[[HELP] Command + Queries to update SQL]

`id` int(11) NOT NULL auto_increment,

  `rname` varchar(45) NOT NULL,

  `food` int(2) NOT NULL,

  `ambience` int(2) NOT NULL,

  `value` int(2) NOT NULL,

  `service` int(2) NOT NULL,

  `title` varchar(50) NOT NULL,

  `comment` varchar(200) NOT NULL,

  `writtenby` varchar(50) NOT NULL,

  `date` datetime NOT NULL,

  `review_status` int(1) NOT NULL default '0',

 

$sql_u_statues = "UPDATE review_status SET review_status = '1'";

 

Make a page that displays all of your '0' entries.

Then make a form with each entry having a 'checkbox'  (passing along the id of the entry). And once the form is set, use the above code to update it to 1.

 

For the public view, let it show only entries with review_status on 1.

[echo and print]

Yeah me learned that too right now :-?

[Getting this for Christmas]

LoL I can just imagine... A guy new to the computer world.. Goes into a computer shop...

 

Asks, Hi what would you recommened for a guy new to computers but that won't get out of date quickly and also cheap?

 

They redirect him to ebay for a supercomputer... The guy smacks it with the highest bid and wins...

 

Next thing he knows theyre building a double story over his house for his 'computer'...

 

 

 

 

LoL bet it's dusty in there too... They really need some BUG repellent...

[PhotoShop History]

How does "History" work in photoshop? When you have an image, and you press "Undo" how does it know what to undo? Or redo?

 

The only thing that I can think of, is that photoshop would save a version of the image, every time an edit has been done, so every time the image changes it saves a copy of the previous image.

 

Or maybe only 'certian elements'.

 

As if you have applied a effect it's hard to get the original with 'de-effecting it' lol

[[HELP] Command + Queries to update SQL]

Hi, thanks a lot for your help. But how do i fetch the_review_id?

 

Create a column in your database with a auto increment column.

So each entry will have a ID to it...

[[SOLVED] Why is there a extra left border in opera and bottem border in IE?]

This is doing my head in... In firefox it looks perfect though...

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>CSS Lists</title>
<link href="/files/css.css" rel="stylesheet" type="text/css" />
</head>

<body id="about">

<div class='head'>
<img align="left" src="images/logo.jpg" width="300" height="100" />
<img src="images/logobar.jpg" width="724" height="100" />
</div>

<ul id="list-menu">
<li id="menu-home"><a class='nav' href="#">Home</a></li>
<li id="menu-about"><a class='nav' href="#">About</a></li>
<li id="menu-archive"><a class='nav' href="#">Archive</a></li>
<li id="menu-lab"><a class='nav' href="#">Lab</a></li>
<li id="menu-reviews"><a class='nav' href="#">Reviews</a></li>
<li id="menu-contact"><a class='nav' href="#">Contact</a></li>
</ul>

<div class='main_content'>

<p>BLAHAHAHAHA BLAH BHA BHA AHB AH BNBLHA BLAH</p>
</div>

</body>
</html>

 

/* Body */
body
{margin: 0;
   background-color: #ADD1DC;
}

/* Text/Font Styles */

.top_heading
{font-family: Verdana;
    font-size: 26px;
color: #333333;
}

/* a hrefs/links */

a.nav
{font-family: Verdana;
   font-weight: bold;
}

/* Divs */

div.head
{border: solid;
   border-width: 1px;
   border-left-width: 0px;
   border-right: 0px;
   border-top-width: 0px;
   border-color: #0066FF;
   background-color: #0099FF;
   height: 100px;
}

div.main_content
{padding: 10px;
}

 

Anyone know whats going on?

 

Attached is a screenshot..

 

[attachment deleted by admin]

[[SOLVED] Curly Brackets Theory]

$var = "exam";

echo "$var"; // exam
//What if you want it to echo out "$var*ple" without the *?

echo "{$var}ple";

//Could also be done like this
echo "$var" . "ple";

Also to echo out the CORRECT way for an array (mmm nice ryhming hey)
echo "{$array['first']}";
//unlike
echo "$array['first']"; //which won't work 

[Login with mysql.]

$query = mysql_query("SELECT COUNT(id) FROM LOGIN WHERE username='$username' AND password='$password'");

    $row = mysql_fetch_row($query);

    if($row[0] != 1) {

      echo "Invalid username/password";

         

    }

    else if($row[0] == 1) {

      echo "Welcome.";

 

So when it finds from database username and password what matches then row[0] value should be 1 right? But it already gives the value 1 when i only enter username and press login or try it with some random password..

 

Well, I am not quite sure what your doing with the above code but...

$sql_select = "SELECT * FROM LOGIN WHERE username='$username' AND password='$password' LIMIT 1";
$mq_select = mysqli_query($db_con, $sql_select);

$row = mysqli_fetch_assoc($query);
if($row['password'] == $password)
{echo "Corrert password";
}
else
{echo "WRONG PASSWORD";
}

 

I hope you will figure it out .

