Posts by websurfer

Thanks Lsmj...

Well, seems from what I been reading, mysql_real_escape_string could be bypassed by exactly that, where a query expects a number. An example given is where in an sql statement integers are not surrounded by quotes, like:

SELECT * FROM articles WHERE article_id = 4;

So, one could change the url that calls for that query to be like this:

www.mydomain.com/article.php?articleid=4 OR 1=1

And that would become an injection, as no characters woudl be escaped by the mysql_real_escape_string function. So, from what I gather, ones has to check if it's numeric and appropriately handle it so it's no able to be injected...

Am I understanding this wrong??

Thanks again!

I', am a newbie and trying to get a better understanding of securing mysql queries vs. injections. I found this code here below, which seems to work nicely and makes it possible to automatically "clean" all inputs coming thru $_GET, $_POST and $_COOKIE. But in some forums I was told it is still susceptible to numeric injection as mysql_real_escape_string function only checks for strings (as if a hacker was to use numbers, as opposed to single/double quotes which would get escaped). At any rate, in the second version below, I included "numeric" validation, but I'm not sure if I did it correctly... can anybody guide me on it, and how coudl I test it to make sure it is working... thank u all!

<?php

// ORIGINAL CODE

$_POST=sanitize($_POST);
$_GET=sanitize($_GET);
$_COOKIE=sanitize($_COOKIE);
$_REQUEST=sanitize($_REQUEST);

function sanitize($input){
if(is_array($input)){
foreach($input as $k=>$i){
$output[$k]=sanitize($i);
}
}
else{
if(get_magic_quotes_gpc()){
$input=stripslashes($input);
}
$output=mysql_real_escape_string($input);
}
return $output;
}


// HERE IS ORIGINAL WITH ADDED NUMERIC VALIDATION

$_POST=sanitize($_POST);
$_GET=sanitize($_GET);
$_COOKIE=sanitize($_COOKIE);
$_REQUEST=sanitize($_REQUEST);


function sanitize($input){
if(is_array($input)){
foreach($input as $k=>$i){
$output[$k]=sanitize($i);
}
}
else{
if(get_magic_quotes_gpc()){

if (is_numeric($input)) {
$input = "'" . stripslashes($input) . "'";
}
else
$input=stripslashes($input);
}
$output=mysql_real_escape_string($input);
}
return $output;
}


?>

Hello, all:

I'm trying to sanitize/secure my query, and it all seems ok when I test it with most special-characters... but when I try to test the single quote (') like this... www.mysite.com/page.php?category='

Then it gives me this error:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1"

It seems to do it only when I test it on the category variable... it only does it with single quotes, it's Ok with double quotes; so I dont get it...

So if I test it with the other variables like this...
http://www.sitetemplates101.com/workCategories.php?category=1&type='
http://www.sitetemplates101.com/workCategories.php?category=1&type=2&filter='

Then it works fine, it simply refreshes or disregards entry...

See here below the code-snippet i have... what am I doing wrong???

Thanks!!

PS. Forgot to mention I have .htaccess to have magic-quotes OFF

<CODE>

// THESE ARE VARIABLES
$colname1_worksRS = "-1";
$colname2_worksRS = "-1";
$colname3_worksRS = "-1";
if (isset($_GET)) {
$colname1_worksRS = mysql_real_escape_string($_GET);}
if (isset($_GET)) {
$colname2_worksRS = mysql_real_escape_string($_GET);}
if (isset($_GET)) {
$colname3_worksRS = mysql_real_escape_string($_GET);}

// THIS IS COMPOUND SELECT STATEMENT ACCORDING TO CALLED VARIABLES
$query_worksRS = "SELECT * FROM works";
if (!empty($_GET))
{
$query_worksRS .= " WHERE Type = '$colname1_worksRS'";
}
if (!empty($_GET))
{
$query_worksRS .= " AND Subject …

Just get on the Mac bandwagon and dont look back at the monolith that is microsoft, where the motto is: "make all software as confusing as possible, so people have to rely on us for the rest of their lives!"...

You are right, the latest Mac software versions are so stable that I dont recall having any major issues that dont get taken care off by simply restarting the application..

Hi again, Air:

YOU ARE DARN GOOD...! and you call yourself "Whiz in Training!"??? how about "Great Master"... your fixes worked right on!

Now it all works beautifully in all browsers, including my Mac!

Thanks so much for taking the time to look at my problem... and hanging in there for me. Very much appreciate it!

