Posts by Stefano Mtangoo

users table should have a 'usertype' field, e.g. 0 = unconfirmed, 1 = user, 2 = moderator, 4 = admin etc. Whatever you need.

when user logs in, check the DB, get the usertype and place it in a session var as already described. This var then allows or refuses entry to certain pages, or even shows different data on a page, e.g extra nav items or sidebar quickactions etc.

I agree with Ardav....plus...welcome to the world of black hat bad boys :)

You mix things here. Pse take time to read these:
PDO
http://www.phpeveryday.com/articles/PDO-Prepared-Statement-P550.html
MySQLi
http://devzone.zend.com/article/686

The two:
http://www.sitepoint.com/forums/php-application-design-147/mysqli-vs-pdo-prepared-statements-665694.html
http://stackoverflow.com/questions/770782/moving-from-mysql-to-mysqli-or-pdo
http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons
http://ak33m.com/?p=59

These post can be helpful:
http://www.ibm.com/developerworks/xml/library/x-youtubeapi/
http://code.google.com/apis/youtube/2.0/developers_guide_php.html

if using js, server not involved, therefore no mysql.
if using php, can't see mysql being involved anyway for a simple calculator.

May be storing answers blah blah? But then it will not be "simple calculator"

the regex for one or more digits is /^\d+$/

I'm trying to catch up with latest news on REGEX.
Thanks for correction :)

Thanks everyone you gave me good explanations and references, my head no longer hurts about constructors :D

Welcome and enjoy!

Well it shows how to read and write but not specific line. For example i want to change the fullscreen to 0 how would i do it?

No Spoonfeeding right?
http://www.cplusplus.com/reference/iostream/istream/seekg/
http://www.cplusplus.com/reference/iostream/istream/tellg/
Now, come out with something from here!

oh so when there are multiple constructors you are overloading the constructors

Constructor is a "special" method. It can be overloaded like any other method. Note that Constructor should not return anything!

PHP is on server side and HTML page is on client. So practically impossible unless you do echo the variable either hold in session or file to include. Then keep modify that between pages!

tried this?

Method that get called automatically when objects get created from Class. You can perfom initialization there

class Person{
    public int height, weight;
    //Ctor - Can be more than one aka overloaded
    public void Person(){
	//Do init here
	height = 100;
	weight = 250;
	
    }



};

see:
http://en.wikipedia.org/wiki/Class_%28computer_programming%29#Special_methods
http://www.cplusplus.com/doc/tutorial/classes/

Just as error says: $out is defined in the Loop and it dies out once loop is finished.
Move it out of the loop!

$title = $_POST['title'];
	$post = addslashes($_POST['text']);
	
	function nl2p($str) {
    $arr=explode("\n",$str);
    $out="";
    for($i=0;$i<count($arr);$i++) {
        if(strlen(trim($arr[$i]))>0)
            $out.='<p>'.trim($arr[$i]).'</p>';
    }
    return $out;
}
	$post = nl2p($post);

The thread starter admits he's a noob, so he doesn't understand the php solution - nice though it is.

I hope I have not added to confusion :)

I would suggest:
1. Use $_SERVER for your action
2. At the top of your file put something like
if(your_form_is_submitted){
//do your stuffs
}
3. Validate using REGEX and PHP's preg_match
$match = "/[0-9]/";
$input_from_form = $_POST;
if(!preg_match($match, $input_from_form)){
//echo error here
}

Check their Wiki FAQ
Else, google is your friend

.... Linux? The O/S is know to be a geek's O/S. You need to know more about the system to get things running. It's like using a car with a manual transmission -- more control, more knowledge needed. Not a bad thing.

Windows is the automatic transmission of the O/S world -- put it in drive and step on the gas. Any lameoid can use it.

Mh! When was your last time to play with Linux? Which Distro did you fiddle around with?
With Ubuntu (at least starting from version 10.04) and Fedora (From version 12, at least) they just work!
Anyway that is kind of myth even my friends had. They didn't even knew that 10.04 was Ubuntu, let alone being Linux! May be they thought it was Mac OSz;)

For years when people post that they are using Turbo-C/C++ they always get a heated response saying basically "why are you using that piece of sh*t? Use Dev-C++ instead."

Dev-C++ was being recommended because it's newer, it followed the standard better, it's free, etc. A couple years ago, though, it stopped being supported. Now, just because it's not being supported, it's now terrible? It even elicits responses like

Buggy? If it was so buggy, why was it being recommended for so many years? What kind of bugs does it have? And why are programmers dissing it all of a sudden? When it became unsupported did it also break?

Here is why I don't recommend Dev-Cpp
1. Outdated Mingw (If you are so in love with it, compile/configure it yourself to the latest)
2. No Support, in case of any bug. The argument goes like this: If you find something buggy, no one will fix it for you. So why try it when there is better alternative?
3. Bad interface (At least for me), very ugly - But then, the pragmatist says: who cares? I do :)

If you insists on Dev-Cpp, there is active version developed called wxDevCpp (wxWidgets RAD + DevCpp). I would recommend though CodeLite (Which I use) and its rival, Code::Blocks. There are other like KDevelop et al but I have never loved them enough to learn them.

