AviNahum
-
Posts
170 -
Joined
-
Last visited
Posts posted by AviNahum
-
-
yea, you right... my bad... sorry...
but i can use array_key_exists instead in_array
-
i'm not sure, but try this:
<?php $array = array ("3279" => array ("AMC", 0), "3373" => array ("CL", 0), "3374" => array ("Integra", 0), "3375" => array ("Legend", 0), "3367" => array ("MDX", 0), ); if ( in_array("3373" , $array) ) { echo $array['3373'][0]; } ?>
-
<?php switch ($_GET['mode']) { case 'force': force_function(); break; default: normal_function(); } function force_function() { //CODE } function normal_function() { //CODE } ?>
-
simply, when you select the results from DB:
<?php $x = 0; while ($results) { if ($x == 0) { $bgcolor = "black"; $x++; } else { $bgcolor = "white"; $x = 0; } echo "<div style='backgroung-color: {$bgcolor};'></div>"; } ?>
-
i'm not sure, but try this:
<?php // CONNECT TO THE DATABASE mysql_connect ("localhost", "xxx", "xxx") or die ('Error: ' . mysql_error()); mysql_select_db ("xxx"); // CALL IN VARIABLES $fname = $_POST['fname']; $lname = $_POST['lname']; // THE QUERY $query = "INSERT INTO user ('fname' , 'lname') VALUES ($fname, $lname)"; // UPDLOAD $result = mysql_query($query) or die ('Error updating database'); if($results){ echo "Account createed Successfully, please login with your details."; } ?>
-
i trying to print content from txt file and replace the <{PAGE}> with a class call...
any possible ideas?
-
hey,
i'm trying to convert this string <{page}> to this new $class
$class = the class name to load...
but i got this error:
Catchable fatal error: Object of class home could not be converted to string in /var/www/lib/core_functions.php on line 141this is the code im using
public function load_template($class) { $class = new $class; $return = file_get_contents(LIBRARY_PATH."/template.txt"); $return = str_replace("<{page}>", $class, $return); echo $return; }
any ideas?
Thanks!
-
i can't see any problems here...
umm are you sure you got rows on your users tables?
if yes, try this and post here the output:
<?php $id = mss($_GET['id']); $page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page']; $page = ceil($page); $limit = 15; $start = $limit; $end = $page*$limit-($limit); if(isset($_GET['id'])){ $sql = "SELECT * FROM users WHERE id=".$id.""; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "Invalid Path!"; echo "<br> no rows"; }else { $row = mysql_fetch_assoc($res); $sql2 = "SELECT * FROM `users` WHERE `id`='".$row['id']."'"; $res2 = mysql_query($sql2) or die(mysql_error()); $row2 = mysql_fetch_assoc($res2); if($row2['admin'] == 1 && $admin_user_level == 0){ echo "You do not have permission!"; }else { $amount_check = "SELECT * FROM `users` WHERE `id`='".$id."'"; $amount_check_res = mysql_query($amount_check) or die(mysql_error()); $amount_count = mysql_num_rows($amount_check_res); $pages = ceil($amount_count/$limit); $previous = ($page-1 <= 0) ? "« Prev" : "<a href=\"./index.php?act=browse&page=".($page-1)."\">« Prev</a>"; $nextpage = ($page+1 > $pages) ? "Next »" : "<a href=\"./index.php?act=browse&page=".($page+1)."\">Next »</a>"; echo "<tr><td align=\"right\" colspan=\"2\">\n"; echo "Pages: "; echo $previous; for($i=1;$i<=$pages;$i++){ $href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=browse&page=".$i."\">".$i."</a> "; echo $href; } echo $nextpage; echo "</td></tr>\n"; $select_sql = "SELECT * FROM `users` WHERE `id`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start.""; $select_res = mysql_query($select_sql) or die(mysql_error()); while($rowr = mysql_fetch_assoc($select_res)){ echo "<tr><td class =\"forum_header\">".$rowr['username']."</td></tr>\n"; } } } }else{ echo "Invalid Path!"; echo "<br> no id"; } ?>
if the ouput will be "Invalid Path! no rows"
so you dont have rows in your DB,
if it will be "Invalid Path! no id"
so i think the problem is in mss function
-
i'm not sure, but try this:
<?php $id = mss($_GET['id']); $page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page']; $page = ceil($page); $limit = 15; $start = $limit; $end = $page*$limit-($limit); if(isset($_GET['id'])){ $sql = "SELECT * FROM users WHERE id=".$id.""; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "Invalid Path!"; }else { $row = mysql_fetch_assoc($res); $sql2 = "SELECT * FROM `users` WHERE `id`='".$row['id']."'"; $res2 = mysql_query($sql2) or die(mysql_error()); $row2 = mysql_fetch_assoc($res2); if($row2['admin'] == 1 && $admin_user_level == 0){ echo "You do not have permission!"; }else { $amount_check = "SELECT * FROM `users` WHERE `id`='".