I've just launced a site and members sign up and create profile pages. We are discovering if they type the "&" symbol and/or other symbols like "<" it results in a catchable fatel error when you try to go to that members profile page.
Please Help!
bucktaylor
0
Newbie Poster
Recommended Answers
Jump to PostCan you post a code sample of the page
Jump to PostAn ampersand will definitely cause problems in the value of a node in XML. So will < and > etc. modify the script to translate those characters to their character references & > etc etc.
Jump to Postcan you post the full page codes because i dont think the error is on that page
Jump to Postcopy and paste the page that is coming from. the page where the users are typing the symbol
All 13 Replies
ApocDen
0
Junior Poster
Can you post a code sample of the page
bucktaylor
0
Newbie Poster
Where would the problem most likely be? I ask because there's the php page where the member types and submits thier bio, there's a different php page that displayes the bio, and there's xml pages that are handeling all the transfering.
I'll include a part of the code I think may be the problem and I'll include the site link below for your referance.
Public profile php:
//wrap profile summary
if(strlen($dtrData["summary"]) > 100){
$dtrData["summary"] = wordwrap($dtrData["summary"], 100, "<br />", true);
}
Footprint::$Page->GetNodesByDataSet("label", "summary")->SetInnerHTML(Codec::HTMLEncode(str_replace(array("<br>", "<br />", "</br>"), "\n", $dtrData["summary"])));html being included in php:
<div class="artistBio"><span style="font-size:24px; color:#21242c; font-weight:bold;">About <span data-label="name_artist">name_artist</span></span>
<pre data-label="summary">summary</pre></div>xml code:
<command id="get-profile-data">
SELECT
account.id AS account_id,
account.fk_user_id,
account.name_first,
account.name_last,
account.name_artist,
account.country,
account.summary
</command>The site is www.bumpitordumpit.com, if you click on the members link to go to the member directory then scroll down or do a search for "Sentinel". Click on the members picture and you will see the errar that we are getting. Not all of the profiles are doing this... I even noticed one a few minutes ago that had a "&" symbol in the bio and it was fine, so now I don't know what the problem is.
Thank you for any help you can give.
bucktaylor
0
Newbie Poster
Can you post a code sample of the page
Sorry didn't reply to you directly but I just posted some code and stuff to look at.
Thanks
mschroeder
251
Bestower of Knowledge
Team Colleague
An ampersand will definitely cause problems in the value of a node in XML. So will < and > etc. modify the script to translate those characters to their character references & > etc etc.
ApocDen
0
Junior Poster
can you post the full page codes because i dont think the error is on that page
bucktaylor
0
Newbie Poster
can you post the full page codes because i dont think the error is on that page
How do I do that? just copy all the code here? Which page do you want to see... or do you mean all of them?
ApocDen
0
Junior Poster
copy and paste the page that is coming from. the page where the users are typing the symbol
bucktaylor
0
Newbie Poster
copy and paste the page that is coming from. the page where the users are typing the symbol
Ok, here it is. Also, i have another php file that has xmlencoding and stuff on it. I've pasted that below this first section
php code:
<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
//--> Begin :: Page
//open database
Footprint::$DB->Open();
//require session
Footprint::$User->RequireSession();
//require account session
Extension::$Account->RequireSession();
//require permission
Footprint::$User->ContinueOrDenyPermission("1022");
//get page template
Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath);
//set login link
Extension::$System->LoginLink();
//get query data
$inpPage = Footprint::$Request->Input("page", "1");
$inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20");
//get form data
$inpAction = Footprint::$Request->Input("action");
$inpUsername = Footprint::$Request->Input("username");
$inpEmail = Footprint::$Request->Input("email");
$inpPassword = Footprint::$Request->Input("password");
$inpPasswordConfirm = Footprint::$Request->Input("password_confirm");
$inpNameArtist = Footprint::$Request->Input("name_artist");
$inpNameFirst = Footprint::$Request->Input("name_first");
$inpNameLast = Footprint::$Request->Input("name_last");
$inpSummary = Footprint::$Request->Input("summary");
$inpSex = Footprint::$Request->Input("sex");
$inpAge = Footprint::$Request->Input("age");
$inpCountry = Footprint::$Request->Input("country");