 

Also look into md5 and mysql_real_escape_string.

[[SOLVED] Can a hacker send fake POST?]

:o Blimey! Thanks for that.

[[SOLVED] Can a hacker send fake POST?]

I am wondering if it is possible to send 'fake' values via POST.

 

Say now you have a form and have 3 checkboxes,

10,20,30. Could a hacker send the number 40?

[Willing to team up, PHP, MySQL]

If anyone is willing to team up with me, or your in need of a partner please contact me.

 

I want to start something... But don't know what... All the projects/websites I worked on are unsucsessful...

 

[insert results from other php files]

...  Put your different 'code' into $varibles... And then just dump them in one files,

 

include this page to all your others and just

 

echo "$example_head";
echo "$example_logo";
echo "$example_mainframe";

[XSS attacks... Am I still vunreble if]

performing strip_tags() on globals will completly disallow submitting html however it is still possible (i think) if using encoding.

Why would I want HTML in my $_GETS?... example.com/posts/post=<h1>This is stupid</h1>

 

This is an example of no proper programming:

if (is_numeric($var))
{
}
else
{header("Location: /index.php");
}

 

No proper programming? The only thing I see fit for passing through GET is IDs of somesort. So the following code, included to a page, will check the value of the GET, if it is something funny like :www.badsite.com/xssattack.php, it will reject it .

[[SOLVED] PHP Login Script]

I'm sure this is a pretty common question...

But I need clarification.

 

How should I structure the flow of my login script?

I understand that there is a form, and the contents of the form are submitted then proccessed in a PHP script. However, if the username/pass are correct, how do you redirect the person to the new page? Or should I make it work in a different way?

 

Thanks!

 

Well you need a login page to 'set $_SESSION varibles'...

 

Then you need this:

 

verify_user.php

<?php 
if (!isset ($_SESSION['user']) || !isset($_SESSION['rank']))
{header("Location: /login.php);
}
?>

 

Include that in every 'login protected' page...

[Retrieve files from outside the 'public_html' directory]

Right.... And I hate facebook! Now I can work on being 'better' than facebook lol...

 

Anyway  I don't like this 'header' thing it... It's just not the right thing for the job...

 

I wrote something here:

 

$originalpicture = "../../xtc_html/photos/{$result['user']}_{$result['user_id']}_{$result['file_count']}.jpeg";
$timestamp = time();

$md5_name = basename($originalpicture);
  
$tmp_newname = md5($md5_name) . md5($timestamp) . ".jpeg";

$tmpic = "photos/" . $tmp_newname;
copy ($originalpicture, $tmpic);
   
echo "<img src='$tmpic'/>";

unlink ($tmpic);

 

Although I can't get it to work unless I remove (unlink ($tmpic) the last line...

 

Should I set up a '10 minutey' delete robot of some sort?

[Retrieve files from outside the 'public_html' directory]

Uhm, the .htaacces won't work for the reason of uhm how am I ment to view the files inside lol.

 

I'll try googling again... Maybe this time Im lucky

[[SOLVED] Submit Form Using Link]

I want to submit a form using a link. I am writing the code within an "echo" as follows:

	$title  = mysql_result($result,$i,"title");
		$isbn   = mysql_result($result,$i,"isbn");


		echo "<form action='prod_info.php' method='post'>";
		echo "<table style: border = 1><tr><td style: width='200px'><a href = '#' onclick = 'this.form.submit()'>" .$title. "</a></td></tr>";
		echo "</table></form>";

 

It's not submitting the form though. any ideas?

 

JH

 

<a href = '#' [code]onclick = 'this.form.submit()'

>[/code]

Thats a javascript function right? I think your problem lyes in there...

[Retrieve files from outside the 'public_html' directory]

To start the topic,

I am trying to build a members-only website for a certain client.. Of which members are allowed to view other ‘members’ photos only if they reside on the members ‘friend list’ (like facebook and such)…

 

The problem is, all the photos are stored in a easily accessible directory  (example.com/images/example_friend77_photo1.jpeg)…

So far, from what I have read up on, the solution is to create a image folder out of my public_html folder

 

Like This

/images
/public_html
//index.php
//other.php

 

Is this 100% certain that users won’t be able to load these images from this folder?

 

Secondly… How do I access this folder?.. the basic HTML img tag won’t work..

What funny PHP thing do I do?

 

Thanks guys and girls(if there are)… I really have no idea why some of you even waste your time with us.. I hope one day I could help nearly as much as some of you guys have helpen(yes yes I know) me…

[Delete me please... (Its just a copy)]

Sorry,.... I hit the enter button by mistake.... Please delete

[XSS attacks... Am I still vunreble if]

OMG! I am so rude! I asked the question like a moron! I was busy and typing it with my phone... So sorry...

