Jump to content

function include help?

darkfreaks

By darkfreaks
in PHP Coding Help

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

ok im trying to include a function into a script. the scriptuses $_REQUEST instead of $_POST

 

so i end up  including the functions pagethen doing something like

 

 

FUNCTION NAME($_REQUEST[variable])

 

even though thecode is right i get error: can not return function ????

 

any ideas?

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

ok here is the function:

 

<?php

function RemoveXSS($val) { 
   // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed 
   // this prevents some character re-spacing such as <java\0script> 
   // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs 
   $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); 
    
   // straight replacements, the user should never need these since they're normal characters 
   // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> 
   $search = 'abcdefghijklmnopqrstuvwxyz'; 
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; 
   $search .= '1234567890!@#$%^&*()'; 
   $search .= '~`";:?+/={}[]-_|\'\\'; 
   for ($i = 0; $i < strlen($search); $i++) { 
      // ;? matches the ;, which is optional 
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
    
      // &#x0040 @ search for the hex values 
      $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; 
      // &#00064 @ 0{0,7} matches '0' zero to seven times 
      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; 
   } 
    
   // now the only remaining whitespace attacks are \t, \n, and \r 
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); 
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); 
   $ra = array_merge($ra1, $ra2); 
    
   $found = true; // keep replacing as long as the previous round replaced something 
   while ($found == true) { 
      $val_before = $val; 
      for ($i = 0; $i < sizeof($ra); $i++) { 
         $pattern = '/'; 
         for ($j = 0; $j < strlen($ra[$i]); $j++) { 
            if ($j > 0) { 
               $pattern .= '('; 
               $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; 
               $pattern .= '|(&#0{0,8}([9][10][13]);?)?'; 
               $pattern .= ')?'; 
            } 
            $pattern .= $ra[$i][$j]; 
         } 
         $pattern .= '/i'; 
         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag 
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags 
         if ($val_before == $val) { 
            // no replacements were made, so exit the loop 
            $found = false; 
         } 
      } 
   } 
   return $val; 
} 

?>

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364904
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

for some reason  it isnt returning the value or $val

 

if you look in the function it is sposed to do that. but it is saying it cant?

 

oddly

 

on my other script which uses $_POST it works fine when i do RemoveXSS($comment);

 

which comment is $comment= $_POST[comment];

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364927
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

the problem is my script looks like this:

 

 

<?
## v5.24 -> may. 10, 2006
session_start();
include_once ("config/config.php");

include ("themes/".$setts['default_theme']."/header.php");


if ($_GET['start'] == "") $start = 0;
else $start = $_GET['start'];
$limit = 20;
if ($_GET['view'] == "") $view = "all";
else $view = $_GET['view'];

$additionalVars = ("&owner=".$_GET['owner']."&auction=".$_GET['auction']);

$a_month = 60*60*24*30;
$time_month = time() - 60*60*24*30;
$date_month = date("Y-m-d H:i:s",$time_month);

header5("$lang[viewfeedback]");
?>

<table width="100%" border="0" cellspacing="2" cellpadding="2">
   <tr>
      <td valign="top"><table width="100%" border="0" cellpadding="2" cellspacing="1">
            <tr height="30">
               <td><b>
                  <?
					echo $lang[feedbackfor]." ";
					echo getSqlField("SELECT username FROM probid_users WHERE id='".$_GET['owner']."'","username")." ";
					echo getFeedback($_GET['owner']); 
					$sellerDetails = getSqlRow("SELECT * FROM probid_users WHERE id='".$_GET['owner']."'");

