[Session Error in Include..??]

i think the global variables are disabled in your server, you have to talk to your admin server

and ask him to enable global vars option...

[[SOLVED] need help with an array]

yea, you right... my bad... sorry...

but i can use array_key_exists instead in_array

[[SOLVED] need help with an array]

i'm not sure, but try this:

<?php

$array = array ("3279" => array ("AMC", 0),
"3373" => array ("CL", 0),
"3374" => array ("Integra", 0),
"3375" => array ("Legend", 0),
"3367" => array ("MDX", 0), ); 

if ( in_array("3373" , $array) )
{
   echo $array['3373'][0];
}

?>

[[SOLVED] Adding a mode to URL]

<?php

switch ($_GET['mode'])
{
    case 'force':
        force_function();
    break;

    default:
        normal_function();
}

function force_function()
{
  //CODE
}

function normal_function()
{
  //CODE
}

?>

[CSS or PHP code for the search result page.]

simply, when you select the results from DB:

<?php

$x = 0;

while ($results)
{
    if ($x == 0)
    {
        $bgcolor = "black";
        $x++;
    }
    else
    {
        $bgcolor = "white";
        $x = 0;
    }

    echo "<div style='backgroung-color: {$bgcolor};'></div>";
}

?>

[[SOLVED] Somethign Wrong With My Code?]

i'm not sure, but try this:

<?php 
// CONNECT TO THE DATABASE
mysql_connect ("localhost", "xxx", "xxx") or die ('Error: ' . mysql_error());
mysql_select_db ("xxx");

// CALL IN VARIABLES
$fname = $_POST['fname'];
$lname = $_POST['lname'];

// THE QUERY
$query = "INSERT INTO user ('fname' , 'lname') VALUES ($fname, $lname)";

// UPDLOAD
$result = mysql_query($query) or die ('Error updating database');

if($results){
    echo "Account createed Successfully, please login with your details.";
}

?>

[[SOLVED] convert string to class]

i trying to print content from txt file and replace the <{PAGE}> with a class call...

any possible ideas?

[[SOLVED] convert string to class]

hey,

i'm trying to convert this string <{page}> to this new $class

$class = the class name to load...

but i got this error:

Catchable fatal error:  Object of class home could not be converted to string in /var/www/lib/core_functions.php on line 141

 

this is the code im using

    public function load_template($class)
     {
         $class = new $class;
         $return = file_get_contents(LIBRARY_PATH."/template.txt");
         $return = str_replace("<{page}>", $class, $return);
         echo $return;
     }

 

any ideas?

 

Thanks!

[Pagination should work right?]

i can't see any problems here...

umm are you sure you got rows on your users tables?

 

if yes, try this and post here the output:

<?php

$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page']; 
$page = ceil($page);

$limit = 15; 
$start = $limit; 
$end = $page*$limit-($limit); 

if(isset($_GET['id'])){
   $sql = "SELECT * FROM users WHERE id=".$id."";
   $res = mysql_query($sql) or die(mysql_error());
   if(mysql_num_rows($res) == 0){
      echo "Invalid Path!";
      echo "<br> no rows";
   }else {
      $row = mysql_fetch_assoc($res);
      $sql2 = "SELECT * FROM `users` WHERE `id`='".$row['id']."'";
      $res2 = mysql_query($sql2) or die(mysql_error());
      $row2 = mysql_fetch_assoc($res2);
      if($row2['admin'] == 1 && $admin_user_level == 0){
         echo "You do not have permission!";
      }else {
         $amount_check = "SELECT * FROM `users` WHERE `id`='".$id."'"; 
         $amount_check_res = mysql_query($amount_check) or die(mysql_error()); 
         $amount_count = mysql_num_rows($amount_check_res); 
         $pages = ceil($amount_count/$limit); 
         
