Brian W
-
Posts
867 -
Joined
-
Last visited
Posts posted by Brian W
-
-
thank you for informing me of that. When I get using this function, I might have started noticing the slow processing but not known why it was happening.
if I use
$str2 = preg_replace("/</", '<', $str1); $str3 = preg_replace("/</", '>', $str2);Is that safe for when I want code that has been submitted to be displayed?
-
nvm, I reared (again) and caught on about what they were doing for defaults. Another problem easily solved with careful reading. Thanks
-
My clean int works all three ways, w/o quotes, with double, and with single. It seems it doesn't matter...
Though I've read that section in the manual twice now, I don't seem to get why I get the error I'm getting.
-
I am trying to learn how to make functions while meanwhile making some custom sanitizers.
This is what I have so far for my test page.
<head> <title>Test Functions</title> </head> <?php function clean($str, $type) { if(empty($type)){ $Restrict = array('/\%/','/\*/','/\_/','/\-/','/\'/','/\"/','/\\\/'); $str1 = preg_replace($Restrict, " ", $str); $str2 = stripslashes($str1); $str3 = strip_tags($str2); return $str3; } if($type == "int") { $str1 = intval($str); return $str1; } } ?> <body> <form id="form1" name="form1" method="post" action="?"> <label> <input type="text" name="test" id="test" /> </label> <label> <input type="submit" name="button" id="button" value="Submit" /> </label> </form> <?php //results if(isset($_POST['test'])) { echo "plain= ".$_POST['test']."<br>"; echo "clean= ".clean($_POST['test'])."<br>"; echo "clean int= ".clean($_POST['test'], int); } ?> </body> </html>It works, but I get this message right after the use of " clean($_POST['test'])
Warning: Missing argument 2 for clean() in /homepages/38/d214759723/htdocs/functions.php on line 2
I found something on Google that leads me to believe I may need to have my $type come first in the argument, but I really don't want it there because I want the function to default if I don't designate what type of clean I want.
Any input greatly appreciated.
-
I have a new comp every year it seems... though I'm always buying last year's technology when it comes on sale for dirt cheap.
-
Thanks, It ends up not very useful seemingly, but still good to know I guess.
-
On the page for sleep() that was linked on another tread, I found some one using something I don't know how to use.
$dis=<<<DIS <div style="width:200px; background-color:lime;border:1px; text-align:center;text-decoration:blink;"> $i </div> DIS; echo $dis;
What is the <<<DIS and then DIS;?
I saw this on the XSS cheat sheet page also, I can't say I've seen it before.
What should I look up in the manual to find out about it?
-
Sorry, my last comment wasn't of any help, you are already past that.
I have an idea, again, may not be helpful.
Add an incrementing value that loops with the question. The only use for it is to count how many questions. Then, at the end, have a hidden field that has that value in it so that you can pass it to the next page. then You could use that number in your statement to tell it how many times to loop. but again, I'm not sure if that is even helpful to you.
If you are having a problem sending the question ID along, have a hidden field for each question that contains the question ID in the value.
<input name="question<?php echo $i++; ?>" type="hidden" value="<?php echo $dailyrow['id']; ?>" />
btw, how are you resubmitting the values once you have them on the page for review? just interested.
-
yes.
I need to store
questionID
name
date
answer
So, are u using some kind of statement that is looping your format each time with a different question, right?
how about something like-
<?php //your for, while, or whatever you use $i = $questionID; echo $question.': <input name="'.$i.'" type="radio" value="1" /><input name="'.$i.'" type="radio" value="0" />'; //close your statment and whatever. ?>
-
Sorry, that was an example of the use of glob(), thought you wanted a working example. lol
I made that as a file tree. Glad to hear it worked at least.
I'm following this subject cuz I want to know how to sort them by date too...
-
WOOPS> SORRY< miss-fire
-
Sorry, will just quote the message I made yesterday.
Still wondering why my attempt #1 was skipping over some directories, or is that a mystery better off forgotten? :-\
I created this file-tree script for fun, its very interesting to do it in your the root directory.
