Jump to content

Zane

Administrators
  • Content Count

    4,097
  • Joined

  • Last visited

  • Days Won

    5

Zane last won the day on November 10 2017

Zane had the most liked content!

Community Reputation

54 Excellent

About Zane

  • Rank
    Prolific Member
  • Birthday 08/19/1986

Recent Profile Visitors

17,008 profile views
  1. Zane

    a silly DATE question

    Although the manual doesn't explicitly state it, you're not going to be able to use the "S" suffix successfully with "z" because "z" can return a value of 0. PHP's date function is going to return 0th day for a Jan 1st date. You'll need to follow Barand's lead here and use a custom function if you want the e.g 53rd day of the year. The manual also states that this "S" suffix is meant for the ordinal suffix for the date of the month, not the year. http://php.net/manual/en/function.date.php So, something like this $a = "2012-01-01"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2012-01-02"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2015-01-03"; echo date("zS", strtotime($a)); echo "<br />"; will return this:
  2. Zane

    page not showing right & dont know why

    What's with the stray closing </script> tag at the bottom? <!--OEF Test --> </script> </body> </html>
  3. Zane

    help with sign up form error

    mysql_connect doesn't exist in PHP7 and considering you're getting an undefined function error, I can easily assume you're using PHP7+
  4. Zane

    problem running program with exec()?

    The chdir function has everything to do with File I/O (fread,fclose,fwrite,etc) and nothing to do with the shell. This is what your shell command should be like, according to your logic. exec("/home/user/.getmail/.getmail.sh")
  5. Zane

    Check if username already exists

    For starters, a string is not an object $sql_u = "SELECT user FROM users WHERE user=?"; $sql_u->bind_param('s', $user); $sql_u->execute() Therefore, the bind_param function does not exist; and nor does execute
  6. So, given all of the recommendations provided by everyone in this thread, we ultimately understand that you want to send URLs to PHP script that then uses those URLs to do something involving banners. The banners part was not part of your original question. Your question was if it was secure enough, and we all agree that it isn't secure. Security is defined as Sending URLs through a URL is not safe in that users can manipulate the resulting URL if they so pleased. So, at its surface, $_GET is not secure. Let's take these URLs for example: http://www.website.com/?bannerURL=http://www.website.com/thebanner.html&websiteURL=http://www.website2.com/thewebsite.html&websiteName=testWebsiteName That URL contains three URLs. Now, if a user wanted to, they could change one of those variables with little to no effort at all. Also, it exposes where your banners would be located. Is that something you want the user to have access to? Is that something that you believe could compromise your PHP script? If it doesn't matter to you that a user can manually edit the URLs, then $_GET should be fine. However, in the end, it depends on what exactly you want to do with those URLs. Are you going to have them displayed for users to click? Are you going to have them used as the source of a banner image? What do you plan on doing with these URLs?! That's the elephant of information in this thread that we've attempted to get from you. What will you do with these URLs in your PHP script? Having said that, sending complete URLs through a URL as a variable may or may not function as you want it to. Take the following URL: http://somesite.com/phpscript.php?urlVariable=http://anothersite.com/somescript.php?getVar=something&anotherVar=somethingelse If you haven't noted what I did there, I'll explain it. Notice that the urlVariable value has a URL with a query parameter. This will break your URL and result in you not getting the proper data. The same issue applies when you then add a second URL to the URL string. Since there are two ? marks, the browser will interpret only up until that first ?. The rest will not be read correctly if at all. To answer your question about htmlspecialchars, take a look at the manual, you'll see at the very beginning: htmlspecialchars will not work because it does not convert the whole string to something useable. htmlspecialchars will not change the extra question marks. The best option is to use: htmlentities $bannerURL = htmlentities($bannerURL); $websiteURL = htmlentities($websiteURL); $websiteName = htmlentities($websiteNAME); This will get you the correct format for sending through a URL http://website.com/myscript.php?bannerURL=$bannerURL&websiteURL=$websiteURL&websiteName=$websiteName On the myscript.php page, you would then decode those URLs into variables for your use using html_entity_decode() $banner = html_entity_decode($_GET['bannerURL']); You could then use that variable appropriately. <img src="{$banner}"/> Now, after all of that, can you understand the insecurities involved with sending URL through URL variables? A user could manipulate that image source very easily. Then again, the "secure" part of how you use these URLs depends on what you are doing with them. We don't know. Assuming this method is used, you will need to first validate the URL to make sure nothing malevolent was added by the user manually. How you do that is up to you. Do you only want to accept URLs from certain domains? Do you want to make sure the syntax of one of the URL variables is correct? What do you want to happen? In any case, if you haven't grasped what we've all been talking about by now, then you should probably outsource your project.
  7. Why not send through a POST request instead? As for the secure part of your question -- Is there anything sensitive in those variables? If it is something the user shouldn't see, then GET or POST wouldn't be the best option. Instead, you should have a database of these urls, each with their own unique identifier. Then, you would pass those unique identifiers in the URL, or through POST.
  8. Zane

    New Guru: maxxd

    Yea, that's like ... a lot of miles away. Takes roughly 7 hours to get there given the abundance of mountainous terrain and drivers in front of you that can't handle it.
  9. Zane

    New Guru: maxxd

    Welcome aboard, maxxd! So where in NC are you from, btw? I'm from the same state.
  10. Zane

    COMPLETE - Planned Downtime: May 23rd-24th

    Hell yea! This looks nice!
  11. Zane

    Latest Conversations

    Assuming your db schema is setup properly, you would just add DESC to order descendingly by date_sent ORDER BY date_sent DESC But if you have a primary index also, you could select more accurately like this Add onto your ORDER BY clause, and order by the ID descendingly after ordering by date_sent. ORDER BY date_sent DESC, id DESC
  12. Simple! Check and make sure that the index isn't undefined first! Make sure that the variable is set. If a variable is not set, then it is not defined; it is undefined. PHP has a built-in function for this called: isset() Formed from the words "is" and "set". It's rather intuitive! $urlpx = ""; if( isset($_SERVER['HTTP_REFERRER']) ) { $urlpx=parse_url(strtok($_SERVER["HTTP_REFERER"],'?'), PHP_URL_PATH); }
  13. Zane

    Beginner in PHP - Populating form

    The simplest way would be to use a $_GET variable. These are otherwise known as URL parameters. So if you had a URL of: site.com/plant.php?pid=5 You could grab that value of 5 with a $_GET variable. $plantID = $_GET['pid'] Then your query would be $query = "SELECT * FROM plant WHERE plantID='" . $plantID . "'";
  14. Zane

    where to start with CUSTOMER TRACKING

    Well, you haven't provided any code for us to help you with, therefore we've resorted to direction. You've scoffed at the direction given, which is to plan this out. If it's so feasible, then come up with a prototype and ask for help when you run into issues. Otherwise, we have to stare at our crystal balls, and I admit, mine isn't plugged in. If you're just looking for code to pop up a dialog box, then JavaScript's prompt() function should do?
  15. Zane

    where to start with CUSTOMER TRACKING

    So, what happens when they hire someone from out of town who doesn't know everyone already? Or what if someone forgets who someone is? Is there going to be a big bulletin board in front of them with pictures of the customers like the most wanted list at the post office? Another option would be to collect their driver's license number and use that as their unique identifier, but that information is also pretty sensitive and people may not want to give it out. Long story short, if you rely on human activity to get your system flowing, then there will be errors and a lot of inconsistency what will ultimately give you quite a headache in the long-run.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.