is set to the number it's supposed to be
-
youd do a query for the row id like
<?php $id = addslashes($_GET['id']); $result = mysql_query("SELECT * FROM Table WHERE id='$id' "); if(mysql_num_rows($result) == 0) // do INSERT query to create a row else // do whatever function to $id ?> -
nothing?
-
Hey all,
My client's site is entirely database driven, so I know I can search thru all of their pages and whatnot for links that are listed. My question is, what would be the most efficient way to check for broken links?
-
Input Type Password Autocomplete Enabled
Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.
The impact of this vulnerability
Possible sensitive information disclosure
How to fix this vulnerability
The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >
also make sure both the POST and GET variables are filtered wsith mysql_real_escape_string(),trim() and strip_tags()
i say this because i am detecting SQL and XSS injection
Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?
Def. a good idea, and I would suggest you take it a tiny step further and instead of doing the same 3 functions each time, just make a function called something like escape_text() that takes in the $_GET or $_POST variable and returns the escaped text. It'd just make it a little easier
-
Even IF there was a better way, albeit a complex query, don't you agree it's a good sacrifice to take up just a tiny bit more space if the method you're using makes it much easier for you to manage?
The complexity of that query is non existent it is using mysql how it is designed. A quality query is always a better option than storing an extra varchar field.
Image storing date for this forum unneeded for each thread. you are talking literally 100k dates. It adds up building optimized in the beginning saves you in the end.
If you want to see complex queries they can be shown Join querys are the way mysql is meant to be used.
You're definitely not wrong, but at this guy's current state of experience and knowledge, it's better to use up a little more space and know exactly what he's doing and then down the road after he's learned more he can optimize his queries to use up better resources
-
I've searched quite a bit for good php calendars and came up empty, so I ended up just coding my own.
+2. They're easier to modify if you've done all the coding yourself. And if you know a basic amount of php, isn't hard to do
-
i know your pain. i just figured this out like a couple weeks ago. So first off you must have apache, mysql, and php installed. i prefer xamp.
this would take me forever to explain it step by step. i started by googling it and then worked my way from the scripts they provided. BEFORE YOU START TRYING TO PROGRAM IN PHP AND MYSQL you really should know some php. Google php tutorials.
By talking about apache and whatnot, I realize the extent of vagueness of the original post. Can you tell us if you have a hosting account? and if you do, is it shared, vps, or dedicated? If not, then I suggest looking up some books for php beginners.
-
But how do i define the str_shuff?
do you even know what it's supposed to do? Or did you just make it up? Or perhaps you read it from somewhere? Anytime it says variable not defined, it means that it's not a variable in PHP's library of functions and therefore something made up, which you need a definition( by doing "function FUNCTIONNAME() { // stuff } ") in order for it to even do anything.
-
First you need a database with a Table of users(or just one users, if needed). The table needs a user_id, user_login, and user_password column(among others, depending what you want).
So then you make a form(between <form> tags) that has an input field for the username and password, and a submit button(which goes to a processing page).
Then in the processing page, you need to do session_start(); then you do a query to the database to check for the username/password combination that is given. If there is no match, you redirect back to the login page and give an error message. If there is one found, then you redirect to home or wherever you want the user to be directed to.
Before redirecting, you also need to setup some session variables to indicate that the user is logged in. I always have a $_SESSION['logged_in'] variable which I set to the value 1, and I make a function logged_in() which check that the $_SESSION['logged_in'] variable is set to 1, and if so then return true. So then, every page that you someone must be logged in to go to, you start the page with "if(!logged_in()) header("Location: login.php"); else // user is logged in so do whatever you need.
The thing you have to remember is have session_start(); on every single page that the user will be navigating to. If you forget to, then once the user goes to the page, all session info and variables will be lost and then if the user tries to go somewhere that he needs to be logged in with, it won't allow him.
I'm not gonna type all the code out for you(wayyy too much stuff to setup), but now that I've typed it, perhaps others can modify my instructions for better techniques than I said. But it's up to you to type out the code(unless you wanna pay someone to do it, but then what's the point?)
-
^ lol 2nded. Sometimes people don't even read the error messages. If they just would read it and see the line it's at, 95% of them would figure it out themself
-
when you say it doesn't work, what's it not doing that it should? and where is the code where you first call the function?
-
no no no. Are you using a database? If so, it's counter-productive to make a different page for each painting. Database uses like this are there so that you only need one generic page that displays any painting. Why even do a query on the page if the page id1.php will only ever get painting 1's info? You get to supply the painting id in the address(like I said before) and then just grab the respective id from the database and the info will be ready for you to display.
-
you are storing a piece of data un needed
lol I love how you make a post that is saying basically "you're wrong in what you did" without posting even so much as a hint of a better method.
Even IF there was a better way, albeit a complex query, don't you agree it's a good sacrifice to take up just a tiny bit more space if the method you're using makes it much easier for you to manage?
-
"Everything that PHP and C both can do, PHP does better"
Wouldn't that be a bit of a paradox since PHP is written in C?
I guess that could be looked at in two ways. Something could be better than something from which it came, but in another sense, PHP owes its everything to C.
PHP just makes everything easier to account for, and manipulate. Since it takes care of data types for you automatically, there's no worrying about making sure everything is declared correctly and for each scenario, you just modify on the fly. I suppose you could say PHOP is the lazy man's C(not that it's a bad thing)
-
Personally I prefer PHP because I don't want to specify void, static, integer, string, boolean, decimal, float or any others.
