Jump to content

RON_ron

Members
  • Posts

    370
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

RON_ron's Achievements

Advanced Member

Advanced Member (4/5)

0

Reputation

  1. RON_ron

    XSS

    I googled to findout about preventing xss attacks. I came across the following script. <?php $new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES); echo $new; ?> My question is, how / where should I include this piece of code? Should I just add this in to all my php files that allows user inputs? Will that work? If I'm allowing users with 10 input fields should I require the $new repeated 10 times ($input1, $input2, $input3.....)?
  2. I'm not a PHP guy but I know Flash. So if you post what you've done so far I might be able help you.
  3. I see the lighthouse now!! But do you think you could help me in fixing this code? Where The Fixing needs to be done. $sendURL = $_SERVER['QUERY_STRING'] while($line = mysql_fetch_assoc($results)) { if (in_array("['QUERY_STRING']",$line["ID"])) echo "<item>" . $line["Email"] . "</item>\n"; } It should pick only the relevent email (one email) from the database by matching the query string with the ID field in the MySQL. FULL CODE: <?php $link = mysql_connect("localhost","myname","mypw"); mysql_select_db("my_mails"); $query = 'SELECT * FROM mail_list'; $results = mysql_query($query); echo "<?xml version=\"1.0\"?>\n"; echo "<mail_list>\n"; $URL = $_SERVER['QUERY_STRING'] while($line = mysql_fetch_assoc($results)) { if (in_array("['QUERY_STRING']",$line["ID"])) echo "<item>" . $line["Email"] . "</item>\n"; } echo "</mail_list>\n"; mysql_close($link); ?>
  4. yep! you are correct. But still how to extract the quesy string from the URL for matching. while($line = mysql_fetch_assoc($results)) { if (in_array("?distributor11111111K",["ID"])) echo "<item>" . $line["Email"] . "</item>\n"; } I need advice on rewriting this part where it extracts the query string and match it with the MySQL ID field. OR do you know how to request PHP to omit the text before the "/?" sign in the query string. Then PHP could match the remaining (?distributor11111111K) which is exactly what I want? How do I write that simple line?
  5. PLEASE SOMEBODY HELP ME.... it's a real hair puller!!! :'(
  6. I have a MySQL database. and I'm stucked with the code below (AREA MARKED IN RED). I need to get an email to the matching string. <?php $link = mysql_connect("localhost","myname","mypw"); mysql_select_db("my_mails"); $query = 'SELECT * FROM mail_list'; $results = mysql_query($query); echo "<?xml version=\"1.0\"?>\n"; echo "<mail_list>\n"; while($line = mysql_fetch_assoc($results)) { if (in_array("?distributor11111111K",$ID)) echo "<item>" . $line["Email"] . "</item>\n"; } echo "</mail_list>\n"; mysql_close($link); ?> I want PHP to match the query string (?distributor11111111K) with an ID and get me the email.
  7. OK... I have a MySQL database. and I'm stucked with the code below (AREA MARKED IN RED). Using that I need to achieve the above mentioned. I've got ID / NAME / EMAIL / COMPANY in my Mysql database. <?php $link = mysql_connect("localhost","myname","mypw"); mysql_select_db("my_mails"); $query = 'SELECT * FROM mail_list'; $results = mysql_query($query); echo "<?xml version=\"1.0\"?>\n"; echo "<mail_list>\n"; while($line = mysql_fetch_assoc($results)) { if (in_array("?distributor11111111K",$ID)) echo "<item>" . $line["Email"] . "</item>\n"; } echo "</mail_list>\n"; mysql_close($link); ?> I want PHP to match the query string (?distributor11111111K) with an email.
  8. I record the URL in flash using js & flash externalinterface class. Then I send it to the PHP file (which is on the server). PHP will receieve www.myweb.com/online/pencils.html?distributor11111111K Desired output: james@abc.com -------- The method here should be; ?distributor11111111K = james@abc.com ?distributor22222222K = franklin@apx.com ?distributor33333333K = Julie@xyz.com Basically PHP should match the query string to an email address and return the email address. I hope that make more sense!
  9. Wont work! <?php $ID=customer("?customer777777K"); if ($ID=="?customer777777K") echo "maggie@abc.com"; $ID=customer("?customer888888K"); if ($ID=="?customer8888887K") echo "james@abc.com"; //so on ?>
  10. I'm having a list of email addresses and I only want the PHP to select one of them at a time, depending on the information passed through the strings and into the form. When PHP receives the query string I would like PHP to extract it and match to an email address ("www.myweb.com/main.html?blaBLA" --> extract as "?blaBLA"). I'm using Flash (AS2) to do my form and I send data using LoadVars to PHP. Here's the pseudocode for what I'm trying to do. (I'm not sure if the syntext is correct). Please help me write this complete code. where $list = "abc" then $email = "abcd@domain1.com" where $list = "xyz" then $email = "pqurs@domain2.net" where $list = "ghi" then $email = "uvwx@domain3.org" (repeated 30 times for 30 email addresses!) I hope that make sense! I'd preffer to have the code because I'm NOT a PHP gal at all!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.