anups

Hi I need to test for XSS attack and aim is to break my own site. I am using strip_tags to strip all the HTML and tags. Is there any way for successful XSS attack even if strip_tags is used.

try this $vowels = array("a", "e", "i", "o", "u", "A", "E", "I", "O", "U"); $onlyconsonants = str_replace($vowels, "", "Hello World of PHP"); echo $onlyconsonants ;

u can use filter_var function for validation $valid_email = filter_var('[email protected]', FILTER_VALIDATE_EMAIL); if($valid_email){ echo "valid"; }else{ echo "In valid"; }

hey.. I got a PEAR library to parse the query I thing it may help you http://pear.php.net/package/SQL_Parser Simple Usage require_once ‘SQL/Parser.php’; $parser = new SQL_Parser(); $struct = $parser->parse("SELECT a,b,c FROM Foo"); print_r($struct); SAMPLE OUTPUT Array ( [command] => select [column_tables] => Array ( [0] => [1] => [2] => ) [column_names] => Array ( [0] => a [1] => b [2] => c ) [column_aliases] => Array ( [0] => [1] => [2] => ) [table_names] => Array ( [0] => foo ) [table_aliases] => Array ( [0] => ) [table_join_clause] => Array ( [0] => ) )

u can use php's in-built csv function to read an write files for your example I will suggest u to use this <?php $row = 1; if (($handle = fopen("meeting.survey", "r")) !== FALSE) { while (($data = fgetcsv($handle)) !== FALSE) { $num = count($data); echo "<p> $num fields in line $row: <br /></p>\n"; $row++; for ($c=0; $c < $num; $c++) { echo $data[$c] . "<br />\n"; } } fclose($handle); } ?>

user mysql_tablename :- string mysql_tablename ( resource $result , int $i )

If u are using HTML form something like this this <form method="post" enctype="multipart/form-data"> <input type="file" name="file[]" /><br> <input type="file" name="file[]" /><br> <input type="submit" /> </form> And if you print $_FILES you will get output like Array ( [file] => Array ( [name] => Array ( [0] => ALIM5004.JPG [1] => ALIM5005.JPG ) [type] => Array ( [O] => image/jpeg [1] => image/jpeg ) [tmp_name] => Array ( [0] => D:\xampp\tmp\php7AD4.tmp [1] => D:\xampp\tmp\php7AF4.tmp ) [error] => Array ( [0] => 0 [1] => 0 ) => Array ( [0] => 2750396 [1] => 2786816 ) ) ) so to uload the form u can use $files = $_FILES; if(isset($files['error'])){ for($i=0;$i<count($files['name']);$i++){ if($files['error'][$i] == 0 ){ move_uploaded_file($files['tmp_name'][$i], "$uploads_dir/$name"); } } }

Just give a simple try it may help "use HTML5 standards" <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head>

Hi All, Can someone help??

Hi In my comment plugin i can see comment using "facebook", "yahoo", "aol" and "hotmail" is there a way to remove {"yahoo", "aol" and "hotmail"} I tried using "Setting" => "Allow users to post using other login providers." but still its showing the same. [attachment deleted by admin]

I have 3 pages on my website 1. http://xyz.com/user.php 2. http://xyz.com/admin.php 3. http://xyz.com/superadmin.php Now I want to show http authentication using ".htaccess" && ".htpasswd" for "admin.php" & "superadmin.php". I cannot use php code header('WWW-Authenticate: Basic realm="My Realm"'); As per my knowledge http authentication using ".htaccess" files works only on directories not on pages. Please help me in achieving this.

Simply use library written at http://www.phpclasses.org/package/2957-PHP-Generate-RSS-2-0-feeds.html It will simplify your life and save lots of time

wheneveryou get ajax response you can modify it... instead of creating drop down you can create checkbox, hardly matter of 10-15 mins.... OR else in drop down you can set the 2 properties of <select> "multiple" & "Size" so that without checkbox uses can select multiple.

look at http://www.dhtmlgoodies.com/index.html?page=ajax "Chained select boxes" Source Code http://www.dhtmlgoodies.com/index.html?whichScript=ajax_chained_select Demo http://www.dhtmlgoodies.com/scripts/ajax-chained-select/ajax-chained-select.html