//$inpZip = Footprint::$Request->Input("zip");
//get listing photo input data
$inpLabel = Footprint::$Request->Input("label");
$inpPhotoID = Footprint::$Request->Input("account_photo_id");
//validate data
if($inpAction == "Update") {
if($inpUsername == "") {
Footprint::$Errors->Add("Please supply a username.");
}
else {
if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) {
Footprint::$Errors->Add("That username is not available.");
}
}
if($inpEmail == "") {
Footprint::$Errors->Add("Please supply an email address.");
}
else {
if(!DataValidator::IsValidEmail($inpEmail)) {
Footprint::$Errors->Add("Please supply a valid email address.");
}
else {
if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) {
Footprint::$Errors->Add("That email address is not available.");
}
}
}
if($inpPassword == "") {
//do nothing
}
else {
if($inpPasswordConfirm == "") {
Footprint::$Errors->Add("You must also confirm the password.");
}
if($inpPassword != "" && $inpPasswordConfirm != "") {
if($inpPassword != $inpPasswordConfirm) {
Footprint::$Errors->Add("Your passwords you entered did not match.");
}
}
}
if($inpNameFirst == "") {
Footprint::$Errors->Add("Please supply your first name.");
}
if($inpNameLast == "") {
Footprint::$Errors->Add("Please supply your last name.");
}
if($inpSex == "") {
Footprint::$Errors->Add("Please supply your sex.");
}
if($inpAge == "") {
Footprint::$Errors->Add("Please supply your age.");
}
if(!DataValidator::IsInt($inpAge)){
Footprint::$Errors->Add("Please supply your age.");
}
if($inpCountry == "") {
Footprint::$Errors->Add("Please supply your country.");
}
//if($inpZip == "") {
//Footprint::$Errors->Add("Please supply your zip code.");
//}
}
if($inpAction == "Upload") {
if(Footprint::$Request->File("file") == null){
Footprint::$Errors->Add("Please supply photo to upload.");
}
}
//check for action
if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") {
//update user
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%username%", $inpUsername);
Footprint::$DB->SQLKey("%email%", $inpEmail);
Footprint::$DB->SQLKey("%password%", $inpPassword);
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->ExecuteNonQuery();
//update account
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%name_first%", $inpNameFirst);
Footprint::$DB->SQLKey("%name_last%", $inpNameLast);
Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist);
Footprint::$DB->SQLKey("%summary%", $inpSummary);
Footprint::$DB->SQLKey("%sex%", $inpSex);
Footprint::$DB->SQLKey("%age%", $inpAge);
Footprint::$DB->SQLKey("%country%", $inpCountry);
//Footprint::$DB->SQLKey("%zip%", $inpZip);
Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id"));
Footprint::$DB->ExecuteNonQuery();
//notify user
Footprint::$Notices->Add("Your account has been updated.");
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Upload") {
//prepare destination path
$ImagesDirectory = Footprint::FilePath("_MEDIA/photos/");
$FileInfo = pathinfo(Footprint::$Request->File("file")->FileName);
$FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]);
$FullSavePath = $ImagesDirectory . $FileName;
chmod($ImagesDirectory, 0755);
//save file
Footprint::$Request->File("file")->SaveAs($FullSavePath);
//create new listing photo
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel));
Footprint::$DB->SQLKey("%filename%", $FileName);
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
Footprint::$Response->Finalize();
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Delete Photo") {
//get current data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
$FileName = Footprint::$DB->GetDataString();
//delete file
unlink(Footprint::FilePath("_MEDIA/photos/". $FileName));
//delete listing photo
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
Footprint::$Response->Finalize();
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Delete Account") {
//set user id to inactive
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php");
Footprint::$Response->Finalize();
}
//end check for action
//get data
//setup data pager
Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage;
Footprint::$DataPager->CurrentPage = $inpPage;
//start timer
Footprint::$Timer->Start();
//get data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1));
Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage);
$tblData = Footprint::$DB->GetDataTable();
//stop timer
Footprint::$Timer->Stop();
//get total record count
Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows();
//end get data
//data results
//get blank chunk
$BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk();
//build results
for($i = 0 ; $i < count($tblData); $i++) {
$BlankChunk->Begin();
$BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : ""));
$BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]);
$BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"]));
$BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"]));
$BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]);
$BlankChunk->End();
}
if(count($tblData) > 0) {
//render chunk
$BlankChunk->Render();
//remove no_results_row
Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove();
}
else{
//remove blank_results_row
Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove();
}
//set photo limit - if there are already 1 photos uploaded - remove form
if(count($tblData) == 1) {
//remove photo_upload_form
Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove();
}
//replace paging info
Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php"));
//end data results
//get current data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
$dtrData = Footprint::$DB->GetDataRow();
//check for post back
if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) {
$inpUsername = $dtrData["username"];
$inpEmail = $dtrData["email"];
$inpNameFirst = $dtrData["name_first"];
$inpNameLast = $dtrData["name_last"];
$inpNameArtist = $dtrData["name_artist"];
$inpSex = $dtrData["sex"];
$inpAge = $dtrData["age"];
$inpCountry = $dtrData["country"];
//$inpZip = $dtrData["zip"];
$inpSummary = $dtrData["summary"];
}
//replace page elements
//selected tab
Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected");
//username
Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username")));
//form elements
Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail);
Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm);
Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst);
Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast);
Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist);
Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected");
Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge);
Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected");
//Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip);
Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary);
//end replace page elements
//close database
Footprint::$DB->Close();
//finalize request
Footprint::$Response->Finalize(Footprint::$Page->ToString());
//<-- End :: Page
//##########################################################################################
?>html code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml-stylesheet type="text/xml" href="_THEME/account/profile.xsl"?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>My Account Profile</title>
<link href="../_THEME/account/profile.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="account/profile.js" type="text/javascript"><!--*--></script>
</head>
<body>
<div xslt-region="nav">Profile</div>
<div id="bodycontent">
<div id="header">
<div id="leftColum">
<div id="profileImage"><img src="../_THEME/account/media/profile-image.png" data-label="profile_image" width="187" height="162" /></div>
</div>
<div id="rightColum">
<div class="artistNamebar">
<div style="padding-right:75px;">
<div class="subTab"><a id="tablink" href="account/tracks.php" title="Tab Link"><span>Track List</span></a></div>
<div class="subTab"><a id="tablink-static" href="#" title="Tab Link"><span>Edit Profile</span></a></div>
<div class="subTab"><a id="tablink" href="profile/index.php" title="Tab Link"><span>View Profile</span></a></div>
<div class="subTab"><a id="tablink" href="account/index.php" title="Tab Link"><span>Home</span></a></div>
</div>
<div class="starIcon"></div>
<div class="artistName"><span class="name" data-label="username">username</span></div>
</div>
<div class="bottom-padding">
<form action="" method="post" name="form" id="form">
<span data-label="footprint_alerts">footprint_alerts</span>
<table border="0" cellpadding="3" cellspacing="0" class="form" data-label="register-table">
<tr class="header">
<td colspan="2">Login Information</td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Username:</td>
<td class="field"><input type="text" data-field="username" maxlength="45" size="20" name="username"/></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Email Address: </td>
<td class="field"><input type="text" value="" maxlength="128" size="30" name="email" data-field="email"/></td>
</tr>
<tr>
<td class="field_label"> Password:</td>
<td class="field"><input type="password" data-field="password" maxlength="40" size="15" name="password"/></td>
</tr>
<tr>
<td class="field_label"> Confirm Password:</td>
<td class="field"><input type="password" data-field="password_confirm" maxlength="40" size="15" name="password_confirm"/>
