Hi, make Apache able to access /usr/share/phpMyAdmin by assigning the directory to the www-data group (or the one in use by the server):
chgrp www-data -R /usr/share/phpMyAdmin
Then reload the server and it should work fine. Or better, check the security links in the installation process:
@DJ
I suppose the OP question is related to his previous thread, check here:
bye! ;)
A problem I see here is related to the attributes id and name which are the same for all the items, an id must be unique over the page, regarding the name you can have multiples in case of radio buttons because of the nature of this type of input field: if it is not checked is not sent to the $_POST array:
$items = array('oranges', 'apples', 'coconut');
foreach($items as $item)
{
echo "<input type='radio' name='fruit' value='".$item."' />";
}
When sending it outputs only the checked:
Array
(
[fruit] => apples
[submit] => submit
)
When using a text input field, instead, since $_POST is an array, the index name will overwrite all the previous and return always the last:
foreach($items as $item)
{
echo "<input type='text' name='fruit' value='".$item."' />";
}
Output:
Array
(
[fruit] => coconut
[submit] => submit
)
Now, I suppose, you're using javascript to increment and decrement values, correct? By referring to the id, and being repeated over the page it's probably creating some unexpected behaviour. You could check the output of the form by applying this:
echo "<pre>" . print_r($_POST, true) . "</pre>";
So, you can see what is sent.
Hi,
you have to set the namespace that defines slash, so:
<?php
$feed = file_get_contents("http://www.trenologi.com/feed/");
$xml = new SimpleXmlElement($feed);
$xml->registerXPathNamespace('slash', 'http://purl.org/rss/1.0/modules/slash/');
$result = $xml->xpath('//slash:comments');
foreach($result as $pcount)
{
echo $pcount;
}
Documentation:
If it's a comma separated list you could use FIND_IN_SET():
SELECT * FROM VolunDB WHERE FIND_IN_SET('item1', items) AND FIND_IN_SET('item3', items);
So the above becomes:
$post['keys'][] = "FIND_IN_SET(?, $key)";
Or you could use LIKE:
SELECT * FROM VolunDB WHERE items LIKE '%item1%item3%';
To build this in PHP you have change the query builder to:
$values = '%'.implode('%', $post['values']).'%';
# then
$query = "SELECT * FROM VolunDB WHERE items LIKE ?";
$stmt = $db->prepare($query);
$stmt->execute($values);
But FIND_IN_SET() is optimized for comma separated lists.
Documentation:
If possible, avoid string lists and separate the values to different columns.
I made a mistake in my previous post, this:
if ($_Session['roleID'] == 1)
Should be:
if ($_SESSION['roleID'] == 1)
Uppercase! About this: Parse error: syntax error, unexpected 'if' (T_IF) in... read the full error code. It can happen because of a missing ;, for example:
<?php
echo 'hello'
if(1 == 1) echo ' world';
Will return: Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in .... So check if the code in the config file is correct.
If you want to check the session status just try this in a test page:
<?php
session_start();
echo "<pre>";
print_r($_SESSION);
echo "</pre>";
It will return all the values saved in the current session.
The variable session must be always uppercase, so $_Session is not correct, change it to $_SESSION:
$_SESSION['roleID']
The session_start(); is included in the config file?
Also, in the IF statement you have to compare, not assign a value, so this:
if ($_Session['roleID']=1)
Becomes:
if ($_Session['roleID'] == 1)
When you're testing booleans, instead, use === as explained here:
Apply the same to the ELSEIF statement.
Hi, you could use the explode() function:
$data = array();
foreach($input as $key => $value)
{
$id = explode('-', $key);
if(array_key_exists(1, $id)) $data[$id[1]][$key] = $value;
}
print_r($data);
The array_key_exists() is used to avoid errors when processing other keys as $_POST['submit'], which doesn't have a dash character and that, otherwise, would create a notice: Notice: Undefined offset: 1 ...
You have two form opening tags, remove:
<form id="registration-form">
And it should work. Bye!
You could use array_chunk(), for example in file.csv you have:
column1,column2,column3,column4,column5
column1,column2,column3,column4,column5
column1,column2,column3,column4,column5
And your script executes a loop:
$file = file('./file.csv');
$result = array();
foreach($file as $csv)
{
$s = array_chunk(str_getcsv($csv), 3);
$result[] = $s[0];
}
The $result array will return only the first three columns of each line.
In addition: you have two <body> tags.