$id."'"; $amount_check_res = mysql_query($amount_check) or die(mysql_error()); $amount_count = mysql_num_rows($amount_check_res); $pages = ceil($amount_count/$limit); $previous = ($page-1 <= 0) ? "« Prev" : "<a href="./index.php?act=browse&page=".($page-1)."">« Prev</a>"; $nextpage = ($page+1 > $pages) ? "Next »" : "<a href="./index.php?act=browse&page=".($page+1)."">Next »</a>"; echo "<tr><td align="right" colspan="2"> "; echo "Pages: "; echo $previous; for($i=1;$i<=$pages;$i++){ $href = ($page == $i) ? " ".$i." " : " <a href="./index.php?act=browse&page=".$i."">".$i."</a> "; echo $href; } echo $nextpage; echo "</td></tr> "; $select_sql = "SELECT * FROM `users` WHERE `id`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start.""; $select_res = mysql_query($select_sql) or die(mysql_error()); while($rowr = mysql_fetch_assoc($select_res)){ echo "<tr><td class ="forum_header">".$rowr['username']."</td></tr> "; } } } }else{ echo "Invalid Path!"; } ?>
if it's not work, explain what the function mss does
-
thank you all!
it's works great now!
the working script:
//----------------------------------------------------------------------- // Make all inputs and incoming data safe //----------------------------------------------------------------------- public function secure_incoming() { // Get vars array if( is_array($_GET) ) { foreach ($_GET as $k => $v) { $return[$k] = $this->clean_value($v); } } // Post vars array if( is_array($_POST) ) { foreach ($_POST as $k => $v) { $return[$k] = $this->clean_value($v); } } // Return an array return $return; } //----------------------------------------------------------------------- // Clean value from injects //----------------------------------------------------------------------- public function clean_value($val) { // If the value are empty return now to save some CPU if ($val == "") { return ""; } $val = str_replace( " ", " ", $val ); $val = str_replace( "&" , "&" , $val ); $val = str_replace( "<!--" , "<!--" , $val ); $val = str_replace( "-->" , "-->" , $val ); $val = preg_replace( "/<script/i" , "<script" , $val ); $val = str_replace( ">" , ">" , $val ); $val = str_replace( "<" , "<" , $val ); $val = str_replace( """ , """ , $val ); $val = preg_replace( "/ /" , "<br>" , $val ); $val = preg_replace( "/\$/" , "$" , $val ); $val = preg_replace( "/ /" , "" , $val ); $val = str_replace( "!" , "!" , $val ); $val = str_replace( "'" , "'" , $val ); // Swop user inputted backslashes $val = preg_replace( "/\(?!&#|?#)/", "\", $val ); return $val; }
Thanks again!
but you got any ideas to make it more "safe"?
oh and btw, sorry for poor english...
-
i tried this script without the clean_value function and i got the same result... but now it's dispaly the first character of the string.
for example $core->input['s'] = "abcd";
it's returns only the first character, "a"
i think the problem is on my foreach loop, but can't find it...
i dont use htmlspecialchars for some reason. i need it just to replace only a few characters...
-
thank you both,
but i tried this script now, and it's wont work!
it's returns the array key.
$core->input = $core->secure_incoming(); echo $core->input['s'];
it's shows me 's' (the key) even if the value is somthing else...
any ideas?
my new code:
//----------------------------------------------------------------------- // Make all inputs and incoming data safe //----------------------------------------------------------------------- public function secure_incoming() { // Get vars array if( is_array($_GET) ) { foreach ($_GET as $k => $v) { $return = $this->clean_value($v); } } // Post vars array if( is_array($_POST) ) { foreach ($_POST as $k => $v) { $return = $this->clean_value($v); } } // Return the language array return $return; } //----------------------------------------------------------------------- // Clean value from injects //----------------------------------------------------------------------- public function clean_value($val) { // If the value are empty return now to save some CPU if ($val == "") { return ""; } $val = str_replace( " ", " ", $val ); $val = str_replace( "&" , "&" , $val ); $val = str_replace( "<!--" , "<!--" , $val ); $val = str_replace( "-->" , "-->" , $val ); $val = preg_replace( "/<script/i" , "<script" , $val ); $val = str_replace( ">" , ">" , $val ); $val = str_replace( "<" , "<" , $val ); $val = str_replace( "\"" , """ , $val ); $val = preg_replace( "/\n/" , "<br>" , $val ); $val = preg_replace( "/\\\$/" , "$" , $val ); $val = preg_replace( "/\r/" , "" , $val ); $val = str_replace( "!" , "!" , $val ); $val = str_replace( "'" , "'" , $val ); // Swop user inputted backslashes $val = preg_replace( "/\\\(?!&#|\?#)/", "\", $val ); return $val; }
-
hey,
I wrote this function to handle and secure all GET and POST inputs.
