Hi Jailani,

in your code you are using:

$value = $_GET['change'];

which will not work if the form set the method to POST:

<form method="post">

if you perform a POST request then you have to use $_POST in the PHP side to access the values of the input fields. You could use $_GET, but only if appending values to the action link of the form tag, for example:

<form method="post" action="script.php?id=123">

Also, you are trying to access the id, like this:

$id = $_REQUEST['id'];

I suppose you want to get it from this line:

echo"<td><font color='black'>" .$test['id']."</font></td>";

It will not work, unless you do not add an input field like this:

<input type="hidden" name="id" value="<?php echo $test['id']; ?>">

This is more correct, but you are also looping the array from the query, so you are going to create a group of rows, in the HTML, each with:

echo"<td><input type='text' name='change'/></td>";

In this case, since you are not submitting $_POST['change'] as an array and since this is a text type, you will apply only the last one in the list:

<tr>
    <td><input type='text' name='change'/>
<tr>
    <td><input type='text' name='change'/>
<tr>
    <td><input type='text' name='change'/> <-- only this will be applied

So the input name should look like more name='change[]':

<tr>
    <td><input type='text' name='change[]'>
<tr>
    <td><input type='text' name='change[]'>

Even by applying this your update query will still not work, because you have to loop the $_POST['change'] and the other fields values.

This post may help you:

it applies to <select> tags, but ...

Read More

Check arp-scan -ln it outputs something like this:

> arp-scan -ln
Interface: wls1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.0.1     00:c0:9f:09:b8:db       QUANTA COMPUTER, INC.
192.168.0.5     00:02:a5:90:c3:e6       Compaq Computer Corporation
192.168.0.87    00:0b:db:b2:fa:60       Dell ESG PCBA Test
192.168.0.90    00:02:b3:06:d7:9b       Intel Corporation
192.168.0.153   00:10:db:26:4d:52       Juniper Networks, Inc.
192.168.0.191   00:01:e6:57:8b:68       Hewlett-Packard Company
192.168.0.196   00:30:c1:5e:58:7d       HEWLETT-PACKARD

7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.628 seconds (157.25 hosts/sec). 7 responded

And you could simply parse the output. But I'm not sure if there is a version for Windows platforms. Some info here:

Read More

In this very specific case, because $ID is expected to be an integer, you could use exec() which returns the number of affected rows by the statement or something that evaluates to boolean FALSE (if something goes wrong) but you have to properly sanitize the variable.

$ID = filter_input(INPUT_GET, 'ID', FILTER_VALIDATE_INT);

if(FALSE !== $ID)
{
    $update = $db->exec("UPDATE table SET count = count + 1 WHERE id=".$ID);

    if(FALSE === $update)
    {
         // log the error, kill the script, etc.
    }

    else
    {
        // successful update
    }
}

else
{
    // $ID is not valid
}

In case of strings, instead, the filter function is not enough, because sending something like 0 OR 1=1 would be valid and expose your query to an SQL injection attack.

I prefer to have few extra lines of code and go with prepared statements.

Besides, in PDO you can send the values as an array, in the execute() method:

$stmt->execute([':ID' => $ID]);

Read More

I was supposing the $_POST['Net'] arrays to hold float values, not file names. Anyway you could write:

$files    = [];
$products = [];

while($rowProduct = mysql_fetch_array($productSQL))
{
    $products[] = $rowProduct['POProductNet'];
}

if(TRUE === isset($_POST['Net']) && TRUE === is_array($_POST['Net']))
{
    $files = array_map('basename', $_POST['Net']);
    $diff  = array_diff_assoc($products, $files);

    if(count($diff) > 0)
    {
        // write data to db
    }
}

Here I'm just using the array functions, instead of the loops, it's just a choice. You can go with loops.

