freelance84

ID rail_name width length year 1 abc 32 25 09 1 abc 33 26 09 1 abc 65 25 09 1 fac 65 65 09 1 fac 75 15 09 1 loj 56 56 10 1 abc 32 56 10 The above is an axample table from mysql. Previously the year column did not exist and the following php was use to extract all the different rail_name's: $query = "SELECT DISTINCT rail_name FROM rail WHERE ID=$user_id" However now there are additional years this obviously doesn't work. As you can see rail_name abc now has two different years. I need to be able to query the table to return DISTINCT rail_name's of different years, i.e I need a query that would return the following from the above example table: abc #09 fac loj abc #10 I really am not sure where to start looking on this one so any help would be very much appreciated

Does anybody know if it is possible to have multiple legends on the same fieldset? Here's an example of what I trying to do: <legend align="left">pre</legend> <legend align="center"><u>Creating $sName</u></legend> <legend align="right">next</legend> With the above code I get the "pre" in the fieldset lines but the others inside. I've attached a picture of what I am trying to achieve. I've had a search on the old goggle pages and this forum but nothing has really turned up. Does anyone know if this is possible? And if so how? Much thanks for any replies [attachment deleted by admin]

Oh yea. Thanks I forgot that's what it was called. Muchos gracias!

Not really very important but it would come in handy. Having searched the old goggle pages nothing really came up: Is it possible to have to some how insert commented out comments half way along a line and then continue on the same line back into the php? e.g When creating an array from multiple components it would be handy to be able to stick little notes in the line here and there with out having to drop onto a new line. Anybody heard of this?

Brilliant thanks for the help! checking the $_SERVER[REMOTE_ADDR]: I've put in the following into my authenticate which is then checked on each page: $unique = sha1($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']); $_SESSION['ip'] = $unique; That tutorial page looks pretty in depth, thanks. I've never noticed the tutorials on this site I've always searched the forum in google so never saw the home page ha! Thanks again for the help

The site I am creating requires users to register and login before they can really use the site. Regarding security, so far I have learnt about: . password salting . session hijacking . session fixation . session timeout if the user does not log out . duplicate login on multiple machine prevention . sanitizing user input to database My question is, have I missed off anything? Is it possible for somebody to duplicate a browser thus "stealing" all a users logged in settings meaning they become logged into the site? Regarding all things security I am very new (few days) so would very much appreciate any advice anyone could give me. Cheers, John

Genius! That is the answer I was looking for! Thanks a lot mjdamato. Brilliant!

Hmm, i'll look into client side scripting. I just assumed that as soon as the window closed it would cut all connections with the server, therefore making any attempts to logout futile.

Hi, I have a question relating to security. I have created a site so far without the use of any cookies as I am trying to avoid them. The login procedure: 1. The user enters their details 2. If correct they are redirected to their relevant home page depending on user type. 3. When they are logged in, a value changes in the members mysql table indicating that the user is logged in. 4. The user then uses the site, when logging out the said value reverts back to the original, indicating that the user is no longer logged in. Duplicate login. 1. If a user is already logged in and their details are used again on another machine, on this other machine a message appears saying this user is already logged in on another machine. 2. At the same time another value is changed in the mysql members table, so the next time the logged in member refreshes their page or clicks somewhere else within the site a message pops up to them saying "somebody else has just tried to log in as you, you should change your password" My problem. As I am trying my hardest not to use cookies, if a member logs in but then simply closes the browser, this doesn't revert the "logged in" value, so the next time they do try to login they cant as the site thinks they are already logged in. Is there a way around this without using cookies? Or is this really as far as i can get without using cookies? I haven't really seen many if any good answers so far on the net. My initial thought: I was thinking maybe add another entry in the members table which updates a new time value upon each reload of any php script on the site. The login page would then check the time difference between "now" and the last activity If the time dif is over say 10mins the user can log in. If not a message pops up "You appear to be already logged in on another machine. If you closed the browser without logging out please wait x mins and try again. In future please press the logout button to avoid this message again" This would also mean that it could potentially log out the user after ten mins automatically. Any thoughts?

Hi, yea i got it to work with the folloing: if(substr($get_comment_to_add, -1) == ".") { $com_prt1 = substr_replace($get_comment_to_add ,"",-1); } else{ $com_prt1 = $get_comment_to_add; } This takes out the last character if it's a period and leaves in any others in between

Users are able to add single line comments to a page. If the last character is a full stop I want to be able to remove it. After researching the substr I thought this would work: if(substr($get_comment_to_add, -1) == ".") { substr_replace($get_comment_to_add ,"",-1); } I know the "substr" bit in the "if" returns the last character. So I am assuming the =="." is incorrect. I have tried escaping with a backslash but it still didn't work. Any ideas anyone? Also I cannot use str_replace because it is only the last period i want to remove, not any others in between.

So all santizing functions through out my entire site would be the same. DB connection or not.

Sorry i'm confused, if magic quotes are on, what will this do? if(get_magic_quotes_gpc()) { //apply stripslashes() to POST/GET/COOKIE variables. } Also, with regards to using the mysql_real_escape, I have been using this so far but am now considering using/ creating my own function: One "entering" function which replaces any "unusual characters" with specified combinations of other characters for input. One "taking" function which replaces the said combination back with the original characters. This would mean I could use just two "santizing" functions for everything, and it could also be used on pages where no DB connection is needed. Do you have any thoughts on this?

