Brian W
-
Posts
867 -
Joined
-
Last visited
Posts posted by Brian W
-
-
oh, thats cool... might help in the future as I learn to build more and more complex applications. Thanks Maq
-
Thank you much Mchl. That worked for me... good to know eregi_replace only take strings.
Also, thanks every one else for the input.
so lowercase the other string:
$Filename = strtolower($_FILES['uploadedfile']['name']); $Filename = str_replace($Restrict,"", $Filename);
eregi_replace() takes strings only
-
Wild guess but I think because the first parameter of this function takes in a string not an array. So you would have to loop through the array and pass in every string.
Possibly, how would I get it to loop through the array?
About the str_replace, its case sensitive and I can't seem to use stri_replace with my version of php or something.
-
$Restrict = array('.php', '.com', '.exe', '.bat', '.asp', '.dll', '>', '"', '\''); $Filename = eregi_replace($Restrict,"", $_FILES['uploadedfile']['name']); //Removes the restricted extensions and symbols from the file name, this combats sql injection, scripts, and double extensions print_r($Restrict); ?>
I can't seem to get eregi_replace to use my array. Can any one tell me why. Thanks.
-
I fixed it myself... thanks any ways. Resolution: use eregi_replace() instead of str_ireplace()
Good to know
Still, the mime thing interests me.
-
What have you done so far for trouble shooting? Have you echoed your players.city_id to be sure it is coming up with what you need?
I think it would really help if you could provide the error message for us.
-
Is str_ireplace() only in newer versions of php? My host is 1and1 and I'm unsure of how to tell what version they have (if it even makes a difference in this case)
-
If your using mail(), it will be hidden. I hope it helps...
mail("youremail@domain.com", $subject, $body, $from);
-
Again, I don't understand why... if I try to open file.jpg, which really was file.php before changing it's name, I don't get to execute it, actually at least in my browser on my server it just displays the url. IDk
Please explain what kind of headache i'm getting myself into.
I found while google searching str_ireplace() and that is supposed to be case insensitive but it doesn't work at all, I get a Fatal Error.
-
Hello World,
I am trying to fight double barreled extensions, namely ones that are actually php files. I don't know why this is a big deal since if some on goes to the file they uploaded, for example file.php.jpg, they don't get to execute it as a .php file. But, the experts say double barreled bad so I listen. lol
I'm using
if ($_FILES['uploadedfile']['type'] == "application/octet-stream") { echo "No PHP files please"; } else {
to combat the normal use of PHP files.
From there, I haven't found a way to prevent double barreled extensions on the internet which is odd. I decided to try completing this task myself but I'm a noob and of course I encountered an issue.
$Filename = str_replace(".php", "", $_FILES['uploadedfile']['name']); //Then I use $Filename everywhere else for the naming and moving
Seemed clever to me at first, then I realized it is case sensitive, file.PHP.jpg will get by. I could do it 9 times (there are 9 possibilities for capitalization combination), which would be best done in an array (which I'm not sure how to do) or is there a way to make ".php" non case sensitive?
-
I have a repeat region that I've designed to display my update form when the url perimeter "ID" = that row's "ID". Acts like a drop down in the end.
Look here. the url is .../Task.php?ID=17&Project=1
so, Task ID 17 has the update field being shown. The update field is actually contained in a separate php file (Taskpage.php) that I have set to be included, like I said before, ONLY if the url perimeter "ID" equals THAT row's ID. Nifty i think.
PROBLEM: It will update the row in the database like I want it to but it won't take me to the page I have as the -go to after updating- page. When I use the page Taskpage.php by itself it will go to the review page I have set up. I added
action="review.php"
to the button but that didn't help me at all.
The problem seems to be because the form is included. Any ideas why that is?
Thanks ahead of time...
-
I'm using Dreamweaver, it automates most of the PHP for me... lol So I have some things in my code that I don't understand.
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
Normally, I know what to do with the POST function so that it goes to email, but the action right now is PHP being the front end to SQL to insert into my database.
-Note- I'm trying to figure this out on one of my sandbox databases so that I don't mess up anything serious. This one is a simple username, pass, account level (Admin, User, View Only)
<?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) { $MM_dupKeyRedirect="?result=sorry"; $loginUsername = $_POST['Username']; $LoginRS__query = sprintf("SELECT Username FROM Users WHERE Username=%s", GetSQLValueString($loginUsername, "text")); mysql_select_db($database_MV_Users, $MV_Users); $LoginRS=mysql_query($LoginRS__query, $MV_Users) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); //if there is a row in the database, the username was found - can not add the requested username if($loginFoundUser){ $MM_qsChar = "?"; //append the username to the redirect page if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername; header ("Location: $MM_dupKeyRedirect"); exit; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO Users (Username, Password, Rank) VALUES (%s, %s, %s)", GetSQLValueString($_POST['Username'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['RadioGroup1'], "int")); mysql_select_db($database_MV_Users, $MV_Users); $Result1 = mysql_query($insertSQL, $MV_Users) or die(mysql_error()); $insertGoTo = "echo.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?>
echo.php is a not functioning right now but will be a page to echo the Username just entered into the db. The form though isn't actually posting so I can't seem to use
echo $_POST['Username']
on the echo.php page to see it. IDK what is going on.
-
I'm relatively new to PHP.
What I need to do is to have a form that can create entries in a database (lets just say 5 fields; Name, Last Name, DOB, Fav Color, Fav Holiday)(not actually what they are )
I will also have a form with the same fields so that you can update entries (their fav color and/or fav holiday).
So far I know how to do this... Now is where I need HELP
I also want is so that when an entry is added, the form/site/something sends me an email telling me the info. When an update is made to an entry, again I want an email but only telling me the info updated which could be the color and/or the holiday. If they only updated their holiday, I want the email to say "John Doe updated: Fav Holiday CLICK HERE TO VIEW ENTRY".
Any suggestions, code, info, links greatly appreciated.
Summation notation
in PHP Coding Help
Posted
Not that I can find... I'd much appreciate if you did one for us. Thanks