Like ardav said you could use array where username is key and his status be value like evstevemd=>idle
and use

if(!array_key_exists($username)){
    array[$key] = "active";
}

Nothing tested, but just to give an idea!

@evstevemd thanks! You started the final solution!

:)

Thanks you both, really! ;)

Warm regards from Spain!

Welcome to DW!

:) Ajax is on your plan and you have to hand your work in on Monday??

I think you'll need more time. You may find some shortcuts through jQuery. You won't be an expert in a day, but you might be able to scrape your way home.

Agree! +1

somthing like:

pseudo code:

<?php
$fileurl = 'www.somedomain.com/somefile.file'
<?
<html>

.......s1.addVariable("file", echo $fileurl)........
</html>

?

What are you trying to accomplish?

Next time, post the error message. It is helpful sometimes even without reading a code to spot error!

@evstevemd can it handle variables between php and htl?

To send Variable to HTML just echo it, to send it to PHP however you either us POST/GET or use AJAX.

I don't know so much about AJAX but it's on my plan.
I think this would be solve with javascript or php code.

Your problem is likely AJAX one and there is no shortcut but learn it. Do not be afraid, it you know JS/SSL like PHP then Ajax is just learning the magic of XMLHttp object and bem! you have it :)
All the best!

Have you ever heard of a beast called AJAX? If not try learn it here

When is it the best time to close a database connect? Is it good to close it on every scripting page i do that uses it?

I use a database singleton design pattern. That makes easy with single close throughout the session!

Have you checked $_SERVER?

echo $_SERVER['PHP_SELF'];

surely there must be some way but m not getting the way to invoke that particular URL structure... Can you please help?

How is it supposed to work?

Thanks pixelsoul... but the problem is i have hundred of quizzes so that would need hundred of separate pages... Can you suggest me any other possible way?

cant they share single page with different IDs?
quiz.php?quizId=123

as evstevemd said,use some trick like addslashes to escape '

//example
//when submit or click login
$uname = $_POST['username'];
$pwd = $_POST['password'];
$query = mysql_query("select * from profile where username='".addslahes($uname)."' and password='".addslahses($pwd)."' ");

Don't use addslashes, it is not safe! The mores safe way, I suggest is using prepared statement available in PDO and mysqli. I recommend the latter (as do PHP sec team).
see:
http://stackoverflow.com/questions/860954/examples-of-sql-injections-through-addslashes
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
http://cow.neondragon.net/index.php/1302-Addslashes-Allows-Sql-Injection-Attacks
http://hakipedia.com/index.php/SQL_Injection
http://www.php.net/manual/en/function.addslashes.php#98488
et al

Check the APIs
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/library_download_sdks#NVP

take your pick

My Fav is this one

<link rel="stylesheet" type="text/css" href="/menu/menu_style.css">

Hi,

I was thinking to put people business contact information in my site with their email, phone, address(like list of doctors, lawyers, accounts, ...) in my site. I will collect those information from different news papers. Am i allowed to put those information in my site or i have to get approval from each individual ??

Pls advise.

Thanks.

It depends on:
1. How you collect Information (and if you told them during collection of exposing their info)
2. What will you display and security of your web and who will see, of course
3. Cyber laws of your country and privacy laws (we aren't global government yet :))

Like what've said, it's just a Fail safe option where in if "ever" the security failed to protect it from SQLInjections, this will make sure that using an SQL Injection cannot retrieve the Admin accounts. just saying...

Just a trick, Add LIMIT=1 to your queries that retrieves one record. That will limit the extend of data retrieved in case of compromise to 1 row. That being said, your admin HAVE to be NOT user 1

<form id="form1" name="form1" method="post" action="changepassword.php">
Where is this file?
1. your code is a bit cluttered
2. Dont use REQUEST! Use explicitly either POST or GET
3. Instead of

mysql_connect("$host", "$username", "$password")or die("cannot connect");

use

mysql_connect("$host", "$username", "$password")or die("Error:" .mysql_error());

and post error message you get!

have you checked http://drupal.org/node/571206

I would use following steps:
1. Put Tables in array

mysql_connect($server, $login, $password);
$res = mysql_query("SHOW TABLES FROM $db");
$tables = array();
while($row = mysql_fetch_array($res, MYSQL_NUM)) {
    $tables[] = "$row[0]";
}

2. Loop the array and query each table.
Now it is up to you to test my "workable" theory!
Also for (1) you can use mysql_list_table

The / is escaped because it signifies the end (or start) of the pattern.
Only pattern modifiers can follow after that.

And there is no difference between those two.

Thanks. Issue solved!