But if $_POST['Net'] is supposed to always be an array, then I would check it in the sanitizing step, not after the query to the database. So it would look like more:

$net = filter_input(INPUT_POST, 'Net', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);

if(FALSE !== $net)
{
    $files    = array_map('basename', $net);
    $products = [];

    // select query the database
    // populate the $products array
    // compare with $files
}

Read More

You could use the RecursiveDirectoryIterator() something like in this comment:

More precisely like this:

<?php

$path = dirname(__DIR__);

$dir_iterator = new RecursiveDirectoryIterator($path
                     , FilesystemIterator::SKIP_DOTS);

$iterator     = new RecursiveIteratorIterator($dir_iterator
                    , RecursiveIteratorIterator::LEAVES_ONLY
                    , RecursiveIteratorIterator::CATCH_GET_CHILD);

foreach($iterator as $file)
    if(TRUE === $file->isReadable())
        echo $file . PHP_EOL;

Read More

Hi,

look, this hex dump suggests it could be C++:

0007e0a0  72 20 61 72 67 75 6d 65  6e 74 73 0d 0a 00 00 00  |r arguments.....|
0007e0b0  52 36 30 30 32 0d 0a 2d  20 66 6c 6f 61 74 69 6e  |R6002..- floatin|
0007e0c0  67 20 70 6f 69 6e 74 20  6e 6f 74 20 6c 6f 61 64  |g point not load|
0007e0d0  65 64 0d 0a 00 00 00 00  4d 69 63 72 6f 73 6f 66  |ed......Microsof|
0007e0e0  74 20 56 69 73 75 61 6c  20 43 2b 2b 20 52 75 6e  |t Visual C++ Run|
0007e0f0  74 69 6d 65 20 4c 69 62  72 61 72 79 00 00 00 00  |time Library....|
0007e100  0a 0a 00 00 52 75 6e 74  69 6d 65 20 45 72 72 6f  |....Runtime Erro|
0007e110  72 21 0a 0a 50 72 6f 67  72 61 6d 3a 20 00 00 00  |r!..Program: ...|
0007e120  2e 2e 2e 00 3c 70 72 6f  67 72 61 6d 20 6e 61 6d  |....<program nam|
0007e130  65 20 75 6e 6b 6e 6f 77  6e 3e 00 00 00 00 00 00  |e unknown>......|

And this:

0008ead0  46 53 4f 55 4e 44 20 50  72 69 6d 61 72 79 20 4d  |FSOUND Primary M|
0008eae0  69 78 42 75 66 66 65 72  00 00 00 00 43 3a 5c 64  |ixBuffer....C:\d|
0008eaf0  65 76 5c 66 6d 6f ...

Read More

Hi,

from the documentation the strtotime() function you can read:

Parse about any English textual datetime description into a Unix timestamp

And it expects:

int strtotime ( string $time [, int $now = time() ] )

The $stockdate is a DateTime object, not a string. So try by submitting the string:

date('l F d, Y', strtotime($stockdate->date));

Or follow the DateTime library:

print $stockdate->format('l F d, Y');

Docs:

Read More

Spaces in URLs can be represented by %20 or by +, it depends on the browser and by the enctype attribute of the form tag.

Your script can receive requests like these:

term=abc++++
term=abc%20%20%20%20

Which in your code equals to:

string(7) "abc    "

So, instead of $searchTerm = $_GET['term']; do:

$searchTerm = trim(filter_input(INPUT_GET, 'term', FILTER_SANITIZE_STRING));

And the script will process the intended input:

string(3) "abc"

Note, in this case you don't need to use urldecode() as superglobals are already decoded. Also, you should query the database through prepared statements.

Read More

Ok, the blank list of results happens because JQuery expects to receive label and/or value as index keys of the result set.

Multiple types supported:
Array: An array can be used for local data. There are two supported formats:

  • An array of strings: [ "Choice1", "Choice2" ]
  • An array of objects with label and value properties: [ { label: "Choice1", value: "value1" }, ... ]

The label property is displayed in the suggestion menu. The value will be inserted into the input element when a user selects an item. If just one property is specified, it will be used for both, e.g., if you provide only value properties, the value will also be used as the label.

