Jump to content

mikesta707

Staff Alumni
  • Posts

    2,965
  • Joined

  • Last visited

Everything posted by mikesta707

  1. Oh wow, totally missed that. Yeah the only reason I could see mysqli_real_escape_string() would return an empty string (rather than false) would be because no connection is open. Since you seem to successfully use $link in other places, i'm not so sure this is your problem. Try doing a var_dump on the $link variable before you apply the escape_string function
  2. Can you show us the code you used?
  3. Finally all the major browsers will support HTML 5. Maybe we can finally stifle the ever growing use of flash. I won't be using IE, but i'm glad they are finally complying to the standards that everyone else is complying to
  4. I don't see where $link is defined. Can you post the code that defines it?
  5. No, you can't. I would take Alex's advice, and just use a simple form. It would accomplish what you want without any trouble, and would be much easier. Since you need a page refresh anyways, I don't see the point of using javascript
  6. this code worked for me... $query = "SELECT * FROM users"; //get the customer list $result = mysql_query($query); //perform the query //display the customer list $array = array(); while($row = mysql_fetch_array($result)){ $array[] = $row; } $midPoint = ceil(count($array) / 2); echo "<table border=\"1\">"; for($i = 0; $i < $midPoint; $i++){ echo "<tr>"; echo '<td><a href="test1.php?id='.$array[$i]['username'].'">'.$array[$i]['username'].'</a></td'; echo "<td>"; if (isset($array[$i + $midPoint])) echo '<td><a href="test1.php?id='.$array[$i+$midPoint]['username'].'">'.$array[$i+$midPoint]['username'].'</a></td'; echo "</td>"; echo "</tr>"; } it changed the columns to username, and it showed me a 2 column table..
  7. This is more a javascript problem, but if(document.form1.new_cutout.value='0.00') should be if(document.form1.new_cutout.value=='0.00') you want to use the comparison operator(==) not the assignment operator(=) Whats happening is you are assigning that value of your text box 0.00, and the assignment operator returns true when your assignment assigns to something that is not NULL or false.
  8. When I say that you need to send the cookie to the server first through an HTTP request, I mean you need to reload the page. When you load the page, you make an HTTP request to the server, and through this you send your cookies, ip address, and other information
  9. your loop should probably be for ($i = 0; i < count($_FILES['file']['tmp_name']); $i++){ but beyond that I don't see much of a problem. Try echoing $picname in the loop and see what the variable holds
  10. $query = "SELECT * FROM comments ORDER BY date DESC"; //get the customer list $result = mysql_query($query); //perform the query //display the customer list $array = array() while($row = mysql_fetch_array($result)){ $array[] = $row; } $midPoint = ceil(count($array) / 2); echo $midPoint; echo "<table>"; for($i = 0; $i < $midPoint; $i++){ echo "<tr>"; echo '<td><a href="test1.php?id='.$array[$i]['commentid'].'">'.$array[$i]['name'].'</a></td'; echo "<td>"; if (isset($array[$i + $midPoint])) echo '<td><a href="test1.php?id='.$array[$i+$midPoint]['commentid'].'">'.$array[$i+$midPoint]['name'].'</a></td'; echo "</td>"; echo "</tr>"; } untested, but should be about right
  11. Ajax can send requests to pages that will do a mysql queries. This is actually a very common use of AJAX. There are multiple ways to send php variables to javascript. for example, like OP did, simply writing Javascript to the page will work. <?php //I want javascript to have a variable $var = "Hello"; echo '<script type="text/javascript">var = "'.$var.'";</script>'; ?> Using this sort of thing, in conjuction with json functions can be very useful. However, sending variables from javascript to PHP is harder, since PHP is usually executed before the javascript has a chance. Thats why page refreshes are necessary for the changes to be known to the server. Yes $_COOKIE['whatever'] will work, but you need to actually send the cookie to the server first (through an HTTP request)
