Posts by cereal

Hi, supposing 31.170.161.176 was your IP address, you cannot connect directly from your computer to the 000webhost MySQL server because remote connection is disabled, unless you upgrade your account:

• https://www.000webhost.com/faq.php?ID=27

It means that, with the basic plan, they only allow connections to the databases from a defined range of IPs: their hosting machines. So in order to work, you have to upload the script to the 000webhost web server and run it from there, not from your local installation.

Hi,

you could use the Nowdoc syntax, I prefer it because the code is more readable, but it's your choice, an example:

<?php

$id      = rand(1,1000);
$name    = 'MissMolly';
$email   = 'email@email.tld';
$request = <<<'EOD'
<?php
    $to      = "%1$s";
    $subject = "Invoice Request";
    $message = "%2$s is requesting %3$d quote";
    $headers = "From: %1$s\r\n";

    mail($to, $subject, $message, $headers);
    unlink(__FILE__);
?>
<h1>Invoice Being sent asap</h1>
EOD;

$request = sprintf($request, $email, $name, $id);
$myfile  = fopen('clients/' . $name . '.php', 'w');
fwrite($myfile, $request);
fclose($myfile);

With sprintf() then you replace the placeholders %1$s, %2$s, %3$d with the data you want to inject:

• http://php.net/sprintf

Do you have a specific reason to create such file? The email is already sent by the line 33.

Also, you're using the $name variable to set the filename, but if $name contains special characters or spaces, then it could affect the access to the generated PHP file, you should use a function to replace the spaces, something like this:

• https://github.com/bcit-ci/CodeIgniter/blob/82761265da6a4ccd913583239a89487c40d46329/system/helpers/url_helper.php#L480

Ok, at line 16 and 17 you are declaring a variable but then using another one:

$mContent   = '';
echo $mcontent .=

so, set $mcontent = ''; or reverse and fix line 67. Note: this should not preclude the execution of the script, usually it should send a notice for undefined variable mcontent but then it should continue to work.

Try to set error_reporting(-1); in top of the script, to see if you get some errors.

So, you get the email but not the query contents, correct? Is the $conn resource set in the included config.php file?

You're welcome!

Hi,

look at the manual: http://php.net/manual/en/mysqli-result.fetch-array.php

The argument must be a constant, in your case MYSQL_ASSOC without the quotes, the constant in this case is an integer and his value is 1, for MYSQL_BOTH instead is 3, so you could write:

$result->fetch_array(MYSQL_ASSOC);

# or

$result->fetch_array(1);

and get the same result type.

Hi,

you could set the line separator into getValue(), for example at line 28:

editor.getValue('<br>')

But this will add the <br> also in the code blocks, otherwise you can apply a CSS rule to #question-preview:

#question-preview {
    white-space:pre-line;
}

And change the #question-preview pre code white-space rule at your preferences:

#question-preview pre code {
    padding: 0;
    white-space: inherit;
}

Docs: http://codemirror.net/doc/manual.html#getValue

The problem is generated in the IN() statement: what happens if $topuid is empty, like in your code?

$topuid   = array();
$idtopuid = implode(',', $topuid);

The result of $idtopuid will be an empty string, example:

var_dump(implode(',', []));
string(0) ""

This will generate the syntax error you got: syntax to use near ') order by rand() limit 0,5' at line 1 because the IN() statement cannot be empty.

Also, keep in mind that you are setting something that will display as a single CSV string, for example:

$topuid   = ['a', 'b', 'c'];
$idtopuid = implode(',', $topuid);

# in query
... IN(".$idtopuid.") ...

Will generate:

IN(a,b,c)

without quotes, which will work fine if these will be integers [1,2,3], but it will fail if using alphanumeric IDs, because it will be like testing table columns and it could generate an error like:

ERROR 1054 (42S22): Unknown column 'a' in 'where clause'

to avoid it, in case of alphanumeric IDs, the IN() statement values should be set with quotes around each element and commas to separate them, so:

IN('a', 'b', 'c')

Bye!