					?>
                  </b></td>
            </tr>
            <tr class="c5">
               <td><img src="themes/<?=$setts['default_theme'];?>/img/pixel.gif" width="1" height="1"></td>
            </tr>
            <tr class="c2">
               <td><? if ($sellerDetails['regdate']!=0) echo $lang[regsince]." ".date(substr($setts['date_format'],0,7),$sellerDetails['regdate'])." in the ".$sellerDetails['country']; ?></td>
            </tr>
         </table>
         <table width="100%" border="0" cellspacing="2" cellpadding="2">
            <tr class="c2">
               <td><strong>
                  <?=$lang[total_feedback];?>
                  </strong></td>
               <td nowrap><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND submitted=1"); ?></td>
            </tr>
            <tr class="c3">
               <td width="100%"><strong>
                  <?=$lang[positive_feedback];?>
                  </strong></td>
               <td nowrap><? echo calcFeedback($_GET['owner']);?></td>
            </tr>
         </table>
         <table width="100%" border="0" cellspacing="1" cellpadding="2" class="contentfont border">
            <tr class="c2">
               <td><a href="otheritems.php?owner=<?=$_GET['owner'];?>"><img src="themes/<?=$setts['default_theme'];?>/img/system/ma_bidding.gif" border="0" align="absmiddle" hspace="3"><strong>
                  <?=$lang[view_my_auction];?>
                  </strong></a></td>
               <td><?
					$shopDets = getSqlRow("SELECT aboutpage_type, store_active, store_name FROM probid_users WHERE id='".$_GET['owner']."'");
					if ($shopDets['aboutpage_type']==2&&$shopDets['store_active']==1) { ?>
                  <a href="<?=processLink('shop', array('store' => $shopDets['store_name'], 'userid' => $_GET['owner'])); ?>"><img src="themes/<?=$setts['default_theme'];?>/img/system/ma_store.gif" border="0" align="absmiddle" hspace="3"><strong>
                  <?=$lang[view_my_store]?>
                  </strong></a>
                  <? } ?></td>
            </tr>
         </table></td>
      <td width="55%" valign="top"><table width="100%" border="0" cellspacing="2" cellpadding="2" class="border">
            <tr class="c1">
               <td colspan="6" align="center"><?=$lang[recent_ratings];?></td>
            </tr>
            <tr class="c4">
               <td align="center"> </td>
               <td align="center" class="positive"><img src="images/5stars.gif" hspace="3"></td>
               <td align="center" class="positive"><img src="images/4stars.gif" hspace="3"></td>
               <td align="center" class="neutral"><img src="images/3stars.gif" hspace="3"></td>
               <td align="center" class="negative"><img src="images/2stars.gif" hspace="3"></td>
               <td align="center" class="negative"><img src="images/1stars.gif" hspace="3"></td>
            </tr>
            <?
			$one_month = date("Y-m-d H:i:s",time()-($a_month*1));
			$six_months = date("Y-m-d H:i:s",time()-($a_month*6));
			$twelwe_months = date("Y-m-d H:i:s",time()-($a_month*12));
			?>
            <tr class="c2">
               <td align="center" width="25%"><?=$lang[rate_1_month];?></td>
               <td align="center" width="15%" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$one_month' AND submitted=1 AND rate=5"); ?></td>
               <td align="center" width="15%" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$one_month' AND submitted=1 AND rate=4"); ?></td>
               <td align="center" width="15%" class="neutral"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$one_month' AND submitted=1 AND rate=3"); ?></td>
               <td align="center" width="15%" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$one_month' AND submitted=1 AND rate=2"); ?></td>
               <td align="center" width="15%" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$one_month' AND submitted=1 AND rate=1"); ?></td>
            </tr>
            <tr class="c3">
               <td align="center"><?=$lang[rate_6_month];?></td>
               <td align="center" width="15%" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$six_months' AND submitted=1 AND rate=5"); ?></td>
               <td align="center" width="15%" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$six_months' AND submitted=1 AND rate=4"); ?></td>
               <td align="center" width="15%" class="neutral"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$six_months' AND submitted=1 AND rate=3"); ?></td>
               <td align="center" width="15%" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$six_months' AND submitted=1 AND rate=2"); ?></td>
               <td align="center" width="15%" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$six_months' AND submitted=1 AND rate=1"); ?></td>
            </tr>
            <tr class="c2">
               <td align="center"><?=$lang[rate_12_month];?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$twelwe_months' AND submitted=1 AND rate=5"); ?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$twelwe_months' AND submitted=1 AND rate=4"); ?></td>
               <td align="center" class="neutral"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$twelwe_months' AND submitted=1 AND rate=3"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$twelwe_months' AND submitted=1 AND rate=2"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND date>='$twelwe_months' AND submitted=1 AND rate=1"); ?></td>
            </tr>
            <tr class="c5">
               <td colspan="6" align="center"><img src="themes/<?=$setts['default_theme'];?>/img/pixel.gif" width="1" height="1"></td>
            </tr>
            <tr class="c3">
               <td align="center"><?=$lang[rating_as_seller];?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='sale' AND submitted=1 AND rate=5"); ?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='sale' AND submitted=1 AND rate=4"); ?></td>
               <td align="center" class="neutral"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='sale' AND submitted=1 AND rate=3"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='sale' AND submitted=1 AND rate=2"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='sale' AND submitted=1 AND rate=1"); ?></td>
            </tr>
            <tr class="c3">
               <td align="center"><?=$lang[rating_as_buyer];?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='purchase' AND submitted=1 AND rate=5"); ?></td>
               <td align="center" class="positive"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='purchase' AND submitted=1 AND rate=4"); ?></td>
               <td align="center" class="neutral"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='purchase' AND submitted=1 AND rate=3"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='purchase' AND submitted=1 AND rate=2"); ?></td>
               <td align="center" class="negative"><? echo getSqlNumber("SELECT userid FROM probid_feedbacks WHERE userid='".$_GET['owner']."' AND type='purchase' AND submitted=1 AND rate=1"); ?></td>
            </tr>
         </table></td>
   </tr>
</table>
<br>
<?
if ($fb_type=="sale") echo $lang[sale];
else echo $lang[purchase];

if ($view=="all") $searchPattern = " userid='".$_GET['owner']."' ";
else if ($view=="positive") $searchPattern = " userid='".$_GET['owner']."' AND rate>3 ";
else if ($view=="neutral") $searchPattern = " userid='".$_GET['owner']."' AND rate=3 ";
else if ($view=="negative") $searchPattern = " userid='".$_GET['owner']."' AND rate<3 ";
else if ($view=="frombuyers") $searchPattern = " userid='".$_GET['owner']."' AND type='sale' ";
else if ($view=="fromsellers") $searchPattern = " userid='".$_GET['owner']."' AND type='purchase' ";
else if ($view=="left") $searchPattern = " fromid='".$_GET['owner']."' ";

