I don't use $_RESQUEST in anyways NOT EVEN as a last resort.."People" should exclude me :) at all cost..
I am just trying to respond based on the codes that were already written and presented that's all. Besides, it is the programmers choice which function to use, otherwise if he is asking for security advice, then it would be the perfect time to discuss what are the consequences of using $_REQUEST shall bring.
ch = string.split(words)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/string.py", line 292, in split
return s.split(sep, maxsplit)
AttributeError: 'list' object has no attribute 'split'
still in trouble
Lists are not to be split that way. Check slicing Video or tutorial
this code stops multiple submission, so move your data there! Also wrap your connection in function and call that function each time you want to connect. Also you can make those insert stuffs can be also wrapped in function. And last warning, stop using REQUEST use either POST or GET explicitly!
Ignore above examples they don't do what I think of. I have rolled simple example for you because I will be offline soon. Toy with it and make it suite your need
<?php
session_start();
if(!isset($_SESSION['mail_send_allowed'])){
$_SESSION['mail_send_allowed'] = true;
}
if($_SESSION['mail_send_allowed']){
$_SESSION['timeout'] = time();
}
$form = <<<EOT
<form action={$_SERVER["PHP_SELF"]} method="post">
<label for="heading"><strong>Email Title</strong></label>
<input type="text" name="heading" />
<br /><br />
<label for="body"><strong>Email Body</strong></label>
<input type="text" name="body" " />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
EOT;
if(isset($_POST["submit"])){
if ($_SESSION['mail_send_allowed']) {
// do validation and checks and send email here
//check for valid values and send email, for now I will just echo output
echo "Heading is: " . $_POST['heading'] ."<br />and body is <br />". $_POST['body'];
//next time don't come here until time is expired
$_SESSION['mail_send_allowed'] = false;
} else{
die("No Spamming with my contact box...");
if(!$_SESSION['timeout'] + 10 * 60 < time()){
$_SESSION['mail_send_allowed'] = false;
}
}
}else{
echo $form;
}
Thanks.. but I tried this, but still nogo.. for some reason when the user clicks the submit button again it is still allowing the form to send again.. and not checking the time interval...?? What might I be missing here..?? Thanks in advance..
<?php $_SESSION = time();
if ($_SESSION + 10 * 60 < time()) { // session timed out } else { // session ok } ?>
actually you are not doing anything here. check an example. Also use code tags
<?php
$_SESSION['timeout'] = time();
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out --log him out. For now we will just kill the script
die("Session have timed out");
exit(1);
}
?>
Hi, Is there tutorial somewhereto use Python with EWS? I'm trying to develop a program that will interact with Microsoft Exchange Server without using managed services Thanks
A little stuck here - i have a file containing info like this: Name: Some Name Email: some@email.com I'm using file_get_contents to read the file and then i want to get the name. I have it like
however it returns nothing. Maybe anyone has an idea how to make this work?
Thanks.
Form PHP Manual: preg_match() returns the number of times pattern matches. That will be either 0 times (no match) or 1 time because preg_match() will stop searching after the first match. preg_match_all() on the contrary will continue until it reaches the end of subject. preg_match() returns FALSE if an error occurred.
Ubuntu is debian family of Linux Distros. So you can install using dpkg with command sudo dpkg -i my_package_name.deb or just windowish, right click the file and open with either GDebi or software center (if you didnt disturb things just double click it!)
System32 is one of those folders. Why not just put exe and dll in same folder? I always hate to put non system DLLs into my system folder. Alternatively just create libraries folder somewhere and add it to system PATH!
I want to know what method to use to view Images from my MYSQL database using PHP. i know that for basic data it is getString(). what about for images?
Very good link and I was right, that plus is not needed!
Outgoing mail server (SMTP) settings
SMTP server: smtp.mail.yahoo.com Use SSL Port: 465 Use authentication Account Name/Login Name: Your Yahoo! Mail ID (your email address without the "@domain.com", for example, “jo.bloggs”) Email Address: Your Yahoo! Mail address (for example, jo.bloggs@yahoo.com) Password: Your Yahoo! Mail password
The message is clear, Authentication failed! Are you sure your smtp details are ok? May be you contact yahoo for this (since it seems you have bought plus package) else try to remove the plus and just leave smtp.mail.yahoo.com
I saw that two url's. In my application i have many pages, in that one of the page i pasted that code. eg: hr->employee->view i pasted the code. i visit the hr->emplpoyee->view page and i moved some page in the same application. after some time which is i mentioned as logout time in code. i revisit hr->view->employee. its getting logout. but i need to logout only the user who is idle for some time in a page.