And if you add event.preventDefault() to your links, the page will not move to the top each time you click:
$('a.control_prev').click(function () {
event.preventDefault();
moveLeft();
});
$('a.control_next').click(function () {
event.preventDefault();
moveRight();
});
The problem starts with the quotes, you're writing:
$q = "'SELECT * FROM mytable'";
If you read carefully you will see double and single quotes surrounding the entire query, use only one type, not both, otherwise the all is interpreted as a single string.
Also how would I go about securing this code from injection? I tried using a filtered input but I can't get it to work the way the foreach is set up.
Use prepared statements as shown by DJBirdi in the other thread of yours, you can generate dynamic queries, but you must separate the values from it and use placeholders.
Basing on your above code you could do this:
$postkeys = array_keys($_POST);
$postvalues = array_values($_POST);
And then generate the list of conditions, but this is highly unsafe, because an attacker can submit an arbitrary POST request and enter any input desires, changing the query conditions.
A more safer approach is this:
$post = array();
array_map(function($key, $value) use(&$post)
{
switch($key)
{
case 'fname':
case 'lname':
$post['keys'][] = $key . ' = ?';
$post['values'][] = $value;
break;
}
return $post;
}, array_keys($_POST), $_POST);
Just list in the switch statement the fields you want to include in your query, e.g. case 'email':, so even if an extra column is submitted, it will not be included in your query. In practice, with the above we are creating a white list. I'm using array_map() to loop the $_POST array but you can use any loop you …
You must use $query inside the function as explained in the documentation:
Also set the debug to TRUE in your app/config/app.php file, to see the errors. And check in app/storage/logs/ for the generated error logs.
Try this:
$name = Entitydetail::where(function($query) use($fname, $lname, $userID)
{
$query->where('First_Name','LIKE','%'.$fname.'%')
->where('Last_Name','LIKE','%'.$lname.'%');
})
->where('Entity_Id','!=', $userID)
->get(array('Entity_Id'))
->toArray();
dd("<pre>".print_r(DB::getQueryLog(),true)."</pre>");
By using DB::getQueryLog() you can see the query created by Laravel. The above will return:
Array
(
[0] => Array
(
[query] => select `Entity_Id` from `entitydetails` where (`First_Name` LIKE ? and `Last_Name` LIKE ?) and `Entity_Id` != ?
[bindings] => Array
(
[0] => %John%
[1] => %Doe%
[2] => 1
)
[time] => 0.22
)
)
If it doesn't work post your updated code.
Hi, it seems the problem is given the <a> tag on line 7:
<li>
<a href="http://this-node.net/">
<img src="http://this-node.net/This-NodeLogo.ico">
</li>
It is not closed, fix it and it should work. Here's the test on jsfiddle: http://jsfiddle.net/v5vas/1/
Bye!
On september 8 the dots are in the first row, only apparently are in the last, because you're using <br /> on the first child to add new lines, and the second td is floating right.
On september 4 the issue is similar. Try to change the table like this:
<!-- september 3 -->
<table class="table">
<thead>
<tr>
<th>
Wednesday, September 3
</th>
<th>
Pre-K/K Orientation
</th>
</tr>
<tbody>
<tr>
<td></td>
<td></td>
</tr>
</table>
<!-- september 4 -->
<table class="table">
<thead>
<tr>
<th>
September 4,
</th>
<th>
First Day of School
</th>
</tr>
<tbody>
<tr>
<td>
<ul>
<li>8:30 am: Pre-K/K</li>
<li>8:15 am: 1st–8th grade</li>
<li>Noon closing for all grades</li>
</ul>
</td>
<td></td>
</tr>
</table>
<!-- september 8 -->
<table class="table">
<thead>
<tr>
<th>
Monday, September 8,
</th>
<th>
Classes begin, FULL DAY
</th>
</tr>
<tbody>
<tr>
<td>
<ul>
<li>8:30 am: Pre-K/K</li>
<li>8:15 am: 1st–8th grade</li>
<li>2:45 pm closing for all grades</li>
</ul>
</td>
<td></td>
</tr>
</table>
And the CSS to:
<style type="text/css">
.table
{
margin:1em;
}
.table thead tr th
{
width:100%;
max-width:18.75em;
overflow:hidden;
white-space:nowrap;
vertical-align:top;
line-height:110%;
padding:0;
}
.table thead tr th:first-child:after
{
content:" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . …A little update to use transactions and InnoDB tables. We could create a table without an auto_increment column and the use transactions to get the max invoice number, for example:
create table invoices(
years char(9) not null,
invoice_number int unsigned not null,
primary key(years, invoice_number)
) engine = innodb;
start transaction;
set @maxid = null;
set @currentyear = currentyear(now());
select @maxid := coalesce(max(invoice_number), 99) + 1 as max from invoices where years = @currentyear;