$getFeedbacks = mysql_query("SELECT * FROM probid_feedbacks 
WHERE ".$searchPattern." AND submitted=1 ORDER BY date DESC LIMIT ".$start.",".$limit) or die(mysql_error());
$totFbs = getSqlNumber("SELECT * FROM probid_feedbacks 
WHERE ".$searchPattern." AND submitted=1");
?>
<table width="100%" border="0" cellspacing="2" cellpadding="2" class="contentfont">
   <tr align="center" height="21">
      <td class="<? if ($view=="all") { echo "c1"; } else { echo "c4";} ?>"><? echo "<a href=\"viewfeedback.php?view=all&start=".$start."$additionalVars\">".$lang[all_ratings]."</a>"; ?></td>
      <td class="<? if ($view=="frombuyers") { echo "c1"; } else { echo "c4";} ?>"><? echo "<a href=\"viewfeedback.php?view=frombuyers&start=".$start."$additionalVars\">".$lang[from_buyers]."</a>";?></td>
      <td class="<? if ($view=="fromsellers") { echo "c1"; } else { echo "c4";} ?>"><? echo "<a href=\"viewfeedback.php?view=fromsellers&start=".$start."$additionalVars\">".$lang[from_sellers]."</a>";?></td>
      <td class="<? if ($view=="left") { echo "c1"; } else { echo "c4";} ?>"><? echo "<a href=\"viewfeedback.php?view=left&start=".$start."$additionalVars\">".$lang[left_for_others]."</a>";?></td>
   </tr>
   <tr>
      <td colspan="7" class="c5"><img src="themes/<?=$setts['default_theme'];?>/img/pixel.gif" width="1" height="1"></td>
   </tr>
</table>
<table width="100%" border="0" cellspacing="2" cellpadding="4" class="contentfont">
   <? while ($fb = mysql_fetch_array($getFeedbacks)) { 
  	$fromId = ($view=="left") ? $fb['userid'] : $fb['fromid'];
  	?>
   <tr class="<? echo (($count++)%2==0)?"c2":"c3";?>">
      <td><?	
$isCRF = getSqlNumber("SELECT id FROM probid_custom_rep WHERE active=1");
echo showFeedback($fb['rate'])."
| <strong>$lang[date]</strong>: ".displaydatetime($fb['date'],$setts['date_format'])."
| <strong>$lang[type]</strong>: ".$fb['type']."
| <strong>".(($view=="left") ? $lang[to] : $lang[from])."</strong>: <a href=\"viewfeedback.php?owner=".$fromId."&auction=".$_REQUEST['auction']."\">".getSqlField("SELECT username FROM probid_users WHERE id='".$fromId."'","username")." ".getFeedback($fromId)."</a>
| <strong>$lang[item]</strong>: <a href=\"".processLink('auctiondetails', array('id' => $fb['auctionid']))."\">".$fb['auctionid']."</a> 
".(($isCRF) ? " | [ <strong><a href=\"javascript://\" onclick=\"popUp('repdetails.php?fbid=".$fb['id']."');\">$lang[details]</a></strong> ]":"")."
<br>".$fb['feedback'];
?></td>
   </tr>
   <? } ?>
   <tr>
      <td colspan="7" class="contentfont c4" align="center"><? paginate($start,$limit,$totFbs,"viewfeedback.php","&view=$view".$additionalVars);?></td>
   </tr>
</table>
<? 
if ($_GET['auction']!=0) { 
echo "<br><div align=\"center\" class=\"contentfont\">\n";
echo "<a href=\"".processLink('auctiondetails', array('id' => $_GET['auction']))."\">$lang[retdetailspage]</a></div>";
}
include ("themes/".$setts['default_theme']."/footer.php"); ?>

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364934
Share on other sites
rlindauer Newbie

rlindauer

Posted
Posted

It's working just fine for me. Using the function you posted and your example, it prints out just fine with no errors.

 

What version of PHP are you using?

 

Also, I can't quite grasp why you are passing an entire query string to the function, instead of just the value you need from the query string, ie: $owner= RemoveXSS($_GET['owner']);

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364951
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted 

<?php

include_once ("functions.php");
$owner= RemoveXSS($_GET['owner']);
$auction=RemoveXSS($_GET['auction']);?>

 

 

would this even work just defining variables then not calling them in the script? because right now everything is just $_REQUEST['auction'] setup like that instead of $auction

 

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364954
Share on other sites
rlindauer Newbie

rlindauer

Posted
Posted

Please post the exact error as you receive it. And if you could post the line the error is at, plus a few above and below, that would help.

 

The test you did above worked right?

<?php

include_once ("functions.php");
$owner= RemoveXSS($_GET['owner']);
$auction=RemoveXSS($_GET['auction']);?>

This produced no errors right?

 

Link to comment
https://forums.phpfreaks.com/topic/72358-function-include-help/#findComment-364963
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.