Jump to content

yettti

Members
  • Posts

    20
  • Joined

  • Last visited

    Never

Posts posted by yettti

  1. <?php posts_nav_link('','','« Previous Entries') ?>
    <?php posts_nav_link('','Next Entries »','') ?>
    

     

    ... your missing semi-colons here...

     

    this should work..

    <?php posts_nav_link('','','« Previous Entries'); ?>
    <?php posts_nav_link('','Next Entries »',''); ?>
    

     

  2. Your script is not protected against SQL injection...

     

    your inputs are not sanitized which means that your SQL query could be manipulated...

     

    you probably want to look up "mysql_real_escape_string"

     

    at the moment your query  could be altered... have a look at this.

    INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES 
    							($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now())
    

     

    say the user changed the value of $amount

     

    for example

    $amount = "blah ) ; DROP TABLES... 

    ... we all know what drop tables could do :(

     

    your going to want to change your query so that the input is surrounded by '

    example : 

    ('$firstname', '$lastname', '$email', '$address'

     

    and then run your vars through mysql_real_escape_string

     

    example:

    $firstname = mysql_real_escape_string($firstname);
    

     

    Sorry to have gone abit off topic but this is really important, without doing these types of validation you open your site up to a very dangerous exploit that can lead to a complete nightmare

     

     

     

  3. I find that protecting against SQL injection is best done accordingly to the data you want, protecting against SQL injection is good, but what you really want to do is sanitize your input.

     

    I know what your thinking, there the same thing, but i find that doing things such as extracting parts of a string according to a REGEX expression are alot more efficient, not only do the minimise the risk of SQL injection (mysql_real_escape_string() still being used for safe measures) but they also minimize the possibility for your code to crash.

     

    Well, thats my way of doing it, im sure everyones got a different way.  :P

  4. what you would need to do is change the name of the moved file

     

    move_uploaded_file($_FILES["file"]["tmp_name"],
          "packs/cimage/" . str_replace (" ", "",$_FILES["file"]["name"]$abcd));

     

    what we are doing is removing the spaces from the output file name...

     

    str_replace (" ", "",$_FILES["file"]["name"]$abcd)

     

    this replaces all the space characters with nothing, thus removing the spaces

  5. Oh... sorry, my mistake

    it should be

    $file1 = fopen("doc1.txt", "r");
    $file2 = fopen("doc2.txt", "r");
    while(!feof($file1) || !feof($file2))) {
    $string1 = explode(" ",$string1);
    $string2 = explode(" ",$string2);
    foreach ($string1 as $key => $value) {
    	if ($value != $string2[$key]) {
    		echo "String 1 : ".$value;
    		echo "<br>String 2 : ".$string2[$key]."<br><br>";
    	}
    }
    }
    fclose($file);

     

    Made a mistake on the while loop condition. see how i works

  6. Ok, in that case i would advise that you read the file line by line comparing the string on each line, that way you don't end up trying to load the entire file into the variables, instead you load each line, overwriting the last line each loop

     

    this... should work, although i haven't tested it

    $file1 = fopen("doc1.txt", "r");
    $file2 = fopen("doc2.txt", "r");
    while(!feof($file1 || $file2)) {
    $string1 = explode(" ",$string1);
    $string2 = explode(" ",$string2);
    foreach ($string1 as $key => $value) {
    	if ($value != $string2[$key]) {
    		echo "String 1 : ".$value;
    		echo "<br>String 2 : ".$string2[$key]."<br><br>";
    	}
    }
    }
    fclose($file);

  7. Given that both strings are the same length this would do it...

    (it even lays it out like you did... but without the spelling mistake :D)

     

    $string1 = "this is a test";
    $string2 = "this was a testing";
    
    $string1 = explode(" ",$string1);
    $string2 = explode(" ",$string2);
    foreach ($string1 as $key => $value) {
    if ($value != $string2[$key]) {
    	echo "String 1 : ".$value;
    	echo "<br>String 2 : ".$string2[$key]."<br><br>";
    }
    }

     

    ... little explination,

    $string1 = explode(" ",$string1);
    $string2 = explode(" ",$string2);

    This splits the strings into arrays, it splits them by a space

     

    foreach ($string1 as $key => $value) {

    This then loops through all the items in the array $string1 and assigns the current key and value to variables.

     

    if ($value != $string2[$key]) {

    This checks to see if there not the same...

     

    echo "String 1 : ".$value;
    echo "<br>String 2 : ".$string2[$key]."<br><br>";

    and if so prints them out!

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.