Surfer

Hi, Airshow...

You are awesome! As you can see, I can barely grasp Javascript, so very much appreciate your help!

I did notice, it did work pretty smooth in Explorer, but things get all out of place if I try it in Firefox, like table gets all mumbled-jumbled.. and was wansdering if there is something that can be modified, so it also looks good there? I think, possibly as you say the over-simplification of the td vs. tbody tags? but I just dont know exactly what to modify...

Thanks, very much appreciate it!!

Hi, all:

I got a form where some checbox fields will hide or show as user clicks specific choices. Problem is, if one mistakenly checks one of these checkboxes and then hides it, it still does retain the checked value, even if hidden. How can I make sure that the checkbox defaults back to "unchecked" if in fact is "hidden"??

Here's my javascript code:

<script type="text/javascript">
<!--
    function toggle_visibility(id) {
       var e = document.getElementById(id);
       if(e.style.display == 'none')
          e.style.display = 'block';
       else
          e.style.display = 'none';
    }
//-->
</script>

<script type="text/javascript">
<!--
    function toggle_visibilityNone(id) {
       var e = document.getElementById(id);
       if(e.style.display == 'block')
          e.style.display = 'none';
       else
          e.style.display = 'none';
    }
//-->
</script>



<script type="text/javascript">
<!--
    function toggle_visibilityYes(id) {
       var e = document.getElementById(id);
       if(e.style.display == 'none')
          e.style.display = 'block';
       else
          e.style.display = 'block';
    }
//-->
</script>

and here is my basic form-html code:

<form action="<?php echo $editFormAction; ?>" id="insertForm" name="insertForm" method="POST">
  <p>&nbsp;</p>
  <table width="375" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
      <td colspan="3" align="center"><img src="../images/nc_title_logo.gif" width="342" height="54" /></td>
    </tr>
    <tr>
      <td colspan="3">&nbsp;</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td colspan="2" align="center">&nbsp;</td>
    </tr>
    <tr>
      <td width="314"><span class="style5">No Order completed in this call </span></td>
      <td width="61" colspan="2" align="center">
      <input name="noorder" type="checkbox" id="noorder" value="checkbox" onclick="toggle_visibility('box');" />     </td>
    </tr>
    <tr>
      <td colspan="3">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="3"><div id="box">
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td width="100%"><table width="100%" border="0" cellspacing="0" cellpadding="0">
              <tr class="color-table">
                <td >&nbsp;  </td>
                <td align="left">&nbsp;</td>
                <td align="left">&nbsp;</td>
              </tr>
              <tr class="color-table">
                <td >&nbsp;</td>
                <td align="left"><strong>YES</strong></td>
                <td align="left"><strong>NO</strong></td>
              </tr>
              <tr>
                <td width="80%" class="color-table">&nbsp;&nbsp;1) Did you attempt an Upsell?</td>
                <td …

Hey, Atli...

THANKS A LOT!!!! IT WORKED!!! as you suggested I went back to my table structure and changed it from float (11,2), to decimal(11,2), and it worked like a charm... I did go back to your other original code of:

$Sep = trim($_POST['Sep']); if($Sep === "0") { $Sep = '0.0';} else if(empty($Sep)) { $Sep = 'NULL';}

This made it possible for the "0" to be inserted as "0.00". What a difference this little change made. You know I had been using Float for most price-oriented fields (I think cause I had read somewhere to avoid decimals and use float instead for some reason). But seems to me using "Decimals" is the obvious choice, specially when it comes to prices. Having said that, why would someone therefore even want to use Float at all??? I am thinkiing now, the issue with decimals may have been something with doing some specific arithmetic functions with them?? can't recall...

At any rate... very much appreciate you keeping with me on this problem. Thanks a LOT...

Hi, Atli.. nope, no luck... tried different versions of your code, but same thing. Maybe I got soemthing setup wrong in my db...

Thanks again... still trying...

Thanks Atli.. sorry didnt answer earlier, had to step out for a while; let me try your code... hopefully it'll work. I guess I am still trying to grasp some of the special ways php sees null or empty spaces and the whole 0 thing... ok, let you know how it goes.

And yes, by "blank" i mean no value, completely empty

Thanks for your help again...

Hi, Atli:

You know, your code did seem to work... except now, even if the values in the form fields are left blank (no values at all in fields), it now automatically makes 0.00... I tried to change code a bit to recognize if it is "null" but didnt seem to work... I pretty much wanted database fields to also remain blank or null if posted value is "blank"...