Source: http://api.jqueryui.com/autocomplete/#option-source

So change desc1 to label and should work fine. I was testing with a custom table which had a label column, so the issue didn't show up to me.

Do:

<script type="text/javascript">
    $(function() {

        $("#party").autocomplete({
            minLength: 0,
            source: "autocomplete.php",
            focus: function(event, ui) {
                $("#party").val(ui.item.label);
                $("#code").val(ui.item.code);
                return false;
            },
            select: function(event, ui) {
                $("#party").val(ui.item.label);
                $("#code").val(ui.item.code);
                return false;
            }
        })
    });
</script>

And in the PHP side:

$i = 0;
while($row=sqlsrv_fetch_array($select)) 
{
    $data[$i]['code']  = $row['code'];
    $data[$i]['label'] = $row['desc1'];
    $i++;
}

Read More

Look, it works fine for me. Do this: open the Web Developer Console which is available in Google Chrome, Chromium and Mozilla Firefox, hit the Network tab and enter a letter in the autocomplete input field, you should see a request to the server, hit the request link and click the Response tab, you should see a JSON object with the rows.

Read More

Hi,

check the source of the custom data example in the autocomplete JQueryUI documentation:

The select property should fit your requirements:

select: function( event, ui ) {
    $( "#project" ).val( ui.item.label );
    $( "#project-id" ).val( ui.item.value );
    $( "#project-description" ).html( ui.item.desc );
    $( "#project-icon" ).attr( "src", "images/" + ui.item.icon );

    return false;
  }

Another example: https://jsfiddle.net/0wdbgage/

Read More

-sigh-
Why is it so, that when there's an issue, people look all around :D, but not on the issue.

lol, I asked because I do not know how you are implementing that statement and what you really expect to get. What do you mean by true 404? A redirect to the 404 error page defined by the server?

This:

While Opera fools itself, Firefox doesn't. It shows just super-empty document (not 404, but also not even standard CSS stylesheet). How do I successfully send "404 Not Found" to ALL browser.

is not a useful information, to understand your issue.

Look, to me it's easier to move the includes scripts into a separated directory, then use .htaccess to deny direct access to that directory, so it cannot be accessed through the browser.

This solution does not require to modify the scripts, so nothing like the header() 404 statement, if really needed you could force it through .htaccess and send a more appropriate 403 or even 404.

It's even better if you move the includes directory to the parent of the public_html directory, which if correctly set, is not accessible by the browsers, that way you don't even need to use .htaccess file to define what is accessible and what not.

Read More

Comments
GSOH!

Hello,

are you aware that the referrer can be spoofed? Simple test:

  1. open a terminal and type: nc -l 8000
  2. open another terminal and type: curl --verbose --header --referer http://google.com/ http://localhost:8000/

You'll get:

GET / HTTP/1.1
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: */*
Referer: http://google.com/

More information here: https://en.wikipedia.org/wiki/Referer_spoofing

Read More

@Antony try:

SELECT * FROM `TABLENAME` ODER BY date_format(str_to_date(`TIME_COLUMN`, '%r'), '%T') ASC;

This will convert the string to a timestamp that MySQL can parse, then use %T to get the order in the 24H format. But, as suggested, it's better to convert the existing rows into the 24H format and then always save in that format, to avoid extra processing. So you could run an update query, just like above:

UPDATE `TABLENAME` SET `TIME_COLUM` = date_format(str_to_date(`TIME_COLUMN`, '%r'), '%T');

Replace TABLENAME and TIME_COLUMN with yours and remember to test on a copy.

Rule is: save always in UTC, save always in the format that the database can parse, then convert for the client.

For more info see:

Bye!

Read More

Hello,

so, standing at the original example you want two rows for each date > item, correct?

