icekat83

A break for dinner (it's 7pm where I am) has made me realise that DUH....of course. Brain dead moment gratefully solved. Thanks guys. IceKat.

I know in this case I can manually put in slashes but with the way the data is coming in I can't always do that so I need an automated version which I would have thought I could have but can't work out. Thanks all..... IceKat.

Hey, I have a variable: 151°06'50"E This variable is giving me massive problems because of the single and double quote marks. PLEASE help me get rid of my damn t_string error! $var = 151°06'50"E; - does not work $var2 = (151°06'50"E); - does not work $var3 = ("151°06'50"E"); - does not work $var4 = ('151°06'50"E'); - does not work $var5 = addslashes("151°06'50"E"); - does not work $var6 = addslashes('151°06'50"E'); - does not work $var7 = mysql_escape_string("151°06'50"E"); - does not work $var8 = mysql_escape_string('151°06'50"E'); - does not work $var9 = htmlspecialchars("151°06'50"E"); - does not work $var10 = htmlspecialchars('151°06'50"E'); - does not work $var11 = urlencode("151°06'50"E"); - does not work $var12 = urlencode('151°06'50"E'); - does not work I've also tried the three functions with the various enclosing quote marks (single and double). I've also tried string replace. At the moment I'll settle for being able to put: echo $var; and NOT have an error. Please help...this error is driving me nuts!!! IceKat.

Hey, I wasn't sure where to post this. I've been coding for a while but still know very little about security. I'm hoping someone can direct me someplace I can learn a bit more about encryption, what SSL is and how it's different to Open SSL, how Open SSL can work (considering what I understand of open source wouldn't that make it more hackable?) and security. I do know the basics. I know about SQL injection, something I try to protect against, and I know you can use the inbuilt MD5 function to encrypt passwords one way (which I do) but that's about it. If people want to post here that's cool but I don't expect that. I'm just hoping for some good info links. And if people can help me work out how to test how secure/insecure my scripts are that would also be awesome. Thanks, IceKat.

Hi, I have a file which contains settings for a user. Similar to wordpress except simpler like setting a default email for error messages or something. The idea is that it's used as an installation script for web-ware where someone fills in a form with their database details, my script will hard-code them into the settings file and then delete itself. I'll admit I did get the idea from wordpress. Only the way it's coded currently requires a certain combination of characters at the end and seems really messy. The script looks like this (and does work): $endpos = strpos ( $contents, '"; //replace with name//', $startpos); The settings file looks like this: $hard_name = "Smith"; //replace with name// As you can see I use the comment in the settings file, which follows what I'm actually changing, to find the end of the variable. I am sure there must be a better way of doing things but don't know what. It just seems really inefficient because if the comment is removed the script breaks. Any info and tips would be much appreciated. IceKat

Hey Guys, Thanks for the help...The font path error is now gone (yea!) but it's been replaced by another issue. I thought the accompanying header error was just a by-product....turns out it's not. I'm using a file with a function (which I posted before). However because the image needs to be displayed after the heading/nav menu etc the code doesn't like it. I can display the image differently of course but that doesn't allow me to hold onto the random number I'm using for the capcha. Can I get the number another way or get around this header issue? I'm not sure if storing the variable number in a session variable will defeat the purpose of having a capcha in the first place. Or are sessions the only other option in this kind of case? Thanks, IceKat.

Hi, I am creating an image with a random number to use as a capcha. I've done the image creation before and had it working but now I have a font path error. However......I know my font path is the same...I didn't change it and it was working perfectly. What I changed was I made the image creation piece of code into a function...so I could return a value and use the function as a capcha....can you not use this image creation stuff in a function? The difficulty is getting hold of the random number to verify someone typed it correctly. If you have any ideas I'm open to other methods. My code is: function capcha(){ $capchatxt = rand(10000,99999); $font = '/includes/balloon.ttf'; $textarray = imagettfbbox(30, 0, $font, $capchatxt); $width = $textarray[2]-$textarray[0]; $height = $textarray[3]-$textarray[7]; $image = imagecreate($width+10,$height+10); $background = imagecolorallocate ($image, 255,227,232); $colour = imagecolorallocate($image, 0, 154, 239); // blue; $pink = imagecolorallocate($image, 239, 0, 144); // crimson pink; $peach = imagecolorallocate($image, 255, 227, 232); // pale pink; // Add the text imagettftext($image, 30, 0, 5, $height+5, $pink, $font, $capchatxt); header('Content-type: image/png'); imagepng($image); imagedestroy($image); return $capchatxt; } At the moment: The function and the font file are in the same folder. The file which is calling the function is in a different folder. BTW - Forgot to mention that right now I'm using localhost (xampp)...not a real server. Thanks for the help. IceKat

Yes but JavaScript can be disabled. How do website statistics robots (like google analytics) do it? They get location and stuff which is basically what I need. I don't want to invade privacy or anything, just be able to automatically alter times for web viewers.

