fortnox007

what values do $cName and $cDesc give? By the way why don't you use the following format mysql_query("INSERT INTO categories (cname, cdesc) VALUES ('$cName', '$cDesc')") or die(mysql_error()); -edit: that way it's less likely to screw up your primary key and keep more clear what value is assign to which column

I would NOT use javascript for any crucial stuff, only for fancyness. So real validation must be done by php, but you can add extra validation to alert the user that the value is not as expected or something, but certainly don't rely on it. Why not build the menu on the fly? or was that what you were already meaning? Small question are the options stored in a database or hardcoded in some array. If you could give an example of what you want i might be able to help a bit.

some frameworks like joomla, use the following to disallow direct access to certain files. in the index.php they define a variable and in all other files on top they place a check if a variable is defined and else throw an error . Looks a bit like this: in index.php <?php define('blablabla', 1); include('anyfolder/anyfile.php');// include the stuff you want like a config file ?> in any other file that may not be directly accessible <?php defined('blablabla') or die('no direct access'); //or maybe a redirect or other error ?>

make sure you have the UTF-8 characterset, in either your header or in the third parameter of htmlentities. Otherwise other character set's are allowed, which may cause trouble: http://shiflett.org/blog/2005/dec/google-xss-example

Thanks for your reply mjdamato! this one is solved -edit: this was something i saw in quite some cms frameworks, which also aim at crappy shared host users, so i thought i was a good thing to know about this hehe

I am not sure if this works, but I would rather use some regex instead of repeating 10 likes in 1 query. Maybe try this out: $query = "SELECT * FROM table WHERE name REGEXP '^[0-9]'"; for some more insight check this out : http://dev.mysql.com/doc/refman/5.0/en/regexp.html

Thanks Thorpe for your reply! So may i assume, if i have something like this: an index.php that includes other phpfiles the following is the way to restrict direct access to php files in the webfolder <?php define('my_constant', 1); include('anyfolder/anyfile.php'); ?> and in the included file <?php defined('my_constant')or die('bla bla bla'); ?>

Hi all, I was reading a bit in the manual about the defined function. Since i have seen it being used quite a lot to disallow direct access. But one of the comments made me think if there are any alternatives to get the same. it's this comment: http://www.php.net/manual/en/function.defined.php#89886 If i read it correct it tells that defined() seems to be pretty slow. I was thinking, if that is the case what are the alternatives... Does anyone know how to interpret this comment and if there are alternatives? I am not yet a guru tofully understand the results. cheers!

Ok i have the data here. If someone could have a look. the general idea is that i am having difficulty with including files that include files in them-self. i changed the files a bit so it is easier to read. so in general I have a folder with 3 files in it. newsletter.php , connection.php and subscribed.php Which should be able to sit anywhere in my folder/file system. Than i have an index that includes newsletter.php. My thought was that using relative paths in the files/folder system would be okay. But i am getting som weird 500 server error, anyone maybe an idea what is causing this? I get no other error messages. index.php <?php include('/a/b/c/newsletter/newsletter.php'); ?> newsletter.php <?php session_start(); $token = md5(mt_rand(100000, 9999999)); $_SESSION['formtoken']= $token; define('somevar', 1 ); ?> <form id="newsletter" action="subscribed.php" method="post"> <label for="naam">name: </label><input id="name" type="text" name="name" value="" /><br /> <label for="naam">email: </label><input id="email" type="text" name="email" value="" /><br /> <input type="hidden" name="token" value="<?php echo $token; ?>" /> <input type="submit" name="submit" value="subscribe"/> </form> subscribed.php <?php session_start(); define('somevar', 1 ); include ('connection.php'); //include the processing file which is in the same folder ?> <p> <?php //echo some stuff ?> </p> connection.php <?php session_start(); error_reporting(E_ALL); ini_set("display_errors", 1); // defined('somevar') or die ('404'); //no direct access! if(!isset($_POST['token'])){ die( 'Restricted access' ); } //check token and do some stuff if($_SESSION['formtoken']=== $_POST['token']){ //perform checks and insert in the database } ?>

Sorry guys for my late reply, and thanks for responding I dropped my computer downstairs, which is pretty much the most dumbest thing i ever did. I am trying to retrieve the data from it, and than i will post it. SO if anyone can recommend a new computer now is the time. Mine is in computer heaven, but i hope my hard drive isn't :'( Cheers!