<br />
Leave both password fields empty to keep the existing password.</td>
</tr>
<tr class="header">
<td colspan="2">Account Information</td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Artist Name: </td>
<td class="field"><input type="text" value="" maxlength="90" size="25" name="name_artist" data-field="name_artist"/></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> First Name:</td>
<td class="field"><input type="text" value="" maxlength="90" size="25" name="name_first" data-field="name_first"/></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Last Name: </td>
<td class="field"><input type="text" value="" maxlength="90" size="25" name="name_last" data-field="name_last"/></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Summary: </td>
<td class="field"><textarea data-field="summary" name="summary" cols="50" rows="10"></textarea></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Sex: </td>
<td class="field"><select name="sex" data-field="sex">
<option value="">---- Select a Sex ----</option>
<option value="f">Female</option>
<option value="m">Male</option>
</select>
</td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Age: </td>
<td class="field"><input type="text" value="" maxlength="7" size="10" name="age" data-field="age"/></td>
</tr>
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Country: </td>
<td class="field"><select name="country" data-field="country">
<option value="">---- Select a Country ----</option>
<option value="United States">United States</option>
</select>
</td>
</tr>
<!--<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Zip Code: </td>
<td class="field"><input type="text" value="" maxlength="90" size="25" name="zip" data-field="zip"/></td>
</tr>-->
<tr>
<td class="label"> </td>
<td class="field"><input type="submit" value="Update" name="action"/></td>
</tr>
<tr>
<td class="label"> </td>
<td class="field"><input type="submit" value="Delete Account" name="action" data-field="button_delete_account"/></td>
</tr>
</table>
</form>
<br />
<fieldset data-label="photo_container">
<legend>Photos</legend>
<form action="" method="post" name="form" id="form" enctype="multipart/form-data" data-label="photo_upload_form">
<table border="0" cellpadding="3" cellspacing="0" class="form">
<tr>
<td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Label:</td>
<td class="field"><input type="text" value="" maxlength="255" size="25" name="label" data-field="label"/></td>
</tr>
<tr>
<td valign="top" class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Photo:</td>
<td class="field"><input type="file" name="file" data-field="file"/><br />
<span style="color:#666; font-size:12px;">Photos can be .jpg or .png <br />
(file title should have no-spaces and be all lowercase letters)</span></td>
</tr>
<tr>
<td class="label"> </td>
<td class="field"><input type="submit" value="Upload" name="action" data-field="button_upload"/></td>
</tr>
</table>
<hr />
</form>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="results">
<tr class="header">
<td>Photo</td>
<td>Label</td>
<td> </td>
</tr>
<tr data-label="blank_results_row">
<form action="" method="post" name="form" id="form">
<td><a target="_blank" data-label="photo_link"><img border="0" data-label="photo_path" alt="photo_path" /></a></td>
<td data-label="label">label</td>
<td class="wrap_text max_width"><input data-field="button_photo_delete" type="submit" value="Delete Photo" name="action"/>
<input data-field="account_photo_id" type="hidden" value="" name="account_photo_id"/>
</td>
</form>
</tr>
<tr data-label="no_results_row">
<td colspan="7"><h3>No photos found.</h3></td>
</tr>
</table>
<!--xslt-include href="../../_GLOBAL/paging-table.html"-->
</fieldset>
</div>
</div>
</div>
</div>
</body>
</html>XMLEncode code:
//--> Begin Method :: XMLEncode
public static function XMLEncode($Input) {
$Input = str_replace("&", "&", $Input);
$Input = str_replace("<", "<", $Input);
$Input = str_replace(">", ">", $Input);
$Input = str_replace("\"", """, $Input);
$Input = str_replace("'", "'", $Input);
return $Input;
}
//<-- End Method :: XMLEncode
//##################################################################################
//--> Begin Method :: XMLDecode
public static function XMLDecode($Input){
$Input = str_replace("&", "&", $Input);
$Input = str_replace("<", "<", $Input);
$Input = str_replace(">", ">", $Input);
$Input = str_replace(""", "\"", $Input);
$Input = str_replace("'", "'", $Input);
return $Input;
}
//<-- End Method :: XMLDecode
ApocDen
0
Junior Poster
Try the following code below, this is the php code you gave me. replace all the php code you posted on here with this one
What i changed.
