Jump to content

Search the Community

Showing results for tags 'ajoo'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (Dreamweaver, Zend, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

  1. Hi all ! The following piece of code, I believe , is supposed to hide the links when any of them is clicked. The links should reappear when the window is refreshed or reloaded. This however is not happening. Can someone please see the code and get it working. Also kindly explain the code action since I don't have much knowledge about JS or Jquery. The code: <?php //start the session session_start(); //set the attribute $_SESSION['hide'] = false; ?> <!DOCTYPE html> <html> <head> <script> //function to hide all class='test' elements function hide(h){ if(h){ $('.test').hide(); } else { $('.test').show(); } } /*do this always when page loads * verify with the value stored in session to hide or not the links */ window.onload = hide(<?php echo $_SESSION['hide']; ?>); //onready $(function() { //when link class='test' is clicked $('.test').click(function(){ //fadeOut or just $(this).hide(); $(this).hide(); //set the session to hide = true <?php $_SESSION['hide'] = true; ?> }); }); </script> </head> <body> <div class = "button"> <ul> <li> <a href="#" title="Link" class="test">I am link 1</a> </li> <li> <a href="#" title="Link" class="test">I am link 2</a> </li> <li> <a href="#" title="Link" class="test">I am link 3</a> </li> <li> <a href="#" title="Link" class="test">I am link 4</a> </li> </ul> </div> </body> </html> Thanks loads !
  2. Hi all ! While it is clear that the input in an input text box requires to be filtered or sanitized, yet it is not clear to me if and why would the input of a dropdown menu / checkboxes / radio require to be filtered or sanitized. Can someone tell me if these inputs require sanitization? if yes, can you please explain how these would pose a security threat if left un-sanitized. Thanks !
  3. Hi all ! I came across sec_session_start() function to start a secure session and I have used it. However I have come across so many comments on the usage of this function recently many of which suggest that this is quite useless, an overkill etc. etc. and that using Https is the best option and there too there are opinions that it has its own overheads and so on. So I would like to ask what purpose does this function serve? How good is it really? Should we use it or not? The most controversial part of this function seems to be the session_regenarate_id() which seems to create unwanted logouts and lost sessions. While this is apparently supposed to be used to prevent session hijacking or session fixation, I have again come across comments which say it is not advisable to use this function. Like it's of no use to deploy this function and should be avoided. Here is the function as I use it. function sec_session_start() { $session_name = 'sec_session_id'; $secure = false; // Set to true if using https. $httponly = true; ini_set('session.use_only_cookies', 1); $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); session_start(); // Start the php session session_regenerate_id(); // regenerated the session } And I use it on all the pages at the very top. It seems to work fine. I would be very happy to know the truth about this function and its usage. Thanks loads.
  4. Hi all, I have a networking issue. I'll define the problem. I have two computers home networked via a wifi modem cum router. One is a laptop with windows 7 and the other is a windows XP machine. The home network works fine. I am able to view the shared files of each of the computers from the other one. Now I have a xampp server running on the window 7 laptop as a localhost. The localhost runs just fine. I am able to access my local website from my laptop. However I want to use the windows XP machine to access the website being served by the windows 7 laptop via the home network. Windows7 laptop(server) ----- WindowsXP machine(client) ip4 add ----------------------------- ip4 add 192.168.2.107 --------------------- 192.168.2.107 Please can someone guide me on this. What all changes would I need to make in the configuration files and all such details. Thanks all
  5. Hi to all ! I would like to ask that :- 1. what is the best way to / or how to best test a multi-user login script. 2. The best way to test a multi user website that saves data from the users into a database. Are there any tools that can hep me in testing my work locally on a localhost before I move them out to a website. ? I have heard that testing routines can be written for such purposes to automate the testing. If so where should I begin to look for them? I have no idea at all about writing test routines / scripts. A tutorial , if any exists, would be a good place to start. Thanks very much.