Use implode() after each cycle, change this:

# loop each date > item
foreach($items as $item)

    # loop each date > item > item
    foreach($item as $elem)
        $r[] = sprintf('%s %s %s'
                     , $elem->attributes()->Name
                     , $elem->attributes()->Type
                     , $elem);

to:

# loop each date > item
foreach($items as $item)
{
    # initialize the $r array at each loop
    $r = [];

    # loop each date > item > item
    foreach($item as $elem)
    {
        $r[] = sprintf('%s %s %s'
                     , $elem->attributes()->Name
                     , $elem->attributes()->Type
                     , $elem);
    }

    # convert the $r array to a string
    $s[] = implode(',', $r);
}

The contents of $s will look like this:

array (2) [
    string (184) "received Date 2015/12/18 00:00,accepted Date 2016/03/31 00:00,aheadofprint Date 2016/04/14 00:00,entrez Date 2016/04/15 06:00,pubmed Date 2016/04/15 06:00,medline Date 2016/04/15 06:00"
    string (152) "epublish Date 2016/05/23 00:00,entrez Date 2016/07/12 06:00,pubmed Date 2016/07/12 06:00,medline Date 2016/07/12 06:00,pmc-release Date 2017/01/01 00:00"
]

If you want them all in the same string, then just initialize the $r array before or the first loop (# loop each <date> node) and move the implode out of the loops, at the end, basically:

$r = [];

# loops

$s = implode(',', $r);

Read More

If you just need to remove what comes after the first occurrence of the bracket and display what is remaining, then you could basically loop the input into strstr(), like this:

$line = 'Águila (El Salvador)';
$out = strstr($line, '(', TRUE) . '(';
print $out; # Águila (

See: http://php.net/manual/en/function.strstr.php
Example:

<?php

$fp = function($file) {

    $out   = '';
    $lines = file($file);

    foreach($lines as $line)
        $out .= strstr($line, '(', TRUE) . '(' . PHP_EOL;

    return $out;
};

$output = $fp('./input.txt');
print $output;

Or switch to fopen if the input is a big file.

Read More

It happens because you have to manually move to the next node, you can do like this:

<?php

$file = 'dates.xml';
$xml  = simplexml_load_file($file);

# loop each <date> node
foreach($xml->date as $node) {

    $items = $node->children();

    # loop each date > item
    foreach($items as $item)

        # loop each date > item > item
        foreach($item as $elem)
            $r[] = sprintf('%s %s %s'
                         , $elem->attributes()->Name
                         , $elem->attributes()->Type
                         , $elem);
}

print_r($r);

Will return:

Array
(
    [0] => received Date 2015/12/18 00:00
    [1] => accepted Date 2016/03/31 00:00
    [2] => aheadofprint Date 2016/04/14 00:00
    [3] => entrez Date 2016/04/15 06:00
    [4] => pubmed Date 2016/04/15 06:00
    [5] => medline Date 2016/04/15 06:00
    [6] => epublish Date 2016/05/23 00:00
    [7] => entrez Date 2016/07/12 06:00
    [8] => pubmed Date 2016/07/12 06:00
    [9] => medline Date 2016/07/12 06:00
    [10] => pmc-release Date 2017/01/01 00:00
)

To get the attributes, in this case, since $elem will be a SimpleXMLElement object you can use the attributes() method:

Use var_dump() or a debugger like this to see which kind of object you are iterating, for example:

foreach($items as $item)
    sd($item);

Returns:

SimpleXMLElement (2) (
    public @attributes -> array (2) [
        'Name' => string (7) "History"
        'Type' => string (4) "List"
    ]
    public Item -> array (6) [
        string (16) "2015/12/18 00:00"
        string (16) "2016/03/31 00:00"
        string (16) "2016/04/14 00:00"
        string (16) "2016/04/15 06:00"
        string (16) "2016/04/15 06:00"
        string (16) "2016/04/15 06:00"
    ]
)

So you can see the attributes of the main node:

<Item Name="History" Type="List"> ...

Read More