vungee
-
Posts
12 -
Joined
-
Last visited
Never
Posts posted by vungee
-
-
If you choose not to use quotes then validate your data ($id) to an integer (ie. type cast). If it is a string, you will throw a mysql syntax error.
-
Your example is prone to sql injection as variable $id can be escaped. Make sure you clean your variables with a mysql_real_escape_string.
http://php.net/manual/en/function.mysql-real-escape-string.php
$id = mysql_real_escape_string($_GET['id']);
-
You can declare the namespace using backslashes as well
<? namespace test; class testClass { function go() { echo "hello world"; } } $x='\test\testClass'; $t = new $x(); $t->go(); ?>
-
Why use php in your template file? I mean, how does that differ from your index.php code?
Stripping PHP out of your template file can nicely separate your HTML code from your PHP code. Below is a rough outline of a useable token-replacement template class, which parses an html file.
class.template.php
class Template { public $template; public function __construct($template) { $this->template = file_get_contents($template); } public function assign($replacement, $new_content) { $this->template = str_replace("{$replacement}", $new_content, $this->template); } public function get_template() { return $this->template; } }
index.php
require_once('class.template.php'); $template = new Template('template.html'); $template->assign('{ReplaceThisText}', 'WithThisText'); echo $template->get_template();
template.html
<html> <body> {ReplaceThisText} </body> </html>
This is not meant to be used as is, but give you an idea of how to expand this further.
-
What is the value of $dateselected when you run the script?
$dateselected="$_POST[Y]-$_POST[M]-$_POST[D]";
I ask because those $_POST values don't look right...
$dateselected="{$_POST['Y']}-{$_POST['M']}-{$_POST['D']}";
Sorry, I am unable to test this at the moment though
-
Do you have the following code at the beginning of your page?
session_start();
This is require to use sessions... just a thought...
-
BUT if you are going to do that, be aware that WHATEVER is sent through the $_POST array, php will interpret as a string, you would need to use either a preg_ function or ctype_digit() or even typecast the incoming var so that you can be certain that it is ONLY a numerical value that is being sent, personally though I would use a preg_ function as ctype_digit is a but lax IMO and your 'safer' using preg because you can be a lot more stricter with the conditional patterns.
Thank you rwwd for the additional explanation. My example shows the need for using $_POST['id'] to set the $id variable (without the php error). To me it is unclear as to the value type of $id as manalnor didn't specify. There are cases were the post value should be a string so no type cast is needed since it will be a string. In either case, it is important to know what type of value you are expecting and validate all *used* $_POST values.
Thanks again
-
More than likely this is an issue with the way each browsers handles CSS and HTML. There can be a number of differences between browsers and the way they render pages. It is best to use standards and test your code on a browser that supports the latest in HTML5 and CSS3.
Then check your site against older browsers or ones that don't fully support standards. You can then modified your CSS to get around these issues.
In my experience, IE seems to render the pages the most different. You can even create a separate stylesheet for clients using IE. Good news is that IE9 is moving very close to fully support code standards. This way the differences between Safari and IE9 should be minimal. Hope this helps and good luck!
-
What about?
$id = isset($_POST['id']) ? $_POST['id'] : 0; $ORGtext= file_get_contents('NewsID=$id');
-
You can dump the variable $latest to the screen using the following:
var_dump($latest);
Without functional changes you can get the entry using the following:
echo $latest[3];
-
I am not familiar with a good email marketing software that you can install locally. Below list popular email systems that have a huge client base.
http://www.constantcontact.com/
These systems allow you to create email custom templates and both have APIs to integrate them into your website.
Mysql injection attacks
in PHP Coding Help
Posted
If $id is always an integer, then add a check to type cast it to an integer and no escape is needed... even though you can to be on the safe side. If $id can be a string then you will want to escape it using mysql_real_escape_string.