Stefano Mtangoo 455 Senior Poster

Well, the way it usually works when a member suggests a new forum is required is for that member to prove it is needed by doing the donkey work and throwing a bunch of links in the direction of management (in this thread is fine) to current and active and relevant posts in other forums that show there is a demand for it...

I got it HG :)
Let me dog around... On hunt! ;)

Stefano Mtangoo 455 Senior Poster

Specific questions would be language or platform dependent. So I'd say whichever language or platform forum is most relevant.

I agree, because there is no specific forum :)

It may be a big area, but is there enough demand for a specialized forum?

I think that is very good question that I have no answer for now. May be let us buy time tracking the needs before create that forum/subforum. I think you have a good point.
Now my question is, how can we know, since (talking of me) I don't visit each forum? I know due to your (and other mods) tasks, you even have heavy load to tracks forums? May be make a poll?

Stefano Mtangoo 455 Senior Poster

the 2nd, it comes from the mysql table (with double quotes escaped: <span style=\"background-color:yellow\">Expires $expdat.</span>. There's something being lost when the value comes from the table.

The problem is how you insert than the display part. Show us relevant code of your insert, especially how you construct SQL query!

faroukmuhammad commented: Yes, there may be mokey business inside the table +3
Stefano Mtangoo 455 Senior Poster

The security you want are you looking for forums to prevent hackers. Not sure about other parts of your question but your network security, seems like something i can help with. And whom are you protecting against? Like Hackers, virus or other related stuff?

Hi,
it is much of discussion than a problem :)

Stefano Mtangoo 455 Senior Poster

You may want to read up on the responses of these threads. I'll bet the same answer applies, get a lot of threads on the subject first.

Hi Pritaeas,
I just thought that security issues have no forum and might be asked in different forums.
But anyway, If it is not needed for now, then it is fine. I don't like to be shovelitist ;)

Stefano Mtangoo 455 Senior Poster

General discussions of security from a developer's perspective would fit in the Computer Science forum.

what about specific? May be make a subforum there?
I think security is big area that demands its own forum. But then that is my opinion :)

Stefano Mtangoo 455 Senior Poster

Started from scratch with linux mint debian.
If I can't get it working tonight, I'll try something new, could try ubuntu, but thought might be nice to try something a little less common.
Since using fedora on laptop, and ubuntu server on computer society server, means I'll learn how to use them, so thought might aswell try something else to try to increase/expand my knowledge/understanding of linux systems and how to use them.

Mint is based on Ubuntu with green colors :)

Stefano Mtangoo 455 Senior Poster

echoing escaped data from a database

This displays properly:

$dclaim = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

This doesn't and I don't know why:

//$dclaim same as above except from a mysql table including escaped quotes
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

What am I missing?

what does it print? How do you insert in Database?

Stefano Mtangoo 455 Senior Poster

-> encryption & descryption

I don't think it is good idea. I always do hashing!

-> set very restrictive permissions for MySQL users

Noted, thanks!

-> restricting user input characters (username / login id)

I think this is validation, or I'm missing something?

-> escaping characters

and also refer the link :
http://www.learnphponline.com/security/sql-injection-prevention-mysql-php

Thanks I will have a look!

Stefano Mtangoo 455 Senior Poster

Or were you thinking of something different?

I mean from developer's perspective: XSS, SQL injections CSRF.... you know what I'm talking about! Also there could be sub forums like Network Security, Web app security, Desktop app security et al

Stefano Mtangoo 455 Senior Poster

Sorry, have managed to get distros to install now (am trying linux mint debian atm)
Am now having a whole new set of issues with wine/ati drivers :P
Any suggestions whether a different distro would be better for it?
Will just be used for samba sharing, and gaming every now and again (eve and steam)

try ubuntu and see. I have never had issues with drivers and all my machines happened to be varieties of PHP/Compaq

Stefano Mtangoo 455 Senior Poster

May I request there be a security forum(s) so that there be discussion on security issues
Thanks!