  6. Hi to all gurus, Here is a small program in flash which calls values from PHP and displays them correctly. path = "http://localhost/xampp/nwjv/php/"; //declare path to php files lvOut = new LoadVars(); //create lv object sending variables OUT to php lvIn = new LoadVars(); //create lv object receiving variables IN from php lvIn.onLoad = function (success) { if(success) { //PHP variable value to textbox InVal = lvIn.returnVal; InTxt = lvIn.retVal; output.text = InVal; output1.text = InTxt; /* output1.text = "No Value"; if(InTxt == 'lo' ) { output1.text = "Low Value"; } if(InTxt == 'hi') { output1.text = "High Value"; } */ }else{ //...or notify of failure output.text = "fail"; } } myBtn.onRelease = function(){ //assign user-input value to lv property called years lvOut.years = years.text; //send to a blank window // lvOut.send(path + "dogyears_new1.php",lvIn,"GET"); lvOut.sendAndLoad(path + "dogyears_new1.php",lvIn,"GET"); }; And the simplest PHP code PHP Code: <?php$calculation = $_GET["years"]*2; if($calculation <=10 ) $retVal="lo"; if($calculation > 10) $retVal="hi"; echo "&returnVal=$calculation &retVal=$retVal" ;?> PHP returns two values which are collected by flash in variables InVal and InTxt. The values collected are correct and are displayed thus in the 2 output boxes. Now if i the commented out If then block is activated by removing the /* */ from around it and the program is run, clearly the if then blocks fail since the comparison of InTxt fails. It completely fails me why this is happening. While I can display the values correctly, I can't use them in conditional loops. I have even tried them in switch case statements with the same frustrating result. ( The output1.text remains equal to "No Value" when it should change to either "High Value " or "Low Value") Earlier I was using numbers and when that failed I tried to use strings since I thought that for some reason PHP returns everything as strings. Please note that the command typeof InTxt (not used in the above code) returns a String suggesting that InTxt is a string variable. But as can be seen, even the string comparison fails. Can someone please comment on this behavior and suggest a solution. Thanks loads all !
  7. Hi All , I have a small table with 4 fields namely Day_ID, Dues, Last_Visit, Points. where Day_ID is an auto-increment field. The table would be as follows: Day_ID -- Dues --- Last_Visit --- Points. 1 --------- 900 -------- 1/12 -------- 6 2 --------- 700 -------- 4/12 -------- 7 3 --------- 600 -------- 7/12 -------- 5 4 --------- 600 -------- 9/12 -------- 6 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 14/12 ------- 6 So this is the record of a person's visit to say a club. The last row indicates the last date of his visit to the club. His points on this date are 6. Based on this point value of 6 in the last row I want to retrieve all the previous BUT adjoining all records that have the same Points i.e. 6. So my query should retrieve for me, based on the column value of Points of the last row (i.e. Day_ID - 6 ), as follows: 4 --------- 600 -------- 9/12 -------- 6 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 14/12 ------- 6 This problem stated above had been completely resolved, thanks to a lot of help from Guru Barand by this following query :- $query = "SELECT cv.day_id, cv.dues, cv.last_visit, cv.points FROM clubvisit cv WHERE last_visit >= ( SELECT MAX(last_visit) FROM clubvisit WHERE points <> ( SELECT points as lastpoints FROM clubvisit JOIN ( SELECT MAX(last_visit) as last_visit FROM clubvisit ) as latest USING (last_visit) ) )"; I am using this and it works perfectly except that now there is a slight change in the table because the criteria for points is now dependent on more than one column cv.points and is more like cv.points1, cv.points2, cv.points3 etc. So now I need to make a selection based on each of these cv.points columns. As of now I can still get the results by running the query multiple times for each of the cv.points columns ( seperately for cv.points1, cv.points2, cv.points3) and it works correctly. However I am wondering if there is a better way to do this in just one go. This not only makes the code repetitive but also since the queries are interconnected, involves the use of transactions which I wish to avoid if possible. The values that I require for each of the cv.point columns is 1. day_id of the previous / old day on which the cv.points value changed from the current day value, and 2. cv.points on that old/ previous day. So for example if the table is as below: Day_ID -- Dues --- Last_Visit --- Points1 --- Points2. 1 --------- 900 -------- 1/12 ----------- 9 ------------ 5 2 --------- 600 -------- 4/12 ----------- 6 ------------ 6 3 --------- 400 -------- 7/12 ----------- 4 ------------ 7 4 --------- 500 -------- 9/12 ----------- 5 ------------ 8 5 --------- 600 -------- 10/12 ---------- 6 ------------ 8 6 --------- 600 -------- 11/12 ---------- 6 ------------ 8 7 --------- 600 -------- 13/12 ---------- 6 ------------ 7 8 --------- 500 -------- 15/12 ---------- 5 ------------ 7 9 --------- 500 -------- 19/12 ---------- 5 ------------ 7 Then I need the following set of values : 1. day_id1 -- Day 7, points1 ---- 6, days_diff1 -- (9-7 = 2) . // Difference between the latest day and day_id1 2. day_id2 -- Day 6, points2 ---- 8, days_diff2 -- (9-6 = 3) 3. day_id3 -- .... and so on for other points. Thanks all !