File 1 = filelist.php
<head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Files</title> <style type="text/css"> <!-- body li { list-style-type: square; list-style-position: outside; text-indent: 10px; } --> </style> </head> <body><div id="files"> <?php $dir = 'EPM/'; if(isset($_GET['dir'])) { $dir = $_GET['dir'] ; } ?> <h3>Files in: <?php echo $dir; ?></h3> <?php foreach (glob($dir."*", GLOB_MARK) as $filename) { if(is_dir($filename)) { $tdir = $filename; echo '<a href="?dir='.$filename.'">>'.$filename.'</a><br>'; include('filelist2.php');} else { echo '<li><a href="'.$filename.'">'.$filename.'</a></li>'; }}?> </div> </body>File 2 = filelist2.php
<ul><?php foreach (glob($tdir."*", GLOB_MARK) as $filename) { if(is_dir($filename)) { $tdir = $filename; echo '<a href="?dir='.$filename.'">'.$filename.'</a><br>'; include('filelist2.php');} else { echo '<li><a href="'.$filename.'">'.$filename.'</a><br></li>'; }}?>></ul>to see the root, simply have the url look like this .../filelist.php?dir=/
Also, you can change the defult folder by changing $dir =
I hit the stop button after about 30 seconds, little worried about what might happen.
-
The CaptchaSecurityImages.php creates a session... you check your $_POST['captcha_form'] against the $_SESSION['security_code']...
Sorry if that is not what you meant.
if(isset($_POST['captch_form'])) { if($_POST['captcha_form'] <> $_SESSION['security_code']) { die('Bad form input, or whatever'); }} -
Yep, read you thread and immediately went to my bookmarks and copied the URL. Good luck
-
Check out http://www.white-hat-web-design.co.uk/articles/php-captcha.php
It works great, easy to use too.
-
Maq, I told madox to read http://us2.php.net/mail
It has a great example of what the mail() function should look like.
You should also make the body of your email a string than have the string in the function.
mail('youremail', $subject, $body, $headers)also, html doesn't always go well in emails, many email clients don't accept the tags. please some one inform me of how to change that if there is a way.
line breaks can be accomplished with \n\r
-
Now that you've done some fixing, re post what you have (IN CODE TAGS
) -
no I did not echo error.
Maybe you should then? any ways, your mail function is f'd up. see the manual about mail. http://us2.php.net/mail
-
Besides using the code tags and I'd like to hear what issues are arising, your form itself looks like it would never work...
<div class="h"><input type="your_name" value="name" /></div> <div class="h"><input type="your_email" value="e-mail" /></div> <div class="h"><input type="your_phone" value="phone" /></div> <div class="h"><input type="your_address" value="address" /></div>
"type" isn't what you want to name your input, its the tag for what type of form object to use. try:
<input type="text" name="your_name" value="name" />
-
Also, change ALL passwords relating to your site, and start fresh.
Plesk, mysql,etc.. all passwords, even ones only "you" know.
Even your admin section should have checks and balances. But like I said, possibly start fresh, checking each page at a time as you reimplement it, or start from scratch.
He has restricted the IP address to only his he says, thats a decent check isn't it? (only one problem, sometimes your ISP changes your IP)
For information on strong passwords: http://www.microsoft.com/protect/yourself/password/create.mspx
-
they hack it for kicks and grins
, shits and gigles 
or just to make you sad :'(
either way, it make me mad
lol, I like smileys... any ways.
What are you using to make their input safe for digestion?
-
mysql injection is likely it. I'd give you a percentage, but i'd be out my A$$, but its a really high percentage of php related hacking is mysql injection. You need to make sure that ANYWHERE that people can input info that even touches your database (likely 100% of your forms) you have the stings being stripped of anything potentially bad; namely double and single quotes. " '
look into the manual about magic quotes
Some one else may be of more help to you, but thats my 2 cents.
-
Need the form code... you probably just have some things named wrong.
-
why do you need height and width? if you don't include those two variables, it defaults to the image's natural size... can I see what you have so far?
Replace words in string with words from database.
in PHP Coding Help
Posted
I don't have time to right the script right now, but here is theory.
Count how many words you have in the array from the database.
get your array to work out like this
$word[0] = crow
$word[1] = sparrow
...
then, use $i = rand(1,$the_count_of_words)
$word[$i] will be a random word from your list.
hope that helps