Stefano Mtangoo 455 Senior Poster

I would use foreach in this case

Stefano Mtangoo 455 Senior Poster

Hi,
I'm becoming more paranoid of security issues (Not Insane anyway :)) and would like to ask you guys what do you do to prevent SQL injection apart from using parametrized query and data validation.
Thanks

Stefano Mtangoo 455 Senior Poster

Hi friends,

This is my first post in this forum.Also first about linux programming. I want to run a small linux application as a deamon. I configure it to load on startup. It's working without any problem. Now I want to get the console window of this deamon if it run as a standalone proggrame like ./myapp. How can I get the debug info in another console ? Please help me.

I don't think it is Linux question. However, just make daemon write debug info and the other program will read the file

Stefano Mtangoo 455 Senior Poster

But I can't install the OS, that's the problem
I try to, and I'm presented with a screen showing the text above

Tried Ubuntu? Where did you failed?

Stefano Mtangoo 455 Senior Poster

Anyway, to install Gnome 3 via a ppa, this is what I used when I was trying it on Ubuntu 11.04: (official Gnome 3 ppa)

sudo add-apt-repository ppa:gnome3-team/gnome3
sudo apt-get update
sudo apt-get dist upgrade -f
sudo apt-get install gnome-shell
From a fresh install of Ubuntu, I'd recommend sorting out your connection problems, then use the update manager to get any important system updates before attempting to install Gnome3 from the ppa!

If you have natty and you execute the code in red, it will upgrade to Oneiric alpha. It almost did with my Installation and It is hard to revert!

Stefano Mtangoo 455 Senior Poster
Stefano Mtangoo 455 Senior Poster

Hi,
I have The mentioned Box and it is working with windows. But I always use my Linux box (a lot of my data are there) and I would like to use it with Linux (Ubuntu Debian). Please help me point where I can fond drivers.
Product:
LW-UTVFM
USB TV Tuner with FM
Watch & Record TV Channel
Real time Digital Video Recording
Built-in FM

Home Page for product
Thanks

Stefano Mtangoo 455 Senior Poster

In Eclipse:
run->run configurations
Do server configuration (use selected server->configure)
Then run active file using these configs

Stefano Mtangoo 455 Senior Poster

Yea. It's working. But the same problem happen.

The code is working if i connect to my localhost server. However, once i changed to another server, it's now working. Instead of giving me an excel file, it displays all the result on the html page.

Did you change the file path too? I have not looked at the module though!

Stefano Mtangoo 455 Senior Poster

I always get this error:
"Error updating joke: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"

There's something about this part of my code that causes that error and I just can't figure out what that is. help please :(

$id = mysql_real_escape_string($_POST['id']);
	$text = mysql_real_escape_string($_POST['text']);
	$sql = mysql_query("UPDATE joke SET joketext='$text' WHERE id=$id");

comment the above codes and replace with this and post its output

$id = mysql_real_escape_string($_POST['id']);
$text = mysql_real_escape_string($_POST['text']);
$sql = mysql_query("UPDATE joke SET joketext='$text' WHERE id=$id");
print_r($_POST);
echo "<br />";
echo $sql;
die();
Stefano Mtangoo 455 Senior Poster

try:

$result_1= mysqli_query($link, "SELECT $criteria FROM table ORDER BY $crieria ASC") or die( mysqli_error($link) );

Always let PHP display errors for you in development. Another way described in PHP Manual is:

/* Create table doesn't return a resultset */
if (mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City") === TRUE) {
    printf("Table myCity successfully created.\n");
}

/* Select queries return a resultset */
if ($result = mysqli_query($link, "SELECT Name FROM City LIMIT 10")) {
    printf("Select returned %d rows.\n", mysqli_num_rows($result));

    /* free result set */
    mysqli_free_result($result);
}
Stefano Mtangoo 455 Senior Poster

Except $theValue comes from a mysql table. That, apparently, changes things. I've been struggling with this. If you needed to display: <span style=\"background-color:yellow\">Expires ' . $expdat . '. </span> from a mysql table.

and $expdat = 06/09/12

How would you do it?