insert into invoices(years, invoice_number) values(@currentyear, @maxid);
commit;
With coalesce we define the starting number, in case the WHERE condition years = @currentyear is false, then coalesce will return NULL and by default is applied the second argument, which in this case is 100. In case you don't want to start from 100, then replace:
coalesce(max(invoice_number), 99)
With:
coalesce(max(invoice_number), 0)
The result will look like:
select * from invoices;
+-----------+----------------+
| years | invoice_number |
+-----------+----------------+
| 2013-2014 | 100 |
| 2013-2014 | 101 |
| 2013-2014 | 102 |
| 2014-2015 | 100 |
| 2014-2015 | 101 |
| 2014-2015 | 102 |
+-----------+----------------+
6 rows in set (0.00 sec)
Here's the sqlfiddle: http://sqlfiddle.com/#!9/096f2/1
And this is a PHP example:
<?php
# $db
require '../connections/pdo.php';
if(array_key_exists('insert', $_GET))
{
# when receiving the datetime from $_GET,
# the format needs to be validated
$date = array_key_exists('date', $_GET) ? $_GET['date'] : date('Y-m-d H:i:s');
$db->beginTransaction();
$db->query("SET @maxid = null");
$stmt = $db->prepare("SET @currentyear = currentyear(?)"); …Hi, I'm not sure this will work, because in this case the auto_increment column needs to be in the first position of the primary key, example with the auto increment is second position, as above:
create table io(
id int unsigned not null auto_increment,
cat tinyint unsigned not null,
msg text,
primary key(cat, id)
) engine = myisam auto_increment = 100;
Now, it sets the auto_increment:
show create table io;
CREATE TABLE `io` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`cat` tinyint(3) unsigned NOT NULL,
`msg` text,
PRIMARY KEY (`cat`,`id`)
) ENGINE=MyISAM AUTO_INCREMENT=100;
But if we try to add something:
insert into io(cat, msg) values(1, 'hello'), (1, 'world');
insert into io(cat, msg) values(2, 'oranges'), (2, 'apples');
Will return:
+----+-----+---------+
| id | cat | msg |
+----+-----+---------+
| 1 | 1 | hello |
| 2 | 1 | world |
| 1 | 2 | oranges |
| 2 | 2 | apples |
+----+-----+---------+
4 rows in set (0.00 sec)
As you see it doesn't consider the auto_increment setting. Now, if we alter the table to reorder the index, it will start from 100 but it won't group anymore, this is the test:
alter table io modify id int unsigned not null, drop primary key;
alter table io modify id int unsigned not null auto_increment, add primary key(id, cat);
Here show create table io returns:
CREATE TABLE `io` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`cat` tinyint(3) …In practice you're checking for widows: if at the end you have only five (or less) rows then you add them to the previous page, if you have more, then you create a new one. Correct?
If yes, then this example should work:
<?php
require_once './pdf.class.php';
# basic settings
$pdf = new PDF();
$pdf->Addpage();
$pdf->SetAutoPageBreak('auto',false);
# generating some random data
# REPLACE these two lines with your $data2 and $header2
for($z = 0; $z < 45; $z++) { $data2[] = array_merge(array($z), range(10, 15)); }
$header2 = array_merge(array('#'), range('A','E'));
# split $data2 in arrays of 20 rows each
$chunked = array_chunk($data2, 20);
$count = count($chunked);
$i = 1;
# get the last array
$lastrows = end($chunked);
$lastcount = count($lastrows);
if($count > 0)
{
$state = false;
foreach($chunked as $rows)
{
# avoid to add the last array two times:
# once merged and once alone in a new page
if($state === true) break;
# check last array before looping it
if($count == $i + 1 && $lastcount <= 5)
{
$rows = array_merge($rows, $lastrows);
$state = true;
}
# do not append a new page at the end of this loop
if($count == $i) $state = true;
# generate table
$x = $pdf->GetX();
$y = $pdf->GetY();
$pdf->SetXY($x,$y+10);
$pdf->SetFont('Arial','B',7);
$pdf->cell(10,10,"Research Scholars(C - Current, P - Graduated)",0,0);
$pdf->SetXY($x,$y+20);
$pdf->BuildTable2($header2,$rows);
# add pages
if($state === false) $pdf->AddPage();
$i++;
}
}
$pdf->Output();
Regarding the code inside:
require_once './pdf.class.php';
Check this link: http://pastebin.com/nKRx4Ryt in practice is part of your code, …
I need to generate six tables one by one but i am not able to generate with proper alignment its running out of page
Hi, can you provide some sample data, for example how the array in $data2 is structured, and a screenshot or a generated PDF could be useful for us to understand the issue. Also, with the PDF class are you extending the FPDF library, correct? Can you show the full code?
