Posts by Stefano Mtangoo

also "it does not work" is not better way to explain problem. Say what and how exactly it does not work!

Did you install wampserver or xampp? Did you start it well? do http://localhost work?
Bing redirects you to search once it fails to locate url. it seems your apache server have issues. Try restarting services or backup your data and reinstall the whole thing

there are couple of security issues to deal with
1. Prevent unauthorized logins. Here you will meet th greatest threat, SQL injection. Once you deal with that thru data validation, whitelisting and preparedstatements you are ready for next challenge.

2. You need to prevent your authentication data mostly session from being hijacked and used against system. Here you will meet jargons like session fixation et al. This can be fixed using differen techniques already on the net if you be dilligent in searching.

3. Lastly you will need to check what you are inputting/outputting. User data are never to trust, so validation validation validation then cleaning. Also when you output data you need to escape them to prevent any XSS attacks

So in summary:
Guard against SQL injection
Protect your session from any attacks
Validate/Escape inputs and outputs from and to users/browsers

I would suggest you do it if you think your level allows you or that your site is not storing sensitive info. Else I would suggest you check ready made solutions or use something like OpenID

string implode ( string $glue , array $pieces )
string implode ( array $pieces )

from PHP Manual

<?php

$array = array('lastname', 'email', 'phone');
$comma_separated = implode(",", $array);

echo $comma_separated; // lastname,email,phone

// Empty string when using an empty array:
var_dump(implode('hello', array())); // string(0) ""

?>

Yes it is called pagination

Sorry, what i ment is that the form is working just fine, but the mail is not sendt to my inbox. I tried to use the exsact same code on another domain and then i got all of the e-mails. This would suggest something is wrong with my server maybe?

can you send mails using same domain with other clients (Outlook Thunderbird et al)?
Try sending using any of those with your settings from phpmail you used above. If it don't work then contact your support/admin

@evstevemd: Actually its not WAMP. It's called WAMPServer and XAMPP is a WAMP cum LAMP
And I think he might have same problem in WAMPServer too because the port must be occupied or if not then its just the XAMPP config. Well, Windows has an inbuilt WAMP called IIS.

Thanks for correction. Sometimes I tend to use terms loosely :)
IIS IMO is commercial, am I wrong?

have stopped working is vague. Please be specific

For example, 12123 will get transformed to 1223 instead of 123, 12342169 will get transformed to 1234169.. it wil replace 2 with 1 and jump to 6 to check if its greater than 1, but it wont check if 1 is greater than 4. if you know what I mean.

you mean sorting?

I'm not sure I got your question. How do you know right element to remove (bad ones)?

make use of print_r each time you get that error and be sure that the mentioned index is part of array!

It seems there is issue with server you are using. I would suggest you install WAMP/XAMPP to avoid the issue!

try rebooting server may be (if local). Cant see anything big with code unless you have loops in your "secret" code !

Newbees should learn to use google :)
If you did here is one of results
http://stackoverflow.com/questions/5164930/fatal-error-maximum-execution-time-of-30-seconds-exceeded

Ardav,
It makes sense to me now especially that bitwise operation!

I'd have these levels built on bits:

master = 16
admin = 8
sup'vr = 4
gp = 2
pat. = 1

SO if storing levels for an user:

if a gp and a master - value = 2 + 16 = 18

store this in your users table

then when user logged in you can check if they are a gp and should see the gp tab like so:

if($row['level'] & 2){
  ..show gp tab...
}

if($row['level'] & 16){
  ..show master tab ..
}

etc.

The beauty of this is that you can keep on adding new levels without having to mess up your DB structure.

though didn't ask the question, I got lost as I was reading :)

So answer is yes, are we solved? :)

enjoy :)

make hidden form element capt_id and make a copy of it in session. When form submitted compare the two. IF they don't match reject form, someone have just tempered to with your form. else process it with variable in session or form (since they are equal)

@ev

Did you understand that? Crickey! I made more sense of a mad Greek taxi driver shouting over his shoulder at me when I was asleep in his cab. :(

I just guessed that he was explaining his project and asking if it was possible to do that with PHP. If I'm wrong, then it does not matter anyway ;)