  8. Hi everybody. I use flash 8 and actionscript 2.0. I am trying to create a small program that needs communication between php / HTML and flash. I have found ( after much frustration and having wasted days on this ) that no matter what - if i make a change to my program and re publish the HTMl AND SWF files after I have deleted the old HTML and swf files , even then when i run the NEW PUBLISHED html / php file, the movie that runs is the old one. I have tried all that I know, like checking paths and stuff to ensure that everything is ok. I am unable to shed the chached old swf file and so the old movie continues to run. Is there any one who has encountered anything like this? Please help me. This is driving me nuts. Thanks loads in anticipation of a reply from the nerds on this !
  9. Hi, I upgraded my XAMPP to the version 1.8.3 (win32) recently. Apache failed to start and I got the following error Port 443 in use by ""D:\xampp\apache\bin\httpd.exe" -k runservice" with PID 1568! On checking this PID against the running processes I found that this was the service Apache 2.2 httpd.exe. This new version installed however is Apache2.4. So it seems that the old version is somehow conflicting with the new. How can I do so. I do not wish to change ports in config files. The last version worked seamlessly and this upgrade has caused this conflict. I do not wish to have a patchwork solution, instead I would like to remove the old httpd.exe from wherever I must and have the ports free for the new one. Thanks for any suggestions and help. Ajoo.
  10. Hi I am trying to split a form as shown in this simple code. I tried what I thought should work but obviously it is not working. This submits the first part of the form but does not go to the second part of the form. So First name, Last names and Age are submitted but email and cell are not and it throws a undefined index warning for those. Can someone please take a look at this and suggest if what I am trying to do can be accomplished using PHP. Thanks <?php if(isset($_POST['submit']) && $_POST['submit'] == 'Submit') { echo"<br> First Name = ".$_POST['fname']."<br>" ; echo"Last Name = ".$_POST['lname']."<br>" ; echo"Age = ".$_POST['age']."<br>" ; echo"Email = ".$_POST['email']."<br>" ; echo"Cell = ".$_POST['cell']."<br>" ; } ?> <html> <head> <title> WOW </title></head> <body> <table> <form id="form1" action = "splitform.php" method="post"> <th> TEST </th> <tr><td>First Name : </td> <td><Input type='text' name = 'fname'></td></tr> <tr><td>Last Name : </td> <td><Input type='text' name = 'lname'></td></tr> <tr><td>AGE : </td> <td><Input type='text' name = 'age'></td></tr> </form> <form id ="form1" action = "splitform.php" method="post"> <tr><td>Email : </td> <td><Input type='text' name = 'email'></td></tr> <tr><td>Cell: </td> <td><Input type='text' name = 'cell'></td></tr> </form> <tr><td><Input type="submit" name = "submit" value = "Submit" form = "form1"></tr></td> </table> </body> </html>