         $previous = ($page-1 <= 0) ? "« Prev" : "<a href=\"./index.php?act=browse&page=".($page-1)."\">« Prev</a>"; 
         $nextpage = ($page+1 > $pages) ? "Next »" : "<a href=\"./index.php?act=browse&page=".($page+1)."\">Next »</a>"; 
         echo "<tr><td align=\"right\" colspan=\"2\">\n";
         echo "Pages: ";
         echo $previous; 
         for($i=1;$i<=$pages;$i++){ 
             $href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=browse&page=".$i."\">".$i."</a> "; 
     
             echo $href; 
         } 
         echo $nextpage; 
         echo "</td></tr>\n";
         $select_sql = "SELECT * FROM `users` WHERE `id`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start.""; 
         $select_res = mysql_query($select_sql) or die(mysql_error()); 
         
         while($rowr = mysql_fetch_assoc($select_res)){
            echo "<tr><td class =\"forum_header\">".$rowr['username']."</td></tr>\n";
         }
      }
   }
}else{
   echo "Invalid Path!";
   echo "<br> no id";
}

?>

 

if the ouput will be "Invalid Path! no rows"

so you dont have rows in your DB,

 

if it will be "Invalid Path! no id"

so i think the problem is in mss function

[Pagination should work right?]

i'm not sure, but try this:

<?php

$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page']; 
$page = ceil($page);

$limit = 15; 
$start = $limit; 
$end = $page*$limit-($limit); 

if(isset($_GET['id'])){
   $sql = "SELECT * FROM users WHERE id=".$id."";
   $res = mysql_query($sql) or die(mysql_error());
   if(mysql_num_rows($res) == 0){
      echo "Invalid Path!";
   }else {
      $row = mysql_fetch_assoc($res);
      $sql2 = "SELECT * FROM `users` WHERE `id`='".$row['id']."'";
      $res2 = mysql_query($sql2) or die(mysql_error());
      $row2 = mysql_fetch_assoc($res2);
      if($row2['admin'] == 1 && $admin_user_level == 0){
         echo "You do not have permission!";
      }else {
         $amount_check = "SELECT * FROM `users` WHERE `id`='".$id."'"; 
         $amount_check_res = mysql_query($amount_check) or die(mysql_error()); 
         $amount_count = mysql_num_rows($amount_check_res); 
         $pages = ceil($amount_count/$limit); 
         
         $previous = ($page-1 <= 0) ? "« Prev" : "<a href="./index.php?act=browse&page=".($page-1)."">« Prev</a>"; 
         $nextpage = ($page+1 > $pages) ? "Next »" : "<a href="./index.php?act=browse&page=".($page+1)."">Next »</a>"; 
         echo "<tr><td align="right" colspan="2"> ";
         echo "Pages: ";
         echo $previous; 
         for($i=1;$i<=$pages;$i++){ 
             $href = ($page == $i) ? " ".$i." " : " <a href="./index.php?act=browse&page=".$i."">".$i."</a> "; 
     
             echo $href; 
         } 
         echo $nextpage; 
         echo "</td></tr> ";
         $select_sql = "SELECT * FROM `users` WHERE `id`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start.""; 
         $select_res = mysql_query($select_sql) or die(mysql_error()); 
         
         while($rowr = mysql_fetch_assoc($select_res)){
            echo "<tr><td class ="forum_header">".$rowr['username']."</td></tr> ";
         }
      }
   }
}else{
   echo "Invalid Path!";
}

?>

 

if it's not work, explain what the function mss does

[need security advice]

thank you all!

it's works great now!

the working script:

    //-----------------------------------------------------------------------
    // Make all inputs and incoming data safe
    //-----------------------------------------------------------------------

    public function secure_incoming()
    {
        // Get vars array
        if( is_array($_GET) )
        {
            foreach ($_GET as $k => $v)
            {
                $return[$k] = $this->clean_value($v);
            }
        }
    
        // Post vars array
        if( is_array($_POST) )
        {
            foreach ($_POST as $k => $v)
            {
                $return[$k] = $this->clean_value($v);
            }
        }
    
        // Return an array
        return $return;
    }

    
    //-----------------------------------------------------------------------
    // Clean value from injects
    //-----------------------------------------------------------------------
    
    public function clean_value($val)
    {
        // If the value are empty return now to save some CPU
        if ($val == "")
        {
            return "";
        }
        
        $val = str_replace( " ", " ", $val );
        
