Jump to content

Zane

Administrators
  • Content Count

    4,104
  • Joined

  • Last visited

  • Days Won

    5

Zane last won the day on November 10 2017

Zane had the most liked content!

Community Reputation

56 Excellent

About Zane

  • Rank
    Prolific Member
  • Birthday 08/19/1986

Recent Profile Visitors

17,413 profile views
  1. Composer creates an autoload file that you can include at the top of your PHP scripts instead of having to include every package individually. Then you just have to use them as if they're classes that you've included. https://getcomposer.org/doc/01-basic-usage.md#autoloading Example from site. require ( __DIR__ . '/vendor/autoload.php'; $log = new Monolog\Logger('name'); $log->pushHandler(new Monolog\Handler\StreamHandler('app.log', Monolog\Logger::WARNING)); $log->addWarning('Foo');
  2. Zane

    Dark Theme

    Awesome job, requinix!
  3. I don't see where you are sending information to any PHP page when clicking an image. For instance, all of the images you have have an onClick value that pops up a confirm box, that's it. onclick="return confirm('Set ALL status to Upcoming Release?')" And it's not like you can call a PHP function onclick either, so don't think that's what I'm getting at. You need a JavaScript function that sends an AJAX call to the PHP file. Just clicking an image will not cause a <form> element to submit. So, either correct your onclick, or create a JS snippet that handles clicks on images within that form and submits the form.
  4. You need to include the contest_id in your SELECT clause. SELECT contest_id, COUNT(*) FROM entries WHERE user_id = :user_id GROUP BY contest_id
  5. I learn something every day.
  6. String.replace() takes a second argument, the replacement. You're better off just overwriting the location property. window.location = 'validate_attendance.php?emp_num='+emp_num; Also, what is the point of declaring a function that takes an argument and then overwriting that argument immediately? function ValidateEmployeeNumber(emp_num) { //completely destroy the value for emp_num and create it again? var emp_num = document.getElementById("emp_num").value; window.location = 'validate_attendance.php?emp_num='+emp_num; } If this is the approach you're going to use, then either take the parameter out of the function (and the call) or just don't overwrite the variable.
  7. I always use this snippet to debug my code / echo out the contents of an array or object or any object type. It takes a mixed type parameter, print_r echo "<pre>", print_r($_GET), "</pre>";
  8. Although the manual doesn't explicitly state it, you're not going to be able to use the "S" suffix successfully with "z" because "z" can return a value of 0. PHP's date function is going to return 0th day for a Jan 1st date. You'll need to follow Barand's lead here and use a custom function if you want the e.g 53rd day of the year. The manual also states that this "S" suffix is meant for the ordinal suffix for the date of the month, not the year. http://php.net/manual/en/function.date.php So, something like this $a = "2012-01-01"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2012-01-02"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2015-01-03"; echo date("zS", strtotime($a)); echo "<br />"; will return this:
  9. What's with the stray closing </script> tag at the bottom? <!--OEF Test --> </script> </body> </html>
  10. mysql_connect doesn't exist in PHP7 and considering you're getting an undefined function error, I can easily assume you're using PHP7+
  11. The chdir function has everything to do with File I/O (fread,fclose,fwrite,etc) and nothing to do with the shell. This is what your shell command should be like, according to your logic. exec("/home/user/.getmail/.getmail.sh")
  12. For starters, a string is not an object $sql_u = "SELECT user FROM users WHERE user=?"; $sql_u->bind_param('s', $user); $sql_u->execute() Therefore, the bind_param function does not exist; and nor does execute
  13. So, given all of the recommendations provided by everyone in this thread, we ultimately understand that you want to send URLs to PHP script that then uses those URLs to do something involving banners. The banners part was not part of your original question. Your question was if it was secure enough, and we all agree that it isn't secure. Security is defined as Sending URLs through a URL is not safe in that users can manipulate the resulting URL if they so pleased. So, at its surface, $_GET is not secure. Let's take these URLs for example: http://www.website.com/?bannerURL=http://www.website.com/thebanner.html&websiteURL=http://www.website2.com/thewebsite.html&websiteName=testWebsiteName That URL contains three URLs. Now, if a user wanted to, they could change one of those variables with little to no effort at all. Also, it exposes where your banners would be located. Is that something you want the user to have access to? Is that something that you believe could compromise your PHP script? If it doesn't matter to you that a user can manually edit the URLs, then $_GET should be fine. However, in the end, it depends on what exactly you want to do with those URLs. Are you going to have them displayed for users to click? Are you going to have them used as the source of a banner image? What do you plan on doing with these URLs?! That's the elephant of information in this thread that we've attempted to get from you. What will you do with these URLs in your PHP script? Having said that, sending complete URLs through a URL as a variable may or may not function as you want it to. Take the following URL: http://somesite.com/phpscript.php?urlVariable=http://anothersite.com/somescript.php?getVar=something&anotherVar=somethingelse If you haven't noted what I did there, I'll explain it. Notice that the urlVariable value has a URL with a query parameter. This will break your URL and result in you not getting the proper data. The same issue applies when you then add a second URL to the URL string. Since there are two ? marks, the browser will interpret only up until that first ?. The rest will not be read correctly if at all. To answer your question about htmlspecialchars, take a look at the manual, you'll see at the very beginning: htmlspecialchars will not work because it does not convert the whole string to something useable. htmlspecialchars will not change the extra question marks. The best option is to use: htmlentities $bannerURL = htmlentities($bannerURL); $websiteURL = htmlentities($websiteURL); $websiteName = htmlentities($websiteNAME); This will get you the correct format for sending through a URL http://website.com/myscript.php?bannerURL=$bannerURL&websiteURL=$websiteURL&websiteName=$websiteName On the myscript.php page, you would then decode those URLs into variables for your use using html_entity_decode() $banner = html_entity_decode($_GET['bannerURL']); You could then use that variable appropriately. <img src="{$banner}"/> Now, after all of that, can you understand the insecurities involved with sending URL through URL variables? A user could manipulate that image source very easily. Then again, the "secure" part of how you use these URLs depends on what you are doing with them. We don't know. Assuming this method is used, you will need to first validate the URL to make sure nothing malevolent was added by the user manually. How you do that is up to you. Do you only want to accept URLs from certain domains? Do you want to make sure the syntax of one of the URL variables is correct? What do you want to happen? In any case, if you haven't grasped what we've all been talking about by now, then you should probably outsource your project.
  14. Why not send through a POST request instead? As for the secure part of your question -- Is there anything sensitive in those variables? If it is something the user shouldn't see, then GET or POST wouldn't be the best option. Instead, you should have a database of these urls, each with their own unique identifier. Then, you would pass those unique identifiers in the URL, or through POST.
  15. Yea, that's like ... a lot of miles away. Takes roughly 7 hours to get there given the abundance of mountainous terrain and drivers in front of you that can't handle it.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.