a1ias

Many many thanks for the help. I've also discovered that if (preg_match('/[^a-zA-Z0-9]/', $checkthis)) works. Is there a big difference between either of them and, as any documentation I have on regex is sketchy to say the least, what do those delimiters actually represent, if I may ask?

Been playing with this since early this fine Sunday morning and have decided to turn to the pro's for a little pointer. The code I am having an issue with is as follows:- <?php $checkthis = 'a41$;wilsond'; if (preg_match('[^a-zA-Z0-9]', $checkthis)) { $checked = 'Bad String'; } else { $checked = 'Good String'; } echo $checked; ?> What I am expecting that snippet to do is check the variable $checkthis for alphanumeric characters only, and since it contains both a $ and a ; I expect $checked to be returned as 'Bad String', which appears not to be the case...doh! I have no doubt that I have made a simple beginners error, but am failing to understand why it does not work. Any pointers are greatly appreciated. a1ias

Well, after 4 years away from it, I've decided to rekindle my relationship with PHP, and it appears there have been some changes... Anyway, starting from the ground up with a simple login script, and beginning with the submission of a login form and the validation thereof, I have come across my first 'this used to work I'm sure of it'....so here goes my snippet if (isset($_POST['Login'])) { // Has the button been pressed, still seems straightforward if (!isset($_POST['username']) || !isset($_POST['password'])) die('Found blank fields']); // Uh oh! This no longer works, PHP skips straight over it. if (!$_POST['username']) | (!$_POST['password']) die('Found blank fields'); // And nor does this. // I CAN get this to work but for some reason it doesn't feel like the best solution. if ($_POST['username'] == "") || ($_POST['password'] == "") die('Found blank fields'); So, just to save my sanity, the top 2 form field checks did used to work didn't they? And is the 3rd option the best way to vaildate field entry? I really need to buy myself an up-to-date PHP/mySQL book so if anyone can recommend one I would be most grateful. Many thanks in advance.. a1ias

forget to mention that the fetchmode has been set to (DB_FETCHMODE_ASSOC) in the config files.

Hi all I'm learning the PEAR db classes for querying mySQL databases and not far into the subject, I've hit a snag. A simple variation of my code is as follows: [code] <?php /* include the config files up here */ $sel = $database_1->query("select email from users where field = '$value'"); // users table is made up of id,username,email,age list($email) = $sel->fetchRow(); echo $email; ?> [/code] The above gives me the follwing error: [i] Notice: Undefined offset: 0 in .....path_to\getmail.php on line *[/i] Can any of the pros advise of the issue? Thanks in advance a1ias

try running this: [code] <?php if (isset($_POST['sendit'])) {     $to = "*****@emailaddy.com!"; //Change to your email     $subject = "Test Email";     $message = "Hello, this is a test email.";     $headers = "From: someone@somewhere.com";     mail($to,$subject,$message,$headers);     echo "Mail sent, check your inbox";     exit; } else { ?> <form  method="post" action="<?php $_SERVER['PHP_SELF']; ?>"> <input type="submit" name="sendit" value="Send It" /> </form> <?php } ?> [/code] If that works, your mail setup is fine.

[!--quoteo(post=388578:date=Jun 27 2006, 06:44 PM:name=justinphp)--][div class=\'quotetop\']QUOTE(justinphp @ Jun 27 2006, 06:44 PM) [snapback]388578[/snapback][/div][div class=\'quotemain\'][!--quotec--] Do I need anything at the beginning of the next page to reference these variables? [/quote] just session_start(); personally I would create friendly variables on the new page like: $eid = $_SESSION['EID']; $sid = $_SESSION['SID']; (usually at the beginning)

Solved this by building the string using the foreach loop: [code]foreach($myarray as $key => $value) { $body .= "$key - $value,"; } echo $body;[/code]

Hi guys I have an associative array e.g. [!--coloro:blue--][span style=\"color:blue\"][!--/coloro--]Array( [item1] => 4 [item2] => 3 [item3] => 6 )[!--colorc--][/span][!--/colorc--] I'm trying to convert that array to a string format; something like: "item1 - 4, item2 - 3, item3 - 6" and then assign that string to a variable to be used in a mail() $body for example. I believe it should/can be done using the explode() function but I've tried for a couple hours now without success so I've decided to ask the pro's :) Could anyone give me a hint or a method on the easiest/most efficient way to do this? Many thanks in advance a1ias

Many thanks for that, completely understand now. The "putmein" will be replaced with an item listed in a database, and each time the user clicks the item id it is added to the array and displayed in a shopping cart which will need to be refreshed after each click, hence the need for the page refresh. I guess sticking with the $_SESSION makes sense now then :)

