Jump to content

Zane

Administrators
  • Content count

    4,095
  • Joined

  • Last visited

  • Days Won

    5

Zane last won the day on November 10 2017

Zane had the most liked content!

Community Reputation

54 Excellent

About Zane

  • Rank
    Prolific Member
  • Birthday 08/19/1986

Recent Profile Visitors

16,833 profile views
  1. Zane

    help with sign up form error

    mysql_connect doesn't exist in PHP7 and considering you're getting an undefined function error, I can easily assume you're using PHP7+
  2. Zane

    problem running program with exec()?

    The chdir function has everything to do with File I/O (fread,fclose,fwrite,etc) and nothing to do with the shell. This is what your shell command should be like, according to your logic. exec("/home/user/.getmail/.getmail.sh")
  3. Zane

    Check if username already exists

    For starters, a string is not an object $sql_u = "SELECT user FROM users WHERE user=?"; $sql_u->bind_param('s', $user); $sql_u->execute() Therefore, the bind_param function does not exist; and nor does execute
  4. So, given all of the recommendations provided by everyone in this thread, we ultimately understand that you want to send URLs to PHP script that then uses those URLs to do something involving banners. The banners part was not part of your original question. Your question was if it was secure enough, and we all agree that it isn't secure. Security is defined as Sending URLs through a URL is not safe in that users can manipulate the resulting URL if they so pleased. So, at its surface, $_GET is not secure. Let's take these URLs for example: http://www.website.com/?bannerURL=http://www.website.com/thebanner.html&websiteURL=http://www.website2.com/thewebsite.html&websiteName=testWebsiteName That URL contains three URLs. Now, if a user wanted to, they could change one of those variables with little to no effort at all. Also, it exposes where your banners would be located. Is that something you want the user to have access to? Is that something that you believe could compromise your PHP script? If it doesn't matter to you that a user can manually edit the URLs, then $_GET should be fine. However, in the end, it depends on what exactly you want to do with those URLs. Are you going to have them displayed for users to click? Are you going to have them used as the source of a banner image? What do you plan on doing with these URLs?! That's the elephant of information in this thread that we've attempted to get from you. What will you do with these URLs in your PHP script? Having said that, sending complete URLs through a URL as a variable may or may not function as you want it to. Take the following URL: http://somesite.com/phpscript.php?urlVariable=http://anothersite.com/somescript.php?getVar=something&anotherVar=somethingelse If you haven't noted what I did there, I'll explain it. Notice that the urlVariable value has a URL with a query parameter. This will break your URL and result in you not getting the proper data. The same issue applies when you then add a second URL to the URL string. Since there are two ? marks, the browser will interpret only up until that first ?. The rest will not be read correctly if at all. To answer your question about htmlspecialchars, take a look at the manual, you'll see at the very beginning: htmlspecialchars will not work because it does not convert the whole string to something useable. htmlspecialchars will not change the extra question marks. The best option is to use: htmlentities $bannerURL = htmlentities($bannerURL); $websiteURL = htmlentities($websiteURL); $websiteName = htmlentities($websiteNAME); This will get you the correct format for sending through a URL http://website.com/myscript.php?bannerURL=$bannerURL&websiteURL=$websiteURL&websiteName=$websiteName On the myscript.php page, you would then decode those URLs into variables for your use using html_entity_decode() $banner = html_entity_decode($_GET['bannerURL']); You could then use that variable appropriately. <img src="{$banner}"/> Now, after all of that, can you understand the insecurities involved with sending URL through URL variables? A user could manipulate that image source very easily. Then again, the "secure" part of how you use these URLs depends on what you are doing with them. We don't know. Assuming this method is used, you will need to first validate the URL to make sure nothing malevolent was added by the user manually. How you do that is up to you. Do you only want to accept URLs from certain domains? Do you want to make sure the syntax of one of the URL variables is correct? What do you want to happen? In any case, if you haven't grasped what we've all been talking about by now, then you should probably outsource your project.
  5. Why not send through a POST request instead? As for the secure part of your question -- Is there anything sensitive in those variables? If it is something the user shouldn't see, then GET or POST wouldn't be the best option. Instead, you should have a database of these urls, each with their own unique identifier. Then, you would pass those unique identifiers in the URL, or through POST.
  6. Zane

    New Guru: maxxd

    Yea, that's like ... a lot of miles away. Takes roughly 7 hours to get there given the abundance of mountainous terrain and drivers in front of you that can't handle it.
  7. Zane