  11. Hi ! I am created this form - well it's more of a view and less of a form since the form part is only the check-boxes column and the rest is the data displayed from a database. But now I want to have this submitted with a SUBMIT button centered beneath the form after I have checked the required check boxes. I am unable to find a way to do this maybe simple task. Please help, unclubbed.php <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $db = 'testdb'; // CHANGE THIS TO ANY EXISTING DB ON PHPMYADMIN OR CREATE THIS DB FIRST IN PHPMYADMIN // $fcon = mysqli_connect($dbhost, $dbuser, $dbpass, $db); if(!$fcon ) { die('Could not connect: ' . mysql_error()); } // echo 'Connected successfully'; /* /////////// UNCOMMENT TO CREATE A TABLE IN A DATABASE NAMED testdb THEN COMMENT BACK ///////////// $sql = "CREATE TABLE member( mid INT NOT NULL AUTO_INCREMENT, name VARCHAR(20) NOT NULL, reg_date Date NOT NULL, email VARCHAR(30) NOT NULL, cell INT NOT NULL, status VARCHAR(2) NOT NULL, primary key ( mid ))"; if (mysqli_query($fcon,$sql)) { echo "Table member created successfully"; } else { echo "Error creating table: " . mysqli_error($con); } $query = "Insert into member (name, reg_date, email, status) VALUES ('John','1980-08-12','john@123.com','9878954323','cc')"; mysqli_query($fcon, $query); $query = "Insert into member (name, reg_date, email, status) VALUES ('Bill','1988-03-21','bill@123.com','9878900123','cc')"; mysqli_query($fcon, $query); $query = "Insert into member (name, reg_date, email, status) VALUES ('Jack','1990-05-18','jack@123.com','9878912300','cc')"; mysqli_query($fcon, $query); */ $check = true; $query = "SELECT * from member"; $result = mysqli_query($fcon, $query); if(isset($_POST['submit']) && $_POST['submit'] == 'Submit') { echo "<br> Member = ".$_POST['name']."<br>" ; echo "RegDate = ".$_POST['reg_date']."<br>" ; echo "Email = ".$_POST['email']."<br>" ; echo "Status = ".$_POST['status']."<br>" ; /// more code would go here once I have submitted the check box information successfully ///// } ?> <html> <head> <title> CLUB ADMIN </title></head> <body> <table> <?php echo "<table class = 'TFtable' border = 1 cellspacing =2 cellpadding = 5 >"; echo "<tr>"; echo "<th> S.No. </th>"; echo "<th> Member </th>"; echo "<th> Reg Date </th>"; echo "<th> Email </th>"; if($check == true) echo "<th> <Input type='checkbox' id='selecctall' /> All </th>"; else echo "<th> Status </th>"; echo "</tr>"; $cnt = 1; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $name = htmlspecialchars($row['name']); $reg_date = htmlspecialchars($row['reg_date']); $cell = htmlspecialchars($row['cell']); $email = htmlspecialchars($row['email']); $mid = htmlspecialchars($row['mid']); if($check == false) $status = htmlspecialchars($row['status']); echo "<tr>"; echo "<td>".$cnt++."</td>"; echo "<td>".$name."</td>"; echo "<td>".$reg_date. "</td>"; echo "<td>".$email. "</td>"; if($check == true) { echo "<form name = 'form1' action='unclubbed.php' method='post' > "; echo "<td align ='center'><Input type='hidden' name='mid' value=$mid> <Input class='checkbox1' type = 'checkbox' name='check[]' value='$mid'> </td>"; echo "</form>"; echo "</tr>"; } else echo "<td>".$status. "</td> </tr> "; } ?> </table> </body> </html> Thanks !