Ok,

now I see there is an error on line 23 of your first post, you're missing the closing VALUES() parenthesis:

 ":rate,:discount");

It should be:

 ":rate,:discount)");

@shany

Hi, consider that MySQL will not return the last inserted id if:

• the table does not have a column with the auto_increment attribute
• or if you manually feed the id

Example:

-- table without auto_increment column
CREATE TABLE IF NOT EXISTS `test` (
    `tid` INT UNSIGNED NOT NULL PRIMARY KEY,
    `msg` VARCHAR(50) NOT NULL
);

-- insert, no auto_increment
INSERT INTO `test` (`tid`, `msg`) VALUES(1, 'a');
INSERT INTO `test` (`tid`, `msg`) VALUES(2, 'b');
INSERT INTO `test` (`tid`, `msg`) VALUES(3, 'c');

-- get last id, will return 0
SELECT last_insert_id();
+------------------+
| last_insert_id() |
+------------------+
|                0 |
+------------------+
1 row in set (0.00 sec)

-- show table statement
SHOW CREATE TABLE `test`;
+-------+-----------------------------------
| Table | Create Table                  
+-------+-----------------------------------
| test  | CREATE TABLE `test` (
  `tid` int(10) unsigned NOT NULL,
  `msg` varchar(50) NOT NULL,
  PRIMARY KEY (`tid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
+-------+-----------------------------------

-- show contents
SELECT * FROM `test`;
+-----+-----+
| tid | msg |
+-----+-----+
|   1 | a   |
|   2 | b   |
|   3 | c   |
+-----+-----+
3 rows in set (0.00 sec)

-- alter table to add auto_increment
ALTER TABLE `test` MODIFY `tid` INT UNSIGNED NOT NULL AUTO_INCREMENT;

-- new table statement, with auto_increment
+-------+--------------------------------------------------
| Table | Create Table                                     
+-------+--------------------------------------------------
| test  | CREATE TABLE `test` (
  `tid` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `msg` varchar(50) NOT NULL,
  PRIMARY KEY (`tid`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1 |
+-------+-------------------------------------------------

-- insert id manually
INSERT INTO `test` (`tid`, `msg`) VALUES(4, 'd');

-- …

No, from SQL injection you're safe with prepared statements, but you are exposed to an XSS attack, here:

echo "<div class='alert alert-success' role='alert'>Well done! You successfully created user: <b>".$_POST['username']."</b></div>";

echo "<div class='alert alert-danger' role='alert'>Oh snap! Failed to create new user: <b>$_POST[username]</b></div>";

$_POST is not sanitized, so I could inject javascript or an iframe. The Google Chrome XSS Auditor in this case will raise an alert, which is visible in the developer console.

Use filter_input() if you want to return the contents to the page:

• http://php.net/filter-input

Hm, lol, ok, it was so similar I made a mistake :D

So, your Hash::make() method should look like this:

public static function make($string, $salt=''){
    return hash('sha256', $string.$salt);
}

With two only arguments in the hash() function, correct? If for some reason you have a comma in between $string and $salt then you would get binary data in raw format, because the hash() function would read $salt as the third argument.

Example:

print hash('sha256', 'test', 'salt');
# outputs
ЁL}e/ZO,]l

print hash('sha256', 'test' . 'salt');
# outputs
4edf07edc95b2fdcbcaf2378fd12d8ac212c2aa6e326c59c3e629be3039d6432

For reference I'm checking the code through this repository, which seems written by one of those participants:

• https://github.com/nirmalz/learnObject/blob/master/classes/Hash.php

If the above suggestion still doesn't help, please share the code or a repository with your test code, I will not go through the linked tutorial.

If you're using Illuminate Hasher then it should look like:

if(Hash::check($password, $this->data()->password))

rather than your previous IF statement, because the hasher will generate a different result each time, so you cannot compare them directly. This is basically doing:

public function check($value, $hashedValue, array $options = [])
{
    if (strlen($hashedValue) === 0) {
        return false;
    }
    return password_verify($value, $hashedValue);
}

If you're using something different, please point me to the library, so that I can check their documentation.

