OldWest
-
Posts
296 -
Joined
-
Last visited
Never
Posts posted by OldWest
-
-
Can you try wrapping the $var in a trim()
$file = fopen(trim($var), "x");
Just a theory
Not theory. Solid fact! Good idea!
-
And if you want to create .html files, just do this:
$file = fopen(trim($line) . ".html", 'x');
-
maybe i missed something, but where is $text defined?
-
You should hire me to upgrade your scripts ; )
Seems like someone changed the hijacking php scripts thread to hijacking the thread into freelance!
haha! That's funny stuff.
-
This is all I can give you tonight. Good luck with the rest!
<?php $title = "This is an example of a sentence in a paragraph"; $title_array = explode(" ", $title); foreach ($title_array as $word) { $chr_count = strlen($word); if ($chr_count > 5) echo "$word - $chr_count <br />"; } ?> -
To prevent PHP form Hijacking it's best to Turn off the register_globals. correct? But some of my applications stop responding when it's turned off. What is the risk? Any solution to avoid the risk?
Thanks.
Ruth.
register_globals should always be off. Sounds like your scripts were developed some years ago (using php4) because register_globals was a thing of the past. Its very insecure since you don't need to declare your passed variables. Therefore, it's really easy to pass bad or harmful data through your scripts - and you never know what could go through. You should hire me to upgrade your scripts ; )
-
what trouble are you running into? getting any specific errors? what happens when you run the script?
-
I did not test or read all your code, but on this line:
count($title_aray);
you are missing an "r" in title_array
thanx. modified it,but still getting errors!
Ok. I don't really understand what you are trying to do or why, so I can't help much. Your description is not very complete.
Can you try to clarify exactly what you are trying to do any for what purpose?
-
I did not test or read all your code, but on this line:
count($title_aray);
you are missing an "r" in title_array
-
There's nothing weird about declaring a variable before you reference it.
It just seems ultra redundant.
If you look at my last post... your trying to concatenate to a variable that does not exist on the first time round. Programming logic needs to have a variable declared before it can reference it.
You can't really do $x + $y if $x does not exist. Any programming language will have an issue trying to use something that is not declared.
I get it. It just feels unnatural to create an empty value for that reason. It would be nice if there was a specialized character for loop structure concatenation like: =.= or something that was used specifically for this type of thing, just to at least cut down on the extra code. IMHO.
-
There's nothing weird about declaring a variable before you reference it.
It just seems ultra redundant.
-
I am running through a tutorial and I am getting an error based on a the concatication operator on my output. Below is my code.
As you can see I am echoing $display_block .= "<p>$title<br>$rec_label<br>....
If I send this as-is I get this error: Notice: Undefined variable: display_block in C:\wamp\www\php\php_mysql\sel_byid.php on line 36
I can resolve the error by placing this before the while loop: $display_block = "";
Is there a better way to output the concatenation.= so I don't need to do this weird fix?
while ($row = mysql_fetch_array($result)) { $id = $row['id']; $format = $row['format']; $title = stripslashes($row['title']); $artist_fn = stripslashes($row['artist_fn']); $artist_ln = stripslashes($row['artist_ln']); $rec_label = stripslashes($row['rec_label']); $my_notes = stripslashes($row['my_notes']); $date_acq = $row['date_acq']; if ($artist_fn != "") { $artist_fullname = trim("$artist_fn $artist_ln"); } else { $artist_fullname = trim("$artist_ln"); } if ($date_acq == "0000-00-00") { $date_acq = "[unknown]"; } $display_block .= "<p>$title<br>$rec_label<br>$artist_fullname<br>$my_notes<br>$date_acq<br>$format</p>"; -
Nightslyr,
The Lego analogy is very good. I have not heard that one yet, and I am glad you used the concept of practical objects - e.g. product in an online store, a user, a login handler, etc. and not dogs, cars and cats!
