Andy17
-
Posts
249 -
Joined
-
Last visited
Never
Posts posted by Andy17
-
-
Hehe I just wrote one of the lines and copied it and then later thought that I don't need to use sha1 on the mail.
-
Hey guys,
I have just started coding a login system using PHP and MySQL. The system itself is irrelevant, but what I do want to ask is whether I should add htmlentities() to the variables below or not (and why/why not).
<?php $email = sha1(mysql_real_escape_string(htmlspecialchars(trim(strip_tags($_POST['email']))))); $password = sha1(mysql_real_escape_string(htmlspecialchars(trim(strip_tags($_POST['password']))))); ?>
Also, how secure is the above? Did I leave something out that leaves the script with a security breach? If it can improved somehow, I'd be happy to learn how. So basically I just wanted to know why one would add htmlentities() and why it improves the security. I did read the article at PHP.net but did not understand it 100%. I do understand what it does, just not why/when it's good/isn't good.
Thank you in advance.
-
That's exactly what I want to do. I have been looking for a tutorial like that. I will try my luck later. Thanks a lot for your help.
-
Dear freaks,
I am in the process of making a website and I am currently struggling with my menu. I am trying to make a horizontal menu that consists of multiple images that are links (Home, About, Downloads, etc.). I would like each image to change when people hover their mouse over them, but not to the same image. I am making effects with the text I will put on the images, so that's why they cannot be the same.
So basically if I have a button with the text "Home" on it, I want the text "Home" to have effects on when the mouse is on top of it. This means that I need different "hover images" for each menu image.
I hope that came out somewhat understandable - things are harder to explain than I thought.
Anyways, I made it happen with one image, but I was wondering if there is an easy way to make more of these buttons but with different background images (like a line of buttons)?
My example (hover mouse over the number):
My CSS:
http://test.jokeheaven.eu/style.css
Example of what I want (multiple menu images with different effects):
http://www.theflyerwall.co.uk/
Thank you in advance for your help and I hope that this was all understandable.
-
Hey guys. First of all, I hope this is the best category for my question. Me and a mate are thinking about making a script that converts YouTube videos into an mp3 file (don't worry, we know how to make it legal). We are just thinking how big the server load would be... We realize that in the beginning the traffic wouldn't be huge and we also understand that we could need a dedicated server if the traffic goes up rapidly. What we would like to know is if we could start off with a "normal web server" (those ones with multiple websites on them) or if we would need a dedicated server due to the possible CPU load.
Thank you in advance.
-
Thank you for your help, Ken.
-
Hey,
I have this mail script but my apostrophes are replaced with ' in the titles. I am sending HTML mails, so I believe it's a problem with the HTML encoding, but I am not sure. There is no problem in the mail text itself, just the title. Here is some of my code (the interesting part):
$mail = htmlspecialchars($_POST['receivermail'], ENT_QUOTES); $mail = trim($mail); $mail = strip_tags($mail); $subject = htmlspecialchars($_POST['subject'], ENT_QUOTES); $subject = trim($subject); $subject = strip_tags($subject); $message = htmlspecialchars($_POST['mailtext'], ENT_QUOTES); $message = trim($message); $message = strip_tags($message); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers .= "from: dizzit.net<no-reply@dizzit.net>"; mail($mail, $subject, $message, $headers);
For example, this title: "I'm testing" would appear like this in the title field: "I'm testing". If you want to see for yourself, you can try it here.
Thank you for your help.
-
Well, you know when you've fetched the result using e.g. mysql_fetch_assoc() then you'll get an associative array where the keys are the field names? Before where you used date as key you'd just use date_formatted because you setup an alias in the query.
I.e.: $item['date_formatted'] instead of $item['date'].
You, Sir, are a genius. Thank you very much for your help.
-
Then use date_formatted in your app when you need the formatted date.
Sorry, I'm not entirely sure what you mean by that. I'm quite the noob, I know.
-
Pick a different alias name for the DATE_FORMAT() as _____. The ORDER BY date is ordering by the formatted date string, not the original date column.
Hello PFMaBiSmAd and thank you for your reply,
If I change it, my dates are not formatted correctly. However, it might be me who misunderstood you because I am not too experienced with the more advanced features in MySQL. If you could give me an example, I would very much appreciate it.
Sorry for the inconvenience.
php.ajax.coder: I had DESC in my query beforehand but they were not sorted correctly either.
-
Hey guys,
I am storing my dates in my MySQL table in the following format: Y-m-d (example: 2008-10-14). I use the following query to pull out the date:
$listq = "SELECT *, DATE_FORMAT(`date`, '%M %e, %Y') as `date` FROM jokes WHERE category = 'Blonde' ORDER BY date LIMIT {$number}, 20"; $listr = mysql_query($listq) or die(mysql_error());There are obviously a few elements of that query that you don't know anything about, but that is quite irrelevant.
Here is how the dates are sorted:http://www.jokeheaven.eu/jokes/blonde.php
I would like the numbers to be sorted like this: 3, 2, 1 instead of 1, 2, 3. For example, the list on that page should look like this:
November 7, 2008
November 7, 2008
November 7, 2008
November 2, 2008
October 18, 2008
October 16, 2008
October 16, 2008
October 16, 2008
October 14, 2008
October 14, 2008
October 14, 2008
October 14, 2008
Also, the months are not going to be sorted correctly soon with my currently query, I believe. Any ideas? I hope I explained myself well enough for you to get my point.