  12. Hi friends, Another security issue but this time its regarding outputting data from a DB to a browser. Please have a look at the code below which displays some output fetched from a DB and sends it to a browser. 1. If I just wish to display this output on a screen and not provide the user with any buttons or hyperlinks to interact with the information, would I still need to sanitize the output before echoing it to the screen ? 2. If I was to make at least one of the fields a hyperlink, so that I could then display some related information on another webpage, what security concerns would I need to address in my code? 3. If I was to add a button against each of these records, on each row, and then select some related information on another webpage after processing the button handler, what would be the security concerns that I should address for the code below. Thanks very much. <table> <tr> <th> S.No. </th> <th> Name </th> <th> Age </th> <th> City </th> <th> Cell </th> <th> Email</th> </tr> <?php $cnt = 1; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { echo "<tr>"; echo "<td>".$cnt++."</td>"; echo "<td>".$row['Name']. "</td>"; echo "<td>".$row['Age']. "</td>"; echo "<td>".$row['City']. "</td>"; echo "<td>".$row['Cell']. "</td>"; echo "<td>".$row['Email']. "</td>"; echo "</tr>"; } ?> </table>
  13. Hi ! Can someone take a look at this simple code which worked perfectly till I upgraded to php 5.5.11. Here in my code popo should be either late or great depending upon the variable value ( in this case Great ). It seems to be echoing out both !?? Please can someone point the error ? I seem to be missing it. Thanks ! <?php session_start(); $_SESSION['popo']="POPO"; ?> <html> <head> <title> DYN PAGE </title> <style> .wrapper{ width: 1000px; height: 600px; border: 1px solid #e1e1e1; margin: 10px auto 0 auto; } .header{ width: 1000px; height: 65px; font-size: 17px; font-width: bold; color: #fff; text-align: center; background: #717171; } .lowerheader{ width: 1000px; height: 60px; color: #fff; text-align: center; background: #919191; 'display: table; 'overflow: hidden; } </style> </head> <body> <div class = 'wrapper'> <div class = 'header'> <? if(isset($_SESSION['popo']) && $_SESSION['popo'] == "POPO"): ?> <h2><br> POPO IS GREAT </br></h2> <? else : ?> <h2><br> POPO IS LATE </br></h2> <? endif ; ?> </div> <div class = 'lowerheader'> <p> What ever it takes </P> </div> </div> </body> </html>
  14. Hi all, I am getting this Notice and I am unable to figure out why. Notice: Array to string conversion in D:\xampp\htdocs\xampp\MagicOn\functions\gen_functions.php on line 1084 Index.php calls the session start routine sec_session_start() which generates the error mentioned above. Line 1084 ( I have put the line number in the function against the line ) is indicated in the function sec_session_start() as the one which is calling session_start(). <?php //error_reporting(E_ALL & ~E_NOTICE); define('INCLUDE_CHECK',true); require 'loader.php'; sec_session_start(); $now = time(); . . . function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // 0, /, ''. session_name($session_name); // Sets the session name to the one set above. 1084 session_start(); // Start the php session session_regenerate_id(TRUE); // regenerated the session, delete the old one. } ?> Grateful for any help. Thanks.
  15. Hi, I am using transactions on a piece of code whose structure is somewhat like this if ( condition ) { mysqli_autocommit($fcon, false); if ( condition ) { $query " "; if ( condition ) { $query " "; if ( condition ) { $make = makeTable(); // where this is a function which creates a table and uses a query like INSERT into ... to create an entry in a table if ( $make == true) { $query " "; if ( condition ) { $query " "; } else else and so on ending all else. The problem is that the function call to makeTable prevents the roll back beyond that point. Please can someone tell me if and how it would be possible to roll back all the way to the defined starting point at the very beginning of the code block. Thanks all for any help, comments, suggestions.
  16. Hi all ! I wish to build a mysql query which is very simple. An example of the query I want is as follows: $query = "Select * FROM $table WHERE tables=1 OR tables=2 AND Member_status = 'D' "; The problem is that the conditions Where tables=1 or tables=2 can vary and i can have tables=3 , tables=4 etc. as well. So basically the OR condition is ramdom and must be constructed in a loop. I constructed a loop which stores the result in a variable $tablescnt. i.e. echo .$tablescnt; gives tables=1 OR tables=2 OR tables=3 and so on depending upon the loop iterations. However i don't know i am going to substitute this ($tablescnt) into $query above. I tried $query = "Select * FROM $table WHERE '$tablescnt' AND Member_status = 'D' "; where i hoped that $tablescnt would expand as desired. However it did not work. So any suggestions on how I may proceed would be very helpful. Thanks all for your time to check this out and help me.