        $val = str_replace( "&"            , "&"         , $val );
        $val = str_replace( "<!--"         , "<!--"  , $val );
        $val = str_replace( "-->"          , "-->"       , $val );
        $val = preg_replace( "/<script/i"  , "<script"   , $val );
        $val = str_replace( ">"            , ">"          , $val );
        $val = str_replace( "<"            , "<"          , $val );
        $val = str_replace( """           , """        , $val );
        $val = preg_replace( "/ /"        , "<br>"          , $val );
        $val = preg_replace( "/\$/"      , "$"        , $val );
        $val = preg_replace( "/ /"        , ""              , $val );
        $val = str_replace( "!"            , "!"         , $val );
        $val = str_replace( "'"            , "'"         , $val );
        
        // Swop user inputted backslashes
        
        $val = preg_replace( "/\(?!&#|?#)/", "\", $val ); 
        
        return $val;
    }

 

Thanks again!

 

but you got any ideas to make it more "safe"?

oh and btw, sorry for poor english...

[need security advice]

i tried this script without the clean_value function and i got the same result... but now it's dispaly the first character of the string.

for example $core->input['s'] = "abcd";

it's returns only the first character, "a"

i think the problem is on my foreach loop, but can't find it...

 

i dont use htmlspecialchars for some reason. i need it just to replace only a few characters...   

[need security advice]

thank you both,

but i tried this script now, and it's wont work!

it's returns the array key.

 

$core->input = $core->secure_incoming();
echo $core->input['s'];

 

it's shows me 's' (the key) even if the value is somthing else...

any ideas?

 

my new code:

    //-----------------------------------------------------------------------
    // Make all inputs and incoming data safe
    //-----------------------------------------------------------------------

    public function secure_incoming()
    {
        // Get vars array
        if( is_array($_GET) )
        {
            foreach ($_GET as $k => $v)
            {
                $return = $this->clean_value($v);
            }
        }
    
        // Post vars array
        if( is_array($_POST) )
        {
            foreach ($_POST as $k => $v)
            {
                $return = $this->clean_value($v);
            }
        }
    
        // Return the language array
        return $return;
    }

    
    //-----------------------------------------------------------------------
    // Clean value from injects
    //-----------------------------------------------------------------------
    
    public function clean_value($val)
    {
        // If the value are empty return now to save some CPU
        if ($val == "")
        {
            return "";
        }
        
        $val = str_replace( " ", " ", $val );
        
        $val = str_replace( "&"            , "&"         , $val );
        $val = str_replace( "<!--"         , "<!--"  , $val );
        $val = str_replace( "-->"          , "-->"       , $val );
        $val = preg_replace( "/<script/i"  , "<script"   , $val );
        $val = str_replace( ">"            , ">"          , $val );
        $val = str_replace( "<"            , "<"          , $val );
        $val = str_replace( "\""           , """        , $val );
        $val = preg_replace( "/\n/"        , "<br>"          , $val );
        $val = preg_replace( "/\\\$/"      , "$"        , $val );
        $val = preg_replace( "/\r/"        , ""              , $val );
        $val = str_replace( "!"            , "!"         , $val );
        $val = str_replace( "'"            , "'"         , $val );
        
        // Swop user inputted backslashes
        
        $val = preg_replace( "/\\\(?!&#|\?#)/", "\", $val ); 
        
        return $val;
    }

[need security advice]

hey,

I wrote this function to handle and secure all GET and POST inputs.

    //-----------------------------------------------------------------------
    // Make all inputs and incoming data safe
    //-----------------------------------------------------------------------

    public function secure_incoming()
    {
          global $HTTP_GET_VARS, $HTTP_POST_VARS;
      
        // Get vars array
        if( is_array($HTTP_GET_VARS) )
        {
            foreach ($HTTP_GET_VARS as $k => $v)
            {
                $return = $this->clean_value($v);
            }
        }
    
        // Post vars array
        if( is_array($HTTP_POST_VARS) )
        {
            foreach ($HTTP_POST_VARS as $k => $v)
            {
                $return = $this->clean_value($v);
            }
        }
    