-
I'm still open to any ideas on practical use of blob with php and mysql, but I read up some articles and found it appears the actual binary data (an image for example) can be stored in a blob data type.. If I understand this right, the blob content would just be a bunch of binary 0110101 data low level deconstruction of the image file, and then can be re encoded by some means.. Am I off on this? I'm sorry if this keeps bumping this is my last comment..
-
For example, could the content of a Microsoft Word doc be inserted into a blob data type? And then used in MS Word format again from an external source? I am just trying to find some practical use for this binary data field type.
-
PFMaBiSmAd,
ok blob helps clear it up and from what i gather now the main difference is the binary data would be determined and evaluated based on byte value and standard character strings are evaluated based on their respective character encoding data..
I also realized i mean: mysql_real_escape_string() - I left out the "string" in my original question..
I guess I can't see having much use for a blob data type
but I am open to realistic applicable suggestions. -
ive been doing some research on this, and i cant seem to find an answer that makes sense.
im reading the manual on mysql_real_escape() and I know how to use the function, but in the description:
Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.
What is an example of inserting "binary data" as described above??
As far as I understand that would be any numerical values and a string would not apply.. But does not seem to add up. A binary file cannot be inserted, so Im a bit lost.
Any thoughts welcome.
-
oh shit.. its too late. i misread the manual on this function! working as expected.
-
I still don't know why basename() is used. I ran this test:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input name="submit" type="submit" value="Go >>" /> </form> <?php if(isset($_POST['submit'])) { $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename("ed.png"); echo $uploadfile; } ?>Output is: /var/www/uploads/ed.png
But why is basename() needed or recommended in so many examples?
-
I am doing some study, and I am looking through an upload script.. Can someone explain to me why this is so:
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']
);
From reading the manual and looking at other tutorials, it appears basename() returns the file path name thus would strip off the actual file name in the above??
For example if $_FILES['userfile']['name'] was mike.jpg wouldn't basename() just snag "mike"?
Am I right??
$uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-
the script can run on any computer that is turned on only. and if your script is on a remote server it can of course run independent of your pc.
power on = script can run
-
There are a load of books on the market for php, and I just wanted some recommendations on which books are the very best for intermediate to advanced level information. I prefer a book that combines mysql and php.
-
Thanks, Joel24
Def helped clear it all up. I am going to draw it out for more visual. So much abstract in this programming stuff!
-
I am doing more practice, and I am trying to interpret the WHY on some certain aspects of this script. I can get it to work and it works as expected, but I am not sure what it works (got most of it sorted it).. Here is my first question:
Question 0. About 3/4 down the script: ($i = 0; $i < $cols; $i++) - cannot understand why $i < $cols is less operator? Shouldn't it be >= cause if it's less won't it miss a record?
Question 1. About 3/4 down the script: echo $x = ($i * $rows) + $j;
I do not understand what purpose this serves. I echoed the results and it's just scattered multiplication large numbers!
You'll see that im echoing out all kinds of data, just so I can see what's going on.