What is your question? Escape data for DB or echoing escaped data? Your question is ambiguous!

Stefano Mtangoo 455 Senior Poster

If you must start session after sending output (headers), consider ob_start()
This post is also useful

Stefano Mtangoo 455 Senior Poster

Session_start() should be at the top of your file. If that is the case then check this comment, you might read all comments too

Stefano Mtangoo 455 Senior Poster

It is a good warning without suggestion :)

I will mark it solved, but you can add anything :)

Stefano Mtangoo 455 Senior Poster

The unix time stamp is the number of seconds since Jan 1st, 1970 midnight (something like that). Because we are dealing with numbers like this, you can add and subtract seconds, minutes, hours, days, weeks, months and years - do whatever you need to do with the date - and display the proper date What if it's a leap year? Using the time stamp lets you do what you need to do with the date, then display it without worrying about things like "how many days were in that month, is it June 31st, or July 1st". You know, what if it's a leap year, how are you going to know? Unix time stamp keeps track of the relative date to Jan 1st 1970 12am, and then when you convert the time stamp to a date, PHP handles all the leap year stuff, etc.

Does that help with time stamps?

So timezones.

First read this: http://en.wikipedia.org/wiki/Time_zone

Your PHP system has a timezone set for where the server is, but your users might be in a different timezone and see the wrong time. So you should use Javascript for displaying dates the user will see.

Note Do not use Javascript / AJAX to change PHP's timezone users. For example, If you timestamp when a failed login takes place and limit how many login attempts the user can do within that time, a hacker might set a different timezone with every few attempts and get around it.

Does this help?

Stefano Mtangoo 455 Senior Poster
Stefano Mtangoo 455 Senior Poster

Thanks guys. I have found timezones, Unix timestamps et al little bit confusing...and since I don't usually deal with Date/Times a lot...

Stefano Mtangoo 455 Senior Poster

First of all, thank you to everyone for helping me with this. It takes me one step(or more actually) further to learning web design.

I still need you help on showing the user an code already used error if he tries to use that again. I will post here if in the mean time i find how.

@cjohnweb: I am sorry, since i am a beginner, i don;t know exactly how to implement in the script that part (and at the same time keeping what you gave me already).

You are welcome!

Stefano Mtangoo 455 Senior Poster

Eureka, your post is not delivering data to insert.php because of the "disable" tag in the input box. I just tried the two and i found that the one with disable is not sending the disabled value while the one without does...

Man, you are brilliant. I was finding a fault all around the room and I didn't see that needle.
Bravo!

Stefano Mtangoo 455 Senior Poster

great trick. Unless there is simpler way to deal with that, making chars instead of datetime is great idea.
I will leave open for more ideas.

Stefano Mtangoo 455 Senior Poster

I got no param was present...

tried my suggestion?

Stefano Mtangoo 455 Senior Poster

O.k remove the apostrophe enclosing the "0", if the field is not char, varchar, text, etc.

mysql_query(" UPDATE table_name SET code_used= 0 WHERE param_code ='$submit' ", $con) or die (mysql_error());

In My Installation it makes no difference whether I use 0 or '0' in my TINYINT(1)

Stefano Mtangoo 455 Senior Poster
if(empty($_GET))
    echo "<h2>The request is invalid</h2>";
else
	$coupon_code = ($_GET[coupon]);

