nightkarnation

Hello Barand, thanks so much for your solution! understood and applied (y) I need something very similar now but I can't seem to get it working... Based on the same type of query...I need to get the ranking this time not from a Score column but instead from the total of 2 columns (Gf and Ga) / Gf - Ga = G total... Name | Score| Type | Gf | Ga ------------------------------------------- Gustavo |10 | VsStory | 5 | 2 John |22 | VsRandom| 5 | 1 Test |3 | VsStory | 5 | 4 SELECT 1 + (SELECT count( * ) FROM highscores a WHERE a.Gf - a.Ga > b.?? AND a.type = b.type) AS rank FROM highscores b WHERE Name = 'Gustavo' AND Type = 'VsStory' ORDER BY rank I need to do Gf - Ga ... to get the highest total in this case and rank it based on that amount... I tried several ways but cant seem to understand the logic, Thanks a lot in advance!

Hey guys, Here's a simplified table... Name | Score| Type | ------------------------------------------- Gustavo |10 | VsStory | John |22 | VsRandom| Test |3 | VsStory | Here's a working query to only get the ranking of a specific user based on his score... SELECT 1 + (SELECT count( * ) FROM highscores a WHERE a.score > b.score ) AS rank FROM highscores b WHERE Name = 'Gustavo' AND Type = 'VsStory' ORDER BY rank LIMIT 1 ; but the problem I am having is that the column called Type is not respecting the Type = 'VsStory' ... for example in this query, Gustavo gives a rank value of 2...when it should be 1... for some reason Type column is not being processed to only count the VsStory values and not all the rows disregarding if its VsStory or VsRandom... Any ideas?? Thanks a lot in advance!

I run it on 82 because I have Flash Media Server running on 80. I made a mistake on the php file and actionscript was having trouble reading it back, Thanks for your reply. Cheers,

Hey guys, I am using wamp to test some php files... Currently my wamp is set up on my 82 port, so I have to reference like this: http://localhost:82/test/test.php The problem is that I am linking the php file with actionscript and actionscript doesn't allow me to use a port number, Is there another way I can type http://localhost:82/test/test.php and load it? Thanks a lot in advance!

Great! Thanks a lot!!!

Awesome, thanks a lot Adam for your kind help! I have one last question regarding this... What if the variable is only used to send an email from php, something like this: $item_name = $_POST['item_name']; //etc... $mail_Body = "testing the value of: $item_name"; mail($mail_To, $mail_Subject, $mail_Body); //etc... Should I validate $item_name in this case? Thanks a lot again!! Cheers!

Hey Guys! I have a doubt...let me put it, in a simple example... Lets say I have a variable coming from a flash application (coming from a client) going to php... $item_name = $_POST['item_name']; $item_name wont go to mysql/db so I dont need mysql_real_escape_string right? $item_name will only be used to compare it with a string value, like this: if ($item_name == 'ItemOne') { //etc... } Do I need to validate $item_name ?? if so...why? Thanks a lot in advance! Cheers,

How would I do that? :-\ Thanks again!!

Ok I understand, thanks a lot for your help! Do you think it would be difficult to add this kind of check? To be honest...I have no idea how to implement it.

Hello requinix, thanks for your reply! I tried with $SMTPChat and I get always the same value "Array" echo $SMTPChat; // = "Array" Any other suggestions? Thanks a lot!!!

