jamkelvl

Aside from regenerating session_id() all the time; Would it be a good idea to scramble session_id() with something like sha1? I've heard if a maliscious attacker gets a users session_id() then they have the key to the 'vault' (database). In my case I've tried writing something where they'll need a little more than just the session_id(). The session_id() is constantly changing and there are a few more required 'keys' to exploiting this app. Any input is greatly appreciated, whether or not it is to do with sessions or just php security in general.

Okay, so this is my current select statment... <?php // all other code omitted $select = "SELECT * FROM jobs WHERE work_order_number = '' && ship_to != 'Tatry Non Profit Housing Corp.' ORDER BY ship_to, unit_number"; ?> What I want to do is also check if work_order_number is equal to ANY po_number IN another tabled called pos. So like... <?php // all other code omitted $select = "SELECT * FROM jobs WHERE work_order_number = '' OR work_order_number = ANY(SELECT * po_number FROM pos) && ship_to != 'Tatry Non Profit Housing Corp.' ORDER BY ship_to, unit_number"; ?> Any help?

Hmm definatley need to learn AJAX. Lol, solved.

Lol, yes. I have since had to deal with this SEVERAL times, still using the same old "band-aid" though ... only... I have had to create SEVERAL MORE

Pretty new to programming, so I was wondering if anyone could point me in the right direction. I'm wondering how to, for example: update a dynamic drop down menu if the database has changed. I want to do this without reloading the page. I believe I found an article on this here: http://www.ibm.com/developerworks/web/library/wa-aj-dynamic/index.html to me it looks like Java? The article basically just says, create code to listen to the database, if there is a change then update the dynamic element or something along those lines... Any help or suggestions? Perhaps a beginners guide for noobs who have no idea where to begin?

Can I see your code?

LOL! I'm notorious for such -what seems like- useless posts... Thank-you for your time!

First of all, you should have your form and processing of form and e-mailing of form all done on the same page. I believe this would be easiest. So basically, what you want to do is if the form data all validates then e-mail the form data? Something like... <?php if ($_POST['addNew'] == true) { //your code to validate form data goes here // if data is all validated, i think you said you did this with javascript // e-mail form // else form is already displayed below and you can // highlight errors if you'd like.. // all depends on how you're doing things } else { // display error message telling user to correct form data } ?> <form action="form.php" method="post"> <input type="hidden" name="formSent" value="true" /> <label for="input">Input:<label> <input type="text" name="input" value="<?php echo $_POST['input']; ?>" /> <input type="submit" value="Submit" /> </form>

Any ideas why this will work in phpmyadmin SELECT * FROM jobs WHERE assigned_to LIKE '%u%'; and <?php <?php $select = "SELECT * FROM jobs WHERE assigned_to like = '%u%'"; ?> does not?

I am storing a serialized array in a column assigned_to the data looks like... a:1:{i:0;s:2:"LS";} What I want to do is look thru all the crazy data from the serialized array looking for "Unassigned" and "UN" all I've thought to try is: SELECT * FROM table WHERE assigned_to LIKE 'un%' ***EDIT**** <----- this works in phpmyadmin not in my php select... <?php $select = "SELECT * FROM jobs WHERE assigned_to like = '%u%'"; ?> but have had no results come up in php how can I do this (these select statements are in php so maybe I unserialize first or something?)

Hmm.. yeah I ended up coming up with a bandaid. Basically, before inserting into database, I loop thru the array and add a new value 'x' before each value... errraa something along those lines. Either way.. it works...for now. <?php $newArray = array(); //padd x's into array foreach ($_POST['assignedTo'] as $value) { // if initials, hour value MUST be set // puts initial, iterates again and puts value, if its 0 this will MESSSS UPPP as it adds an x if ($value == '0') { $newArray[] = 'x'; $newArray[] = $value; } else { $newArray[] = $value; } } $sNewArray = serialize($newArray); ?>

Okay, so have a list of checkboxes that store in a serialized array and then to database. I'm wondering, if at all possible, how to store a value in the array if one or more checkboxes have not been checked. Basically, if one checkboxe is checked it stores in the array fine, but as for the rest of the uncheckedboxes I want to store a value in the array such as x for each uncheckedbox. Here is my code thus far <?php if (in_array($initials, $_POST['assignedTo'])) { // do nothing } else { echo '<p>'.$name.'<input type="checkbox" name="assignedTo[]" id="assignedTo" value="'.$initials.'" style="margin-right: 75%; float: right;" /><br/>'; echo '<input type="text" name="assignedTo[]" id="'.$name.'" value="0" onFocus="startCalc();" onBlur="stopCalc();" /></p>'; } foreach ($_POST['assignedTo'] as $value) { if ($value == $initials) { echo '<p>'.$name.'<input type="checkbox" name="assignedTo[]" id="assignedTo" style="margin-right: 75%; float: right;" value="'.$initials.'" checked />'; echo '<input type="text" name="assignedTo[]" id="'.$name.'" value="0" onFocus="startCalc();" onBlur="stopCalc();" /></p>'; } } ?>

Trying to do something if last row in query has been reached. All other code omitted. <?php // get results while($row = mysql_fetch_array($result)){ extract($row); // if last row display echo '('.$initials.' * 1);'; // else echo '('.$initials.' * 1) + '; } ?> Any help?