Hey, I'm trying to code a page which is supposed to bring up the time of a person's computer. Is this possible without majorly complicated coding? I'm good with GMT offsets and stuff but I don't know how to get the time of a person's computer. I don't want other stuff, just the time so I can edit the time based on where they are. I don't know if I'm making sense so here's an example... If someone does a forum post at 2pm Sydney time but it's 5pm Perth time. How can I make it so that someone in Perth sees 5pm but someone in Sydney sees 2pm...without them manually telling me their timezone? I read about using IP addresses but don't know much (Ok anything) about this , any hints or good sites to view would be appreciated? Or the answer if it's not too complex. Preferably I'd like to get the time in the 11 digit "time()" format so I can use it in tables and translate it with an existing function. IceKat

Hey, Trying to learn to generate PDF files, something apparently WAAAAYYY more complex than I thought. Can someone please give me an explanation on '$optlist' from this function..... PDF_load_image ( resource $pdfdoc , string $imagetype , string $filename , string $optlist ) What is it? PHP.net doesn't have any info at all. Thanks, IceKat. BTW - Any (recent) tutorials or pages would be appreciated. Everything I find is out of date or doesn't work.

Hi everyone, I have a problem, where what I'm trying to do works, but it feels clumsy. I'm hoping someone can help me improve my code. Basically I have a page of variables and I'm trying to make a self install script, much like how you self install wordpress or something. At the moment I'm trying to change the name and age in the contents of the page. Not the variable (because I need it to still be there when the person leaves and then comes back) but the actually hard text in my file. Rather than try and explain all the code I'm going to put a copy of it below. The idea is that eventually a user could fill in a form with say the mysql table details and my script will take them and put them in a file like settings.php. At the moment I'm just trying to get the code right but as I said it feels clumsy and relies heavily on the comment. I'd really prefer this to not rely on a comment to work so I'm hoping for some ideas. Of course any feed back on efficiency or security is also much appreciated. Thanks everyone, Alanna. BTW - I know the variable names aren't great. I found an example online (thank goodness) and only now that I understand it do I want to edit it. I will change the variable names later. Variables.php: [pre]<?php $hard_name = "IceKat83"; //replace with name// -- comment VITAL! $hard_age = "1064"; //replace with age// -- comment VITAL! ?>[/pre] Processor.php: [pre]<?php require("variables.php"); $name = $_POST['name']; $age = $_POST['age']; if((($name != "") || ($name != $hardname)) && (($age != "") || ($age != $hardage))){ // get contents of the file into a string $filename = "variables.php"; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); // find start of the text $startpos = strpos ( $contents, '$hard_name = "'); // account for the offset $startpos = $startpos + 14; // find end of title text $endpos = strpos ( $contents, '"; //replace with name//', $startpos); // get the length of the title $title_len = ($endpos - $startpos); //echo "Var Len: ".$title_len."<br />"; // clip out that chunk $newtitle = substr ( $contents, $startpos, $title_len); // crop new title if necessary $newtitle = substr ( $newtitle, 0, 120); //print "New Name: $newtitle<br>"; //echo "Now replace the string...<br />"; // do the S&R $contents = str_replace ( '$hard_name = "'.$newtitle.'";', '$hard_name = "'.$name.'";', $contents ); /////////////////////////////////////////////////////////////////////////////////////////////////////////// // find start of the text $startpos2 = strpos ( $contents, '$hard_age = "'); // account for the offset $startpos2 = $startpos2 + 13; // find end of title text $endpos2 = strpos ( $contents, '"; //replace with age//', $startpos); // get the length of the title $title_len2 = ($endpos2 - $startpos2); //echo "Var Len: ".$title_len2."<br />"; // clip out that chunk $newtitle2 = substr ( $contents, $startpos2, $title_len2); // crop new title if necessary $newtitle2 = substr ( $newtitle2, 0, 120); //print "New Age: $newtitle2<br>"; //echo "Now replace the string...<br />"; // do the S&R $contents = str_replace ( '$hard_age = "'.$newtitle2.'";', '$hard_age = "'.$age.'";', $contents ); ///////////////////////////////////////////////////////////////////////////////////////////////////////// // Let's make sure the file exists and is writable first. if (is_writable($filename)) { if (!$handle = fopen($filename, 'w+')) { echo "Cannot open file ($filename)<br>"; exit; } // Write $contents to our opened file. if (fwrite($handle, $contents) === FALSE) { echo "Cannot write to file ($filename)<br>"; exit; } //echo "Success, wrote content to file ($filename)<br>"; fclose($handle); header("location:index.php?msg=1"); } else { //echo "The file $filename is not writable<br>"; header("location:index.php?msg=2"); } } ?>[/pre]