This is your code: $Sep= $_POST['Sep']; if ($Sep == 0) { $Sep = "0.0";} This is what I tried to change to: $Sep= $_POST['Sep']; if ($Sep == 0) { $Sep = "0.0";} elseif(is_null($Sep)) { $Sep = 'NULL';} But it didnt seem to do it... but at least getting close!

Thanks Ardav, Atli:

I think what's happening is kind of what Atli suggests... the ZERO keeps giving a FALSE result, instead of actuall 0 number. Otherwise, why would it take any other number BUT this "0". I use Dreamweaver, and I never have a problem with the scripts it automatically geneerates, so it I am siure it takes care of this integer-filtering issue thru validation, but I am trying to do things in my own and not be so dependent on Dreamweaver's generated code, since I find I always need to customize things so much after the fact. I did try something similar to what Atli wrote... but didnt seem to work, but maybe I set it up wrong.. gonna try his code instead. Also, as Ardav also suggests, I did put default field values to 0.00 in the database table, but didnt seem to help...

wish me luck! and thanks!

Hi all:

I have this slight problem, where I have a list of months with amounts that need to be updated, but I always need to enter "0.0" in order for my field to be updated properly; but if I just enter "0" it doesnt take it and remains empty... ??? I'd like to simply enter 0 and have it update... am I missing a function? my table-field is setup as float(11,2). Here's the basic sql statement I'm using (each month refers to an amount to be updated). Is it beacuse I am NOT filtering the data as integers? or numbers??

$updateQuery = mysql_query("UPDATE BUDGETS SET Jan=$Jan, Feb=$Feb, Mar=$Mar, Apr=$Apr, May=$May, Jun=$Jun, Jul=$Jul, Aug=$Aug, Sep=$Sep, Oct=$Oct, Nov=$Nov, BUDGETS.Dec=$Dec, notes='$notes' WHERE recordid = $accountid AND recordcustid = '$member'");

Hello, all:

Hoping somebody can help me with this... I have this "double-dynamic-select-menus" borrowed script which uses a bit of Javascript to switch menu-options based on selection made on main related menu (main category and subcategory option-menus). It works great when I am just simply adding a new item; but when I need to UPDATE an item, I can't seem to make it work so it remembers the item's database "option" settings... I tried different things, inserting if-else statements within the select-menu codes, but no luck...

appreciate any help!!

<SCRIPT language=JavaScript>
function reload(form)
{
var val=form.cat.options[form.cat.options.selectedIndex].value;
self.location='?productID=<?php echo $row_workModifyRS['ProductID']; ?>&cat=' + val ;
}

</script>

<?


@$cat=$_GET['cat']; 

///////// Getting the data from Mysql table for first list box//////////
$quer2=mysql_query("SELECT DISTINCT category,cat_id FROM category order by category"); 

/////// for second drop down list we will check if category is selected///// 
if(isset($cat) and strlen($cat) > 0){
$quer=mysql_query("SELECT DISTINCT subcategory FROM subcategory where cat_id=$cat order by subcategory"); 
}

//////////        Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select one</option>";
while($noticia2 = mysql_fetch_array($quer2)) { 
if($noticia2['cat_id']==@$cat){echo "<option selected value='$noticia2[cat_id]'>$noticia2[category]</option>"."<BR>";}
else{echo  "<option value='$noticia2[cat_id]'>$noticia2[category]</option>";}
}
echo "</select>
";

//////////////////  end of the first drop down list ///////////

//////////        Starting of second drop downlist /////////

if (mysql_num_rows($quer) > 0) {
echo "<span class='style5'>Subcategory:</span>
 <select name='subcat'><option value=''>Select one</option>";
while($noticia = mysql_fetch_array($quer)) { 
echo  "<option value='$noticia[subcategory]'>$noticia[subcategory]</option>";
}
echo "</select><br />
<br />
";
}

?>

hello, all:

well, I guess the script DOES work!! I placed the code in another site, ran it from there, and ditto.. it worked just fine. I guess must be that my email host-server might have been stopping my testing cause it might have been seen as SPAM?? is that possible?

Thanks!

Hello, all:

I am trying to get this script to work... What I'm trying to do is to be able to email back customers whose emails I have saved on in my database. So pretty much the emails get sent as it runs the "while" loop. Somehow it doesnt seem to be doing it though...

What am I missing??

Thanks!