        // Return the language array
        return $return;
    }

    
    //-----------------------------------------------------------------------
    // Clean value from injects
    //-----------------------------------------------------------------------
    
    public function clean_value($val)
    {
        // If the value are empty return now to save some CPU
        if ($val == "")
        {
            return "";
        }
        
        $val = str_replace( " ", " ", $val );
        
        $val = str_replace( "&"            , "&"         , $val );
        $val = str_replace( "<!--"         , "<!--"  , $val );
        $val = str_replace( "-->"          , "-->"       , $val );
        $val = preg_replace( "/<script/i"  , "<script"   , $val );
        $val = str_replace( ">"            , ">"          , $val );
        $val = str_replace( "<"            , "<"          , $val );
        $val = str_replace( """           , """        , $val );
        $val = preg_replace( "/ /"        , "<br>"          , $val );
        $val = preg_replace( "/\$/"      , "$"        , $val );
        $val = preg_replace( "/ /"        , ""              , $val );
        $val = str_replace( "!"            , "!"         , $val );
        $val = str_replace( "'"            , "'"         , $val );
        
        // Swop user inputted backslashes
        
        $val = preg_replace( "/\(?!&#|?#)/", "\", $val ); 
        
        return $val;
    }

 

I need it to be very secure without any gaps, I'd be happy if someone would help me improve it and make in safer....

 

Thanks in advance!

[Returning to the form]

it's ok, i'm not an english speaker too...

 

i think i understend what you trying to do...

you can do this with one file:

<html>
<body>

<?php echo $message; ?>

<form method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="send" value="1">
<input type="submit">
</form>

<?php

if (isset($_GET['send']) && $_GET['send'] == 1)
{
  $message = "<b>the form sent!</b>";
  // put here your code
}

?>

</body>
</html>

[Returning to the form]

i dont understend.... can you post here you code and explain better?

[Please post anything security preventation related here i need this help.]

some basic stuff...

 

if you have any incoming data from inputs, make it safe by using htmlspecialchars

$name = htmlspecialchars("$_POST['name']", ENT_QUOTES);

 

 

if you have members system, use salt to encode there password:

http://us.php.net/manual/en/function.crypt.php

 

thats what i can offer you

[Error in my code - Need Help]

what the error you getting?

[Creating a dropdown menu with 3 values each item.]

try to explain better please...

[[SOLVED] Invalid argument supplied for foreach() - please help]

you set the $tiles outside the function and try to use it into a function?

functions using only local vars (into the function) or you just make it global var...

 

<?php

//Test Array
$tiles = array();
$tiles["01,01"] = "";
$tiles["02,01"] = "";
$tiles["03,01"] = "";

function draw_game()
   {

   global $tiles;

   echo "<table border="0" width="500" height="500" />";
   //for each of the tiles execute the code
   print_r($tiles);
   
      foreach( $tiles as $id => $tile)
      {
      //add start of table row tag if count is equal to 10,20,30
      if ($count == 0 || $count == 10 || $count == 20 || $count == 30)
         {
            echo "<tr>";
         }
         
            echo "<td width="50" height="50" alight="left" />";
         
         //check what tile image to output, default is grass   
            switch($id)
            {
               case 1:
               echo "<img src="$id.gif" alt="$tile" />";
               break;
               
               default:
               echo "<img src="grass.gif" alt="$tile" />";
               
            }
            
            echo "</td>";
         //add end of table row tag if count is equal to 10,20,30
         if ($count == 0 || $count == 10 || $count == 20 || $count == 30)
            {
               echo "<tr>";
            }
         
   $count++;
      }
      
   echo "</table>";
   
      
   }

?>

[[SOLVED] Query NOT working]

try this:

$query = "SELECT * FROM booking WHERE request_date = '".$request_date."'";

[simple error]

you still need help? or u solved the problem?

[simple error]

$result = mysql_query("SELECT team FROM ".$_GET['game']."_teams") or die(mysql_error());

 

now it's should work

[[SOLVED] THINGS DUPLICATING]

i can't see any problems

[[SOLVED] basic help with hyperlink]

where is your session_start()?