-
Posts
960 -
Joined
-
Last visited
Posts posted by Destramic
-
-
why would you want store html in a database?
what you need to do it store necessary data, such as article name, article, user_id, timestamp etc.
what parts are you struggling with so we can help you further?...creating a database table...using PDO?
-
$data = mysqli_query($con, $query) or die(mysqli_error());
I tried this now and earlier too but still the same issue!!!
try what jacques1 said
The code is fundamentally wrong. It seems you've taken a really old, really bad script with mysql_* function calls and just added an “i” everywhere. This doesn't work. You need to actually learn the mysqli interface (or rather: database programming in general).
Get rid of this or die(mysqli_error()) stuff. Why on earth would you want to show your database errors to your users? What are they supposed to do with this message? It only helps attackers interested in gaining information about your system.
The proper approach is to enable exceptions so that the PHP error handler can take care of the problem (assuming you've configured it correctly):
// make mysqli throw an exception whenever it encounters a problem $mysqli_driver = new mysqli_driver(); $mysqli_driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; $database_connection = mysqli_connect($host, $user, $password, $database);
Stop putting PHP values straight into query strings. Never heard of SQL injections? The proper approach is to use prepared statements:
// use a prepared statement with placeholders to safely pass data to MySQL $member_stmt = $database_connection->prepare(' INSERT INTO members (username, email, password) VALUES (?, ?, ?) '); $member_stmt->bind_param('sss', $_POST['username'], $_POST['useremail'], $_POST['password']); $member_stmt->execute();
Apart from that, I strongly recommend you use PDO instead of mysqli. It's a lot more comfortable, and since you have to rewrite your code anyway, you might as well choose the best interface available.
-
what i also i should of mentioned is that you need to escape all user data using mysqli_escape_string() failure to do so can result in SQL injection
$username = mysql_escape_string($_POST['username']);
this wouldn't be a problem if you used PDO and prepared queries.
-
where should i make these changes??
thanks
seriously?...i just gave you the documentation referring to mysqli_query as well as the code for your first mysql insert
$data = mysqli_query ($query)or die(mysqli_error());
should be
$data = mysqli_query($con, $query) or die(mysqli_error($con));
i'm more than sure you can work out the other...if not, give up
but i would suggest to use PDO http://php.net/manual/en/book.pdo.php
-
mysqli_query($con, $query);
as seen here http://php.net/manual/en/mysqli.query.php
-
hey guys i wish to make a simple form for users/guest to share my wesbite to friends etc.
i'm mostly concerned that this will allow people to spam address from my site...should i be concerned?...if so what is the best approach please?
i was thinking about collecting the shared email's to a db? ensuring only 1 ever gets sent...is this enough
thank you
-
please use the code tags so it makes things easier for people to read.
i can see an error here:
if (isset($_REQUEST ["flavour"]) ) { //<input name = "flavor" type = "text">
which should be
if (isset($_REQUEST["flavour"])) { //<input name = "flavour" type = "text">
why don't you try something like this?
<html> <head> <title> using one page to accept and process data. </title> </head> <body> <h1> using one page to accept and process data. </h1> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { print_r($_POST); } else { ?> <form method="post"> what is your favourite ice cream flavor? <input name = "flavor" type = "text"> <br> <br> what is your name? <input type = "text" name = "name" > <br> <br> <input type = submit value = submit > </form> <?php } ?> </body> </html>
-
what errors have you got?...also if your storing in the database you want to be using DATE field type
-
Your age in years (must be manually maintained. This is an alternative to IPB only showing your full birthday)
sorry i after a second glance i saw this...sorry! (no0b)
embarrassing
-
my age is displaying as 29 although i'm 30...not complaining but something isn't right.
also my dob is correct on my profile
thank you
-
check out fgetcsv
http://www.php.net/manual/de/function.fgetcsv.php
why are you exporting database table, then reading from a csv?...why not read directly from the database?
-
the script isn't fully functional but something like this...i guess you have a list of news or whatever it is your listing form the database, which you want to be able to delete but also keep the list in view with successful/error messages.
jquery
$(document).ready(function(){ $('span[data-delete-news-id]').click(function(event) { var data = { id: $(this).data('delete-news-id') csfr: 'token here' }; $.ajax({ url: 'http://domain/delete', type: 'POST', data: data, dataType: 'text', success: function(result) { //check result and remove for list }, error: function(jqXHR, satus, error){ console.log(status, error); } }); }); });
html
news article - php is the best - <span data-delete-news-id="5">delete</span>
no need for a form or to reload page...hope this helps...also you going to want to look at stopping cross site forgery attacks hence the csfr: 'token here' parameter
-
There is probably a much easier way but why don't you check the phone make is apple and image is portrait then just rotate?