Hey Guys... I have the following easy and simple script to send valid SMTP emails from php, working perfectly: include('SMTPconfig.php'); include('SMTPclass.php'); $to = $_POST['to']; $from = $_POST['from']; $subject = $_POST['sub']; $body = $_POST['message']; $SMTPMail = new SMTPClient ($SmtpServer, $SmtpPort, $SmtpUser, $SmtpPass, $from, $to, $subject, $body); $SMTPChat = $SMTPMail->SendMail(); } //but, below is the idea of what I need...to echo the result of the sent email...this is obviously not working, it says always success...how would I go to check this correctly?? if (SendMail) { echo "success"; } else { echo "error"; } Here's the SMTPclass.php for reference (if needed): class SMTPClient { function SMTPClient ($SmtpServer, $SmtpPort, $SmtpUser, $SmtpPass, $from, $to, $subject, $body) { $this->SmtpServer = $SmtpServer; $this->SmtpUser = base64_encode ($SmtpUser); $this->SmtpPass = base64_encode ($SmtpPass); $this->from = $from; $this->to = $to; $this->subject = $subject; $this->body = $body; if ($SmtpPort == "") { $this->PortSMTP = 25; } else { $this->PortSMTP = $SmtpPort; } } function SendMail () { if ($SMTPIN = fsockopen ($this->SmtpServer, $this->PortSMTP)) { fputs ($SMTPIN, "EHLO ".$HTTP_HOST."\r\n"); $talk["hello"] = fgets ( $SMTPIN, 1024 ); fputs($SMTPIN, "auth login\r\n"); $talk["res"]=fgets($SMTPIN,1024); fputs($SMTPIN, $this->SmtpUser."\r\n"); $talk["user"]=fgets($SMTPIN,1024); fputs($SMTPIN, $this->SmtpPass."\r\n"); $talk["pass"]=fgets($SMTPIN,256); fputs ($SMTPIN, "MAIL FROM: <".$this->from.">\r\n"); $talk["From"] = fgets ( $SMTPIN, 1024 ); fputs ($SMTPIN, "RCPT TO: <".$this->to.">\r\n"); $talk["To"] = fgets ($SMTPIN, 1024); fputs($SMTPIN, "DATA\r\n"); $talk["data"]=fgets( $SMTPIN,1024 ); fputs($SMTPIN, "To: <".$this->to.">\r\nFrom: <".$this->from.">\r\nSubject:".$this->subject."\r\n\r\n\r\n".$this->body."\r\n.\r\n"); $talk["send"]=fgets($SMTPIN,256); //CLOSE CONNECTION AND EXIT ... fputs ($SMTPIN, "QUIT\r\n"); fclose($SMTPIN); // } return $talk; } } Thanks a lot in advance for the help! Cheers!!

Ok Pikachu, thanks a lot for your kind help! Here's a doubt I have... In my case: $Activation_Number has numerical values (At least, numerical values are expected on the validation) but on my database the type is varchar ... should I mysql real escape it ?? I know it would be logical to change it from my database to INT type, but I am trying to undestand the difference between escaping strings or numbers... The difference of doing that is linked to the type of the field on the db, right? for ex, Username = type: Varchar (should mysqlrealescape on php...) Id = type: INT (should validate as only numeric values and use the function you told me before, right??) Thanks again!!!

safe for inserting the validated and sintetized user client input on mysql/db...

I want to strip suspicious characters thats all... And (yes) I am safe with only having letters, numbers, underscores and hyphens...though some other characters wont be stripped, which is fine with me...as long they are safe... But please let me know if the whole process is a good way of preventing malicious client input? what do u think? Thanks again!!!

Well just in case the validation went through ok and there is still some unaccepted character, the sanitization will take it out of the incoming variable going to the database?? If I am incorrect, then should I erase the sanitization process and just leave the validation and mysql escape string, is this good enough? Thanks a lot!!!

Because I read that you should validate and then sanitize for extra protection... Isnt this a good practice?

Hey Guys! thanks a lot for the help and suggestions!! I have improved a lot my script in terms of validation, sanitization... I would really appreciate if Pikachu and/or any other experienced member can tell me if I am going in the right direction: Heres the code: if(isset($_POST['Username']) && sanityCheck($_POST['Username'], 'string', 15) != FALSE) { $username = strip_tags(substr(mysql_real_escape_string($_POST['Username']),0,32)); $validation = true; } else { $validation = false; $imdoneUpdate = false; echo "imdoneUpdate=".$imdoneUpdate; exit(); } if(isset($_POST['Email']) && sanityCheck($_POST['Email'], 'string', 256) != FALSE && checkEmail($_POST['Email']) != FALSE) { $validation = true; $email=mysql_real_escape_string($_POST['Email']); } else { $validation = false; $imdoneUpdate = false; echo "imdoneUpdate=".$imdoneUpdate; exit(); } if(isset($_POST['FirstName']) && sanityCheck($_POST['FirstName'], 'string', 30) != FALSE) { $validation = true; $first_name=mysql_real_escape_string($_POST['FirstName']); } else { $validation = false; $imdoneUpdate = false; echo "imdoneUpdate=".$imdoneUpdate; exit(); } if(isset($_POST['LastName']) && sanityCheck($_POST['LastName'], 'string', 40) != FALSE) { $validation = true; $last_name=mysql_real_escape_string($_POST['LastName']); } else { $validation = false; $imdoneUpdate = false; echo "imdoneUpdate=".$imdoneUpdate; exit(); } if(isset($_POST['ActivationNumber']) && sanityCheck($_POST['ActivationNumber'], 'numeric', 11) != FALSE) { $validation = true; $activation_number=mysql_real_escape_string($_POST['ActivationNumber']); } else { $validation = false; $imdoneUpdate = false; echo "imdoneUpdate=".$imdoneUpdate; exit(); } //SANITIZATION $username = filter_var($username, FILTER_SANITIZE_STRING); $email = filter_var($email, FILTER_SANITIZE_EMAIL); $first_name = filter_var($first_name, FILTER_SANITIZE_STRING); $last_name = filter_var($last_name, FILTER_SANITIZE_STRING); $activation_number = filter_var($activation_number, FILTER_SANITIZE_NUMBER_INT); if( $validation == true ) { $result = mysql_query("INSERT INTO `login` (Username, Email, First_Name, Last_Name, Activation_Number) VALUES('$username', '$email', '$first_name', '$last_name', '$activation_number')"); } //VALIDATION SECTION //--------------------------------------------------------------------------------------------------------------- //validate string and numeric variables function sanityCheck($string, $type, $length) { // assign the type $type = 'is_'.$type; if(!$type($string)) { return FALSE; } // if there is anything in the string elseif(empty($string)) { return FALSE; } // check how long the string is elseif(strlen($string) > $length) { return FALSE; } else { // if all is well, return TRUE return TRUE; } } //VALIDATE EMAIL function checkEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } One more thing...Am I placing correctly the mysql_real_escape_string in terms of sequence/processing ? Thanks a lot in advance!! Cheers!