I did a test and I can display a table of 19 rows, by using something like this:
$data = range('a','f');
for($z = 0; $z < 19; $z++)
{
$data2[] = $data;
}
$header2 = range('A','F');
After that your script requires the BuildTable3() method, which is missing from the above.
Hi, this happens in Javascript and PHP when using float numbers, to avoid this problem you can use the BC Math library:
echo bcdiv(bcmul(47.60, 554.82), 100, 2);
Which returns 264.09, the third argument of bcdiv() is rounding to the second decimal. If you want 264 then remove the third argument:
echo bcdiv(bcmul(47.60, 554.82), 100);
For more information check this thread:
About BC Math: http://php.net/manual/en/intro.bc.php
In alternative consider also the GMP library: http://php.net/manual/en/intro.gmp.php
To the downvoter, please explain me why.
Reading this:
As you can see the condition !$results, to me it is saying if the record does not exist then kill the query else confirm the deletion. Is there an obvious reason why the inner if statment dosent get fired?
I understand that this:
if(!$results)
{
die ("Cannot delete data from the database! " + mysql_error());
echo '<br><br>';
echo '<a href="home.html">Return</a>';
}
Doesn't return anything and the reason is the + sign, example:
$a = 'hello';
$b = 'world';
echo $a + $b;
Returns blank, with var_dump() returns int(0), if you write:
die($a + $b);
It will still return blank, unless $a and $b are integers or numbers enclosed by quotes:
$a = '1'; # $a = 1;
$b = '2'; # $b = 2;
If I'm missing something, please explain. Bye :)
To convert try the previously suggested library, but I did few tests and I think it needs some fixes to get it to work. If you can access a terminal, then you could use an alternative approach: install a converter tool, get the output as text and then sanitize and save it.
For example, in linux you can use unrtf or unoconv, the former works fine but it applies a banner at the top of the file, there is a patch to remove it (the --quiet option) and few workarounds at terminal level:
the latter instead requires some components of libreoffice, and can work as server, which can be located in the same box of your web server or in a remote location.
So, my question is: will you use a linux server and if yes, can you install programs from a shell? If yes then you could use these suggested tools, otherwise wait for other suggestions.
And are you trying to convert the contents of these files to display them into HTML pages? If you explain us the reason, maybe we can suggest a better solution.
Once you have converted the files to plain text, you can sanitize it by applying the filter_var() function:
Bye!
After the first IF statement. Try this, is a rewrite of your above code:
<?php
$allowedExts = array("txt", "doc", "rtf");
$extension = pathinfo($_FILES['datafile']['name'], PATHINFO_EXTENSION);
$File = '';
$data = '';
if (isset($_FILES['datafile']['tmp_name']) && in_array($extension, $allowedExts))
{
$finfo = new finfo();
$mime = $finfo->file($_FILES['datafile']['tmp_name'], FILEINFO_MIME_TYPE);
$lines = array();
switch($mime)
{
case 'application/rtf':
case 'text/rtf':
case 'application/msword':
case 'text/plain':
$lines = file($_FILES['datafile']['tmp_name'], FILE_IGNORE_NEW_LINES);
# here you could filter / sanitize / convert the input
break;
default:
$File = "<b>Invalid File</b>";
}
$data = json_encode($lines);
}
else
{
if (empty($_FILES['datafile']['tmp_name']))
{
$File = "<b>Selected File:</b> No file selected";
}
else
{
$File = "<b>Invalid File</b>";
}
}
echo $data;
echo $File;
I modified the switch cases to execute the same action, but if you want to apply different code for each file type just use the break statement as in my previous example, or simply use IF / ELSEIF statements.
Hi, dont' use + to concatenate strings like in javascript, use dots:
die ("Cannot delete data from the database! " . mysql_error());
Those are control words, used as the HTML tags to give formatting to the document. If you want to convert the above to plain-text then try this library:
Regarding application/octet-stream this is a generic mime used for binary data, you can get an .exe as a .doc with that mime, it depends on how the client browser will detect the uploaded file, it is not set by the server.