  17. Hi to all ! While i await some reply to my earlier query, here's another one - a simpler one perhaps but it has me baffled. The following is the code I tested on phpfiddle and it works great. Gives the correct time difference in days. <?php $date1 =date_create("2013-12-07"); $date2 = date("Y-m-d"); $date2 = date_create("$date2"); echo "<br>"; $Gap = date_diff($date1, $date2); echo $Gap->format("%a days"); ?> However when i actually implement it on my localhost running version 5.3 of php i get the difference as a multiple of 6015. So if there is a 1 day difference, instead of getting 1, i get 6015. for 3 days i got 18045 which is 6015 * 3. I have tried but i am unable to figure it out. Any suggestions anyone. Thanks.
  18. Hi all ! I have been learning MySQL and the gurus have been so patient and helpful. So here are some more queries from a beginner. First is regarding the SQL query procedure from PHP. Every time a query is created and we have to go thru the following: ////////////////////////////////////////////////////////////////// query 1 query = "Select * from club"; $result = mysqli_query($link, $query); if ($result) { do whatever for a successful query; } else { display or log an error } ///////////////////////////////////////////////////////// query 2 query = "Update club SET visit = '2'; $result = mysqli_query($link, $query); if($result) ... So my first question is that if we are accessing the same Table , namely clubs, in the above example, then is it not possible to avoid repetitive steps. Can't both & more statements be processed at one go or must each and every query be checked for successful execution? Is there no way to send a group query and have it processed at one go. It would greatly reduce the coding size and therefore chances of errors. The second question is that if more than one person is accessing a database at the same time, trying to read or write into the tables, and there is a time clash, how will mysql handle it? Would it automatically queue the entries or would some of the entries be lost ? If the entries are lost, then how can this be prevented ? Thanks all the gurus for all the help so far and that which would ensue. Cheers !
  19. Hi I have this very simple averaging problem. Since I am almost a newbie with MySql, any help would be appreciated. I have a table which stores the results of a student's test conducted on a daily basis for 3 months. I want to record the average score after each 5 days. So the first average score should be calculated after 5 days have passed and then after every 5 days. So I should have 2 average scores after 10 days and 3 after 15 days and so on. How can I achieve this in Mysql. I want to use these average scores to display a graph. Ofcourse in general I would like it to calculate it for any n number of days. Thank you
  20. Hi all, I am developing an application that involves php and flash. Flash is on the server too in the form of swf file running inside an HTML page. I would like to know what security issues loom large with such applications. I would be happy if someone can come out with some known security issues and also point to some that could occur and should be looked into. I am using Flash 8.0 with actionscript 2.0. I am aware that swf can be disassembled. How easy is that and what can be done to prevent someone from doing so? The interaction of Flash and PHP occurs as follows: Once the client is logged in he can activate the flash movie page which is like a game. The game gets its stored values from a database so the flash connects to php and is fed from it the initialisation values for the movie to start. The movie plays and some values are generated during the game ( almost all integers & 1,2 dates). Once the game ends these values are stored back into the database by flash calling the php and POSTing data into the database through it (php). One question that i wanna ask is that since the program is generating the values, do i need to take the security measures on the posted data and validate and escape it before storing it into the Mysql database? Can these values also be intercepted by a malicious user and changed before the php stores them in the DB? Any knowledge on this that anyone here considers relevant is very welcome,. I would be happy for any and all responses on this issue from all the gurus here and thank you all in advance. Have a great day all !