i added this line
where it would check for errors
if (ereg('[^A-Za-z0-9]', $inpUsername)) {
Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
}That line means that any character that isn't alphanumeric will be invalid. which means no symbols will be allowed to be entered
Enjoy
<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
//--> Begin :: Page
//open database
Footprint::$DB->Open();
//require session
Footprint::$User->RequireSession();
//require account session
Extension::$Account->RequireSession();
//require permission
Footprint::$User->ContinueOrDenyPermission("1022");
//get page template
Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath);
//set login link
Extension::$System->LoginLink();
//get query data
$inpPage = Footprint::$Request->Input("page", "1");
$inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20");
//get form data
$inpAction = Footprint::$Request->Input("action");
$inpUsername = Footprint::$Request->Input("username");
$inpEmail = Footprint::$Request->Input("email");
$inpPassword = Footprint::$Request->Input("password");
$inpPasswordConfirm = Footprint::$Request->Input("password_confirm");
$inpNameArtist = Footprint::$Request->Input("name_artist");
$inpNameFirst = Footprint::$Request->Input("name_first");
$inpNameLast = Footprint::$Request->Input("name_last");
$inpSummary = Footprint::$Request->Input("summary");
$inpSex = Footprint::$Request->Input("sex");
$inpAge = Footprint::$Request->Input("age");
$inpCountry = Footprint::$Request->Input("country");
//$inpZip = Footprint::$Request->Input("zip");
//get listing photo input data
$inpLabel = Footprint::$Request->Input("label");
$inpPhotoID = Footprint::$Request->Input("account_photo_id");
//validate data
if($inpAction == "Update") {
if($inpUsername == "") {
Footprint::$Errors->Add("Please supply a username.");
}
if (ereg('[^A-Za-z0-9]', $inpUsername)) {
Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
}
else {
if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) {
Footprint::$Errors->Add("That username is not available.");
}
}
if($inpEmail == "") {
Footprint::$Errors->Add("Please supply an email address.");
}
else {
if(!DataValidator::IsValidEmail($inpEmail)) {
Footprint::$Errors->Add("Please supply a valid email address.");
}
else {
if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) {
Footprint::$Errors->Add("That email address is not available.");
}
}
}
if($inpPassword == "") {
//do nothing
}
else {
if($inpPasswordConfirm == "") {
Footprint::$Errors->Add("You must also confirm the password.");
}
if($inpPassword != "" && $inpPasswordConfirm != "") {
if($inpPassword != $inpPasswordConfirm) {
Footprint::$Errors->Add("Your passwords you entered did not match.");
}
}
}
if($inpNameFirst == "") {
Footprint::$Errors->Add("Please supply your first name.");
}
if (ereg('[^A-Za-z0-9]', $inpNameFirst)) {
Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
}
if($inpNameLast == "") {
Footprint::$Errors->Add("Please supply your last name.");
}
if (ereg('[^A-Za-z0-9]', $inpNameLast)) {
Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
}
if($inpSex == "") {
Footprint::$Errors->Add("Please supply your sex.");
}
if($inpAge == "") {
Footprint::$Errors->Add("Please supply your age.");
}
if(!DataValidator::IsInt($inpAge)){
Footprint::$Errors->Add("Please supply your age.");
}
if($inpCountry == "") {
Footprint::$Errors->Add("Please supply your country.");
}
//if($inpZip == "") {
//Footprint::$Errors->Add("Please supply your zip code.");
//}
}
if($inpAction == "Upload") {
if(Footprint::$Request->File("file") == null){
Footprint::$Errors->Add("Please supply photo to upload.");
}
}
//check for action
if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") {
//update user
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%username%", $inpUsername);
Footprint::$DB->SQLKey("%email%", $inpEmail);
Footprint::$DB->SQLKey("%password%", $inpPassword);
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->ExecuteNonQuery();
//update account
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%name_first%", $inpNameFirst);
Footprint::$DB->SQLKey("%name_last%", $inpNameLast);
Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist);
Footprint::$DB->SQLKey("%summary%", $inpSummary);
Footprint::$DB->SQLKey("%sex%", $inpSex);
Footprint::$DB->SQLKey("%age%", $inpAge);
Footprint::$DB->SQLKey("%country%", $inpCountry);
//Footprint::$DB->SQLKey("%zip%", $inpZip);
Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id"));
Footprint::$DB->ExecuteNonQuery();
//notify user
Footprint::$Notices->Add("Your account has been updated.");
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Upload") {