Maybe I will if I don't find a way to fix it. But I am used to xampp, some configuration, on wamp there migth be some other things I don't know. But thanks of course for this advice also

Actually configuring Wamp is as breeze as right clicking the tray icon and behold all configs are there :)

Yeah it is possible with HTML forms and PHP (sessions)

if you don't mind waste time fixing things you can use Wamp. In windows is what I use!

ending tags and string for values are missing

<input name="nama" size="20px" type="text" value =<?php echo $data['nama_produk']; ?>>

is supposed to be

<input name="nama" size="20px" type="text" value ="<?php echo $data['nama_produk']; ?>"/>

if i do this, it works....But is it a good way?

Bad way and here is why

function getArticles() {
		global $mysqli;
}

You are using global instance not the one in class. you should user class property instead and remove the global thing

if ($result = $this->mysqli->query($query) )

using prepared statements will easy your code as well as give extra protection against SQL injection
http://devzone.zend.com/article/686

I remember using # comment for Python have never tried that for PHP.
BTTT,
You have mixed HTML and PHP to a point f confusing me, cant help with that. If you need to print something like for use HEREDOC syntax. And goto? Can't beilieve it!

here is clean way of adding html in PHP

$form = <<<EOT
<form action={$_SERVER["PHP_SELF"]} method="post" enctype="multipart/form-data">
    <label for="file">Select File...</label>
    <input type="file" name="file" id="file" />
    <br />
    <input type="submit" name="submit" value="Submit" />
</form>

EOT;
echo $form;

As Usual I suggest wxWidgets and the wxBook is a good place to start

ch = string.split(words)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/string.py", line 292, in split
    return s.split(sep, maxsplit)
AttributeError: 'list' object has no attribute 'split'

still in trouble

Lists are not to be split that way. Check slicing Video or tutorial

Hi,

A little stuck here - i have a file containing info like this:
Name: Some Name Email: some@email.com
I'm using file_get_contents to read the file and then i want to get the name. I have it like

preg_match('/Name:(.*?) Email:/',$filecont,$name);

however it returns nothing.
Maybe anyone has an idea how to make this work?

Thanks.

Form PHP Manual:
preg_match() returns the number of times pattern matches. That will be either 0 times (no match) or 1 time because preg_match() will stop searching after the first match. preg_match_all() on the contrary will continue until it reaches the end of subject. preg_match() returns FALSE if an error occurred.

Ubuntu is debian family of Linux Distros. So you can install using dpkg with command
sudo dpkg -i my_package_name.deb
or just windowish, right click the file and open with either GDebi or software center (if you didnt disturb things just double click it!)

System32 is one of those folders. Why not just put exe and dll in same folder? I always hate to put non system DLLs into my system folder. Alternatively just create libraries folder somewhere and add it to system PATH!

What help exactly you want as per your code? What is not working and what is working?

I can only see my computer codes and cannot even see errors in your computers!

i have posted my code.

Use Code tags. I have reported your post so that Moderators will fix it!

You have power over edit code right? Do just the opposite, before populating the Textarea, just replace breaks with line breaks

I will be away from keyboard for 4 days (due to medical reasons) and hopefully will be back better than before.

May God grant you a good health. Get well soon!

Added that. This is still bugging me though as i dont know a lot about SQL and from php this image shows what i mean [IMG]http://i897.photobucket.com/albums/ac175/Melnikas/trials.png[/IMG]

Why do you put POST variable directly into query?
clean them or use PDO bind.
Here is a short example. Change it to suit your need. MySQL future is not blue so make sure you use MySQLi or PDO

<?php
$db = new PDO("mysql:host=localhost;dbname=test", "root", "pass");
$stmt=$db->prepare("INSERT INTO $table(id, Name, Address, Suburb) VALUES(:id, :name, :address)");
$stmt->BindParam(":id"," ");
$stmt->BindParam(":id", $_POST['Name']);
$stmt->BindParam(":id", $_POST['Address']); 
$stmt->BindParam(":id", $_POST['Suburb']); 
$stmt->execute();

?>

PDO or MySQLi is replacement for mysl_**
I propose using PDO if database portability is an issue otherwise use mysqli_** as it is good replacement (for legacy code) than PDO

Don't bring up old thread, start a new one!

thanks pritaeas, but i don't like urlencode :D maybe is some other option to escape % like an escape char \% ?