See:

• http://php.net/password-verify
• https://github.com/laravel/framework/blob/5.1/src/Illuminate/Hashing/BcryptHasher.php#L40

No error? Sure it's Hash::make() and not Hash::check()?

Hi! It happens because:

$data = $this->_db->get('users', array($field, '=', $user));

is not returning the object. It could be because the query failed or for something else, sure _db it's a property and not a method? For example:

$data = $this->_db()->get('users', array($field, '=', $user));

What can be returned by the get() method? If there are cases in which your get() can return something different from the object, then you should check it by using is_object():

if(is_object($data) && $data->count())

At this point I would check the contents of the $error variable, if any, and set few die() to check which IF statement is working and which fails. I'm supposing im_id and im_album_id are defined as a multiple-column unique index:

• http://dev.mysql.com/doc/refman/5.7/en/multiple-column-indexes.html

Otherwise the first select query could return more than one row and this IF statement will fail, To start set:

if($result && mysql_num_rows($result) == 1)
{
    die('First select works');

And try the DELETE action, if you reach it, remove it and after the delete query set:

if(mysql_query($sql) && mysql_affected_rows() > 0)
{
    die('Delete query works');

And try again. If you reach it, we know both queries are working fine, at least in a case, and so there could be an issue with the unlink() function, which could be read/write permissions or wrong path.

The value of GALLERY_IMG_DIR is a internal path, not an HTTP link, correct?

I think I've understood where is the issue (finally :D): $_GET['album'] is set but it does not return any value. At line 28 of your last code version you had:

$album = isset($_GET['album']) ? $_GET['album'] : '';

Which, will initialize the variable but it will not return nothing when opening the script for the first time because, from what I see, the page will not have a query string with this value. In other words you probably can open the page like this:

http://site.tld/script.php

and/or:

http://site.tld/script.php?album=123

So the value of $album in the first case be empty. Later, in the while loop, you have the javascript function with:

javascript:deleteImage(<?php echo "'$album', '$im_id'"; ?>);

Which should get the value of album from $row rather than the $album variable previously set. The extract() function will initialize $im_id, it will not initialize $album because it DOES NOT exists in the columns returned by $row. So:

1. you don't get a notice for undefined variable $album;
2. the $album value arriving here is the one set at line 28 which, as said, can be empty.

I think you can solve the issue by changing the SELECT query at line 61 to return the im_album_id column:

SELECT im_id, im_album_id, im_title, im_thumbnail, DATE_FORMAT(im_date, '%d-%m-%Y') AS im_date FROM tbl_image

And change the javascript code to:

javascript:deleteImage(<?php echo "'$im_album_id', '$im_id'"; ?>);

After these changes the IF conditional statement should work. And var_dump() should return the expected values.

Set:

echo "<pre>";
var_dump($_GET);
echo "</pre>";

in top of the script, then press the delete button and paste results here.

Ok, then $_GET['delete'] will be set but it will be empty, by consequence the IF statement will fail. Try to change this line:

$delete  = array_key_exists('delete', $_GET) ? trim($_GET['delete']) : NULL;

To:

$delete  = array_key_exists('delete', $_GET);

Now we get a boolean and we don't need anymore to check the variable value. The IF statement changes from:

if( ! empty($delete) && ! empty($albumId) && ! empty($imgId))

To:

if($delete && ! empty($albumId) && ! empty($imgId))

Or more explicitly:

if($delete === TRUE && ! empty($albumId) && ! empty($imgId))

At this point the conditional statement should work fine.

