yettti
-
Posts
20 -
Joined
-
Last visited
Never
Posts posted by yettti
-
-
<?php posts_nav_link('','','« Previous Entries') ?> <?php posts_nav_link('','Next Entries »','') ?>
... your missing semi-colons here...
this should work..
<?php posts_nav_link('','','« Previous Entries'); ?> <?php posts_nav_link('','Next Entries »',''); ?>
-
Your script is not protected against SQL injection...
your inputs are not sanitized which means that your SQL query could be manipulated...
you probably want to look up "mysql_real_escape_string"
at the moment your query could be altered... have a look at this.
INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES ($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now())
say the user changed the value of $amount
for example
$amount = "blah ) ; DROP TABLES...
... we all know what drop tables could do
your going to want to change your query so that the input is surrounded by '
example :
('$firstname', '$lastname', '$email', '$address'
and then run your vars through mysql_real_escape_string
example:
$firstname = mysql_real_escape_string($firstname);
Sorry to have gone abit off topic but this is really important, without doing these types of validation you open your site up to a very dangerous exploit that can lead to a complete nightmare
-
I find that protecting against SQL injection is best done accordingly to the data you want, protecting against SQL injection is good, but what you really want to do is sanitize your input.
I know what your thinking, there the same thing, but i find that doing things such as extracting parts of a string according to a REGEX expression are alot more efficient, not only do the minimise the risk of SQL injection (mysql_real_escape_string() still being used for safe measures) but they also minimize the possibility for your code to crash.
Well, thats my way of doing it, im sure everyones got a different way.
-
Try having a look at the notes on the get_browser() page.
There are some examples of functions that use Regex to find the browser name and version number, they might be worth a try...
-
so you want to be able to get the msie version number and put it into a variable
if so i think that this may help you... i haven't tried it but i think it would work
i got this from: http://us2.php.net/manual/en/function.get-browser.php
$browser = get_browser(null, true); echo $browser['version'];
may need some changes but i hope i pointed you in the right direction
-
Hello,
Can anyone give me any ideas on how to improve the looks of my site?
(its a pastebin... if u dont know what one is http://en.wikipedia.org/wiki/Pastebin)
Thanks...
-
oops... my mistake syntax error
move_uploaded_file($_FILES["file"]["tmp_name"], "packs/cimage/" . str_replace (" ", "",$_FILES["file"]["name"]));
no idea where the $abcd came from
-
what you would need to do is change the name of the moved file
move_uploaded_file($_FILES["file"]["tmp_name"], "packs/cimage/" . str_replace (" ", "",$_FILES["file"]["name"]$abcd));
what we are doing is removing the spaces from the output file name...
str_replace (" ", "",$_FILES["file"]["name"]$abcd)
this replaces all the space characters with nothing, thus removing the spaces
-
session_start()
missing semicolon
should be
session_start();
-
You could achieve an effect like this through the jQuery (JavaScript) plugin jQuery tools
-
A common one would be that your using the same id ...
for example do
detail[0]
detail[1]
detail[2]
-
Cant do much to help you there . This is because you are trying to process a too larger file and the server stops a single script after 20 seconds. you can change this in your php.ini file
-
Oh... sorry, my mistake
it should be
$file1 = fopen("doc1.txt", "r"); $file2 = fopen("doc2.txt", "r"); while(!feof($file1) || !feof($file2))) { $string1 = explode(" ",$string1); $string2 = explode(" ",$string2); foreach ($string1 as $key => $value) { if ($value != $string2[$key]) { echo "String 1 : ".$value; echo "<br>String 2 : ".$string2[$key]."<br><br>"; } } } fclose($file);
Made a mistake on the while loop condition. see how i works
-
Ok, in that case i would advise that you read the file line by line comparing the string on each line, that way you don't end up trying to load the entire file into the variables, instead you load each line, overwriting the last line each loop
this... should work, although i haven't tested it
$file1 = fopen("doc1.txt", "r"); $file2 = fopen("doc2.txt", "r"); while(!feof($file1 || $file2)) { $string1 = explode(" ",$string1); $string2 = explode(" ",$string2); foreach ($string1 as $key => $value) { if ($value != $string2[$key]) { echo "String 1 : ".$value; echo "<br>String 2 : ".$string2[$key]."<br><br>"; } } } fclose($file);
-
Ok.. what your getting there is a error showing that too much memory has been used, because you are reading from a large file... to do it from a large file is a bit different.
It can be done... but it would depend on how the file is formated?
-
Given that both strings are the same length this would do it...
(it even lays it out like you did... but without the spelling mistake )
$string1 = "this is a test"; $string2 = "this was a testing"; $string1 = explode(" ",$string1); $string2 = explode(" ",$string2); foreach ($string1 as $key => $value) { if ($value != $string2[$key]) { echo "String 1 : ".$value; echo "<br>String 2 : ".$string2[$key]."<br><br>"; } }
... little explination,
$string1 = explode(" ",$string1); $string2 = explode(" ",$string2);
This splits the strings into arrays, it splits them by a space
foreach ($string1 as $key => $value) {
This then loops through all the items in the array $string1 and assigns the current key and value to variables.
if ($value != $string2[$key]) {
This checks to see if there not the same...
echo "String 1 : ".$value; echo "<br>String 2 : ".$string2[$key]."<br><br>";
and if so prints them out!
-
.. Careful, theres no protection against SQL injection in there !
remember to use
addslashes
and
stripslashes
where necessary!
(you probably already know, but just in case...)
-
just an idea but have you tried setting the header information to
header('Content-type: text/css');
(place at top of script)
-
What your trying to do would probably be achieved via AJAX... try googling it.
The idea is you get the value with JavaScript then via JavaScript you make a request to the server..
Firefox displaying PHP source code??
in PHP Coding Help
Posted
looks like whatever http server is serving the files is sending out an incorrect content type header for the file : :-\
EDIT: Defiantly correct, IE doesn't pay as much attention to the header types