Thanks for the reply thebadbad That's the strange part. When I view the straight mysql, without any formatting the apostrophe is not formatted that way. To add to the mystery the second kind of apostrophe ( ’ ) is converted (where the third which is: ´ and not converted at all, and the one I need converted) however the second version, when converted, is changed in to an apostrophe but it almost acts like the converted version is added to it because I still get the "Â" as well as the converted result - Â' What does everyone else get when using my function? Do they get the same strange results or is my result unique? Finally to add to this mystery - html_entity_encode() did nothing. htmlentities() resulted in: 1 - \' 2 - ´ 3 - â�� (those question marks usually turn in to something like the 'Â' when inserted in to the sql table) This is so weird and has me totally stunned. Is there some other way I can remove the special formatting of text (like what MSWord puts in)? I suspect that might help. Thanks for the replies everyone! I am very grateful for the help. Alanna

Hi guys, Thanks for the replies. I have a bit more info on this strange mess I have. First of all I had a look at thebadbad's suggestion and found that the apostrophe is either a ´ or a ’ I suspect it's the second version. I have the posted stuff being run through the following function: function edit_text($str){ $old[1] = "'"; $old[2] = "’"; $old[3] = "´"; $new[1] = "?"; $new[2] = "?"; $new[3] = "?"; $new_str = str_replace($old, $new, $str); return $new_str; } ** I AM AWARE that at the moment all apostrophes are being replaced by a question mark. This was done deliberately and showed that whilst normal instances of apostrophes (number 1) are being replaced normally, the others are not changed at all. When added to the database the unchanged apostrophes end up as either:  OR ’ I have two final questions. 1. Does slashes effect the function I've used above? 2. Does it matter what I'm copying and pasting. ie if I were to copy and paste text which had an apostrophe written as &#39; would that effect how my function handles it? Anyway thanks to anyone who can help me work this one out. I have NO idea what I going on and this is positively the weirdest problem I've ever had. Alanna.

Hi, I have a really small and kind of embarrassing problem but one that is really annoying. I have some text being put in to a database however because the text is likely to be copy and pasted I want to account for formatted apostrophes. ’ instead of '. (see how one is formatted) Anyway I've done a really simple str_replace("’", "'", $string) which works fine except when using $_POST['string']. I have no idea why and can't find a solution. Does anyone know of a problematic history with formatted apostrophes? Originally the string was really long and coming from a form but when I replaced it with a single line coming from the form it still doesn't work. At the moment the string is being put in the database with funny characters because it doesn't know what to do with the formatted apostrophe. If anyone can help please let me know. I should have been able to solve this but can't figure it out so any help is appreciated. Thanks, Alanna.

Hi there, I'm not sure if I'm posting in the right place so please bare with me. I've been designing a CMS in PHP/MySql for some time and have done everything I know to protect against crackers (I think that's the right term). However I'm sure I haven't done everything possible to make the CMS secure. I'm hoping that if I post a link here then some people will try to log in to the test version of my CMS and attempt to log in with file/image uploading privileges. Image and file uploading is currently disabled for testers so if people can do it I know it's not secure. Would that be possible? Would anyone be interested in trying that and if they do manage it to let me know how so I can protect against it?? Thanks, Alanna.

LOL. Brain dead moment. I gave it a variable name and used === instead of ==, now it works.

I have a line in my code: @mail($recipient, $subject, $msg, $headers); -- with the @ symbol to stop error messages being printed. However if I put in something like: if(mail()) == false){ echo 'error'; } I get a message saying that '3 parameters are expected'.

Hey, I'm new to this forum, although not to PHP but I've hit a wall with this. I have form processor page sending a contact mail and need to suppress error messages of my mail() function (using @). However I want to know if there is an error so is there a way I can check for an error manually, so I can decide what happens? The idea is that the user sees a pretty 'sorry there was an error' message instead of the confusing php error message. Does anyone know of a good method? Thanks, Alanna.