<?php

$connection = mysql_pconnect('hostserver','user','password') or die('Connection not found!');   
$db = mysql_select_db('database', $connection) or die('Database not found!'); 


$emails = mysql_query("SELECT DISTINCT offer_email FROM customer_emails ORDER BY dateEntry DESC");

while ($row_emails = mysql_fetch_array($emails))
{

$to = $row_emails['offer_email'];
$subject = "Website Info";
$message = "hello message\n\n";
$from = "From: Website <info@myweb.com>";
$header = "MIME-Version: 1.0\r\n";
$header .= "Content-type: text/html; charset=iso-8859-1\r\n";
$header .= $from; // set the from field in the header
$header .= "\n"; // add a line feed
mail($to, $subject, $message, $header); // send the e-mail
}


?>

Hello, all:

I have this small script where I am tryign to switch sessions based on what url-variable appears on address, as a way to use like a breadcrumb... and so far it only takes the first one, but then the "category" one doesnt catch... it keeps the "pageNum_worksRS" still active... any ideas? what am I doing wrong?

Thanks!

<?php

session_start();
if (isset ($_GET['pageNum_worksRS'])) 
{
$_SESSION['breadcrumb'] = "index.php?pageNum_worksRS=" . $_GET['pageNum_worksRS'];
} 
if (isset ($_GET['category']))
{
$_SESSION['breadcrumb'] = "workCategories.php?category=" . $_GET['category'];
}

?>

Hello, I have a form that gets pre-populated from a url-get link that contains all url-variables that then get submitted into a database. That's all fine... but how can I make it so that when one submits it, the page closes itself? keep in mind this woulnt be a "popup" window, but most likely a "browser" window.

I tried to use the good-ol "close window" script, but I understand it only works if it's used on a popup, not a browser window. If that's the case, is there a way then, once this ur-link is sent, that it can be forced to open as a popup, instead of a browser window?? was thinking kind of like a redirect maybe?, where if the url is "http://www.site.com/page.php?var1=123&var2=abc, there may be some kind of javascript code in "page.php" that will make it open up as a popup?? or could the link itself have a javascript-appended to it to force it into a popoup?

or, as a final half-way option, is there a way to tell the browser, to open that specific "page.php" at a specific smaller-size,to make it look like a popup??

Thanks in advance!

url variable name itself has space in it... how can I retrieve it in php??

Hi, I got this problem, where I need to capture get url variable pairs, but these are coming from an automatically created javascript and has this format:
page?custom zip=33021&custom city=boston... and so on...

If you notice the actual variable-names have spaces in it (custom zip, custom city; as opposed to normally named customzip, customcity) and when i try to capture them in php like this:
<?php echo $_GET; ?>

it doesnt do it... But if I manually change my url and join the variables like this: "customzip=33021" and change php accordingly, then it echoes it with no problem!

So I think is cause php doesnt like the actual variable to have spaces in it.. so how do I get to read it??

thanks, appreciate feedback...

Thanks guys...

I see now how I should have simply matched the POST entry vs. the DB!! I seemed to have been doing it all in-reverse, like first SELECTING the records, and then comparing the POST against each row with a "while" or with "in_array", which would then repeat the message repeatedly... what a mess I was doing! I definitely need to be more creative and logical with php... such a simple solution and almost had a brain-meltdown!

Aprpeciate the help!

Hello, all:

I have a simple chart, like...
ID ACCOUNT YEAR JAN FEB
1 Utilities 2007 $20 $20
2 Utilities 2008 $25 $25

Let's say, customer wants to add a "year" like 2009, how can I check that this "2009" is NOT already in the YEAR column?? so that if it's NOT, then go ahead and insert new year, and if it was, then DO NOT insert. and instead echo something like "year already exists!"

I am kind of a newbie, and I've tried several ways, but cant seem to figure it out!

Aprpeciate the help! thanks...

Hello, All...

Well, after checking things a bit, seems the automated code written by Dreamweaver wasnt validating-filtering form fields properly! weird... I ended up adding htmlentities into its code and ditto it did it!. But it seems very odd to me that with all the code Dreamweaver writes that it wouldnt do that??!! At any rate, I tried the same javascript "hack" code, and now it writes as html equivalents...

Does anyone here have any of this type of issue with Dreamweaver? I had been assuming all along that its code was safe enough to not worry much about it, but this testing here now makes me doubt it...

