Jump to content

stuartbates

Members
  • Posts

    11
  • Joined

  • Last visited

    Never

Contact Methods

  • Website URL
    http://www.greenshootsdesign.co.uk

Profile Information

  • Gender
    Male

stuartbates's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Thanks for the prompt reply I'd looked at those and disregarded them! Found an article that makes sense of it all for me now - so thanks again. In case anyone reads this and needs to know more http://www.litfuel.net/tutorials/bitwise.htm explains everything nicely
  2. I've been looking through the Joomla docs trying to understand how everything works and I've seen something that I don't understand and cannot find an answer to anywhere on the net. The basic question is what is the ampersand used for in this conditional here: if (!($mask & 1) && is_string($var)) { The two in the middle are obviously the AND part of the conditional. I know it can be used for creating references to variables but I don't think this is what is happening here. I've seen people using it to test for odd and even numbers too but with no explanation of how it works/what it does. The full code is below: function _cleanVar($var, $mask = 0, $type=null) { // Static input filters for specific settings static $noHtmlFilter = null; static $safeHtmlFilter = null; // If the no trim flag is not set, trim the variable if (!($mask & 1) && is_string($var)) { $var = trim($var); } // Now we handle input filtering if ($mask & 2) { // If the allow raw flag is set, do not modify the variable $var = $var; } elseif ($mask & 4) { // If the allow html flag is set, apply a safe html filter to the variable if (is_null($safeHtmlFilter)) { $safeHtmlFilter = & JFilterInput::getInstance(null, null, 1, 1); } $var = $safeHtmlFilter->clean($var, $type); } else { // Since no allow flags were set, we will apply the most strict filter to the variable if (is_null($noHtmlFilter)) { $noHtmlFilter = & JFilterInput::getInstance(/* $tags, $attr, $tag_method, $attr_method, $xss_auto */); } $var = $noHtmlFilter->clean($var, $type); } return $var; }
  3. Thanks for the replies looking at the second post I see my stupid mistake! For some reason I thought specifiying the filename in this line here: header('Content-Disposition: attachment; filename="'. $filename .'"'); Long and short I wasn't sending any data and simply needed to add: readfile($filename); Rather embarrassing but thanks for the replies guys
  4. I'm creating a CSV file on the fly for download in the backend - a stock management function. The script works fine extracting from the database fine and creates the CSV. But the next step of the script is to download the file using: header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"'); This works, in as much as it downloads the file specified by $filename but when I open the file it's empty and the File Size in properties is 0. But if I go into my FTP and download the file it contains all the data as expected? Anyone have any ideas whats wrong? Thoughts I've had: File size too large would using ob_start('ob_gzhandler'); help? Or is there an INI setting? File encoding needs to be set? UTF8? Content Type should be text/csv? Thanks
  5. Use the parse url function: http://uk3.php.net/manual/en/function.parse-url.php Would look like this: // To print echo parse_url($url, PHP_URL_QUERY ); // To assign $query = parse_url($url, PHP_URL_QUERY );
  6. You need to construct the select options using an array then loop through checking for a match... $categories = array('Restaurant', 'Salon de coiffure', 'Sale de bronzage', 'Magasin de vetements', 'Magasin de détai', 'Centre commercial', 'Location Immobilier', 'Autre'); foreach ($categories as $value) { echo '<option value="' . $value . '"'; if ($value == $info['categorie']){ echo ' selected'; } echo '>' . $value . '</option>'; } Enjoy!
  7. Simply defines a variable holding a value for the maximum size of any uploaded file. Conditional to check if the size of the uploaded file is greater than the maximum allowed filesize defined in step 1 This takes the uploaded file and copies it from the tmp file where uploads are stored into the destination you define. However this is poor coding. You should not use the copy function in this way as it represents a security risk. A malicious user could simply forge a HTTP request and force your script to move files on your server to the uploads directory. Instead you should use move_uploaded_file:
  8. Well the simply solution would be to do it using CSS so simply add a 25px margin to the bottom of the image. You wouldn't actually want to add the style inline but is simpler as a demo: <img src="pathtoimage.jpg" style="margin-bottom: 25px;"> However if you actually want to add blank space to the image itself then you'd have to utilise GD Library using a combination of the imagecreate function and the imagecopy function - but this in 99% of cases is surely an overkill.
  9. With meta-tags always a good idea to set default options because as your website grows there's a good chance they will get over looked. So use a conditional like: if (!isset($title)){ echo '<title>Default Page Title</title>'; } else { echo '<title>' . $title . '</title>'; } You might also want to consider using the database to drive the meta tags - particularly if you have any form of catalogue.
  10. You can't really use sessions to prevent excess login attempts because ultimately anyone remotely serious about mounting a brute force attack will simply disable cookies which will render your defences useless. You really need to have a table in your database for invalid logins and then prevent people attempting once a threshold level has been reached. You could do this based up account username and/or IP address... although again IP addresses can be spoofed and/or dynamically altered. One method we often employ with our clients is to utilise php's sleep() function to implement a random delay... it won't have any impact upon a manual intruder but plays havoc with automated attacks. And no answer on security would be complete without simply enforcing your users to have strong passwords in the first place. Brute force attacks are often the least of your concerns when securing php applications.
  11. Hi, It's because the query you're running to calculate the total number of results - and consequently the number of pages to display links to is different to the query you're actually running. Both queries; the one to determine number of pages and the one with the dynamic limit options need to be the same. I.E: SELECT COUNT(*) FROM locations Should become something like: SELECT COUNT(*) FROM locations WHERE location_state='$state' ORDER BY location_city
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.