Hi Mchl, Yea i've found that magic quotes are enabled. Its the turning them off bit that got me stumped. Think i'll have to wait till 2mo to speak to the technical guys at domain sever/host. Thanks, John

This may be another really simple one... I've been reading a lot about the magic quotes and that they are now deprecated. To get more control over sanitization of user input...etc I am using my own security functions. I've also read that I should be turning them off. I've read the section about disabling magic quotes but i'm not much wiser after reading, especially as some people on the manual page are saying contradictory things. What do people recommend for the simplest and safest was to disable all magic quotes and there effects? I am right in assuming that these magic quotes are a built feature to php and therefore this is why i have to turn them off?

ahh, i see. thanks

Bonjour! A members registration form. One of the fields is the first name: <td>First name/ initial</td> <td colspan="2"><input name="forename_1" style="width:150px" type="text" /><i>$no_forename1$check_forename1</i></td> When the form is sent the info is directed back to the same php page. The post is gathered and then checks are run: if(empty($forename_1)) #check2 { $no_forename1 = "First name or initial needed"; } if(!empty($forename_1)) #check3 { if($chosen_forename == 1 && strlen($forename_1)<2) { $check_forename1 = "Is this name correct?"; } } The problem I have lies in the first section of code above: If for example $no_forename1 was never created in the second section of code above then an error is returned saying that $no_forename1 does not exist. One way around this is to declare the variable empty at the start: $no_forename1=""; However this means I have to waste a whole load of lines just to declare the empty variables. Is there a smarter way around this? A way of declaring the variables empty within the if's even if the if's aren't so?

ah brilliant. thanks.

This may seem simple, but I have only been dealing with multiple returns from queries in the past. I now have a query where only one result is return, a string of text. The query in PHP looks like: $query_return_txt = "SELECT comment FROM matrix_general WHERE g_number = '$text[0]' AND a_number = '$text[1]' AND o_number = '$text[2]'"; The result of the query can only have one possible answer. What is the shortest way of getting the answer? Is it: $result = mysql_query($query_return_txt); $row = mysql_fetch_row($result); echo $row[0];

Yea I've also got a relatively similar problem. When I enter info into mysql after running it through function get_post($var) { return mysql_real_escape_string($_POST[$var]); } Things seem to acquire lots of escaping backslashes before apostrophes...etc . Is this normal? They can simply be removed before placing displaying them on screen using str_replace though. http://php.net/manual/en/function.str-replace.php

Just my luck! Ha! Well thankfully I have worked around it. I had a look at the bug link however, as i've only been doing php and html for about a month I think I may have to come back to understanding this at a later date when my knowledge of it all is a little more secure. Thanks for having a look though

here's the working code. The changed method of producing the array is the section commented "//getting all possible combinations" http://www.phpfreaks.com/forums/index.php/topic,297730.0.html The new method results in each stage in the array being a string of 7numbers separated by a , The old way put each number as a separate value in the array. Still don't understand though why the above resulted in ignoring the value zero

I can't believe it. After typing out all that thread I found i'de missed off a tiny little thing in my code: $comment = array(); for($i = 0 ; $i < $number_comments ; ++$i) { $com = mysql_fetch_row($get_result); array_push($comment,$com[0]); // i left out the [0] } Now it works

OK apologies for the length of this one. Below is some php code which generates all the possible combinations from the result of user input in a table using radio buttons. An example of the $_POST result from the user selecting one of all of the radio buttons is as follows: 1-7 are the names of the radio buttons, and all_possible is the name of one of the buttons in the form. The form relates to a table which looks something like: a_number |g_number |option_number |comment | 101at1 201sldfhjlsd 301at3a The table goes on... The php code: if (isset($_POST['all_possible'])) { //getting users matrix answers $r_number = array(); //[0]=at1 [1]=at2.... for($an = 1 ; $an < 8 ; ++$an) { $g_number = get_post($an); array_push($r_number, $g_number); } //getting the number of options per g $count = array(); for($op = 1 ; $op < 8 ; ++$op) { $rn = $op - 1; $query_option_quant = "SELECT option_number FROM matrix WHERE a_number='$op' AND g_number='$r_number[$rn]'"; $option_result = mysql_query($query_option_quant); $rows = mysql_num_rows($option_result); array_push($count,$rows); } //getting all possible combinations $all_combinations = array(); for($a1 = 0 ; $a1 < $count[0] ; ++$a1) { for($a2 = 0 ; $a2 < $count[1] ; ++$a2) { for($a3 = 0 ; $a3 < $count[2] ; ++$a3) { for($a4 = 0 ; $a4 < $count[3] ; ++$a4) { for($a5 = 0 ; $a5 < $count[4] ; ++$a5) { for($a6 = 0 ; $a6 < $count[5] ; ++$a6) { for($a7 = 0 ; $a7 < $count[6] ; ++$a7) { array_push($all_combinations,$a1.",".$a2.",".$a3.",".$a4.",".$a5.",".$a6.",".$a7); } } } } } } } $counted = count($all_combinations); for($ctd = 0 ; $ctd < $counted ; ++$ctd) { $combination = explode(",",$all_combinations[$ctd]); for($atn = 1 ; $atn < 8 ; ++$atn) { $rpn = $atn - 1; $query_get_comment = "SELECT comment FROM matrix WHERE a_number = '$atn' AND g_number = '$r_number[$rpn]'"; $get_result = mysql_query($query_get_comment); $number_comments = mysql_num_rows($get_result); $comment = array(); //this is array in question for($i = 0 ; $i < $number_comments ; ++$i) { $com = mysql_fetch_row($get_result); array_push($comment,$com); } echo $rpn."<br />"; print_r($comment); echo "<br />"; } echo "<br />"; echo "<br />"; } } The result of the above is: The array in question I have commented out in the php code above. I can't understand why it isn't just creating a single dimension array?

I really don't know where the zero's were going but i've redesigned how the $all_combinations array is produced and the problem doesn't exist any more.