ALSO, I do have another issue with this mini-cms, if anybody can help...
When I tried to delete a specific user's "Note", it did it just fine. But then, to test it, I then tried to delete an un-logged user's record and IT DELETED IT!! Not good... It's supposed to delete only a logged user's record! I wander if my tables are not setup right?

See here a quick look at how my tables are setup and it relationships:

ACCOUNTS table:
id email pw date
1 user1@site.com 123 10-01-08
2 user2@site.com 456 10-01-08

NOTEPAD table:
noteid custid subject note notedate completed
4 1 Links user-1-note 10-05-08 no
5 2 Contacts user-2-note 10-04-08 no

As you can see the common-relationship in the tables are the id …

Hey, Robothy... well, I reloaded my original files and did same thing; I put same code you did and gave me javascript error; really odd.. I build my pages with Dreamweaver and it automatically generates (supposed to) all proper "checking and valuation" in regards to form fields and stuff..(I do see html entities as well as magicquotes stripped, etc in the validation). I think it's been doing this OK all along, so not sure exactly why it's not catching the "hacked-text" here. I tend to customize the scripts quite a bit, so I am thinking somewhere alogn the lines I might have broke apart code... going to diasable the USERS for now, while I see what's going on.

Keep you posted and thanks again!

Hi, Robothy... yours is the first hack into my CMS, though I'm not sure if you did it when I was doing some work in it and screwed things up in the process... I see you tested around 5:30 pm based on my db records, which was after I had messed it up after I tried to work files in another computer... so now I am not really sure if there was really a problem with the code or not... I believe I had system able to escape data. But let me double check things over; gonna check over my original files...

Thanks! let you know...

Hello, All:

I have been testing and learning by building this simple CMS application and want see if works OK, but most importantly, would like to know if any of you are able to hack it. It's a simple "notepad" that allows people to register their own id/pw and able to track their own note "posts". It restricts the display to each user's respective notes, only and only if they are logged in. If they are not, then they shouldnt be able to see any notes at all, and are re-directed instead to the "Login" form.

The site link is:
http://www.notepad.mediaiworks.com/

I would like to see if you guys can bypass restrictions or hack it in any way possible, or view other user's notes.. I just wanna make sure I am doign things right from a security standpoint... appreciate any comments!

Here below are 2 users already in the DB, so you can login with either one and see how you should be able to see ONLY each person's "notes".

Design maybe kind of off, but that's cause I'm still working on it...

Thanks!

ID Password
User 1 user1@site.com 123
User 2 user2@site.com 456

thanks Keith.. gonna google ffmpeg to see how it's used...

Hello, all:

was wandering, how can I have php create a thumb frame of a movie?? (like youtube where only a frame of the movie appears which then when you click takes you to the movie itself to play...)

I am looking to create a small gallery of movies, but want to show their thumbnails first, so they can choose what movie they want to see...

Thanks!

"website-design-gorgia" or "websitedesigngeorgia" what's best for search engines/SEO?

Anybody has any idea or knowledge what works best? i figured the one with hyphens may work better, since that seems to also be a standard when naming html pages for SEO optimization (like about-me.html)...

Appreciate any feedback!

Hi, Cwarn:

thanks for your feedback, it was very helpful.

I do have one more thing... what I was saying about the "includes" was that I was just simply comparing them to something like if I had a page called "about-us.php", which is always set to automatically retrieve the "about-us" text from the database the moment is called on the browser, then it pretty much acts in same manner as a regular "include" file would, doesnt it?? so a search engine wouldnt have a problem at all searching it, reading it? Since one doesnt even have to call for an url-variable at all... it just comes up just by going to www.samplesite.com/about-us.php as one normally would. As opposed to where one would have to call for a specific record-page out of many (page=aboutus, page=home, page=contact, etc).

I say this cause the way site is built, it already has several individual pages setup, so I was just going to link each individual page directly to its corresponding record on the DB, that way I dont have to re-design the whole site... otherwise I may have to do it's own template to allow for dynamic ttiles, headlines, and menu-butons stuff that simply may take too long to address.

Thanks again!

Hello, all:

I have a general question on SEO and database-driven site integration...
I am starting to convert a company site from static, to dynamic driven site (php/mysql) with a basic admin section, so that owner can make changes himself thru the browser. I have read about issues related to these database content not really being able to be searched or seen by spiders, specially if these have the sort of url like ?p=12&id=45. I also understand there are ways to make these url's more seo friendly.