<?php //define the receiver of the email $to = 'test@test.com'; //define the subject of the email $subject = 'Test email with attachment'; //create a boundary string. It must be unique //so we use the MD5 algorithm to generate a random hash $random_hash = md5(date('r', time())); //define the headers we want passed. Note that they are separated with \r\n $headers = "From: webmaster@example.com\r\nReply-To: webmaster@example.com"; //add boundary string and mime type specification $headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\""; //read the atachment file contents into a string, //encode it with MIME base64, //and split it into smaller chunks $attachment = chunk_split(base64_encode(file_get_contents('text.txt'))); //define the body of the message. ob_start(); //Turn on output buffering ?> --PHP-mixed-<?php echo $random_hash; ?> Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>" --PHP-alt-<?php echo $random_hash; ?> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello World!!! This is simple text email message. --PHP-alt-<?php echo $random_hash; ?> Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit <h2>Hello World!</h2> <p>This is something with <b>HTML</b> formatting.</p> --PHP-alt-<?php echo $random_hash; ?>-- --PHP-mixed-<?php echo $random_hash; ?> Content-Type: application/zip; name="test.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment <?php echo $attachment; ?> --PHP-mixed-<?php echo $random_hash; ?>-- <?php //copy current buffer contents into $message variable and delete current output buffer $message = ob_get_clean(); //send the email $mail_sent = @mail( $to, $subject, $message, $headers ); //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" echo $mail_sent ? "Mail sent" : "Mail failed"; ?> error: Warning: file_get_contents(text.txt) [function.file-get-contents]: failed to open stream: No such file or directory in /mnt/w0802/d40/s35/b031709a/www/stephen/email.php on line 23 Mail sent Any help? The file is in /mnt/w0802/d40/s35/b031709a/www/stephen/

I do this all the time.. but I never tested the above code, just assumed it didn't work and well.. it works. Thanks for letting me post!

Can you put php in javascript? Something like... <script> function gotosite() { var URL = document.gotoform.shipTo.options[document.gotoform.shipTo.selectedIndex].value; window.location.href = '?billTo='<?php echo $_GET['billTo'] ?>'&shipTo='+encodeURIComponent(URL); } </script>

Solution: <?php echo ' <script> javascript:history.go(-2); </script>'; ?>

<?php echo "<meta http-equiv='refresh' content='1;URL=javascript:history.go(-1)'>"; ?>

Found a nice bit of code... <?php function deleteDir($dir) { // open the directory $dhandle = opendir($dir); if ($dhandle) { // loop through it while (false !== ($fname = readdir($dhandle))) { // if the element is a directory, and // does not start with a '.' or '..' // we call deleteDir function recursively // passing this element as a parameter if (is_dir( "{$dir}/{$fname}" )) { if (($fname != '.') && ($fname != '..')) { echo "<p class=success>Deleting Files in the Directory: {$dir}/{$fname}</p>"; deleteDir("$dir/$fname"); } // the element is a file, so we delete it } else { echo "<p class=success>Deleting File: {$dir}/{$fname} </p>"; unlink("{$dir}/{$fname}"); } } closedir($dhandle); } // now directory is empty, so we can use // the rmdir() function to delete it echo "<p class=success>Deleting Directory: {$dir} </p>"; rmdir($dir); } // call deleteDir function and pass to it // as a parameter a directory name deleteDir("../".$_GET['delete']); ?>

I do have permission to delete/create. I shall make something that deletes the files and post if it works or not.

Hey there! I'm currently a student at a College taking Web Design/Animation. Last year I took Computer Programming, in my second semester I had a class focused on web programming. That is where I fell in love and decided to switch to Web Design / Animation, to improve on the front-end look of my so-called web programs. That said, the program I am taking offers courses on web programming and relational databases as well as your typical web design / photography / photoshop classes. In my opinion, I suggest taking a look at programs some local colleges offer and make your decisions based on the the program that best suites you. As far as career options, you can work for yourself, free lance or get a full-time job as a web designer, information architect, programmer, and well.. the list goes on. I suggest taking the time to look at some occupational websites, and statistics for your state/province or country. Anyways, hope I could help! Good luck to you!

1. Where is $scores['gameid'] set? 2. I'm not 100% I understand what you're trying to do, or how your code works but.. try this. <?php // get query $query = "SELECT gameid FROM scores "; $query .= "WHERE userid = '{$user_id}' "; $query .= "ORDER BY gameid ASC "; $query .= " LIMIT 0 , 100 "; $results = mysql_query($query, $connection) or die(); while ($scores = mysql_fetch_array($results)) { // get query $query = "SELECT gamename FROM games "; // changed the below.. $query .= "WHERE id = '{$gameid}' "; $query .= "ORDER BY gamename ASC"; $results = mysql_query($query, $connection) or die(); while ($gamedata = mysql_fetch_array($results)) { echo "<a href=\"http://apps.facebook.com/highscorearcade/play/play_game.php?gameid={$scores['gameid']}\">"; echo "{$gamedata['gamename']} </a><br />"; } } ?>

This bit of code is not working, anyone know why? <?php $directory = "/../".$_GET['delete']; rmdir($directory); ?> Just trying to delete a folder (and all its contents) that is back one directory in the tree. Any help would be much appreciated!

<?php echo '<td class="view" width=""><a href="edit.php?recordID='.$id.'">edit</a> <a href="delete.php?recordType=job&recordID='.$id.'" onClick="alert('Alert message goes here');">delete</a></td>'; ?> Anyone know why this alert isn't working?

Final result, lol thanks for letting me post Sometimes all you need is to write out what you're trying to do and BAM! <?php // get results while($row = mysql_fetch_array($result)){ extract($row); if (in_array($initials, $_POST['assignedTo'])) { // do nothing } else { echo ''.$name.'<input style="margin-right: 75%; float: right;" type="checkbox" name="assignedTo[]" id="assignedTo" value="'.$initials.'" /><br/><br/>'; } foreach ($_POST['assignedTo'] as $value) { if ($value == $initials) { echo ''.$name.'<input style="margin-right: 75%; float: right;" type="checkbox" name="assignedTo[]" id="assignedTo" value="'.$initials.'" checked /><br/><br/>'; } } } ?>