Hi all, i was trying to include a php file in an index file into another files and those included file is including one file also. But for some reason the database connection file is not included. this is the map structure www/index.php <---- the file that uses include www/newsletter/newsletter.php <---- has a form with action process.php www/newsletter/process.php <--- this has an include referring to database.php www/newsletter/database.php <--- the databasefile This is what i did but it gives a server error in index.php include('newsletter/newsletter.php'); innewsletter.php <form action="newsletter/process.php" method="post"><!--- some form stuff--></form> in process.php include('database.php'); I really don't understand why it doesn't work and it's giving a server error 500. The form loads like it should in the index.php but the rest doesn't :'( any help is appreciated.

great help and sorry for my noobiness i placed error_reporting(E_ALL); ini_set("display_errors", 1); above my file and i directly got what i wanted (error wise ) Thanks mate! P.s. i added it to my forum signature so i will never forget ty

Thanks alot PFMaBiSmAd, sorry for not using the error reporting, i was in a bit of a hurry, and was developing directly on the host instead of local. Seems it would have taken me less time if i would have just listened to common sense Thanks for your reply, i'll try it out and mark this solved cheers!

I changed the code a little by placing ' ' around $clean_email in the query which caused the sql error to stop. But for some reason i don't get why, $clean_name and $clean_email seem to be empty??

Hi all, Could someone have a look at the stuff below. I am able to show the $_POST variables, but from the moment i use mysqli_real_escape_string it goes wrong ( as in the variable seems empty) // mysqli connection file is above here // $clean_name = mysqli_real_escape_string(trim($_POST['name'])); $clean_email = mysqli_real_escape_string(trim($_POST['email'])); echo 'clean_name = '.$clean_name; //outputs noting echo 'clean_email = '.$clean_email; //outputs noting $query_control = "SELECT email FROM my_table WHERE email = $clean_email"; $result = mysqli_query($dbc, $query_control)or die(mysqli_error($con)); // <------- spotted: should have been $dbc //check for duplicates $number = mysqli_num_rows($result); echo $number; if($number === 0){ $output = 'valid'; }else{ $errormessage .= 'duplicate entry'; } } any help would be welcome edit- Oh i spotted some stuff (after changing it becamce: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1) But not able to fix it really.

maybe have a look here: http://www.brianyerkes.com/swfobject-help-when-placing-a-div-over-flash/ not sure if it is possible: change transparent to opaque. Besides that i am thinking thjose extra params are screwing up the total.

HEy m8, that is better indeed nice looking site btw. I just check and, and your Div #flash is missing a height and width so adjust that to the size of your flash video. #flash { background: none repeat scroll 0 0 #000000;/* i added a color to show it's there */ height: 346px; left: 22px; position: absolute; top: 20px; width: 690px; z-index: 50; } But for some reason it's overlapping. But at least we have div #flash visible. Maybe someone has ideas? Ill check some out for you.

oh wow that awesome to know. thanks alot for that haku, i bookmarked this

Well i bet your flash object is there but you don't see it because it's behind ther rest. Maybe just something that would help in readability of your code, use some indentations, saves others and yourself counting endtags. Anyways. Maybe just isolate this stuff, from the rest of your page, so youknow how to do this before you use it directly in an original page. Just for now could you maybe change the z-indexes into positive ones. So give the top layer maybe something like 100 and the flash object 50 or so. doesn't really matter but i think your directly putting things in your original page and the flash object will end up below everything. Also notice the width of your stuff. You directly copied mine, but it seems your additional flash params have different ones (much wider) so adjust that also to your needs) And maybe also, put this online somewhere, this whole typing thing isn't really efficient.

Ok that's good to know, Ill ask them when they are awake. May i assume that it would be insecure to use an external database? Or are there any drawbacks?

Hi all I was trying to connect to a database which is running on an external host. So i thought i try the stuff below. That didn't work. Is it possible that the host has disabled external connection or something? I tried to add http:// before the domain, but no succes either <?php $dbc = mysqli_connect('db87654321.somedomain.com','user','pass','database')// this is line 5 or die(mysqli_error($dbc)); echo 'connected'; ?> it gave the following error: P.s. the script worked when upload to the server. P.p.s is there something i should be carefull with when connection to an external database?

Thanks alot mate, such a weird name for me cheers!! -edit for the people that wanted to know what I was trying to use it for: I use it to quickly insert all html elements so i can fire my css at it while keeping my html markup clean: http://snipplr.com/view.php?codeview&id=8121

Cool thanks m8, do you maybe know then name of it so i can remember is better. I have it on the tip of my tongue lol

hi all, does anyone know the name of the following its a way to make a huge string than can have variables in it. look a bit like this but couldnt remember the right syntax, nor the name so was kinda hard to look on google. ABC>>> some stuff inside ABC;

I meant, i tested it in firefox lol main stuf is this: #mid-content{ width:500px;/*width of the background image*/ height: 405px; margin:0 auto; text-align: center; background: url('../images/paintingframe.png') no-repeat; position:relative; /*parent for object*/ z-index: 1; } #flash{/*container div for flash*/ position:absolute; z-index: -2; top:54px; left:65px;/* tricky positioning */ }