//prepare destination path
$ImagesDirectory = Footprint::FilePath("_MEDIA/photos/");
$FileInfo = pathinfo(Footprint::$Request->File("file")->FileName);
$FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]);
$FullSavePath = $ImagesDirectory . $FileName;
chmod($ImagesDirectory, 0755);
//save file
Footprint::$Request->File("file")->SaveAs($FullSavePath);
//create new listing photo
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel));
Footprint::$DB->SQLKey("%filename%", $FileName);
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
Footprint::$Response->Finalize();
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Delete Photo") {
//get current data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
$FileName = Footprint::$DB->GetDataString();
//delete file
unlink(Footprint::FilePath("_MEDIA/photos/". $FileName));
//delete listing photo
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
Footprint::$Response->Finalize();
}
//- - - - - - - - - - - - - - - - - - - -//
if($inpAction == "Delete Account") {
//set user id to inactive
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->ExecuteNonQuery();
//close database
Footprint::$DB->Close();
//redirect back here
Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php");
Footprint::$Response->Finalize();
}
//end check for action
//get data
//setup data pager
Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage;
Footprint::$DataPager->CurrentPage = $inpPage;
//start timer
Footprint::$Timer->Start();
//get data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1));
Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage);
$tblData = Footprint::$DB->GetDataTable();
//stop timer
Footprint::$Timer->Stop();
//get total record count
Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows();
//end get data
//data results
//get blank chunk
$BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk();
//build results
for($i = 0 ; $i < count($tblData); $i++) {
$BlankChunk->Begin();
$BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : ""));
$BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]);
$BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"]));
$BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"]));
$BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]);
$BlankChunk->End();
}
if(count($tblData) > 0) {
//render chunk
$BlankChunk->Render();
//remove no_results_row
Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove();
}
else{
//remove blank_results_row
Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove();
}
//set photo limit - if there are already 1 photos uploaded - remove form
if(count($tblData) == 1) {
//remove photo_upload_form
Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove();
}
//replace paging info
Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php"));
//end data results
//get current data
Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml"));
Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
$dtrData = Footprint::$DB->GetDataRow();
//check for post back
if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) {
$inpUsername = $dtrData["username"];
$inpEmail = $dtrData["email"];
$inpNameFirst = $dtrData["name_first"];
$inpNameLast = $dtrData["name_last"];
$inpNameArtist = $dtrData["name_artist"];
$inpSex = $dtrData["sex"];
$inpAge = $dtrData["age"];
$inpCountry = $dtrData["country"];
//$inpZip = $dtrData["zip"];
$inpSummary = $dtrData["summary"];
}
//replace page elements
//selected tab
Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected");
//username
Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username")));
//form elements
Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail);
Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm);
Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst);
Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast);
Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist);
Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected");
Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge);
Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected");
//Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip);
Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary);
//end replace page elements
//close database
Footprint::$DB->Close();
//finalize request
Footprint::$Response->Finalize(Footprint::$Page->ToString());
//<-- End :: Page
//##########################################################################################
?>
bucktaylor
0
Newbie Poster
Try the following code below, this is the php code you gave me. replace all the php code you posted on here with this one
What i changed.