Thanks a lot in advance,
Andy
-
True, very true. Do you, however, have any idea which would be best of the two? I have also registered at some forums and left some comments in some guest books where I could provide my URLs. It's super, because you can do this on the majority of the forums out there.
-
Hey guys,
I am going to exchange one link (just one total) with another website. My own website currently has PR0, since it's brand new and doesn't have a whole lot of traffic yet. He has multiple websites and I can choose one of two websites where he will link to me from. One has PR2 and the other is PR1. However, the PR1 website's content is more relevant to mine.
I know that it's better to be linked to from sites in the same category, but is it worth 1 PR? So, my question is: should I go with PR2 or PR1 + more relevant content?
Thank you in advance
Andy
-
$headers = "from: My Company<example@dizzit.net>";
Try that.
-
Thanks a lot, you nailed it.
-
As far as I remember, I took the sha1 of the password + some random characters and put it in my URL that I sent in the validation mail. Then I just check if that code exists in my temporary member table and if it does, that row is moved to another table. If it doesn't, the code is obviously invalid. Just what I did.
-
Ok it appears that the $message = mysql_real_escape_string($message); line caused the problem (for some unknown reason), so I moved this line to after the mail is sent. Now the line breaks work, but the following code still does escapes:
<?php echo $_POST['mailtext']; // Stage 1 $message = htmlspecialchars($_POST['mailtext'], ENT_QUOTES); // Stage 2 $message = trim($message); // Stage 3 $message = strip_tags($message); // Stage 4 $message = nl2br($message); // Stage 5 ?>
This means that it puts a \ in front of every ', even though I don't do mysql_real_escape_string() anywhere in my code. This already happens at stage 1 and I tried to remove the ENT_QUOTES but nothing changed.
This is very strange.
-
Do what i said.
To view the source code right click on the page then view source.
Oh, sorry, I just misunderstood you. I echo'd it and it looked like this:
this\r\n\r\nis\r\n\r\na\r\n\r\ntest\r\n\r\nfor\r\n\r\nBlade280891Where it should have looked like this:
this<br /><br />is<br /><br />a<br /><br />test<br /><br />for<br /><br />Blade280891
So, for some reason, "\r\n" is printed instead of "<br />". I noticed the \r\n in the header and was wondering if I would have to change something there.
-
Bump. No one reads page 3.
-
-
Well, just to get you started, you could use strlen() to count the number of characters.
<?php if (strlen($name) == { // $name is 8 characters long } elseif (strlen($name) > { // $name is more than 8 characters long } else { // $name is less than 8 characters long } ?> -
I'm not entirely sure what you mean because I do not want to show the e-mail on the website when a user presses the send button. I would just like it to send it. Anyways, here is the code:
<?php if (isset($_POST['submitbutton'])) { $mail = htmlspecialchars($_POST['receivermail'], ENT_QUOTES); $mail = mysql_real_escape_string($mail); $mail = trim($mail); $mail = strip_tags($mail); $subject = htmlspecialchars($_POST['subject'], ENT_QUOTES); $subject = mysql_real_escape_string($subject); $subject = trim($subject); $subject = strip_tags($subject); $message = htmlspecialchars($_POST['mailtext'], ENT_QUOTES); $message = mysql_real_escape_string($message); $message = trim($message); $message = strip_tags($message); $message = nl2br($message); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers .= "From: dizzit.net<no-reply@dizzit.net>"; mail($mail, $subject, $message, $headers); } ?> <form name="sendmail" method="post"> Reciever's e-mail address: <input type="text" name="receivermail" id="receivermail" value="example@domain.com" onfocus="if (this.value == 'example@domain.com') {this.value = '';}" onblur="if (this.value == '') {this.value = 'example@domain.com';}" /> Subject: <input type="text" name="subject" id="subject" value="Please write a descriptive subject" onfocus="if (this.value == 'Please write a descriptive subject') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Please write a descriptive subject';}" /> Message: <textarea name="mailtext" id="mailtext" style="width: 400px; height: 200px;" onfocus="if (this.value == 'Write your message here...') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Write your message here...';}" />Write your message here...</textarea> <input type="submit" name="submitbutton" value="Send" /> </form> -
Hi Blade280891 and thank you for your reply. Unfortunately, I already tried this before posting here (sorry for not mentioning how I used nl2br()) and it does not work. Each space, which should be "<br />" displays as "\r\n" in the sent e-mail.
-
[SOLVED] htmlspecialchars() & htmlentities()
in PHP Coding Help
Posted
Thanks guys. So basically I don't need to use trim, htmlentities or strip_tags since I am not inserting the data into the database (just checking whether it matches or not), assuming that I am not displaying it anywhere on my website... Is that correct?
And on the registration page, I would use mysql_real_escape_string when inserting and htmlentities(), strip_tags() and htmlspecialchars() when pulling out information.
I do, however, still not quite understand the difference between htmlspecialchars() and htmlentities(); I have used htmlspecialchars() and inserted <strong>test</strong> into a forum and displaying it, and it whiped out the tags just fine. That was with strip_tags() too, though. htmlentities() just displays it (in my test only "test" was displayed, the tags were just wiped out).