  12. this should give you an example of how to do it $array = array(); for ($i = 0; $i < 18; $i++){ $array[] = $i; } $midPoint = ceil(count($array) / 2); echo $midPoint; echo "<table>"; for($i = 0; $i < $midPoint; $i++){ echo "<tr>"; echo "<td>{$array[$i]}</td>"; echo "<td>"; if (isset($array[$i + $midPoint])) echo $array[$i+$midPoint]; echo "</td>"; echo "</tr>"; } seems to work for even and odd numbers, but I haven't throughly tested it. It puts them in 2 columns only, won't do 3 or more. What you would need to do is store the information you wanted from your query into an array, something like $array = array() while($row = mysql_fetch_xxx()){ $array[] = $row['name'];//if I just wanted the name //or $array[] = $row;//if I want the whole row If you are just getting a single column, that could should work out of the box (just replace the array in the code with yours) If you are getting the multidimensional array, you would need to change it to something like //assume array is multidimensional $midPoint = ceil(count($array) / 2); echo $midPoint; echo "<table>"; for($i = 0; $i < $midPoint; $i++){ echo "<tr>"; echo "<td>".$array[$i]['name']."</td>"; echo "<td>"; if (isset($array[$i + $midPoint])) echo $array[$i+$midPoint]['name']; echo "</td>"; echo "</tr>"; }
  13. You can't get PHP variables like that. The cookie wouldn't be set until you refreshed the page (as far as PHP knows) You have to remember that PHP is run by the server, its results are computed, and then the raw HTML is sent to the browser. The javascript is sent and done after the PHP has run, so it can't send any variables back to PHP. You can send an ajax request to send something to a database, but you will need a page reset for PHP to get the information from javascript
  14. So the downfall of Google is going to be the fact that it uses get variables in search queries? No offense but i'm not going to hold my breath. I'm going to side with Google, the absolute king of search engines, and hugely prominent figure in web development. I'm sure a company that can create its own programming language, phone operating system, computer operating system, one of the most popular geolocation software and API, among other things won't be destroyed by something as trivial as $_GET vs $_POST variables. Any good "hacker" can alter post variables as easily as get variables, and as long as you take the correct precautions (which aren't that difficult to begin with) you'll be fine.
  15. Its a good idea to get in the habit of googling things. You learn a lot more when you google things, because there is usually some information there that can pique your interest, which can lead you to google more things, and set of a chain of learning goodness. This forum is a place to ask questions, but generally, the topic can't be fully explained in the scope of a forum post. Tutorials are good places to learn, and books are even better. The manual can usually solve 90% of your problems also, and reading the manual is another great way to learn. Not to mention that people volunteer here to answer questions, and asking basic questions that are off topic from the original post (to a moderate extent) when the answer can be quickly gotten through google is asking a little much. Remember, Google is your friend, and will never be mean to you.
  16. Look into the LIKE command in mysql. For example $sql = "SELECT * FROM user WHERE username LIKE 's%'" that would match all usernames that start with s. The % acts as a wildcard. You can set it to the beginning also $sql = "SELECT * FROM user WHERE username LIKE '%s'" that would match all usernames that end with s $sql = "SELECT * FROM user WHERE username LIKE '%est%'" that would match all usernames that have an est in them, for examle, lester ester bestMan bestInTheWorld etc. And using GET is perfectly fine if you protect against mysql injections. Google does it, and being able to bookmark certain searches can be extremely useful. Edit: tutorial
  17. Fine, I suppose I can give you a simple example. <?php $finfo = finfo_open(FILEINFO_MIME_TYPE); //right Here I am basically initializing the finfo object //This function returns a resource, that needs to be used //with the finfo functions //it is similar to opening files, where you need a file handler $fileName = "Path/to/my/file.gif";//File I want to test $mimeType = finfo_file($finfo, $fileName); //this function gets the mime type. //there is also an object oriented way of doing this //check out the manual for more information //now that I have the mimeType, I want to test it. if ($mimeTYpe == "image/gif") { echo "We have a gif!";//we have one! } else { echo "We don't have a gif!";//we dont! } ?>
  18. if you want to check for even and odd, you can do if ($number % 2 == 0) { //even } else {} //odd you could stick it in a function if you want, and just call it <?php function isEven($number){ return (bool)($number % 2) == 0; } echo var_dump(isEven(4))."<br /.>"; echo var_dump(isEven(5)); ?> output: bool(true) bool(false) The % is called modulus. It basically divides the two numbers (integer division) and returns the whole number remainder. For example, 15 % 6 would be 3, because the closest multiple of 6 is 12, and 15-12 (which is the remainder) is 3.