But what about if I simply have a page "about us" that will always automatically load the "about us" text from the database when page is called, no need to even call any url variables. Wouldn't that then be REALLY REALLY searchable by spiders/search-engines?? Since in a way, that kind of works just like and "include" file, it's always "there" when page is called up...

I have also seen where many times a dynamic site might have a "landing-page" or set of landing pages, that are really static, strictly for SEO purposes, that then direct people to the actual database-drive site.

Any thoughts on this? or things to watch for to make database-driven content more SEO friendly?

Appeciate any feedback!

Hello all again...

I have a problem with this "mini-CMS" I am buidling as I'm trying to learn this PHP thing...
Everything seems to be working OK, EXCEPT when I try to UPDATE the images from a specific record, it only updates one of the images, and it always looks like its the second one... even if I re-upload 2 new images.. it only uploads one of them. I must have the upload-imges-section of the UPDATE script in the wrong place, but for the life of me, cant figure it out... tried several positions, but nothing! (I forgot to mention that I am including a record's images' ID's when form is called, so that the "foreach" loop woudl pick this up as it goes thru it, but obviously I aint doing right... maybe i am supposed to call each images ID differently?

All the CMS functions (insert, delete, modify) are all in this one page.

It's funny, cause when I insert a brand new record, the INSERT command works just fine when writing the image's path names...

SEE THE CODE HERE BELOW...

appreciate any feedback! :)

<CODE>


<?php
require_once('definitionsAdmin.php');
mysql_select_db('database_name',$conAdmin) or die('no database found');


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Blog Admin</title>
</head>


<body>
<table width="478" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="478">


<h1 align="center">Blog Administration</h1>


<p align="center"> <a href="index.php">&lt;&lt; Back to Listings >></a><br />
</p>


<?php


$recordID = $_GET;
$id = $_POST;
$title …

thanks again... gonna check out link

thanks Keith, I think I got the basics of it. Thanks for your feedback.
One more quick question, what is a "cron" job??

Thanks guys, one more question... I get much of what you are saying, but in the case of Humbug's suggestion. how is the "read" (tinyint) cloumn, suppsoed to indicate, or know to indicate that message has been read or not read? how would it become 0 or 1??

Thanks!

Hi, Keith:

thanks for your reply..
What I was looking for was just a basic idea/framework on how one would go about setting something like this up.. I am trying to learn this language a bit better so wanted to just get basic direction, guidance on how something like is supposed to work so i can try to replicate it...

Hello, all: have this general question on how to handle member's email in a site...

what is the right way to setup an email-system structure, say like in dating site, where members can email between each other, and if a member receives a new email it will "show" new email, and once it is read, then it turns off... member would either receive email notices to their email, or coudl also login in the site to read their email... (like Yahoo too per say)

Not sure how the whole system would be setup... would the emails that are sent back and forth between members be entered into a database, which then will show in each member's email list as send/received email? and if so, how would the site know that an "email" has been read or not? and show appropriate "new" email warning? I am thinking, maybe a conditional statement like "if email present in users[email] field, show "new-mail" icon, else show-nothing"??

Or am I completely off base?

Any feedback much appreciated!

IT WORKED!!!!!!

You are great!... hey, let me ask a quick question since I am a newbie at this PHP stuff: besides the obvious mis-placement of some parts of the code, the main problem in all of this is that I had not "set" the value of the $row before I had echoed it in the "title" tag ha??

Also, I guess since the URL variable calls for the specific post ID, there is no need for a "while statement when requesting a specific post

Gonna check over your code and study it carefully...

Appreciate your help!
Thanks...

Hi, Xan:

thanks a lot for your reply... I couldnt exaclty make out what you meant as far as placing the two lines of code you mention (the $result and $row lines); I placed them in the "HEAD" section as I think you meant. See in my code here again how I placed them, and it did display stuff closer to how I need it to be.. It does show each particular post's headline as the page "Title" tag, and show's respective post in body section, BUT when I re-load INDEX page normally, (with no url blog-ID string), it only shows the first post in the blog, and not the rest of them... I am sure is cause I took the "while" statements out of the Body section as I had it in my earlier code version.. but I just couldnt get it to work anywehere I placed it...

I see your point about the url-variable validation, too.