You can use .htaccess file basically you'll have to expand on that .. what's happening here is all in the rewrite condition and rule - so to take an example from another blog: RewriteCond %{HTTP_USER_AGENT} “Windows CE” [NC,OR] #Windows CE and Pocket PC RewriteCond %{HTTP_USER_AGENT} “NetFront” [NC,OR] #PalmSource WebBrowser 2.0 RewriteCond %{HTTP_USER_AGENT} “Palm OS” [NC,OR] #Eudora Web Browser for Palm RewriteCond %{HTTP_USER_AGENT} “Blazer” [NC,OR] #Handspring Blazer Browser RewriteCond %{HTTP_USER_AGENT} “Elaine” [NC,OR] #RIM Devices RewriteCond %{HTTP_USER_AGENT} “^WAP.*$” [NC,OR] #WAP Browsers RewriteCond %{HTTP_USER_AGENT} “Plucker” [NC,OR] #Plucker Offline download client RewriteCond %{HTTP_USER_AGENT} “AvantGo” [NC] #AvantGo Service RewriteRule ^index.php http://m.yourdomain.com/ [L,R] basically if the browser's user agent matches one of these strings, then the rewrite rule kicks in... it's not the most basic of concepts and rewrite stuff can be quite touchy, so it could be tricky to implement, but that's how you'd go about it... hope that helps a bit!

you can use following query :- You can modify month or day accordingly SELECT *, concat(date_format(now(),"%Y"),"-",date_format(now(),"%m"),"-", "2") as dates FROM `todolist` WHERE `due_date` < concat(date_format(now(),"%Y"),"-",date_format(now(),"%m"),"-", "2")

To show all databases $con = mysql_connect("localhost","root",""); $result = mysql_query("show databases"); $db_str = "<select>"; $db_arr = array(); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){ //echo $row['Database']."<br>"; $db_str .= "<option>".$row['Database']."</option>"; $db_arr[] = $row['Database']; } $db_str .= "</select>"; echo $db_str;

use this way echo '<div id="position1">'.$name.'</div>';

Hi All, I am using HTTP Session2 pear module in my project. My logout code is HTTP_Session2::set('user_id',''); HTTP_Session2::set('user_type',''); HTTP_Session2::regenerateId(true); HTTP_Session2::destroy(); pageRedirect("index.php?q=registration/login"); exit; My Check Login Script is if(trim(HTTP_Session2::get('user_id'))=='' || trim(HTTP_Session2::get('user_type'))=='') { HTTP_Session2::set('user_id',''); HTTP_Session2::set('user_type',''); HTTP_Session2::regenerateId(true); HTTP_Session2::destroy(); pageRedirect("index.php?q=registration/login"); exit; } problem here is whenever I click on back button after logout then I can see the user homepage, on which I have written "Check Login Script ". Is there a good solution available ?

Good solutions follow the links below http://stackoverflow.com/questions/336127/calculate-business-days http://www.phpclasses.org/package/3453-PHP-Calculate-business-days-between-dates.html http://snippets.dzone.com/posts/show/807

I have to check rerefer and bypass some IP or host in .htaccess file not in PHP

I have htaccess file from which I am calling htpasswd. Currently its ask for authentication from everyone. I want it IP based or Domain based so that a user requesting from specific IP may not have to go through http authentication. Some domain calling the web pages in background like paypal OR google checkout can access the page without http authentication. Is it possible ? content of htaccess file is given below. AuthUserFile /var/www/web/.htpasswd AuthName "Authorization Required" AuthType Basic <Limit GET POST> require user username </Limit>

Hi All, Just now I had a thought in mind for using regular expression in implode. I know I can get the solution using foreach loop but just trying whether can we do it without using foreach. I have an array here I want to create a table with array. I can do it using for or foreach loop but just a thought came in my mind doing it without using loop. $arr = array(1,2,3,4,5); echo "<table border='2'>"; echo "<tr>".implode("<td>[u]I WANT MY VALUES HERE[/u]</td>",$arr)."</tr>"; echo "</table>"; can we pass regular expression in implode() so that i will get record something like this <td>1</td> <td>2</td> <td>3</td> <td>4</td> <td>5</td>

count will give you number of elements in array. in other words it will give you the number of array keys. it doesn't depend upon the value of key. for e.g. $arr = array(); $arr[0] = array(1,2,3,4,5,6); $arr[1] = array(11,22,33,44,55,66); $arr[2] = ''; in this case count ($arr) will give you 3.

few things are missing in your code 1. Validation - never believe user input always validate it like integer, alphanumeric, emailids. 2. Never insert row user data in database - if you are expecting only simple string strip all the html tags or define the tags yo are allowing. always use mysql_real_escape string so that there will be sql injection attacks. 3. avoid xss attacks. 4. data length is not validated - you can only define max length for each input filed eg. for name max varchar 255... before executing the query check the length input by user. 5. rather than just checking if(!empty($_POST['field_name'])) use if(isset($_POST['field_name'] && !empty(trim($_POST['field_name']))){ // do something }