After 4 years of engineering classes and having hundreds of errors that are related to types, it's refreshing to not have to declare anything. PHP is a gift from the programming Gods. Everything that PHP and C both can do, PHP does better(note, I did not say that PHP is better overall, just better at doing things that they both can).
-
Ok, well remember, when you're displaying info that can change as the user sees fit, you will be using $_GET variables which are found in the address bar after the file name. for example: if you have index.php?id=1, within index.php, you will have one variable in the $_GET array which is $_GET['id'].
So for you, to view a specific painting, you will have a separate page that displays the painting info(or the same page, doesnt matter) and attached to the viewpainting.php or whatever, you'll have &id=NUMBER where NUMBER is the painting's id.
So what you need to do is get the specified variable with something like $id = addslashes($_GET['id']); Then you'd do the query and have WHERE id='$id' And lastly, you have to run the $row = mysql_fetch_assoc($result) after doing the query. This converts the raw query data into an array named $row. THEN your code should work. Test it out by doing your viewpainting.php?id=1 but if you dont have a painting with an id=1 then it wont find any rows. So you're going to need further checks to make sure it's a valid painting(worry about that later). Give it a try and make sure to post your code if you have trouble.
-
So what you are saying is, I should store the last post time in there as well. Hmm. That sounds like a good idea!!
Yep! I think I might also have the last poster.. can't remember.. but yeah it's pretty easy, you just gotta make sure you update the topics table when a new post is made. Also remember to account for if a post is deleted in the topic, that if it was the most recent post that you update the topic row accordingly
-
have you tested this code in a browser yourself? I tried IE and FF and it appears to be just fine(the td and the input are the same width)
-
This is my first time using PHP and when I test the form online, I get the following error. Any suggestions?
Parse error: syntax error, unexpected '@' in /mnt/w0106/d00/s28/b02d7599/
This is my simple code:
?php
$name = $_REQUEST['name'] ;
$organization = $_REQUEST['organization'] ;
$email = $_REQUEST['email'] ;
$telephone = $_REQUEST['telephone'] ;
$date_required = $_REQUEST['date_required'] ;
$checkbox_adult = $_REQUEST['checkbox_adult'] ;
$adults = $_REQUEST['adults'] ;
$checkbox_children = $_REQUEST['checkbox_children'] ;
$children = $_REQUEST['children'] ;
$leaving_from = $_REQUEST['leaving_from'] ;
$destination = $_REQUEST['destination'] ;
$return_to = $_REQUEST['return_to'] ;
$time_departure = $_REQUEST['time_departure'] ;
$time_return = $_REQUEST['time_return'] ;
$additional_info = $_REQUEST['additional_info'] ;
$checkbox_email = $_REQUEST['checkbox_email'] ;
$checkbox_telephone = $_REQUEST['checkbox_telephone'] ;
mailto (name@website.ca, "Quote Request",
$message, "From: $email" );
header ( "Location: http://www.website.ca/thankyou.html");
php?>
I take it you're new, and that's fine and all (we all were once), but I see tons of threads where the error message said either "unexpected symbol" and it gives the symbol, and all it took was looking at the code for that symbol and seeing the error easily. Or it'd say "error on line 41" and there'd be a majorly obvious messup. All I'm saying is that problem solving is always trial and error with php and I'd high recommend trying to fix the problem by yourself(spend a good bit of time) before making a thread about it.
-
For my message boards, each row in my 'Topic' table has a 'last_post" column which gives the date(in strtotime() format) of the last post. So when someone makes a post, I update the 'Topic' row with the new value. Then when I'm showing topics in whatever section, I do "ORDER BY last_post DESC"
-
First off, if you're indexing your paintings by 01, 02, etc you're making it more complicated than necessary. Just set the painting id to primary and auto_increment and make it a type INT. That's one thing..
secondly, if you're grabbing just one painting and you know the id, you'd just do something like:
$result = mysql_query("SELECT * FROM painting WHERE id='$id' "); if(mysql_num_rows($result) == 0) echo "no painting found"; else { extract($row); // all row variables are now ready to be processed }I almost always do the extract() function, but you don't have to. If you didn't know, extracting makes it so that the column name in the rows become variables. So if you had a column 'price' then once you do extract(), there will be a variable $price with the value in it. If you don't want to extract, just do $row['price'] for the same thing.
-
if you search for "LIKE '%some word%' " every row that is fetched should have "some word" in it. Are you saying that if a user types "some word" that you want it to search for both "some" and "word" separately? Or do you wanna just make sure the rows searched have both "some" and "word" but not necessarily next to eachother?
-
definitely sequel.
Why "definitely"?
it's easier to say. And to me, saying each letter S Q L sounds too nerdy
Lol... we're talking about an RDBMS (I wonder what kind of weird pronunciation you'll assign this acronym - and yes, I do pronounce all the individual letters in that one) here. How can you talk about it in a non-nerdy context?
lol some of you all take things too seriously.
[SOLVED] Saving sessions
in PHP Coding Help
Posted
if you're having questions about hackers hijacking sessions... or if you need to keep track of them for a certain reason, then yes. Otherwise, if you have no use for them, no need to keep track of them