Replace code from line 2 to 24 with:

$error = FALSE;

// check if index key exists and trim, else set it to NULL
$delete  = array_key_exists('delete', $_GET) ? trim($_GET['delete']) : NULL;
$albumId = array_key_exists('album', $_GET) ? trim($_GET['album']) : NULL;
$imgId   = array_key_exists('imgId', $_GET) ? trim($_GET['imgIde']) : NULL;

if( ! empty($delete) && ! empty($albumId) && ! empty($imgId))
{
    // get the image file name so we
    // can delete it from the server 
    $sql = sprintf(
            "SELECT im_image, im_thumbnail FROM tbl_image WHERE im_id = '%s' AND im_album_id = '%s'",
            mysql_real_escape_string($imgId),
            mysql_real_escape_string($albumId)
        );

    $result = mysql_query($sql);

    if($result && mysql_num_rows($result) == 1)
    {
        $row = mysql_fetch_assoc($result);

        // and then remove the database entry
        $sql = sprintf(
                "DELETE FROM tbl_image WHERE im_id = '%s' AND im_album_id = '%s'",
                mysql_real_escape_string($imgId),
                mysql_real_escape_string($albumId)
                );

        // remove the image and the thumbnail from the server
        // only if DELETE query is successful
        if(mysql_query($sql) && mysql_affected_rows() > 0)
        {
            unlink(GALLERY_IMG_DIR . $row['im_image']);
            unlink(GALLERY_IMG_DIR . 'thumbnail/' . $row['im_thumbnail']);  
        }

        else
            $error = 'Delete product category failed. ' . mysql_error();
    }

    else
        $error = 'Select product category failed. ' . mysql_error();
}

In practice we initialize some variables ($delete, $albumId & $imgId) by trimming the contents of $_GET, then we refer to these variables for the rest of the script: this is an important point, if you call $_GET['album'] inside the conditional statement you can insert an untrimmed value, clear?

I'm using empty() to check the contents of the variables, please refer to the documentation to check what is …

Let's try. The error you are reporting:

MySQL said: Documentation
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql = "SELECT im_image, im_thumbnail FROM tbl_image WHERE im_id = '$imgId' AND ' at line 1

is a bit strange, because MySQL will show the statement starting from the failing point, so you have to look what is set before $sql = "SELECT im_image, ... not after. How this is happening makes me think that, this query, is nested in a previous string or something like that... If you could share your current code, it could help a bit.

Also, running trim() in the IF statement will not affect the original variable, for example:

# value is " hello"
if(trim($_GET['id'])) var_dump($_GET['id']);

You expect string(5) "hello" instead you will get string(6) " hello". Do:

$get['id'] = trim($_GET['id']);

Starting from PHP 5.4 isset() will give different results from what expected in previous versions, see example #2 at http://php.net/isset

In any case isset() will evaluate an empty string to true, so if $_GET['album'] is simply set:

http://link.tld/script.php?album

without adding any value, the function will return it true, for example:

$_GET['album'] = NULL;
var_dump(isset($_GET['album']) ? :FALSE);

$_GET['album'] = '';
var_dump(isset($_GET['album']) ? :FALSE);

will return:

bool(false)
bool(true)

And your query can return unexpected results.

So, can you show your updated code? I'm not sure which version …

Hi,

you are submitting a single string to the PDO constructor:

$connection = new PDO("mysql:host=$host; dbname=$db_name, $db_user, $password");

instead they should be three: dsn, username, password. Or four if appending options:

$connection = new PDO("mysql:host=$host;dbname=$db_name", $db_user, $password);

You could do:

$passwd = crypt($_POST["newpassword"]);

# prepare query
$query = sprintf(
            "UPDATE admin SET hash = '%s' WHERE admin_id = %u",
             mysql_real_escape_string($passwd),
             (int)$_SESSION['admin_id']
         );

# perform query
$result = mysql_query($query);
if($result === FALSE)
    echo "Internal server error occurred.";

Where %s stands for string and so it's quoted, and %u stands for unsigned integer in case the admin_id index, in the session array, is an integer.