Wouldn't be a bad solution if the script is only for your personal use...although would be nice to make the script universal
-
i'd check the orginal image orientation before uploading...as i can't see anything obvious that would rotate the image before saving
the image may have embedded image rotation infomation set by your phone.
check for orientation key
print_r(exif_read_data($filename));
i come across this function also which may help.
function image_fix_orientation(&$image, $filename) { $exif = exif_read_data($filename); if (!empty($exif['Orientation'])) { switch ($exif['Orientation']) { case 3: $image = imagerotate($image, 180, 0); break; case 6: $image = imagerotate($image, -90, 0); break; case 8: $image = imagerotate($image, 90, 0); break; } } }
-
Check $_GET['xmax'] value as i would say it's empty
-
also what i forgot to mention is that if your using user inputted data ie. $_POST then you need to escape it using
$_POST['email'] = htmlspecialchars($_POST['email'], ENT_QUOTES, 'UTF-8');
your code is vulnerable to cross site scripting attacks (XXS)
-
you should be able to read this better...also using the echo where it is, is incorrect.
$form_output = '<p><label for="email">Notification email (IMPORTANT!) <span>*</span><br><input type="text" name="email" value="' . $_POST["email"] . '"></label></p>';
this should do the trick
-
i had a brain storm last night and sent the email via phpmailer and viewed what was actually being sent to the server...this format works perfectly now for alternative mail with embedded images.
Content-Type: multipart/alternative; boundary="fae15ab6820aee7cab838cf3b8f5ef37" Content-Transfer-Encoding: 8bit This is a multi-part message in MIME format. --fae15ab6820aee7cab838cf3b8f5ef37 Content-Type: text/plain; charset="utf-8" plain email here --fae15ab6820aee7cab838cf3b8f5ef37 Content-Type: multipart/related; boundary="aaf2651d4917027cd4c6a335082910a5" --aaf2651d4917027cd4c6a335082910a5 Content-Type: text/html; charset="utf-8" Sever: <span>here is our logo</span> <img src="cid:logo.png@domain.co.uk" width=" 192" height="50" title="Logo" alt="Logo"> --aaf2651d4917027cd4c6a335082910a5 Content-Type: image/png; name="logo8.png" Content-Transfer-Encoding: base64 Content-ID: <logo.png@domain.co.uk> Content-Disposition: inline; name="logo8.png" iVBORw0KGgoAAAANSUhEU.........b0vX7fAAAAAElFTkSuQmCC --aaf2651d4917027cd4c6a335082910a5-- --fae15ab6820aee7cab838cf3b8f5ef37--
i hope this can help other people out...thank you
-
According to the specification the content-id is supposed to follow the addr-spec format which is defined as
addr-spec = local-part "@" domain
. Examples I can find in my email seem to follow that pattern, so I'd suggest you try the same.i tried what you said kicken and still have no joy...i also tried cid:logo@mydomain.co.uk
here is my altered code
[7] => SUBJECT: test email [8] => FROM: mydomain.co.uk<****> [9] => TO: ***** [10] => MIME-Version: 1.0 [11] => Organization: mydomain.co.uk [12] => X-Priority: 3 [13] => X-Mailer: PHP7.0.10 [14] => Message-ID: <6af3b38673bc078a1bf662e27843477b@mydomain.co.uk> [15] => Date: Wed, 04 Jan 2017 17:39:27 +0000 [16] => Return-Path: ****@mydomain.co.uk [17] => Content-Type: multipart/related; boundary="f81c1c99aa6cb085a26b84813c0a2fd6" [18] => This is a multi-part message in MIME format. [19] => --f81c1c99aa6cb085a26b84813c0a2fd6 [20] => Content-Type: multipart/alternative; boundary="1f04e7b81c18373984b26f1e64f9b83e" [21] => --1f04e7b81c18373984b26f1e64f9b83e [22] => Content-Type: text/plain; charset="utf-8" [23] => Content-Transfer-Encoding: quoted-printable [24] => Content-Transfer-Encoding: 7bit [25] => plain email here [26] => --1f04e7b81c18373984b26f1e64f9b83e [27] => Content-Type: text/html; charset="utf-8" [28] => Content-Transfer-Encoding: quoted-printable [29] => Content-Transfer-Encoding: 7bit [30] => <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:logo.png@mydomain.co.uk" width="192" heigh t="50" title="Logo" alt="Logo"> </body> </html> [31] => --1f04e7b81c18373984b26f1e64f9b83e-- [32] => --f81c1c99aa6cb085a26b84813c0a2fd6 [33] => Content-Type: image/png; name="logo8.png" [34] => Content-Transfer-Encoding: base64 [35] => Content-ID: <logo.png@mydomain.co.uk> [36] => X-Attachment-Id: logo.png@mydoamin.co.uk [37] => Content-Disposition: inline; filename="logo8.png" [38] => iVBORw0KGgoA....gABI1QMAACD1AZpW [39] => --f81c1c99aa6cb085a26b84813c0a2fd6--
any other suggestion would be great...i've looked a so much regarding embedded inline images and i can't see nothing else that i may be missing...i'm feeling there's something else that needs to be added to my headers though.
i even sent myself an email from my gmail account with an embedded image and tried to cross reference but all formats i saved we're barely readable.
thank you
-
Thank you...first time I've seen that...also I've seen examples without the content-disposition in line header.