What about encoding whole url part after 1411 with base64encode

mark it solved :)

Hi,
I know you have not asked this but mysql_** is depricating and you are advised to move to mysqli or the PDO. I suggest PDO due to portability and easy. If you know OOP it is extremely easy. you can use this as skeleton to get started with PDO. Copy test and play around to fit your needs

<html>
<head>

</head>
<body>
<?php
    ini_set("display_errors", 1);//error mgt
    try{
        $db = new PDO("mysql:host=localhost;dbname=test", "root", "root");
    }catch(PDOException $e){        
        echo $e->getMessage();
    }
    
    $stmt=$db->prepare("INSERT INTO likesys(liked) VALUES(:like)");
    $stmt2=$db->prepare("SELECT SUM(liked) AS likes FROM likesys WHERE liked=:like");
    $display=false;
    if(isset($_POST["like"])){
        $stmt->execute(array(":like"=>"1")); 
        $display=true;
    }
    if(isset($_POST["dislike"])){
        $stmt->execute(array(":like"=>"-1")); 
        $display=true;
    }
    $stmt->closeCursor();
    
    //if($display){ 
        $stmt2->execute(array(":like"=>"1"));
        $res = $stmt2->fetch(PDO::FETCH_ASSOC);  
        echo "<p>Likes: ". $res['likes']."</p>";
        
        $stmt2->execute(array(":like"=>"-1"));
        $res = $stmt2->fetch(PDO::FETCH_ASSOC);  
        echo "<p>Dislikes: ". abs($res['likes'])."</p>";
   // }
    
    $db=null;
?>
    <form action=<?php echo $_SERVER["PHP_SELF"];?> method="POST" >
        <input name="like" type="submit" value="Like" />
        <input name="dislike" type="submit" value="Dislike" />
    </form>
</body>
</html>

Hi,

Thanks. I watched the videos related to phpBB posted by Alex. I found "Login Integration video" not "Registration Integration". For my case, I want to make my registration form to insert the data in both the website user's table and the forum user's table so that users can login to both the website and forum with the same username and password.

Thanks.

Why re-invert the wheel? Let the people register via PHPBB and just deal with login. Making two tables to serve the same thing is completely unnecessary IMHO

Opened up mysql in cmd and noticed that the Staff table wasn't being created and data was not being inserted.

I checked the pdo connection to the database and realised i had missed db_name= out before the database name 'library_db' which is what the cause was xD

Thanks for all of the help :)

Mark it solved then!

Just tried that code and it has returned that the PDO statement is false so the query isn't working, any ideas why?

Is it that the query is wrong or could the db connection not be working?

Thanks for the help.

From PHP Manual
PDO::errorInfo() returns an array of error information about the last operation performed by this database handle. The array consists of the following fields:

So do

foreach($dbh->errorInfo() as $key=>$info){
echo "error: ".$key." ".$info."<br />";
}

have you checked $stmt = $dbh->query($sql); does not return false?
try something like this

$stmt = $dbh->query($sql);
if(!$stmt){
die("PDO Statement is false!");
}else{
$result = $stmt->fetch(PDO::FETCH_ASSOC);
//work with your resultset here
}

PDO::query() returns a PDOStatement object, or FALSE on failure.

Hi,

I am using PHPBB for my forum. My intention is if someone registers to my website, he/she will be login to forum as well, automatically. That means no need to register twice to use the forum. Is there a way forward to achieve this?
Will greatly appreciate your suggestions.
Thanks

Alex have made a video for that

you can do is put the config file on root dir of your project (Not root of your web se) and put something like

define("DS", DIRECTORY_SEPARATOR);
define("BASE_PATH", dirname(realpath(__FILE__)).DS);
define("IMG_PATH", BASE_PATH."images".DS);

then include this file in the profile file and then with picture name in session thne

$pic  = IMG_PATH.$_SESSION['pic_location'];
echo $pic;

I use in MVC so it might need little polish to be used in your project but it should not be that hard!

What I would do is:
I will store the full path in config file and store filename in session then I will simply concatenate the two!