robert_gsfame

thx everyone

is it okay to name a column "date" in a table ??? just want to know whether this could mess up everything thx in advance

I just want to ask this simple thing..is that okay to create a column name date type=TEXT will it cause any problem in the future? thx in advance

okay i got now...there is a hidden text something that made this happen..thanks how can i mark as solved??? where is the button??

javascript part function searchtext() { var searchtext=document.getElementById("searchtext").value; if(searchtext=="") { alert("Please type what you are looking!"); } else { window.location.href="mypage.php?search="+escape(searchtext.replace(/ /g,'+')); } } php & html code if(!empty($_GET['search'])) { $replacethis=array("%","|","*","(",")","?","`","'","^","\\","[","]",":",";",",","_","<",">","\"","{","}","/"); $replaceby=array("","","","","","","","","","","","","","","","","","","","","",""); $search1=str_replace($replacethis,$replaceby,trim($_GET['search'])); $search2=explode(" ",urldecode($search1)); $totalsearch=""; for($i=0;$i<count($search2);$i++) { $totalsearch=$totalsearch." name REGEXP '[[:<:]]".htmlspecialchars($search2[$i])."[[:>:]]'=1 OR"; } $totalsearch2=" AND(".substr($totalsearch,0,strlen($totalsearch)-3).")"; $q=$totalsearch2; } else { $q=""; } <form name="form1"> <input type="text" id="searchtext"> <input type="button" value="Search" onclick="javascript:searchtext()"> </form> no error appear only text appear

so let say i am looking for some the word "hello" i use javascript to pass it to url and i will have this mypage.php?search=hello then when i try to modify the url and make it this way mypage.php?search=">test i have this text appear on my page test" /> what to do??

I have a search button to help user searching text they are looking. and i use $_GET to pass the value and get it into my query so it simply like this when value was passed into the URL page.php?search=text the problem is that when i try to modify a bit like this page.php?search=">test although i don't get any problem with the query (ERROR) as i've replaced all special characters with blank string, but i always have this test" /> text appear on my page.. what should i do to avoid this?? if they can do whatever they want, it means there is a space for attacker to inject bad codes thanks in advance

am just asking for new option but although i can prevent this one, there is a lot of hacking method will be used..

i just want to ask this simple question let say i have this basic query $place=$_GET['place']; mysql_query("SELECT * FROM table WHERE place='$place'"); this is a nice target for sql injection.. but what if i replace the whole special characters that could be added $replacethis=array("-","`"); $withthis=array("",""); $place=str_replace($replacethis,$withthis,$_GET['place']); mysql_query("SELECT * FROM table WHERE place='$place'"); Are they still able to do the basic sql injection by trying to get the error by adding special character although i didn't use mysql_real_escape_string() ?? then what if i protect the file by changing the setting of the permission to either 644 or 755? thanks in advance

I just want to ask when should i change charsets set into utf-8? is that only if there is multilingual text need to be inserted into database or is it better to have it set for all columns?? thx in advance

oops sorry, i forget to change the charset into utf

I have let say Thai language and inserted into database <b>บริษัท เอส.เค.ฟู้ดส์ (ประเทศไทย) จำกัด (มหาชน) เป็นผู้นำเข้า-ส่งออกปลาทูน่าบรรจุกระป๋อง ต้องการรับสมัครพนักงานเพื่อรองรับการขยายกิจการ</b> and i retrieve it using this nl2br(htmlentities($array['message'])) the result will completely messed up as the thai language will be converted either. if i ignore the htmlentities then i will have that message in bold how can i achieve the result exactly the same like what has been written (message in thai language with that <b> html tag)?? thx in advance

i am new to ajax and i confused on how to avoid repetition in writing this script for eg: i want to use ajax 2 times in 2 functions let say to SELECT (assume page1.php) and another one to UPDATE (assume page2.php) so what i do is repeat this 2 times function first() { if(window.XMLHttpRequest) { var xmlhttp=new XMLHttpRequest(); } else { var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } ......... } and again i have to repeat this part for second function function second() { if(window.XMLHttpRequest) { var xmlhttp=new XMLHttpRequest(); } else { var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } ......... } Is there a way to write the code more efficient or i still have no choice? thx in advance

this is the html code <form name="form1" enctype="multipart/form-data" action=""> <input type="file" name="file1"> <input type="submit" value="Submit"> </form> okay and this is my php code $file_name=$_FILES['file1']['name']; $file_tmp=$_FILES['file1']['tmp_name']; $file_size=$_FILES['file1']['size']; $file_type=$_FILES['file1']['type']; $path="my_folder/$file_tmp"; then it try to validate the size & type if($file_size>100000) { echo "Size exceeds maximum"; } elseif($file_type!=="image/pjpeg")&&($file_type!=="image/jpg")&&($file_type!=="image/jpeg")) { echo "Only jpg allowed"; } else { if(move_uploaded_file($file_tmp,$path) { echo "Okay file uploaded!"; } } which part is wrong?? then what if i change my folder permission to 775 instead of 755 will that help?? thx

thx a lot for your explanation. But i need more details on what you have explained to me PFMaBiSmAd for item#1 - is validating means validating file type?? only image or pdf, is that what you mean?? can you please explain this a bit technically that either does not permit any http requests to the uploaded files or to disable the php language engine in the folder i also dont get the solution for the item#2 if you don't mind i also need your explanation technically if there is a link, hope you can show it to me thx

I want to know which part of my script has the hole..as i can find lots of php script and even folder can be injected into my public_html how they do that, and which part need to be checked? is that the upload part <enctype> or what?? thx in advance

how can i show an alert message once [x] button on the titlebar of the browser being clicked. I try so many codes but didn't work at all thx in advance

another thing, i assume you want to insert data into database. Then you can use mysql_real_escape_string() and stripslashes()

i don't know if there is better suggestion from experts here..but i will try to validate text using javascript then. using indexOf()

Is there any tutorial or book where i can learn about how to do the encryption?? thx in advance

today i found that my web being hacked and my public_html all deleted. what should i do now besides restoring the file. Is there any file could possibly being attached by that guy, which part should be checked and however i got this in my remote mysql zuanhackerbinjai.blogspot.com thx in advance

can anyone give me some simple explanation what is actually frameworks, why do we have to use it instead of using pure PHP code. I read some articles that there is dozens of frameworks like code igniter, phpcake, etc....what is the different and which one is the best to be used? thx in advance

I am new to apache, just want to know if i use mod_rewrite, how can i still access the page in localhost so for example: i have this- mypage.php?page=2 i rewrite url so that i will have this mypage/2 so when i add another page and try to redirect user to that page using a link, i have to put this way <a href="mypage/2">go to next page</a> instead of having this <a href="mypage.php?page2>go to next page</a> is that correct?? thx in advance

if it's not working not because what i said...it's because you wrongly type this part please change this part if(!empty($result_numm)) with this (Only single "m") if(!empty($result_num)) 1000000 WORKS!!

AND type='Dog' AND country='England' LIMIT 0, 10