  21. Hi guys !! If ever a guys was confused, I am today, having read sessions and security and realizing nothing is secure with sessions. There is no such thing as absolute security in sessions and login scripts. So today I read about about the common types of attacks - especially session fixing. This is what I could make ( I think I must have understood just about 15% of it ) out and I have some questions accordingly which I'll be glad to have sorted by the Gurus here !! 1. Sessions fixation involves there being a Session_ID stored either as cookie, sent as a URL or as a hidden field. The cookie being the most secure yet prone to maximum tampering. ( ironic - that's what the article said). Not withstanding the other hazards, I would like to question what if i designed a login session using only sessions and not involving any cookies or URL or hidden fields, how secure would that be against session fixation? I hope there's nothing stupid about that statement. I just want to know if that prevents session fixation. I think that's all I want to know for now and will come out with other questions as and when I proceed on this issue and read more. Thanks very much.
  22. Hi, searching for this very common question as in subject, I CAME ACROSS THE FOLLOWING QUESTION:- I have a php file which I will be using as exclusively as an include. Therefore I would like to throw an error instead of executing it when it's accessed directly by typing in the URL instead of being included. Basically I need to do a check as follows in the php file: if ( $REQUEST_URL == $URL_OF_CURRENT_PAGE ) die ("Direct access not premitted"); Is there an easy way to do this? AND THIS ANSWER:- The easiest way is to set some variable in the file that calls include, such as $including = true; Then in the file that's being included, check for the variable if (!$including) exit("direct access not permitted"); AND THESE COMMENTS:- 2 This is dangerous if register_globals is on. – jmucchiello Jan 3 '09 at 18:51 11 PHP is dangerous if register_globals is on. – David Precious Jan 3 '09 at 18:56 MY QUESTION IS that please can someone explain why and how this is a dangerous menthod and if it should be used or not. I have actually used this technique, There is a php file which is accessed as a hyperlink from the index file. When I use that link, it gives me an error saying that I cannot access that file directly. So does that mean that this technique won't work on hyperlinked files? If not then what is the best way to ensure that hyprelinked files are not accessed directly? Thanks a lot everyone on the forum.
  23. hi all, I am not sure if this is the best place for my query but I am sure I'll get the solution & the reply. I have attached a small zip file which contains files for a j-query slider login panel. I have not done anything much with it except may be tweak the css files a bit just for learning. However now when i run / load the demo.php in the browser, it works fine but when i press the login and register buttons on the slider panel, the panel distorts before the refresh and the distortion shows just for a second and then it comes back to the right place. I am not able to figure out how to remove this distortion. Can someone quickly unzip the files and try it out and take a look at the problem. Note: the distortion occurs not always but on one or two button presses of the Register button and sometimes with the login button. ( no form fields are to be filled at all) Just press the buttons. Just trying to learn, distort_demo.zip Thanks loads.
  24. Hi, Please can someone suggest if I need to connect to the database again and again if my main program calls subroutines which also need to connect to the SAME database or is there an alternative method by which I don't have to do this again and again. I read somewhere that connecting to the database time and again is a big waste of time resource. I'll also try and illustrate my problem ///////////////////////////// main.php ////////////// <?php mysqli_connect(host, user, pass, db) // makes a connection to a database DB get_field_1(); // a function in another file say functions.php ?> //////////////////// functions.php //////////// <? function get_field_1() { mysqli_connect(host, user, pass, db) mysqli_connect(...) get_field_2(); // calls another fucntion in functions.php return val1; } function get_field_2() { mysqli_connect(host, user, pass, db) mysqli_connect(...) return val2; } ?> //////////////// END /////////////////// Is there a way by which I can avoid calling the following two lines within each function? mysqli_connect(host, user, pass, db) mysqli_connect(...) In fact I would like to call it just once in main and not have to call it again and again. Thanks.
  25. Hello All ! I have been learning and doing at the same time. I came across a login design using J-query sliding panel, that i gratefully used. The rest of the query page was empty. Then I came across a tutorial on dynamic pages and so I thought it would be a good idea to put this dynamic page on the front of the login j-query page. I did so and it worked. When i use the J-query panel it worked fine. Then i implemented the dynamic pages and when i tried that out, the jquery panel vanished and the dynamic page appeared as a standalone website. Any ideas how I may retain my login and the dynamic page and let them work harmoniously together. Thanks all in advance.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.