 

To be more specific, what I have is this:

filterget.php

<?php
include "mysqlcon.php";

$con = mysqli_connect("$dbhost", "$dbuser", "$dbpass")
       or die ("Could not connect to database");

if (isset($_GET))
{foreach($_GET as $var => $value )
   {$var = mysqli_real_escape_string($con, strip_tags(trim($value)));
    //Why I do the 'mysqli_real_escape_string' is really stupid and useless
    //But I feel it makes the code 'more secure' although it does not...though maybe.
     if (is_numeric($var))
      {
  }
     else
      {header("Location: /index.php");
      }
   }
}
else
{header("Location: /index.php");
}

?>

 

I include this page where ever I need to recieve $_GET varibles....

 

I made it so that if it's not a numerical numbers -> redirect the person to the index page...

 

I don't think you are fully aware of what XSS is (http://en.wikipedia.org/wiki/Cross-site_scripting) plus there are many more vulnerabilities to which you have to protect not only your scripts but even your server(s)

Uhm I am aware that it takes a 'script' from another domain/source...

 

And uhm, I have

 

strip_tags();on all input I recieve

mysqli_real_escape; Aswell on all input I recieve

I only allow .jpegs to be uploaded...

Uhm how more secure can you be?

 

[XSS attacks... Am I still vunreble if]

Am I sill vunreble if I only allow numbers in the gets commands?..

 

I made it so that if it's not a numerical numbers -> redirect the person to the index page...

[[SOLVED] User Check Fails]

I think the problem lyes in your login page (or not calling "session_start();" )...

 

Anyway I wrote a thing for you (took some time, but hey I was boReD)...

 

This 'script' needs a database table of which has 3 columns (user_id, nation_id, password) which you should create beforehand...

 

index.php

<?php
echo "<h1>This is the homepage right?</h1>";
echo "<br/><a href='login.php'>Login</a>";
echo "<br/><a href='protected.php'>Protected Page</a>";
echo "<br/><a href='logout.php'>Logout</a>";
?>

 

mysqli_con.php (Remember to change the values)

<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "thedatabase";
?>

 

login.php

<?php
session_start();

include "mysqli_con.php";
$mysqli_con = mysqli_connect ("$dbhost","$dbuser","$dbpass","$dbname") 
                      or die;
				  
if (isset($_POST['user_id']) && isset($_POST['password']))
{$user_id = mysqli_real_escape_string($mysqli_con, strip_tags($_POST['user_id']));
   $password = mysqli_real_escape_string($mysqli_con, strip_tags($_POST['password']));

   if (is_numeric($user_id))
    {}
   else
    {die ("User_id is not a number");
}

   $sql_s_users = "SELECT * FROM users WHERE user_id='$user_id'";
   $mq_s_users = mysqli_query($mysqli_con, $sql_s_users)
   						  or die ("Query failed!");
   $users_result = mysqli_fetch_assoc($mq_s_users);
   
   if ($password == $users_result['password'])
    {$_SESSION['user_id'] = $user_id;
  $_SESSION['nation_id'] = $users_result['nation_id'];
  echo "Logged in!";
}
   else
    {echo "incorret";
}
}
?>
<?php
if (isset($_SESSION['user_id']))
{echo "Sorry your already logged in";
}
else
{echo "<h1>This is the login page right?</h1>
	    <form action='{$_SERVER['PHP_SELF']}' method='POST'>
	    Your user ID? <input type='text' name='user_id' />
	    Your password? <input type='text' name='password' />
	    <input type='submit' value='Login'/>
	    </form>";
}
?>

 

checkuserid.php

<?php
if(isset($_SESSION['user_id']))
{$user_id = $_SESSION['user_id'];

   if(isset($_SESSION['nationi_d']))
     {$nation_id = $_SESSION['nation_id'];
 }	 
}
else
{header('Location: /login.php');
}
?>

 

protected.php

<?php
session_start();
include "checkuserid.php";
print_r ($_SESSION);
echo "<br/>If you have gotten so far, it should be solved...!";
?>

 

logout.php

<?php
session_start();
include "checkuserid.php";
if (isset($user_id))
{session_destroy();
  unset ($_SESSION);
  
  echo "Logged out  ";
}
else
{echo "Your not logged in! Oi! ;O ";
}
?>

 

[Float sidebar div, and prevent stuff from going under it]

Okay, you say:

If anyone knows a solution please post here..

 

On what a solution?

 

If you understand the css, you should clean it up if you find it messy,

if you don't, I would sugest to learn it, it is really easy.

 

Sorry if I sounded a bit angry but I'm because I'm stuck myself with some php code ;p

 

LoL, messy or not messy should not make a difference... And btw I am reading your php topic right now...(hmm :-\)

[[SOLVED] Interpreting ‘$user_’ as a variable rather than ‘$user’.]

Thanks papaface and Crayon Violent!

[[SOLVED] Interpreting ‘$user_’ as a variable rather than ‘$user’.]

Ok guys, a naming problem.

$file_dir = "photos/originals/$user_$user_id_$file_count.jpg";
move_uploaded_file ($file_tmp, $file_dir);

 

I want a file like : ‘user_23_1.jpg’…? But it seems to be interpreting  ‘$user_’ as a variable rather than ‘$user’.

 

Thanks.