So, to perform an extended check don't rely only on the result of the $_FILES array, but use the Finfo library, which is embedded on PHP since version 5.3, here's an example:
$finfo = new finfo();
$mime = $finfo->file($_FILES['datafile']['tmp_name'], FILEINFO_MIME_TYPE);
switch($mime)
{
case 'text/rtf':
case 'application/rtf':
# code for .rtf files
break;
case 'application/msword':
# code for .doc files
break;
case 'text/plain':
# code for .txt, .csv files
break;
default:
echo 'Not allowed file';
}
Keep in mind that text/plain can also be a javascript or PHP file, so as suggested above, never trust client input. If you still have doubts, post your updated code.
@AndrisP
By the way, do not use $_SERVER['HTTP_HOST'] because it can be set by the client header request, it's not a value set by the server, so it can be dangerous. Bye!
Hi, if you're referring to the execution time of a PHP script, then change the value of max_execution_time:
The value can be modified at PHP level through the function ini_set(), or by editing your php.ini file. Default is 30 seconds.
If the problems starts while submitting the input, then change the value of max_input_time:
to -1.
Ok, first of all a resource controller is not meant to define a specific method, but a set of actions that will work using RESTful verbs, this means than in your routes.php file you should to change this:
Route::resource('/','OpenidController@showlogin');
to:
Route::resource('/openid','OpenidController');
But I suggest you to use resource controllers for an API application, because a resource controller expects the use of specific methods and HTTP verbs, as defined here:
So, in your routes.php file change the above with:
Route::get('/openid', 'OpenidController@showLogin');
Route::post('/openid', 'OpenidController@postLogin');
And inside your controller:
class OpenidController extends BaseController {
public function showLogin()
{
return View::make('login');
}
public function postLogin()
{
$opID = new LightOpenID('localhost'); # CHANGE ME
if(! $opID->mode)
{
$opID->identity = 'https://www.google.com/accounts/o8/id';
return Redirect::to($opID->authURL());
}
elseif($opID->mode == 'cancel')
{
return "User has canceled the authentication";
}
else
{
# validation here
if($opID->validate())
{
return print_r($opID->identity, true);
}
else
{
return 'Not logged';
}
}
}
Inside the login view create a form that will use the POST method:
<!DOCTYPE html>
<html>
<head>
<title>Open ID</title>
</head>
<body>
<form method="post" action="/openid">
<input type="submit" name="login" value="Google log in" />
</form>
</body>
</html>
Note that the form action is pointing always to /openid.
When you perform a GET request over /openid you will get the form, when instead you perform a POST request you will process postLogin method.
Important Note: the OpenID login method is deprecated by Google and will be removed in few years, more information here:
You can try the imgur API which, for non-commercial websites, is free up to 1.250 uploads per day or 12.500 requests per day:
Hi, check the name index:
$_FILES['datafile']['name']
Below you can read the full array structure returned by $_FILES:
Hi, you can include it via composer, in your shell write:
composer require lightopenid/lightopenid:dev-master
Or edit composer.json and to require add:
"lightopenid/lightopenid": "dev-master"
And perform composer update from the terminal. I didn't tested, but it should work like this:
Route::get('/openid', function()
{
$opID = new LightOpenID('yourdomain.tld');
if( ! $opID->mode)
{
$opID->identity = 'https://www.google.com/accounts/o8/id';
return Redirect::to($opID->authURL());
}
elseif($opID->mode == 'cancel')
{
return "User has canceled the authentication";
}
else
{
# validation here
if($opID->validate())
{
return print_r($opID->identity, true);
}
else
{
return 'Not logged';
}
}
});
The above is based on the example-google.php file that you can find into the archive here:
Check also packagist, which is the repository for composer:
If you simply paste the url into the html output, then it will be the client (i.e. the browser of the user) to execute the request to the remote server, your server in this case won't be involved.
But there are at least two problems with your approach:
a user, can change the content of the original linked image to embed client side scripts, so as an attacker, he could collect the cookies of the other users of your website or replace some contents;
remote servers will slow down because you're hotlinking their contents, you should ask permission to do so, otherwise use a CDN.
By the way, use another website for the check: Google doesn't allow to be embedded into external frames and if you load the javascript console, you'll see the reason:
Refused to display 'https://www.google.com/?gws_rd=ssl' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'
It depends on the X-Frame-Options header. Whenever a website uses this with value SAMEORIGIN then an external frame will not work. More information here:
Bye!