//----------------------------------------------------------------------- // Make all inputs and incoming data safe //----------------------------------------------------------------------- public function secure_incoming() { global $HTTP_GET_VARS, $HTTP_POST_VARS; // Get vars array if( is_array($HTTP_GET_VARS) ) { foreach ($HTTP_GET_VARS as $k => $v) { $return = $this->clean_value($v); } } // Post vars array if( is_array($HTTP_POST_VARS) ) { foreach ($HTTP_POST_VARS as $k => $v) { $return = $this->clean_value($v); } } // Return the language array return $return; } //----------------------------------------------------------------------- // Clean value from injects //----------------------------------------------------------------------- public function clean_value($val) { // If the value are empty return now to save some CPU if ($val == "") { return ""; } $val = str_replace( " ", " ", $val ); $val = str_replace( "&" , "&" , $val ); $val = str_replace( "<!--" , "<!--" , $val ); $val = str_replace( "-->" , "-->" , $val ); $val = preg_replace( "/<script/i" , "<script" , $val ); $val = str_replace( ">" , ">" , $val ); $val = str_replace( "<" , "<" , $val ); $val = str_replace( """ , """ , $val ); $val = preg_replace( "/ /" , "<br>" , $val ); $val = preg_replace( "/\$/" , "$" , $val ); $val = preg_replace( "/ /" , "" , $val ); $val = str_replace( "!" , "!" , $val ); $val = str_replace( "'" , "'" , $val ); // Swop user inputted backslashes $val = preg_replace( "/\(?!&#|?#)/", "\", $val ); return $val; }
I need it to be very secure without any gaps, I'd be happy if someone would help me improve it and make in safer....
Thanks in advance!
-
it's ok, i'm not an english speaker too...
i think i understend what you trying to do...
you can do this with one file:
<html> <body> <?php echo $message; ?> <form method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="hidden" name="send" value="1"> <input type="submit"> </form> <?php if (isset($_GET['send']) && $_GET['send'] == 1) { $message = "<b>the form sent!</b>"; // put here your code } ?> </body> </html>
-
i dont understend.... can you post here you code and explain better?
-
some basic stuff...
if you have any incoming data from inputs, make it safe by using htmlspecialchars
$name = htmlspecialchars("$_POST['name']", ENT_QUOTES);
if you have members system, use salt to encode there password:
http://us.php.net/manual/en/function.crypt.php
thats what i can offer you
-
what the error you getting?
-
try to explain better please...
-
you set the $tiles outside the function and try to use it into a function?
functions using only local vars (into the function) or you just make it global var...
<?php //Test Array $tiles = array(); $tiles["01,01"] = ""; $tiles["02,01"] = ""; $tiles["03,01"] = ""; function draw_game() { global $tiles; echo "<table border="0" width="500" height="500" />"; //for each of the tiles execute the code print_r($tiles); foreach( $tiles as $id => $tile) { //add start of table row tag if count is equal to 10,20,30 if ($count == 0 || $count == 10 || $count == 20 || $count == 30) { echo "<tr>"; } echo "<td width="50" height="50" alight="left" />"; //check what tile image to output, default is grass switch($id) { case 1: echo "<img src="$id.gif" alt="$tile" />"; break; default: echo "<img src="grass.gif" alt="$tile" />"; } echo "</td>"; //add end of table row tag if count is equal to 10,20,30 if ($count == 0 || $count == 10 || $count == 20 || $count == 30) { echo "<tr>"; } $count++; } echo "</table>"; } ?>
-
try this:
$query = "SELECT * FROM booking WHERE request_date = '".$request_date."'";
-
you still need help? or u solved the problem?
-
$result = mysql_query("SELECT team FROM ".$_GET['game']."_teams") or die(mysql_error());
now it's should work
-
i can't see any problems
-
where is your session_start()?
Session Error in Include..??
in PHP Coding Help
Posted
i think the global variables are disabled in your server, you have to talk to your admin server
and ask him to enable global vars option...