Jump to content

Zane

Administrators
  • Content Count

    4,102
  • Joined

  • Last visited

  • Days Won

    5

Zane last won the day on November 10 2017

Zane had the most liked content!

Community Reputation

55 Excellent

About Zane

  • Rank
    Prolific Member
  • Birthday 08/19/1986

Recent Profile Visitors

17,094 profile views
  1. Zane

    Click a form image, run a query

    I don't see where you are sending information to any PHP page when clicking an image. For instance, all of the images you have have an onClick value that pops up a confirm box, that's it. onclick="return confirm('Set ALL status to Upcoming Release?')" And it's not like you can call a PHP function onclick either, so don't think that's what I'm getting at. You need a JavaScript function that sends an AJAX call to the PHP file. Just clicking an image will not cause a <form> element to submit. So, either correct your onclick, or create a JS snippet that handles clicks on images within that form and submits the form.
  2. You need to include the contest_id in your SELECT clause. SELECT contest_id, COUNT(*) FROM entries WHERE user_id = :user_id GROUP BY contest_id
  3. Zane

    onChange() redirect doesn't work

    I learn something every day.
  4. Zane

    onChange() redirect doesn't work

    String.replace() takes a second argument, the replacement. You're better off just overwriting the location property. window.location = 'validate_attendance.php?emp_num='+emp_num; Also, what is the point of declaring a function that takes an argument and then overwriting that argument immediately? function ValidateEmployeeNumber(emp_num) { //completely destroy the value for emp_num and create it again? var emp_num = document.getElementById("emp_num").value; window.location = 'validate_attendance.php?emp_num='+emp_num; } If this is the approach you're going to use, then either take the parameter out of the function (and the call) or just don't overwrite the variable.
  5. Zane

    Echoing all $_GET values

    I always use this snippet to debug my code / echo out the contents of an array or object or any object type. It takes a mixed type parameter, print_r echo "<pre>", print_r($_GET), "</pre>";
  6. Zane

    a silly DATE question

    Although the manual doesn't explicitly state it, you're not going to be able to use the "S" suffix successfully with "z" because "z" can return a value of 0. PHP's date function is going to return 0th day for a Jan 1st date. You'll need to follow Barand's lead here and use a custom function if you want the e.g 53rd day of the year. The manual also states that this "S" suffix is meant for the ordinal suffix for the date of the month, not the year. http://php.net/manual/en/function.date.php So, something like this $a = "2012-01-01"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2012-01-02"; echo date("zS", strtotime($a)); echo "<br />"; $a = "2015-01-03"; echo date("zS", strtotime($a)); echo "<br />"; will return this:
  7. Zane

    page not showing right & dont know why

    What's with the stray closing </script> tag at the bottom? <!--OEF Test --> </script> </body> </html>
  8. Zane

    help with sign up form error

    mysql_connect doesn't exist in PHP7 and considering you're getting an undefined function error, I can easily assume you're using PHP7+
  9. Zane

    problem running program with exec()?

    The chdir function has everything to do with File I/O (fread,fclose,fwrite,etc) and nothing to do with the shell. This is what your shell command should be like, according to your logic. exec("/home/user/.getmail/.getmail.sh")
  10. Zane

    Check if username already exists

    For starters, a string is not an object $sql_u = "SELECT user FROM users WHERE user=?"; $sql_u->bind_param('s', $user); $sql_u->execute() Therefore, the bind_param function does not exist; and nor does execute
  11. So, given all of the recommendations provided by everyone in this thread, we ultimately understand that you want to send URLs to PHP script that then uses those URLs to do something involving banners. The banners part was not part of your original question. Your question was if it was secure enough, and we all agree that it isn't secure. Security is defined as Sending URLs through a URL is not safe in that users can manipulate the resulting URL if they so pleased. So, at its surface, $_GET is not secure. Let's take these URLs for example: http://www.website.com/?bannerURL=http://www.website.com/thebanner.html&websiteURL=http://www.website2.com/thewebsite.html&websiteName=testWebsiteName That URL contains three URLs. Now, if a user wanted to, they could change one of those variables with little to no effort at all. Also, it exposes where your banners would be located. Is that something you want the user to have access to? Is that something that you believe could compromise your PHP script? If it doesn't matter to you that a user can manually edit the URLs, then $_GET should be fine. However, in the end, it depends on what exactly you want to do with those URLs. Are you going to have them displayed for users to click? Are you going to have them used as the source of a banner image? What do you plan on doing with these URLs?! That's the elephant of information in this thread that we've attempted to get from you. What will you do with these URLs in your PHP script? Having said that, sending complete URLs through a URL as a variable may or may not function as you want it to. Take the following URL: http://somesite.com/phpscript.php?urlVariable=http://anothersite.com/somescript.php?getVar=something&anotherVar=somethingelse If you haven't noted what I did there, I'll explain it. Notice that the urlVariable value has a URL with a query parameter. This will break your URL and result in you not getting the proper data. The same issue applies when you then add a second URL to the URL string. Since there are two ? marks, the browser will interpret only up until that first ?. The rest will not be read correctly if at all. To answer your question about htmlspecialchars, take a look at the manual, you'll see at the very beginning: htmlspecialchars will not work because it does not convert the whole string to something useable. htmlspecialchars will not change the extra question marks. The best option is to use: htmlentities $bannerURL = htmlentities($bannerURL); $websiteURL = htmlentities($websiteURL); $websiteName = htmlentities($websiteNAME); This will get you the correct format for sending through a URL http://website.com/myscript.php?bannerURL=$bannerURL&websiteURL=$websiteURL&websiteName=$websiteName On the myscript.php page, you would then decode those URLs into variables for your use using html_entity_decode() $banner = html_entity_decode($_GET['bannerURL']); You could then use that variable appropriately. <img src="{$banner}"/> Now, after all of that, can you understand the insecurities involved with sending URL through URL variables? A user could manipulate that image source very easily. Then again, the "secure" part of how you use these URLs depends on what you are doing with them. We don't know. Assuming this method is used, you will need to first validate the URL to make sure nothing malevolent was added by the user manually. How you do that is up to you. Do you only want to accept URLs from certain domains? Do you want to make sure the syntax of one of the URL variables is correct? What do you want to happen? In any case, if you haven't grasped what we've all been talking about by now, then you should probably outsource your project.
  12. Why not send through a POST request instead? As for the secure part of your question -- Is there anything sensitive in those variables? If it is something the user shouldn't see, then GET or POST wouldn't be the best option. Instead, you should have a database of these urls, each with their own unique identifier. Then, you would pass those unique identifiers in the URL, or through POST.
  13. Zane

    New Guru: maxxd

    Yea, that's like ... a lot of miles away. Takes roughly 7 hours to get there given the abundance of mountainous terrain and drivers in front of you that can't handle it.
  14. Zane

    New Guru: maxxd

    Welcome aboard, maxxd! So where in NC are you from, btw? I'm from the same state.
  15. Zane

    COMPLETE - Planned Downtime: May 23rd-24th

    Hell yea! This looks nice!
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.