Appreciate your help! :)

Here's my revised code:

<?php include_once ('definitions.php'); ?>


<?php
mysql_select_db ("database_name",$con);

$post = $_GET['b'];
   if (!isset($post)) {
$result = mysql_query ("SELECT * from blog ORDER BY blog_id DESC") or die(mysql_error());
$row = mysql_fetch_assoc ( $result )or die(mysql_error());
$page_title = "Welcome to my Blog!";
} else {
$result = mysql_query ("SELECT * from blog WHERE blog_id = $post") or die(mysql_error());
$row = mysql_fetch_assoc ( $result )or die(mysql_error());
$page_title = $row['blog_title'];
}


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" …

Hello, all;

I am practising on this blog setup, and I am trying to echo each blog entry's headline appear as the page's Title tag... somehow the way I have it doesnt do it. So that you have an idea of what I am doing, I have an "if" statement in head section that will select "all" records, unless a unique post's id is passed with $post variable, like "?b=101"; in page body then I have another "if" statement that again does "if $post variable is NOT present, it will either show all posts with just first paragraph teaser, else show complete individual article, with paragraph breaks"...

This all seems to be working pretty well, but then when I tried to echo an entry's headline as the page's "Title" tag, I figured I needed to do another if statement with another "while" loop, wich did work and would echo each's individual blog's headline as page "title", but then it prevented the actual blog-entry itself from showing in body section...

I just left it simply as you see in code below for now. I am thinking maybe I can't repeat the "while($row = mysql_fetch_array ($result))" command line twice within same page? or maybe it doesnt pick up the title cause it's calling the "Title" tag variable before the while loop in the body?? I guess there must be something that makes sense logically...

well, appreciate any help and thanks in advance!

<?php include_once ('definitions.php'); ?>


<?php
mysql_select_db ("database_name",$con);

$post = $_GET['b']; …

Hello, all:

I have this single-file upload script which works great (it's a bit log cause it creates thumbs, unique ID's,e tc), but I am trying to modify it to make it do MULTIPLE files. I figured best way was to apply a foreach loop to it, but havent been able how to figure out how to integrate that.
Can anybody please help!...

See code here:

<table width="300" border="1" align="center" cellpadding="20" cellspacing="0">
  <tr>
    <td><form action="<?php echo $_server['php-self'];  ?>" method="post" enctype="multipart/form-data" id="something" class="uniForm">
      <p>
        <input name="new_image" id="new_image" size="30" type="file" class="fileUpload" />
        <br />
      </p>
      <button name="submit" type="submit" class="submitButton">Upload/Resize Image</button>
    </form></td>
  </tr>
  <tr>
    <td height="112" align="center" valign="top"><?php
        if(isset($_POST['submit'])){
		
		
          if (isset ($_FILES['new_image'])){
              $imagename = $_FILES['new_image']['name'];
              $source = $_FILES['new_image']['tmp_name'];
			  
			  
			   $imagename = rand (). ".jpg" ;
			  
			  
              $target = "images/".$imagename;
              move_uploaded_file($source, $target);
              
              $imagepath = $imagename;
              $save = "images/" . $imagepath; //This is the new file you saving
              $file = "images/" . $imagepath; //This is the original file

              list($width, $height) = getimagesize($file) ; 
                                                         
              $modwidth = 750; 
                                                         
              $diff = $width / $modwidth;
                                                        
              $modheight = $height / $diff; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($file) ; 
              imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
                                                        
              imagejpeg($tn, $save, 100) ; 

              $save = "images/sml_" . $imagepath; //This is the new file you saving
              $file = "images/" . $imagepath; //This is the original file

              list($width, $height) = getimagesize($file) ; 
                                                         
              $modwidth = 110; 
                                                         
              $diff = $width / $modwidth;
                                                        
              $modheight = $height / $diff; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($file) ; 
              imagecopyresampled($tn, $image, 0, 0, 0, …

Thanks Rob:

hmm... yes, I know what specific categories I want to have linked to specific banners. Let me try your code and see what happens or how far i can take it...

I guess I would have to have a recordset for every banner-to-category match i wanna do, ha?? OK, let me play with it, let you know how it goes...

Thanks!

hello, all:

I am trying to make it so I can show a banner according to a blog articles's category(ries). per example if a posting (or postings) appears under category 101, then show banner1, if it appears on category 102, show banner2, if category 103 show banner3 and so forth. Problem is a post can belong to several categories, along 2 separate tables, in one-to-many relationship. I want the script to 'see" that a post appears in any of these specific categories and show its appropriate banner. This is a Wordpress blog setup.

After I created a mysql script to bring all records into my webpage, I then created a another if-else statement to call up each banner accordingly, something like "if category xxx appears show banner1, else if category zzz appears then show banner2, else if category yyy appears then show banner3, else show ALL banners.