i added this line
where it would check for errorsif (ereg('[^A-Za-z0-9]', $inpUsername)) { Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!"; }That line means that any character that isn't alphanumeric will be invalid. which means no symbols will be allowed to be entered
Enjoy<?php require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php"); //########################################################################################## //--> Begin :: Page //open database Footprint::$DB->Open(); //require session Footprint::$User->RequireSession(); //require account session Extension::$Account->RequireSession(); //require permission Footprint::$User->ContinueOrDenyPermission("1022"); //get page template Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath); //set login link Extension::$System->LoginLink(); //get query data $inpPage = Footprint::$Request->Input("page", "1"); $inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20"); //get form data $inpAction = Footprint::$Request->Input("action"); $inpUsername = Footprint::$Request->Input("username"); $inpEmail = Footprint::$Request->Input("email"); $inpPassword = Footprint::$Request->Input("password"); $inpPasswordConfirm = Footprint::$Request->Input("password_confirm"); $inpNameArtist = Footprint::$Request->Input("name_artist"); $inpNameFirst = Footprint::$Request->Input("name_first"); $inpNameLast = Footprint::$Request->Input("name_last"); $inpSummary = Footprint::$Request->Input("summary"); $inpSex = Footprint::$Request->Input("sex"); $inpAge = Footprint::$Request->Input("age"); $inpCountry = Footprint::$Request->Input("country"); //$inpZip = Footprint::$Request->Input("zip"); //get listing photo input data $inpLabel = Footprint::$Request->Input("label"); $inpPhotoID = Footprint::$Request->Input("account_photo_id"); //validate data if($inpAction == "Update") { if($inpUsername == "") { Footprint::$Errors->Add("Please supply a username."); } if (ereg('[^A-Za-z0-9]', $inpUsername)) { Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!"; } else { if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) { Footprint::$Errors->Add("That username is not available."); } } if($inpEmail == "") { Footprint::$Errors->Add("Please supply an email address."); } else { if(!DataValidator::IsValidEmail($inpEmail)) { Footprint::$Errors->Add("Please supply a valid email address."); } else { if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) { Footprint::$Errors->Add("That email address is not available."); } } } if($inpPassword == "") { //do nothing } else { if($inpPasswordConfirm == "") { Footprint::$Errors->Add("You must also confirm the password."); } if($inpPassword != "" && $inpPasswordConfirm != "") { if($inpPassword != $inpPasswordConfirm) { Footprint::$Errors->Add("Your passwords you entered did not match."); } } } if($inpNameFirst == "") { Footprint::$Errors->Add("Please supply your first name."); } if (ereg('[^A-Za-z0-9]', $inpNameFirst)) { Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!"; } if($inpNameLast == "") { Footprint::$Errors->Add("Please supply your last name."); } if (ereg('[^A-Za-z0-9]', $inpNameLast)) { Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!"; } if($inpSex == "") { Footprint::$Errors->Add("Please supply your sex."); } if($inpAge == "") { Footprint::$Errors->Add("Please supply your age."); } if(!DataValidator::IsInt($inpAge)){ Footprint::$Errors->Add("Please supply your age."); } if($inpCountry == "") { Footprint::$Errors->Add("Please supply your country."); } //if($inpZip == "") { //Footprint::$Errors->Add("Please supply your zip code."); //} } if($inpAction == "Upload") { if(Footprint::$Request->File("file") == null){ Footprint::$Errors->Add("Please supply photo to upload."); } } //check for action if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") { //update user Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%username%", $inpUsername); Footprint::$DB->SQLKey("%email%", $inpEmail); Footprint::$DB->SQLKey("%password%", $inpPassword); Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id")); Footprint::$DB->ExecuteNonQuery(); //update account Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%name_first%", $inpNameFirst); Footprint::$DB->SQLKey("%name_last%", $inpNameLast); Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist); Footprint::$DB->SQLKey("%summary%", $inpSummary); Footprint::$DB->SQLKey("%sex%", $inpSex); Footprint::$DB->SQLKey("%age%", $inpAge); Footprint::$DB->SQLKey("%country%", $inpCountry); //Footprint::$DB->SQLKey("%zip%", $inpZip); Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id")); Footprint::$DB->ExecuteNonQuery(); //notify user Footprint::$Notices->Add("Your account has been updated."); } //- - - - - - - - - - - - - - - - - - - -// if($inpAction == "Upload") { //prepare destination path $ImagesDirectory = Footprint::FilePath("_MEDIA/photos/"); $FileInfo = pathinfo(Footprint::$Request->File("file")->FileName); $FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]); $FullSavePath = $ImagesDirectory . $FileName; chmod($ImagesDirectory, 0755); //save file Footprint::$Request->File("file")->SaveAs($FullSavePath); //create new listing photo Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id")); Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel)); Footprint::$DB->SQLKey("%filename%", $FileName); Footprint::$DB->ExecuteNonQuery(); //close database Footprint::$DB->Close(); //redirect back here Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php"); Footprint::$Response->Finalize(); } //- - - - - - - - - - - - - - - - - - - -// if($inpAction == "Delete Photo") { //get current data Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID); $FileName = Footprint::$DB->GetDataString(); //delete file unlink(Footprint::FilePath("_MEDIA/photos/". $FileName)); //delete listing photo Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID); Footprint::$DB->ExecuteNonQuery(); //close database Footprint::$DB->Close(); //redirect back here Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php"); Footprint::$Response->Finalize(); } //- - - - - - - - - - - - - - - - - - - -// if($inpAction == "Delete Account") { //set user id to inactive Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id")); Footprint::$DB->ExecuteNonQuery(); //close database Footprint::$DB->Close(); //redirect back here Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php"); Footprint::$Response->Finalize(); } //end check for action //get data //setup data pager Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage; Footprint::$DataPager->CurrentPage = $inpPage; //start timer Footprint::$Timer->Start(); //get data Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id")); Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1)); Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage); $tblData = Footprint::$DB->GetDataTable(); //stop timer Footprint::$Timer->Stop(); //get total record count Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows(); //end get data //data results //get blank chunk $BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk(); //build results for($i = 0 ; $i < count($tblData); $i++) { $BlankChunk->Begin(); $BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : "")); $BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]); $BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"])); $BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"])); $BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]); $BlankChunk->End(); } if(count($tblData) > 0) { //render chunk $BlankChunk->Render(); //remove no_results_row Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove(); } else{ //remove blank_results_row Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove(); } //set photo limit - if there are already 1 photos uploaded - remove form if(count($tblData) == 1) { //remove photo_upload_form Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove(); } //replace paging info Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php")); //end data results //get current data Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml")); Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id")); $dtrData = Footprint::$DB->GetDataRow(); //check for post back if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) { $inpUsername = $dtrData["username"]; $inpEmail = $dtrData["email"]; $inpNameFirst = $dtrData["name_first"]; $inpNameLast = $dtrData["name_last"]; $inpNameArtist = $dtrData["name_artist"]; $inpSex = $dtrData["sex"]; $inpAge = $dtrData["age"]; $inpCountry = $dtrData["country"]; //$inpZip = $dtrData["zip"]; $inpSummary = $dtrData["summary"]; } //replace page elements //selected tab Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected"); //username Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username"))); //form elements Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts()); Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername); Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail); Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword); Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm); Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst); Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast); Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist); Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected"); Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge); Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected"); //Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip); Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary); //end replace page elements //close database Footprint::$DB->Close(); //finalize request Footprint::$Response->Finalize(Footprint::$Page->ToString()); //<-- End :: Page //########################################################################################## ?>
Ok, not working yet, I placed the code in but i noticed they are only placed for username, password, first name, ext... How do I place it for the summary section which doesn't get data validated?
ApocDen
0
Junior Poster
copy the line under the username and place it in the first name etc
bucktaylor
0
Newbie Poster
copy the line under the username and place it in the first name etc
Truly, thank you for all the assistance but that didn't fix the problem. The other accounts are still getting the error and I created a new account and typed in symbols and stuff and I still got the error.
Anyother ideas?
metalix
0
Posting Whiz in Training
try this
<?PHP
//set your value
$var = $_POST['var'];
$var = str_replace('&','&',$var);
$var = str_replace('<','<',$var);
$var = str_replace('>','>',$var);
?>
just remember to put the & replace at the top.
this isn't the best solution, but it works and is easy to understand.
just do this for every input. (stop people hacking)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.