Hello,
first, are you sure your script can access the link? Because from the browser, it displays fine, but from script it returns error 503, that's due to a restriction. I had to set a user agent through a stream context to the file_get_contents():
// Create a stream
$opts = array(
'http' => array(
'method' => "GET",
'header' => "Accept-language: en\r\n" .
"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0\r\n"
)
);
$context = stream_context_create($opts);
$feed = file_get_contents("http://tipsorangsukses.blogspot.com/atom.xml", false, $context);
Now, the loop:
$xml = new SimpleXmlElement($feed);
foreach($xml->entry as $entry)
{
print_r($entry);
break;
}
If you use print_r($entry), and break;, you can see how the first entry is returned:
SimpleXMLElement Object
(
[id] => tag:blogger.com,1999:blog-7538664413577532945.post-6420470017556836335
[published] => 2013-05-29T07:59:00.001+08:00
[updated] => 2013-05-29T07:59:19.588+08:00
[category] => SimpleXMLElement Object
(
[@attributes] => Array
(
[scheme] => http://www.blogger.com/atom/ns#
[term] => Bisnis
)
)
[title] => Tips Membeli Emas Batangan
[summary] =>
Emas batangan merupakan salah satu investasi cerdas dan prestisius mengingat kadar kemurniannya yang mencapai 24 karat dan sejak dahulu telah menjadi investasi bagi kalangan masyarakat menengah ke atas. Meskipun begitu, di masa ini telah banyak peluang untuk memiliki emas batangan sebagai investasi bagi masyarakat kalangan menengah ke bawah dari berat minimum 5 gram emas hingga kelipatannya
[link] => Array
(
[0] => SimpleXMLElement Object
(
[@attributes] => Array
(
[rel] => edit
[type] => application/atom+xml
[href] => http://www.blogger.com/feeds/7538664413577532945/posts/default/6420470017556836335
)
)
[1] => SimpleXMLElement Object
(
[@attributes] => Array
(
[rel] => self
[type] => application/atom+xml
[href] …If you're sure the first line is always an header then you can skip it:
$i = 0;
while()
{
# skip condition
if($i == 0) continue;
# other code ...
$i++;
}
otherwise you can check if it matches with a previously hardcoded value, for example, here the first line is an header:
column_1, column_2, column_3, column_4, column_5
aaa1, bbb1, ccc1, ddd1, eee1
aaa2, bbb2, ccc2, ddd2, eee2
aaa3, bbb3, ccc3, ddd3, eee3
And the script:
# value to match
$check = 'column_1';
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$data = array_map('trim', $data);
$data = array_map(function($row)
{
return filter_var($row, FILTER_SANITIZE_STRING, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}, $data);
# if you match the value, then skip this loop
if(in_array($check, $data)) continue;
$import->bindParam(1, $data[0], PDO::PARAM_STR);
$import->bindParam(2, $data[1], PDO::PARAM_STR);
$import->bindParam(3, $data[2], PDO::PARAM_STR);
$import->bindParam(4, $data[3], PDO::PARAM_STR);
$import->bindParam(5, $data[4], PDO::PARAM_STR);
$import->execute();
}
This will prevent the insert of repeated headers, in case of merged files.
Change post_max_size, default is 8MB and by conseguence modify also memory_limit, it must be higher than post_max_size:
The remote server needs to be reloaded otherwise it will not read the new settings in the php.ini file. Otherwise you can use ini_set():
<?php
ini_set('upload_max_filesize', '20M');
ini_set('memory_limit', '128MB');
ini_set('max_execution_time', 180); # 3 minutes
By the way, do you get errors when you try with a big file? Have you checked the error log of the server?
Sounds like you've reached the size limit. Check the contents of $_FILES array by placing this at the top of your upload script:
die(print_r($_FILES));
Then check the value of the index key error, if you get 0 there's no errors, so you will may want to paste your code here. If instead the value is different, for example 2 then it's a size problem and in this case you have to change some settings in your php.ini file, like upload_max_filesize, which by default is 2MB. For more information read these links:
It generally happens when you output something before the header() function, for example:
<?php
echo 'hey!';
header('Location: /');
You should write your script to avoid these situations or, if you can modify your php.ini, then you can change the output_buffering directive to 4096 or to On, for more information check this:
No PDO::PARAM_STR for example:
$import->bindParam(2, $data[0], PDO::PARAM_STR);
is a constant that will check only if the input is a string, instead of an integer, null or a boolean, but it doesn't remove HTML or Javascript.
