robert_gsfame
Members-
Posts
876 -
Joined
-
Last visited
Everything posted by robert_gsfame
-
thx everyone
-
is it okay to name a column "date" in a table ??? just want to know whether this could mess up everything thx in advance
-
I just want to ask this simple thing..is that okay to create a column name date type=TEXT will it cause any problem in the future? thx in advance
-
okay i got now...there is a hidden text something that made this happen..thanks how can i mark as solved??? where is the button??
-
javascript part function searchtext() { var searchtext=document.getElementById("searchtext").value; if(searchtext=="") { alert("Please type what you are looking!"); } else { window.location.href="mypage.php?search="+escape(searchtext.replace(/ /g,'+')); } } php & html code if(!empty($_GET['search'])) { $replacethis=array("%","|","*","(",")","?","`","'","^","\\","[","]",":",";",",","_","<",">","\"","{","}","/"); $replaceby=array("","","","","","","","","","","","","","","","","","","","","",""); $search1=str_replace($replacethis,$replaceby,trim($_GET['search'])); $search2=explode(" ",urldecode($search1)); $totalsearch=""; for($i=0;$i<count($search2);$i++) { $totalsearch=$totalsearch." name REGEXP '[[:<:]]".htmlspecialchars($search2[$i])."[[:>:]]'=1 OR"; } $totalsearch2=" AND(".substr($totalsearch,0,strlen($totalsearch)-3).")"; $q=$totalsearch2; } else { $q=""; } <form name="form1"> <input type="text" id="searchtext"> <input type="button" value="Search" onclick="javascript:searchtext()"> </form> no error appear only text appear
-
so let say i am looking for some the word "hello" i use javascript to pass it to url and i will have this mypage.php?search=hello then when i try to modify the url and make it this way mypage.php?search=">test i have this text appear on my page test" /> what to do??
-
I have a search button to help user searching text they are looking. and i use $_GET to pass the value and get it into my query so it simply like this when value was passed into the URL page.php?search=text the problem is that when i try to modify a bit like this page.php?search=">test although i don't get any problem with the query (ERROR) as i've replaced all special characters with blank string, but i always have this test" /> text appear on my page.. what should i do to avoid this?? if they can do whatever they want, it means there is a space for attacker to inject bad codes thanks in advance
-
am just asking for new option but although i can prevent this one, there is a lot of hacking method will be used..
-
i just want to ask this simple question let say i have this basic query $place=$_GET['place']; mysql_query("SELECT * FROM table WHERE place='$place'"); this is a nice target for sql injection.. but what if i replace the whole special characters that could be added $replacethis=array("-","`"); $withthis=array("",""); $place=str_replace($replacethis,$withthis,$_GET['place']); mysql_query("SELECT * FROM table WHERE place='$place'"); Are they still able to do the basic sql injection by trying to get the error by adding special character although i didn't use mysql_real_escape_string() ?? then what if i protect the file by changing the setting of the permission to either 644 or 755? thanks in advance
-
I just want to ask when should i change charsets set into utf-8? is that only if there is multilingual text need to be inserted into database or is it better to have it set for all columns?? thx in advance
-
oops sorry, i forget to change the charset into utf
-
I have let say Thai language and inserted into database <b>บริษัท เอส.เค.ฟู้ดส์ (ประเทศไทย) จำกัด (มหาชน) เป็นผู้นำเข้า-ส่งออกปลาทูน่าบรรจุกระป๋อง ต้องการรับสมัครพนักงานเพื่อรองรับการขยายกิจการ</b> and i retrieve it using this nl2br(htmlentities($array['message'])) the result will completely messed up as the thai language will be converted either. if i ignore the htmlentities then i will have that message in bold how can i achieve the result exactly the same like what has been written (message in thai language with that <b> html tag)?? thx in advance
-
i am new to ajax and i confused on how to avoid repetition in writing this script for eg: i want to use ajax 2 times in 2 functions let say to SELECT (assume page1.php) and another one to UPDATE (assume page2.php) so what i do is repeat this 2 times function first() { if(window.XMLHttpRequest) { var xmlhttp=new XMLHttpRequest(); } else { var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } ......... } and again i have to repeat this part for second function function second() { if(window.XMLHttpRequest) { var xmlhttp=new XMLHttpRequest(); } else { var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } ......... } Is there a way to write the code more efficient or i still have no choice? thx in advance
-
this is the html code <form name="form1" enctype="multipart/form-data" action=""> <input type="file" name="file1"> <input type="submit" value="Submit"> </form> okay and this is my php code $file_name=$_FILES['file1']['name']; $file_tmp=$_FILES['file1']['tmp_name']; $file_size=$_FILES['file1']['size']; $file_type=$_FILES['file1']['type']; $path="my_folder/$file_tmp"; then it try to validate the size & type if($file_size>100000) { echo "Size exceeds maximum"; } elseif($file_type!=="image/pjpeg")&&($file_type!=="image/jpg")&&($file_type!=="image/jpeg")) { echo "Only jpg allowed"; } else { if(move_uploaded_file($file_tmp,$path) { echo "Okay file uploaded!"; } } which part is wrong?? then what if i change my folder permission to 775 instead of 755 will that help?? thx
-
thx a lot for your explanation. But i need more details on what you have explained to me PFMaBiSmAd for item#1 - is validating means validating file type?? only image or pdf, is that what you mean?? can you please explain this a bit technically that either does not permit any http requests to the uploaded files or to disable the php language engine in the folder i also dont get the solution for the item#2 if you don't mind i also need your explanation technically if there is a link, hope you can show it to me thx
-
I want to know which part of my script has the hole..as i can find lots of php script and even folder can be injected into my public_html how they do that, and which part need to be checked? is that the upload part <enctype> or what?? thx in advance
-
how can i show an alert message once [x] button on the titlebar of the browser being clicked. I try so many codes but didn't work at all thx in advance
-
another thing, i assume you want to insert data into database. Then you can use mysql_real_escape_string() and stripslashes()
-
i don't know if there is better suggestion from experts here..but i will try to validate text using javascript then. using indexOf()
-
Is there any tutorial or book where i can learn about how to do the encryption?? thx in advance
-
today i found that my web being hacked and my public_html all deleted. what should i do now besides restoring the file. Is there any file could possibly being attached by that guy, which part should be checked and however i got this in my remote mysql zuanhackerbinjai.blogspot.com thx in advance
-
can anyone give me some simple explanation what is actually frameworks, why do we have to use it instead of using pure PHP code. I read some articles that there is dozens of frameworks like code igniter, phpcake, etc....what is the different and which one is the best to be used? thx in advance
-
I am new to apache, just want to know if i use mod_rewrite, how can i still access the page in localhost so for example: i have this- mypage.php?page=2 i rewrite url so that i will have this mypage/2 so when i add another page and try to redirect user to that page using a link, i have to put this way <a href="mypage/2">go to next page</a> instead of having this <a href="mypage.php?page2>go to next page</a> is that correct?? thx in advance
-
if it's not working not because what i said...it's because you wrongly type this part please change this part if(!empty($result_numm)) with this (Only single "m") if(!empty($result_num)) 1000000 WORKS!!
-
AND type='Dog' AND country='England' LIMIT 0, 10