<?php $host = "localhost"; $user = "root"; $pass = ""; $db = "simple_mysql"; $cxn = mysqli_connect($host, $user, $pass, $db) or die("Could not connect to the server."); $query = "SELECT * FROM all_illinois"; $result = mysqli_query($cxn, $query) or die(mysqli_error()); $results = array(); while ($row = mysqli_fetch_assoc($result)) $results[] = $row; // output: Array echo $results . "<br />"; $cols = 3; // output: 3 echo $cols . "<br />"; $rows = ceil(count($results) / $cols); // output: 1300 echo(count($results)) . "<br />"; // output: 3 echo $cols . "<br />"; // output: 434 echo $rows . "<br />"; echo '<table style="text-align:left;margin-left:0px;width:500px;">' . "\n"; for ($j = 0; $j < $rows; $j++) { echo " <tr>\n"; for ($i = 0; $i < $cols; $i++) { echo $x = ($i * $rows) + $j; echo $i . "<br />"; if (isset($results[$x])) { $row = $results[$x]; echo $row . "<br />"; echo ' <td><a href="' . $row['state_id'] . '/' . $row['city_name'] . '">' . $row['city_name'] . "</a></td>\n"; } else { echo " <td></td>\n"; } } echo " </tr>\n"; } echo '</table>'; ?>Here is a smaller portion of table dump if it helps at all:
--
-- Table structure for table `all_illinois`
--
CREATE TABLE IF NOT EXISTS `all_illinois` (
`state_id` varchar(255) NOT NULL,
`city_name` varchar(255) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `all_illinois`
--
INSERT INTO `all_illinois` (`state_id`, `city_name`) VALUES
('135', 'Abingdon'),
('135', 'Adair'),
('135', 'Addieville'),
('135', 'Addison'),
('135', 'Adrian'),
('135', 'Akin'),
('135', 'Albany'),
('135', 'Albers'),
('135', 'Albion'),
('135', 'Alden'),
('135', 'Aledo'),
('135', 'Alexander'),
('135', 'Alexis'),
('135', 'Algonquin'),
('135', 'Alhambra'),
('135', 'Allendale'),
('135', 'Allerton'),
('135', 'Alma'),
('135', 'Alpha'),
('135', 'Alsey'),
('135', 'Alsip'),
('135', 'Altamont'),
('135', 'Alto Pass'),
('135', 'Alton'),
('135', 'Altona'),
('135', 'Alvin'),
('135', 'Amboy'),
('135', 'Anchor'),
('135', 'Ancona'),
('135', 'Andalusia'),
('135', 'Andover'),
('135', 'Anna'),
('135', 'Annapolis'),
('135', 'Annawan'),
('135', 'Antioch'),
('135', 'Apple River'),
('135', 'Arcola'),
('135', 'Arenzville'),
('135', 'Argenta'),
('135', 'Arlington'),
('135', 'Arlington Heights'),
('135', 'Armington'),
('135', 'Armstrong'),
('135', 'Aroma Park'),
('135', 'Arrowsmith'),
('135', 'Arthur'),
('135', 'Ashkum'),
('135', 'Ashland'),
('135', 'Ashley'),
('135', 'Ashmore'),
('135', 'Ashton'),
('135', 'Assumption'),
('135', 'Astoria'),
('135', 'Athens'),
('135', 'Atkinson'),
('135', 'Atlanta'),
('135', 'Atwater'),
('135', 'Atwood'),
('135', 'Auburn'),
('135', 'Augusta'),
('135', 'Aurora'),
('135', 'Ava'),
('135', 'Aviston'),
('135', 'Avon'),
('135', 'Baileyville'),
('135', 'Baldwin'),
('135', 'Bardolph'),
('135', 'Barnhill'),
('135', 'Barrington'),
('135', 'Barry'),
('135', 'Barstow'),
('135', 'Bartelso'),
('135', 'Bartlett'),
('135', 'Basco'),
('135', 'Batavia'),
('135', 'Batchtown'),
('135', 'Bath'),
('135', 'Baylis'),
('135', 'Beardstown'),
('135', 'Beason'),
('135', 'Beaverville'),
('135', 'Beckemeyer'),
('135', 'Bedford Park'),
('135', 'Beecher'),
('135', 'Beecher City'),
('135', 'Belknap'),
('135', 'Belle Rive'),
('135', 'Belleview'),
('135', 'Belleville'),
('135', 'Bellflower'),
('135', 'Bellmont'),
('135', 'Bellwood'),
('135', 'Belvidere'),
('135', 'Bement'),
('135', 'Benld'),
('135', 'Bensenville'),
('135', 'Benson'),
('135', 'Benton'),
('135', 'Berkeley'),
('135', 'Berwick');
Hijacking
in PHP Coding Help
Posted
mark SOLVED!