The code still applies. You just put that code in a file and may be a function or whatever way you want to organize. Then you include the file at the top of any page. If you use MVC approach then work becomes easy, you put that code either in your front controller or in your routing class.
Original Sequence: Array Sorted Numbers: 16 7 9 12 17 34 65 99 Largest Number: 99 Smallest Number: 6 Average Number: 31.125
first your question is not clear as for what you want to archieve and how you try to. That being said in my code there is no Sorted number and I wonder why would foreach loop print "Array"
Hi. I am making a membership application in which users will need to login and then can make a reservation, edit their previous reservation, cancel etc, and in which admin will be able to add new users, edit all reservation etc. So I would like to ask you is php good choice for doing that and which program would you suggest, if any, or some other tool, I was thinking to do it with Dreamweaver, Any help is appreciated. Thanks.
-------------------------------------------------------------------------------- Kepada : Kamu Subject : AdditivePesan : PesanDari : David Error sending: Message body empty Telah dilakukan!
You have to put a token in your security checks that is renewable for each page click. That is a session variable storing last time user accessed a page and when user sends new request find difference btwn current time and session variable. If it is greater than permissible time kill session and send him to login page This thread have snippet that illustrates what I say
EDIT I found a good question with nice answers on SO
I need help with displaying the original order of the numbers selected, and when i try to do "is_numeric" my output goes blank or it only displays the error message i created.
Why do you put POST variable directly into query? clean them or use PDO bind. Here is a short example. Change it to suit your need. MySQL future is not blue so make sure you use MySQLi or PDO
Ok i am trying to create a simple program that will allow me to use an array with 8 numbers, the output form should show the numbers in their original order that the user inputs them, in numerical order, Highest number, lowest number and then the average number. If anyone could help me it would be much appreciated. here's waht i have so far.
If i had to pass an array of say blog post to the template how would the template loop for each object in an array?
Also sorry for the communication break down.
No need to loop if array is associative. add function below and see usage at the bottom. Let me know how much helpful is this approach as I'm still reasearching if it is the better way.
public function set_array($values_array){
$this->values=$values_array;
}
PDO or MySQLi is replacement for mysl_** I propose using PDO if database portability is an issue otherwise use mysqli_** as it is good replacement (for legacy code) than PDO
Hi, I have DAL class and I have done Query Parametrization to avoid SQL injection. As you can see the weakpoing for Dynamic Query is table_name and column name. I have made small function to (hopefully) validate table variable before I can add to SQL command string. Now I was struggling if I should do the same for columns. Someone here have proposed that I make a whitelist. Since it is not guaranteed that I alone will use the DA: then it is a challenge on how to make that white list. I have tried to think of post install script that *MUST* be called fter installation which colllects whitelits for tables and columns. That will make it easy to validate tables and columns but then, I will have added overhead and restrictions to users. So my questions are: 1. Is Regex function like this enough to validate tables name? the function in question:
private function validate_table($table) {
//validates that the table contains no character than A-Z 0-9 _-
$regex = '/^[a-zA-Z0-9_$]+$/'; //[0-9,a-z,A-Z$_]
if (preg_match($regex, $table)) {
return true;
} else {
return false;
}
}
2. Is Regex approach like used in 1 suitable for columns too? 3. Is post-install script approach worth of adding trouble? 4. How do you do to protect against SQL injection in your dynamic query if you have any?
I'm not really trying to load a template, my template is loaded already. Take a look below.
I have a admin panel with the wysiwyg editor, a user types in,
<h1>Contact Us</h1>
<p>
Need to get in touch with us? Drop us a line. We'd love to hear from you. You may also call, fax, email, or even write us a letter.</p>
<p>{include %contactForm.php%}</p>
this is saved into my database in bodyRight
now when the page is viewed it gets my template of below