  19. The $_FILES['files']['type'] value is sent from the browser, and thus sent by the user. Most regular users don't really know how to alter mime types, but a malicious user can spoof the mime type, and upload a potentially harmful file. but if detecting the file isn't dependent on what the user sends, then generally you are safer. If you look at my example, it shows you exactly how to use it. The information you want is the mime type. pay attention to the finfo_open() function call, and the info_file() function call. it should be fairly straight forward from the given code.
  20. I actually said it was easier to change the extension than to spoof the mime-type that the browser sends. At that point, I do agree, but a rule of thumb with security is that you should never rely on user input for security, and always verify things yourself. My example wasn't any better, just an example to think about, and a possible starting point that is easier to make work than checking mime type (because mime types are different on different browsers, as you pointed out). If OP is developing in one browser, than it really doesn't matter I suppose. assuming you have the extension, this is an example from the manual that gets the mime type <?php $finfo = finfo_open(FILEINFO_MIME_TYPE); // return mime type ala mimetype extension foreach (glob("*") as $filename) { echo finfo_file($finfo, $filename) . "\n"; } finfo_close($finfo); ?> it outputs the mimetypes from the files (you can check the manual page for the output) The reason this is recommended is because this doesn't rely on what the browser sends, but rather checks for a certain byte sequence.
  21. Hmm interesting. I don't see you ever set either $fields or $values to an empty string (which you need to do when you use the combo assignment/concatenate operator, if you don't want to generate an undefined variable notice) But i just tried a similar code, and it worked //$fields = ""; works with these two lines commented or uncommented //$values = "d"; when uncommented, generates undefined variable notice $key = "d"; $val = "dd"; $fields .= (!empty($fields)?",":"") . $key; $values .= (!empty($values)?",":"") . "'$val'"; echo $fields. "<br />"; echo $values."<br />";
  22. I've never seen that happen before in my life to be completely honest. Btw, you should have your echo line be echo ... not $echo ... that won't even run... will give a parse error. I actually just tested that, and it worked perfectly fine. Is there something special you did that I can do to try to recreate the error? edit: beaten
  23. that one doesnt work, even though it says it has uploaded the file it hasnt. And at the bottom it says not to use the script on a public site cos its not safe or secure. plus i want the path of the uploaded image to go into the database where their login details are held so that when it pulls their other details for the my account section it also only pulls their image. That one does work, its the one I used when I was trying to do the same exact thing. It was more of a starting point so you can learn how uploading files work. I can't really comment on why your attempt didn't work without seeing any code. and @emopoop, using mime type as a file type restricting system is not the best idea as mime types can not only be spoofed, but not all browsers send them and IE (among others) send different mime types for certain formats than most other browsers. If you are allowing multiple types of formats, this can be a pain. What I usually do to restrict file types is like $allowed_files = array('jpg', 'jpeg', 'png', 'bmp');//array of allowed file types $fileName = "myFile.jpg"; $extension = end(explode('.', $fileName));//gets the file extension from the file name if (!if_array($extension, $allowed_files)){ echo "Invalid file type!"; exit(); } this simply checks the file extension, and while it "works", changing the file extension is even easier than spoofing the mime type. You can look into the finfo extension which seems to work pretty well (assuming you have the extension) for finding the file type (this also gets the mime type, but uses a different method, rather than relying on the information the browser sends) you can see some examples on that page.
  24. this tutorial should get you started
  25. Do you have any code that you need help with, or do you not know where to start. A tip, wherever you move the uploaded image to via move_uploaded_file(), you want to save the destination path into your mysql databse.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.