Sorry Pikachu, I made a horrible explanation... Here it goes again, with a detailed and simple example: ... //grab variables coming from flash in my case... (from client) $username=mysql_real_escape_string($_POST['Username']); $email=mysql_real_escape_string($_POST['Email']); $first_name=mysql_real_escape_string($_POST['FirstName']); $last_name=mysql_real_escape_string($_POST['LastName']); $activation_number=mysql_real_escape_string($_POST['ActivationNumber']); //SANITIZE filter_var($username, FILTER_SANITIZE_STRING); filter_var($email, FILTER_SANITIZE_EMAIL); filter_var($first_name, FILTER_SANITIZE_STRING); filter_var($last_name, FILTER_SANITIZE_STRING); filter_var($activation_number, FILTER_SANITIZE_NUMBER_INT); $result = mysql_query("INSERT INTO `login` (Username, Email, First_Name, Last_Name, Activation_Number) VALUES ('$username', '$email', '$first_name', '$last_name', '$activation_number')"); ... Now my question is the following, Am I sanitazing client input correctly? Am I inserting the data that is coming from my clients safe for my queries?? Thanks a lot for any suggestions!!!

Hey Guys... I have a simple question, I want to sanitize a simple string that can have standard letters from a-zA-Z numbers 0-9 and these two characters -_ I am testing the following: $var="<b>Peter_13-<b>"; var_dump(filter_var($var, FILTER_SANITIZE_STRING)); But that turns $var to echo: string(17) "Peter_13-" I just want it to sanitize and clean up to: Peter_13- Is there a simple way to sanitize like this? In other words...I am receaving from a swf file communicating to php... like this: //variable comming from flash: $username=mysql_real_escape_string($_POST['Username']); //and now I would like to sanitize this variable and be sure that is nothing harmful ($username will be saved to mysql after...) Thanks a lot in advance!! Cheers.

Thanks a lot Pikachu!! The following seems to work correctly: $last_free_date = strtotime($last_free_date); $server_current_time = strtotime($server_current_time); if ($last_free_date < $server_current_time) {...

Hey guys, I have the following: $last_free_date = 'Wed Jun 27 20:32:51 GMT-0300 2012'; $One_Day_Secs = '86400'; $server_current_time = date('D M j H:i:s \G\M\TO Y',strtotime('-'. $One_Day_Secs . 'seconds')); //returns a different date but with the same format as $last_free_date //Below is the problem: $last_free_date is not being properly recognized...so sometimes I get that $last_free_date is less than $server_current_time when its actually not...or vice verza...any ideas?? if ($last_free_date < $server_current_time) { //etc... }

Nevermind! I figured it out! $Countdown_Secs = '86400'; $server_time_plus= date('D M j H:i:s \G\M\TO Y',strtotime('+'. $Countdown_Secs . 'seconds')); echo $server_time_plus;

Jcanker thanks a lot again! I get the following error: Fatal error: Call to undefined function date_add() I have php version: 5.2.2 (locally running on wamp) Any ideas?

Hello, first of all thanks for the reply! Still not working for me... Isn't there a simple solution? Sorry I am not so good writing php... Something similiar to this (but with some working function?): $last_format_date = $last_free_date + 24hs

Hello Guys! Sorry about the Subject, didn't know how to explain it in few words... So here's the deal... $last_free_date = "Mon Jun 25 20:12:25 GMT-0300 2012" $server_current_time = date('D M j H:i:s \G\M\TO Y'); //will have the same format as the $last_free_date variable //Now here is what I need to do: //$last_format_date = $last_free_date + 24hs Any ideas?? I need to add $last_free_date + 24hs to the $last_format_date variable... Thanks a lot in advance! Cheers!