This will not check if specific field is empty. Since $_GET will always have submit button value so it will pass. Do something like this

if(empty($_GET['couponcode']))
    echo "<h2>The request is invalid</h2>";
else
	$coupon_code = ($_GET['couponcode']);
<input type="text" name="couponcode" disabled value="<? print_r ($coupon_code); ?>">

print_r is for arrays

Stefano Mtangoo 455 Senior Poster

This have been a problem to me for long now and I want to settle it once and for all.
PHP and MySQL DateTime and date fields have been headache to me.
Suppose I have fields
------Name--------------BirthDate--------LastTimeYouAte--
------VARCHAR(255)------DATE-------------DATETIME--------

Now, When I do insert, How do I format PHP Date and DateTime to insert into db when:
1. I want to use current date
2. I want to enter the date/datetime manually (Like JQuery Calender)

Thanks

Stefano Mtangoo 455 Senior Poster

http://www.daniweb.com/web-development/php/threads/372581/1603471#post1603471

But you did change some code removing htmspecialchar et al

Stefano Mtangoo 455 Senior Poster

I cannot see anything wrong with your code. please post two files contents (full) one with form and insert.php

Stefano Mtangoo 455 Senior Poster

This is shown on the webpage:

That means the only thing in POST is that one. Post your form code!

Stefano Mtangoo 455 Senior Poster

Is not printing it. Maybe i am doing it wrong:

if(isset($_POST['usecode']))
{
  $submit = $_POST['couponcode'];
  $sql = " UPDATE coupons SET coupon_used= '0' WHERE coupon_code = '$submit' ";
  print $submit;
}

do this

print_r($_POST);
echo "<br />";
 if(isset($_POST['usecode']))
{
  $submit = $_POST['couponcode'];
  $sql = " UPDATE coupons SET coupon_used= '0' WHERE coupon_code = '$submit' ";
  echo $submit;
die()
}
Stefano Mtangoo 455 Senior Poster

I think that's probably the easiest way for now. Thanks for the help anyway :3

You are welcome :)
You can mark it solved if you think it is!

Stefano Mtangoo 455 Senior Poster

well, the code as i posted it works if i change this line:

to

$sql = " UPDATE coupons SET coupon_used= '0' WHERE coupon_code = 'abc2qsaa' ";

where abc2qsaa is one of the codes in my database.

I have made the changes you suggested as well, but the database still doesn't get updated.

this information is useful. Now, print the value of $submit and hence whole $sql and post result

Stefano Mtangoo 455 Senior Poster

Hey, i updated the script. Still no changes to the database. I think there is something i am missing

What do you currently have?

Stefano Mtangoo 455 Senior Poster

I'm not that experienced in PHP to be perfectly honest, I know how to do quite a bit, but a lot of it I'm still learning. Maybe I'm going a bit out of my depth with this :/

If so then for now just use PHP include and put sections in php files

Stefano Mtangoo 455 Senior Poster

For the project I'm working on, it has to have a changeable template system, so the users can make their own HTML templates to work with the system. However, I have no clue how to even go about doing this. Any help would be appreciated, thanks.

I'm interested to see any other solution apart from templates and PHP include

Stefano Mtangoo 455 Senior Poster
Stefano Mtangoo 455 Senior Poster

I am using session variables, it is working on local but I run on server, it is not running. I am using Jquery

Where are you running PHP and How? WAMP? LAMP? MAMP?

Stefano Mtangoo 455 Senior Poster

Where am i suppose to write this "mysql -h localhost -u root -p". and how can i scan the ports is der any command for that. tell me the steps to do this. I am using windows7 home premium. wamp server and mysql 5.1.53, apache 2.2.17. thanks for replyng to my problem

On Command line (Window Key+R then type cmd then return key) then type mysql .....

On how to scan ports see:
http://www.petri.co.il/quickly_find_local_open_ports.htm
http://www.petri.co.il/quickly_find_local_open_ports_gui.htm

Post results here

Stefano Mtangoo 455 Senior Poster

Check JS libraries. They simplify AJAX calls to single or two functions.
there is JQuery, Scriptaculous, moo tools et al!