    New Guru: maxxd

    Welcome aboard, maxxd! So where in NC are you from, btw? I'm from the same state.
  8. Zane

    COMPLETE - Planned Downtime: May 23rd-24th

    Hell yea! This looks nice!
  9. Zane

    Latest Conversations

    Assuming your db schema is setup properly, you would just add DESC to order descendingly by date_sent ORDER BY date_sent DESC But if you have a primary index also, you could select more accurately like this Add onto your ORDER BY clause, and order by the ID descendingly after ordering by date_sent. ORDER BY date_sent DESC, id DESC
  10. Simple! Check and make sure that the index isn't undefined first! Make sure that the variable is set. If a variable is not set, then it is not defined; it is undefined. PHP has a built-in function for this called: isset() Formed from the words "is" and "set". It's rather intuitive! $urlpx = ""; if( isset($_SERVER['HTTP_REFERRER']) ) { $urlpx=parse_url(strtok($_SERVER["HTTP_REFERER"],'?'), PHP_URL_PATH); }
  11. Zane

    Beginner in PHP - Populating form

    The simplest way would be to use a $_GET variable. These are otherwise known as URL parameters. So if you had a URL of: site.com/plant.php?pid=5 You could grab that value of 5 with a $_GET variable. $plantID = $_GET['pid'] Then your query would be $query = "SELECT * FROM plant WHERE plantID='" . $plantID . "'";
  12. Zane

    where to start with CUSTOMER TRACKING

    Well, you haven't provided any code for us to help you with, therefore we've resorted to direction. You've scoffed at the direction given, which is to plan this out. If it's so feasible, then come up with a prototype and ask for help when you run into issues. Otherwise, we have to stare at our crystal balls, and I admit, mine isn't plugged in. If you're just looking for code to pop up a dialog box, then JavaScript's prompt() function should do?
  13. Zane

    where to start with CUSTOMER TRACKING

    So, what happens when they hire someone from out of town who doesn't know everyone already? Or what if someone forgets who someone is? Is there going to be a big bulletin board in front of them with pictures of the customers like the most wanted list at the post office? Another option would be to collect their driver's license number and use that as their unique identifier, but that information is also pretty sensitive and people may not want to give it out. Long story short, if you rely on human activity to get your system flowing, then there will be errors and a lot of inconsistency what will ultimately give you quite a headache in the long-run.
  14. Zane

    where to start with CUSTOMER TRACKING

    So, if I understand correctly, you want to track your customers without putting too much of a burden on them? If that's the case, then I would give them something similar to an Ingles Advantage Card with a barcode on it. You would then create or buy some software to interpret that barcode and send it to your PHP script with an HTTP POST or GET request. Though, realistically, you'd need to convince them first why they need the card. Perhaps it offers discounts -- most likely reason. Anyway, that's beside the point. What you want to do is first create your PHP script to expect data in a particular format from a specific type of request. Most likely, you'd need to send information like the customer's unique identifier, an action, an action category, and an action value, or even an array of them. Program your script to do whatever you want it to depending on the use cases you can come up with. Once you've got that procedure down, you can then generate encoded strings to be converted into a barcode, which you'd print onto a card, which you'd probably laminate and give to the customers. Now, as far as code is concerned, that's all up to you. Draw out your project, draw arrows, make diagrams, and figure out how you yourself would code it, and then try to code it. Once you've done all of that and have actual coding attempts to show us, then this is the only advice we can possibly come up with.to help you.
  15. Zane

    where to start with CUSTOMER TRACKING

    For what it's worth, Google Analytics (GA) offers pretty much all the things you're looking for out-of-the-box, for free. https://support.google.com/analytics/answer/3123662?hl=en Read that UserID link. Once you have all the data in GA, then you can choose for yourself what to do with it. Whether that be for reporting within the GA interface itself, or for exporting large amounts of data to store on your own personal database server, your first step will be gathering the data and then figuring out how you want to deal with it. Unless I'm just completely misunderstanding what you're trying to do. If you're talking about a user management system where you're not exactly tracking traffic patterns or conversion goals, but rather user actions in general, like this site. I guess it boils down to what you're after: - Do you want to know which User IDs visits Pages X, Y, and Z of your site. - Or, do you want to know which User Names have performed actions throughout your site. If you want to go by User Names and actions, then you'll need to have a user management system since GA does not allow the storage of Personally Identifiable Information on their servers.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.