I'll give it whirl when I'm home and post my results
Thanks again
-
sorry i couldn't edit the message above here is the correct headers etc from my debug array
[17] => Content-Type: multipart/related; boundary="60a7083d603d0f8a9d35a0776030d8e5" [18] => This is a multi-part message in MIME format. [19] => --60a7083d603d0f8a9d35a0776030d8e5 [20] => Content-Type: multipart/alternative; boundary="acabb8838a7d2b2a9ec0661d699c96bc" [21] => --acabb8838a7d2b2a9ec0661d699c96bc [22] => Content-Type: text/plain; charset="utf-8" [23] => Content-Transfer-Encoding: quoted-printable [24] => Content-Transfer-Encoding: 7bit [25] => plain email here [26] => --acabb8838a7d2b2a9ec0661d699c96bc [27] => Content-Type: text/html; charset="utf-8" [28] => Content-Transfer-Encoding: quoted-printable [29] => Content-Transfer-Encoding: 7bit [30] => <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:logo" width="192" title="Logo" alt="Logo" > </body> </html> [31] => --acabb8838a7d2b2a9ec0661d699c96bc-- [32] => --60a7083d603d0f8a9d35a0776030d8e5 [33] => Content-Type: image/png; name="logo8.png" [34] => Content-Transfer-Encoding: base64 [35] => Content-ID: <logo> [36] => X-Attachment-Id: logo [37] => Content-Disposition: inline; filename="logo8.png" [38] => iVBORw0KGgoAAAANSUhEUgAAArUAAAC7CAYAAAB7NWYYAAAACXBIWXMAAAsSAAALEgHS3X78AAA.....Zb0vX7fAAAAAElFTkSuQmCC [39] => --60a7083d603d0f8a9d35a0776030d8e5-- [40] => Array ( [command] => . [response] => 250 Queued (0.192 seconds) )
-
hey guys i'm having problems with gmail showing inline images when sending a email from my server...for some strange reason it shows as an attachment, but works prefectly for hotmail.
here is what i'm getting..
hotmail
gmail
i can't find nothing obvious about inline image problems with gmail so i wondered if any of you guys have come across this problem and what i could do to solve it.
here is my headers and boundarys set for the email...
Content-Type: multipart/related; boundary="e3b811c438657c9d0f9ae45330038d29" This is a multi-part message in MIME format. --e3b811c438657c9d0f9ae45330038d29 Content-Type: multipart/alternative; boundary="23d529da6bbc0c660362bf9a39c6b994" --23d529da6bbc0c660362bf9a39c6b994 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: 7bit plain email here --23d529da6bbc0c660362bf9a39c6b994 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: 7bit <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:logo" width="192" title="Logo" alt="Logo"> </body> </html> --23d529da6bbc0c660362bf9a39c6b994-- Content-Type: image/png; name="logo8.png" Content-Transfer-Encoding: base64 Content-ID: <logo> X-Attachment-Id: logo Content-Disposition: inline; filename="logo8.png" iVBORw0KGgoAAAANSUhEUgAAArUAA...AgFQ9AAAAUvUAAABI1QMAACD1AZpW uZb0vX7fAAAAAElFTkSuQmCC --e3b811c438657c9d0f9ae45330038d29--
any help would be great,,,thank you
-
ok thank you i made the changes that you said
In any case, you should definitely think your permission model through before jumping to the implementation. Some parts of the concept don't seem to be clear yet.could you elaborate on this a little please jacques?
thank you for your help
-
the reason i have the extra user_permissions table was so that i was able to give extra permissions out of the given role...but after thinking on what you said i deleted the table...in fact i'm going to role with all you suggestions.
note i changed names on some tables to make more sense.
here is how i'm getting my permissions
SELECT p.permission FROM permissions p LEFT JOIN role_permission_mappings rpm ON rpm.permission_id = p.permission_id LEFT JOIN roles r ON r.role_id = rpm.role_id LEFT JOIN user_role_mappings urm ON urm.role_id = r.role_id AND urm.user_id = 3
and my roles
SELECT role FROM roles r LEFT JOIN user_role_mappings urm ON urm.role_id = r.role_id WHERE urm.user_id = 3
say when checking if a user has permission to edit news is checking permission for edit_news enough? or should i be checking if the user is admin too?
if ($user->has_role('admin') && $user->has_permission_to('edit news')) { // yes! } vs if ($user->has_permission_to('edit news')) { // yes! }
thank you for your help
php insert linked id with table
in PHP Coding Help
Posted · Edited by Destramic
You need to check $_GET['id'] exists...also your code is vulnerable to Cross-Site Request Forgery Atacks (CSRF) and SQL Injection
I'd suggest to use PHP PDO instead of the mysqli extension.