A fairly simple question (I hope) about variable scope. The following script, I would have expected, would insert "putmein" into the array named $myarray each time it was clicked on. The result of clicking 3 times, I thought would be an output of: [!--coloro:blue--][span style=\"color:blue\"][!--/coloro--]Array ( [0] => putmein, [1] => putmein, [2] => putmein )[!--colorc--][/span][!--/colorc--] [code] <?php if(isset($_GET[id])) {     $id = $_GET[id];     $myarray[] = $id; } echo "<a href=".$_SERVER[PHP_SELF]."?id=putmein>click</a><br />"; print_r($myarray); ?> [/code] Unfortunately, as there is an issue with scope I assume? the result is: [!--coloro:blue--][span style=\"color:blue\"][!--/coloro--]Array ( [0] => putmein)[!--colorc--][/span][!--/colorc--] To be able to get the result I expected, I have to make the following adjustment to the code: [code] <?php session_start(); if(isset($_GET[id])) {     $id = $_GET[id];     $_SESSION[myarray][] = $id; } echo "<a href=".$_SERVER[PHP_SELF]."?id=putmein>click</a><br />"; print_r($_SESSION[myarray]); ?> [/code] What I would like to know, is it possible to get the desired result without reverting to using $_SESSION(s). I have tried declaring $myarray as a global variable at the beginning of the script but it has no effect at all. Your advice is welcomed :) Regards

Thankyou for that. Thinking about increasing security against that then, I guess I could implement pulling the sender IP address and restricting that ip address from being able to send the form again within a specified time limit; or even write the ip to a session variable and restrict posting from the same ip twice in one session.

OK The whole code for the kind of page would look like this: [code] <?php if(isset($_POST[send])) {     $to = "postmaster@server.com";     $subject = "$_POST[subject]";     $body = "$_POST[message]";     $headers = "From: $_POST[email]";     function is_valid_email($email) {          return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);      }      if (!is_valid_email($email)) {          echo 'Invalid email submitted - mail not being sent.';          exit;      }     if($_SERVER['REQUEST_METHOD'] != "POST") {         echo("Unauthorized attempt to access page.");         exit;     }     function contains_bad_str($str_to_test) {         $bad_strings = array("content-type:","mime-version:","multipart/mixed","Content-Transfer-Encoding:","bcc:","cc:","to:");         foreach($bad_strings as $bad_string) {             if(eregi($bad_string, strtolower($str_to_test))) {                 echo "$bad_string found. Suspected injection attempt - mail not being sent.";                 exit;             }         }     }         function contains_newlines($str_to_test) {             if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {                 echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";                 exit;             }         }     contains_bad_str($email);     contains_bad_str($subject);     contains_bad_str($body);     contains_newlines($email);     contains_newlines($subject);     mail("$to,$subject,$body,$headers");     echo "Thanks for your email";     exit; } ?> <html> <head> **Head stuff in here** </head> <body> <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> Your Email:<input type="text" name="email" /> Subject:</td><input type="text" name="subject" /> Message:</td><input type="text" name="message" /> <input type="submit" name="send" value="Send Email" /> </form> </body> </html>[/code] And my question is basically, how safe is the email address [!--coloro:red--][span style=\"color:red\"][!--/coloro--]postmaster@server.com[!--colorc--][/span][!--/colorc--] in the above live webpage?

Hello Having only recently begun learning PHP and mySQL (self teaching) I would consider myself to be a 'beginner' even though I have already written scripts for friends which they have found to be invaluable. I'm a pretty quick learner and really enjoying working with PHP, I get a great deal of satisfaction from the end result of many hours of writing and troubleshooting. It's also nice to find that a place like PHP Freaks exist, from what I've read so far it's a great community atmosphere where helping each other is not a burden for anyone. What I'm in the process of at the moment, is going back over the scripts I've already written, and improving them from a security point of view. The advice I am here for today is with regards to the mail() feature. I have several mail() functions in my code that requires me to assign an email address to the $to variable; something I do by simply including the email in the code of the page, e.g. [code] if(isset($_POST[send_email])) {     $to = "name@emailaddress.com";     $subject = "$_POST[subject]";     $body = "$_POST[message]";     $headers = "From: $_POST[email]";     mail("$to,$subject,$body,$headers"); }[/code] Now I can't help but worry that including the email address of the mail recipient in the code of the page is blatantly dangerous as far as attracting mail hijackers goes so I'd appreciate any kind of security advice you could give me with regard to this. At the moment, I am calling my whole mail() script as an actual function in a require_once() file, e.g. the above would look like.... [b]main_file.php[/b] [code] require_once('funcs.php'); if(isset($_POST[send_email])) {     send_the_mail(); }[/code] [b]funcs.php[/b] [code] function send_the_mail() {     $to = "name@emailaddress.com";     $subject = "$_POST[subject]";     $body = "$_POST[message]";     $headers = "From: $_POST[email]";     mail("$to,$subject,$body,$headers");     return; }[/code] ....but I'm guessing that this has little effect from a security point of view. Anyway, over to the pro's, and many thanks in advance for your help. P.S. I have the facility of a mySQL db on my host.

Thanks for the responses guys, I'll play around and let you know the result as soon as my server is back up :/ I did actually try the tabindex, but I think that it quite literally works only in conjunction with tabbing between buttons. However, I'll see what happens later :)