So, right now, the problem is, if an article is tagged with ONLY that specific category, it works fine, it shows proper banner, BUT if an article is tagged across several categories, INCLUDING the one specific one (like belonging to categories 101, 12, 6, 200, etc), then it show's all banners, I figure cause it's obviously reading all other categories, and therefore shows all banners. But it should show ONLY the one banner associated with the specific category in question (in this case 101).

Here are the 2 related tables which have the common post id field (see example entries, and there are …

hello, all:

I design web pages and was wandering if there is a way so that one can show a design or a web-page on any browser, but the html code (or all respective image files, css, etc) can't be viewed or downlaoded from a browser?? I thought maybe thru php one could do that. I believe one can per example have images appear on browser but have it parsed thru php in a way that they couldn't be dragged-copied, or copy pasted into desktop or other application from a browser...

In other words, be able to protect content.

Thanks, appreciate any feedback!

Thanks Mvied!

Hello, all:

Wandering if anybody can help me with this:

can I have more than one htaccess file in a site? as in having htaccess files in subdirectories to control or specify how files in that directory refer to "include" files? so that if I have a mini-site within a site (as in www.mysite.com/sports), the sports sections will only read includes that are inside the Sports folder and not the root folder?

is that even the proper way to do that??

Thanks for your help!

Hello, all:

I have this issue with my includes files; I have this code in my htaccess file so that files that use any of these includes automatically read the includes from root folder.

php_value include_path ".:/home/server/domains/mysite.com/html"

they seem to work OK, but for some reason the images inside those includes files are not being rendered in some of the files that are within deeper subdirectory folders; it does read the html, but not the images... I thought maybe if I made the source-image reference for them to be absolute instead of relative (so use http://www.mysite.com/images/myimage.jpg) woudl solve the problem, but that didnt work either. It's stranger, cause in some other subdirectory files that use these includes the images appear!

Am I doing something wrong? do includes need to be off the root folder, but in its own "includes" folder for them to work properly??

Any feedback truly appreciated!

Thanks

Hello, all:

I thought I could convert a basic upload script into a MULTIPLE file upload by simply adding a FOREACH loop to it, but doesnt seem to do it. Not sure if I am setting it up correctly. It looks like it does recognize the array since it does give me the "There was an error uploading the file..." warning three times. Appreciate any help on this!
Here is the html form and php code ( all residing in same page):

<?


if (isset($_POST[submit])) {

$uploadArray= array();
$uploadArray[] = $_POST['uploadedfile'];
$uploadArray[] = $_POST['uploadedfile2'];
$uploadArray[] = $_POST['uploadedfile3'];

foreach($uploadArray as $file) {


$target_path = "upload/";

$target_path = $target_path . basename( $_FILES['$file']['name']); 

if(move_uploaded_file($_FILES['$file']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['$file']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
}

}

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
</head>

<body>


<form enctype="multipart/form-data" action="upload-simple.php" method="POST">
  <p>
    <input type="hidden" name="MAX_FILE_SIZE" value="100000" />
    Choose a file to upload: 
  <input name="uploadedfile" type="file" />
  </p>
  <p>Choose a file to upload:
    <input name="uploadedfile2" type="file" />
  </p>
  <p>Choose a file to upload:
    <input name="uploadedfile3" type="file" />    
    <br />
    <input name="submit" type="submit" id="submit" value="submit" />
      </p>
</form>

</body>
</html>

thanks both of you for your replies...
Gonna check over the wireshark too and see how it goes.

Thanks!

Hello, All:

I have a php enabled site, and as of late it's been doing the strangest thing, when I make any changes to any of the pages residing under the main html site folder, they seem to take forever to upload (be it pages or images); but if I make any changes to any files under a sub-folder, they upload just fine!...

I thought maybe my database-mysql connections were the problem, or maybe the include files, but it seems to do it even in a regular html file, or an image, so not sure what the hell is going on. I have other sites with same server company, and they are working fine too; so I dont think it's problem on the server-compnay side.

I work with Dreamweaver, so I re-checked settings, even reloaded the software and reset all, but nothing. The main-folder files still take forever to upload. Does anybody there has any ideas why its doing this??

Thanks!

I forgot to mention that I do have access to the "confirmation" page template; i can put php code there, but it just has basic html code, with other "cart" codes that get pulled but which I cant see or dont have access to. Perhaps I need to study that template again and can figure out some of this proprietary codes...