Prepared statements are used to prevent SQL injections, but it does nothing to remove scripts, in your loop you can add filter_var() to sanitize the array, for example:
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
# removing empty spaces
$data = array_map('trim', $data);
# remove tags and encode special characters
$data = array_map(function($row){
return filter_var($row, FILTER_SANITIZE_STRING, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}, $data);
$import->bindParam(1, $session, PDO::PARAM_INT);
$import->bindParam(2, $data[0], PDO::PARAM_STR);
$import->bindParam(3, $data[1], PDO::PARAM_STR);
$import->bindParam(4, $data[2], PDO::PARAM_STR);
$import->bindParam(5, $data[3], PDO::PARAM_STR);
$import->bindParam(6, $data[4], PDO::PARAM_STR);
$import->bindParam(7, $data[5], PDO::PARAM_STR);
$import->bindParam(8, $data[6], PDO::PARAM_STR);
$import->bindParam(9, $data[7], PDO::PARAM_STR);
$import->bindParam(10, $data[8], PDO::PARAM_STR);
$import->execute();
}
Docs:
Yes, that's the correct and safe method to avoid SQL injections, but you always need to sanitize data because some javascript could be submitted:
...
aaa4,bbb4,,ddd4,eee4
aaa5,<script>alert('hello');</script>,ccc5,ddd5,eee5
aaa6,bbb6,ccc6,ddd6,eee6
...
and when you load it into a page it will execute.
Hi, try to add errorInfo(), for example:
if (!$import) {
echo "<p>Prepared statement error:</p>";
echo "<pre>" .print_r($dbh->errorInfo(), true) . "</pre>";
}
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$import->execute($data);
echo "<p>Execute error:</p>";
echo "<pre>" .print_r($import->errorInfo(), true) . "</pre>";
break;
}
The break will stop the loop after the first execution. If there are no errors, then remove break and check the full file. It could be an extra column or a non null column receiving null or an empty value, for example:
aaa, bbb, , ddd, eee
For completeness, you can also use the montageImage() method:
<?php
$list = array(
'./i/001.jpg',
'./i/002.jpg',
'./i/003.jpg',
'./i/004.jpg'
);
$im = new Imagick($list);
$draw = new ImagickDraw();
$result = $im->montageImage($draw, "4x1+0+0", '300x200+0+0', imagick::MONTAGEMODE_CONCATENATE, '15x15+0+0');
$result->setImageFormat("png");
header('Content-Type: image/png');
echo $result;
This method will create thumbnails as defined in the third argument: 300x200+0+0. The difference is that the appendImage() method, of the previous example, will output original sizes.
The second argument, instead, allows you to specify the columns and rows, so if you want them all in horizontal line set: 4x1+0+0.
Documentation:
First problem:
<p>Budget<br />
<input id="subject" name="subject" class="text" /> </p>
<p>Nature of Business<br />
<input id="subject" name="subject" class="text" /> </p>
Here you have two input fields with same id and the same name, you can use the same name, as long you use an array name=subject[] but it's better to set different names. Regarding the id, instead, it should be unique over the page.
To get the values from the select tag, just use $_POST['type'], but it's better to set the attribute value to the option tag:
<select name="type">
<option value="1">PSD or HTML</option>
<option value="2">PSD to WP</option>
<option value="3">PSD to PHP</option>
</select>
To access the uploaded file you need to access the $_FILES array. For more information check:
Anyway, sending attachments with mail() is painful for you and resource intensive for the server, you should consider using a library like Swift Mailer:
Or, better, save the uploaded file to the server and send only the link to it.
Try with appendImages(), like in this example:
<?php
$list = array(
'./i/001.jpg',
'./i/002.jpg',
'./i/003.jpg',
'./i/004.jpg'
);
# first image to start Imagick()
$im = new Imagick($list[0]);
$ilist = array();
# loop the others
for($i = 1; $i < count($list); $i++)
{
$ilist[$i] = new Imagick($list[$i]);
$im->addImage($ilist[$i]);
}
$im->resetIterator();
$combined = $im->appendImages(false);
$combined->setImageFormat("png");
header('Content-Type: image/png');
echo $combined;
To create the list you can use glob() instead of an hardcoded array:
$list = glob('./i/*.jpg');
Docs: http://php.net/manual/en/imagick.appendimages.php
Bye!
Ok, I'm not sure this is the best approach but it can be done creating two variables in MySQL (@have and @wish) that will stack the player names into separated lists, this is done through group_concat() in two subqueries.
Then, by using the FIND_IN_SET() function in MySQL, we build the list with the two columns HAVE and WISH.