$regex = '/^[0-9]{5,}\/[a-zA-Z]\.[0-9]{2,}$/';

Thanks a lot, someone answered here. Can I know why is / escaped? I thought only \ is escaped :-O
Also doe these two differ as far as regex is concerned?

$regex = '/^[0-9]{5,}\/[a-zA-Z]\.[0-9]{2,}$/';

$regex = "/^[0-9]{5,}\/[a-zA-Z]\.[0-9]{2,}$/";

Friends, I'm rushing towards deadline and I think that makes me do childish mistakes. Here I have validation that requires regex and each time I input valid expression preg_match returns false. It is long now I'm trying to spot error but I cannot! I have googled and AFAICS, things seems alright please help me spot the error. Thanks, Stefano

<?php
    
    $string = "37961/T.08";//valid ID, it is supposed to match
    $regex = '/^[0-9]{5,}/[a-zA-Z]\.[0-9]{2,}/';
    if (preg_match($regex, $string)) {
        echo matched expression!';
    }  else {
        echo 'unmatched expression pattern';//comes here instead of valid regex!
    }
    
    ?>

If you create a logout.php to end user session, do not forget to start the session in this page!, using session_start() at the very begging of your script. Thus,

session_start();
session_unset();
session_destroy();

will be the right sequence to end a user's session.
This is a very basic concept, but took me a while to realize I was forgetting to start the session.

http://www.php.net/manual/en/function.session-unset.php#85144

Post error and relevant codes not everything!

lemme see if I can't explain better..

if I don't log in when I click request it should as me to log in. So I do that and hit request again only it prompts me to log in despite the fact that I have. Like the session variables aren't over writing or something and it doesn't make any sense to me at all.

The thing that's confusing me is that even when I log out its like its not destroying all the session variables. I could take some screencaps and show you what I'm seeing :D

Is English your Xth language? ;)
Anyway,
put session_start() on top of every page before anything else. Then test for a variable you set if you are logged in

if($_SESSION['isLoggedIn']){
    //logged in, send to member area
}
else{
    //is not logged, send him to login page or whaterve
}

Check extension (If it is appended on URL). asp and aspx, php or check the aplication (if you can recognize). This site is likely made by VBullets.

A note to take, there is no such a thing as true random in real world.
That said, there is pseudo random. That said, check rand

I always try to warn anybody new to PHP to beware of the problems that I encountered when I first started.

PHP is easy. Too easy. You code some rubbish, and it works (after a fashion). Before long you're 'coding' complicated stuff with the use of about 10 different built-in functions and a couple of if/elseif/else and switch control structures. Then it hits you.

You're duplicating code all over the place. As your project gets more complicated, you find that you can't scale it and you have to rethink the wiring and start again. Your database needs altering, but this means your data handling routines need to be to be rewritten.

When you look at your code, it's all very messy, mixed up with your html. It's not good.

So, I suggest that you get stuck into creating functions as quickly as possible to avoid duplication of code and then start creating OOP code, using classes. This is something I really struggle with now after a lifetime of 'lazy' procedural coding.

Learn the basics first though:

variables, data types and constants
control structures (if, switch)
arrays
functions
mysql (or whichever DB you're using) functions and data handling
*thorough understanding of (X)HTML and CSS is a must*

After this, you may find using templating engines help you to separate your php from your html. Just a thought.

BTW, I like books. I find them far more relaxing. They are peer-reviewed and are *generally* accurate. Any idiot …

Sha1 is safer than md5, and it's also built in in PHP, so why not use sha1? :) Where md5 returns a 32 character long encrypted hash, sha1 returns a 40 character long encrypted hash. It may not seem like that's a lot of difference, but it is!

I use Sha512 and 128 character length is not a problem to me :)

Ya, I have solved my problem now.. actually I didn't include openAL32 (Object file library) in dev cpp's lib folder...forgotten step..altough thanks !!!

Actually DevCPP is old and dead version...Check its successor, wxDevCPP

February 21th 2005 : Dev-C++ 5 Beta 9.2 (4.9.9.2) released !

wxDevCPP

wxDev-C++ is an extension of Dev-C++ by Colin Laplace et. al. This program helps you to create dialogs and frames for wxWidgets visually using a form designer. With all the wonderful features of Dev-C++, wxDev-C++ is still being actively developed. The main aim of this project is to provide the wxWidgets community with a free, open-source, commercial-grade IDE/RAD tool for development with wxWidgets.

I would Though recommend CodeLite or Code::Blocks

I bought a book a few years back:

"Essential PHP Security" Chris Shiflett (O'Reilly) isbn0-596-00656-x

Good

Yeah, Shiflett is one of the experts on the field. I have learned a lot on his web. Here it is with some helpful security websites:
http://shiflett.org/
http://phpsec.org/projects/guide/

Ok i tried it, it stills gives me an empty row.

And what i just said its working im using the same codes i posted. But you now what i did i went to the database added a row with nothing in it, so whatever username or password i write it just shows me that row with age and address 0 since that what the database has.

Post the form Code as well as your table and its contents