The example queries:
> SET @name = '%Breastplate%', @have = NULL, @wish = NULL;
Query OK, 0 rows affected (0.00 sec)
> SELECT CASE WHEN FIND_IN_SET(CharName, @have) > 0 THEN CharName END AS HAVE, CASE WHEN FIND_IN_SET(CharName, @wish) > 0 THEN CharName END AS WISH FROM gearowned, (SELECT @have := group_concat(CharName) FROM gearowned WHERE Mainuppertype LIKE @name OR Mainlowertype LIKE @name OR Mainheadtype LIKE @name OR Mainhandtype LIKE @name OR Mainfoottype LIKE @name OR Mainshldtype LIKE @name) as subhave, (SELECT @wish := group_concat(CharName) FROM gearowned WHERE Wishuppertype LIKE @name OR Wishlowertype LIKE @name OR Wishheadtype LIKE @name OR Wishhandtype LIKE @name OR Wishfoottype LIKE @name OR Wishshldtype LIKE @name) as subwish HAVING (HAVE is not null OR WISH is not null);
+-------+-------+
| HAVE | WISH |
+-------+-------+
| Loot | NULL |
| user1 | NULL |
| NULL | Wikit |
+-------+-------+
3 rows in set (0.00 sec)
Here's an example with PDO:
<?php
# $db
require './connections/pdo.php';
$name = "%Breastplate%"; # "%{$_POST['name']}%"
$stmt1 = $db->prepare("SET @name = ?, @have = NULL, @wish = NULL");
$stmt1->execute(array($name));
$stmt2 = $db->query("SELECT CASE WHEN FIND_IN_SET(CharName, @have) > 0 THEN CharName END AS …So, no matter what you choose from the first form (created from the armor table), you search all the columns of the gearowned table? And then you want to match them together to build a list of character names, correct?
You could use the IN() clause, basically something like this:
SELECT CASE WHEN 'term_to_find' IN(Mainupper, Mainlower, Mainhead) THEN CharName END as HAVE, CASE WHEN 'term_to_find' IN(Wishupper, Wishlower, Wishhead) THEN CharName END as WISH FROM gearowned;
Live example: http://sqlfiddle.com/#!2/02dcd/1
What I'm not sure is why you're using LIKE, are you going to search similar text also? If yes, can you create a fiddle as my example with some inserts? That would help us to understand better your intentions.
By the way, to set null to a column just send it in the insert or update query:
<?php
# $db
require './connections/mysqli.php';
$msg = NULL;
$stmt = mysqli_prepare($db, "INSERT INTO can_be_null SET msg = ?");
mysqli_stmt_bind_param($stmt, 's', $msg);
mysqli_stmt_execute($stmt);
In the database you will see:
> select * from can_be_null;
+----+-------+
| id | msg |
+----+-------+
| 1 | NULL |
| 2 | hello |
+----+-------+
2 rows in set (0.00 sec)
With local sources, to match only the beginnings of the terms, use this method:
$(function() {
var availableTags = <?php echo json_encode($result); ?>
$( "#tags" ).autocomplete({
source: function( request, response ) {
var matcher = new RegExp( "^" + $.ui.autocomplete.escapeRegex( request.term ), "i" );
response( $.grep( availableTags, function( item ){
return matcher.test( item );
}) );
}
});
});
You can find it at the end of this page:
Also, to build the list for the autocomplete function, create an array of results from the query, and use json_encode() to convert it to a json array. Full example:
<?php
require './connections/pdo.php';
$stmt = $db->query("select * from countries");
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
$result = array();
# generate array
foreach($row as $key => $value)
{
$result[] = $value['name'];
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Autocomplete</title>
<link rel="stylesheet" href="//code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.0/jquery-ui.js"></script>
<script>
$(function() {
var availableTags = <?php echo json_encode($result); ?>
$( "#tags" ).autocomplete({
source: function( request, response ) {
var matcher = new RegExp( "^" + $.ui.autocomplete.escapeRegex( request.term ), "i" );
response( $.grep( availableTags, function( item ){
return matcher.test( item );
}) );
}
});
});
</script>
</head>
<body>
<div class="ui-widget">
<label for="tags">Tags: </label>
<input id="tags">
</div>
</body>
</html>
The loop will create something like this:
Array
(
[0] => AAA
[1] => BBB
[2] => CCC
[3] => DDD
[4] => EEE
)
Which will be converted by json_encode to:
["AAA","BBB","CCC","DDD","EEE"]
The same method can …
Try with the flow control function CASE:
I don't know your table structure, so here's an example:
Bye!