Warning: mysql_query() expects at most 2 parameters, 3 given in admin\modify-password.php on line 40

It happens because this function does not support prepared statements, and it only accepts two arguments:

mixed mysql_query ( string $query [, resource $link_identifier = NULL ] )

Where the first argument is the query, the second is the connection link to the database, which can be omitted, unless you want to connect to multiple databases.

Docs: http://php.net/mysql-query

Is it stored as HTML with an <img> tag? If affirmative then you could use a regular expression to extract the image link. For example:

$content = '
    <p>Title</p>
    <div><img class="hello" src="/images/ocean001.jpg" id="img"></div>
    <p>Blue</p>
';

$pattern = '/<img[^>]*src[\s]?=[\s]?["\']?([^"\']*)[^>]*>/i';

preg_match($pattern, $content, $matches);
print_r($matches);

It should return:

 Array
(
    [0] => <img class="hello" src="/images/ocean001.jpg" id="img">
    [1] => /images/ocean001.jpg
)

So in your loop:

$pattern = '/<img[^>]*src[\s]?=[\s]?["\']?([^"\']*)[^>]*>/i';

while ($row = mysql_fetch_array($res))
{
    preg_match($pattern, $row['post_content'], $matches);
    echo'Post Content:' . $matches[1];
}

And replace 1 with 0 if you want the tag. It will be slow. An alternative is to use a DOM library, but in this case you should parse a full document, not a part. If you can, try to separate description from image link before inserting them into the database, and set them together when needed.

An alternative:

$t = call_user_func_array('array_merge_recursive', $r);

where $r is diafol's example array and it will return:

Array
(
    [sub_total] => Array
        (
            [0] => 1000
            [1] => 120
        )

    [total_tax] => Array
        (
            [0] => 82.5
            [1] => 9.9
        )

    [total] => Array
        (
            [0] => 1087.5
            [1] => 129.9
        )

)

Then do:

$totals = array_map("array_sum", $t);

Will return:

Array
(
    [sub_total] => 1120
    [total_tax] => 92.4
    [total] => 1217.4
)

It happens because you're using NULL values, for the series it's not a bug, it's a feature:

• https://bugs.mysql.com/bug.php?id=8173

Fatal error: Call to undefined function Age() in /home/jktempla/public_html/signup.php on line 55

Hi, it's the same type of error you got in your previous thread:

• https://www.daniweb.com/programming/threads/501605/fatal-error-call-to-undefined-function-getuser-in-homematurecopublic_

Can you open the logo link directly from the browser address bar? For example:

http://website.tld/images/logo/logo.png

What is the value of SITE_FAVICON?

Try with:

sudo service mysql stop

Then the pid file should disappear.

Ok, then try to reset the root password as described here:

• http://dev.mysql.com/doc/refman/5.7/en/resetting-permissions.html

Excuse me, it was late at night and I suggested an index key of an old version, the line it should not be:

$cfg['Servers'][$i]['nopassword']

but:

$cfg['Servers'][$i]['AllowNoPassword']

as defined in the documentation link.

By the way, are you able to sign in through mysql command line client?

mysql -uUSERNAME -pPASSWORD

remove -p if password was not set.

which one needs to have phpmyadmin installed on it, the web/php server or the machine I'm developing from.

If the database is accessible from remote then you can install PHPMyAdmin wherever you want, just edit the config.inc.php file to set the IP of the database in the host index, check the documentation here:

• http://docs.phpmyadmin.net/en/latest/config.html#server-connection-settings

For the AllowNoPassword check the same documentation:

• http://docs.phpmyadmin.net/en/latest/config.html?highlight=allownopassword#cfg_Servers_AllowNoPassword

In practice set $cfg['Servers'][$i]['nopassword'] to boolean TRUE and you should be able to enter without password.

Note: this kind of setup is fine only for local (your box) development.

You have to assign a value to parameter:

<?php echo anchor('admin/pages?parameter=value', 'Click Here'); ?>

Otherwise the IF condition fails, try:

var_dump($this->input->get('parameter'));

You can append the query string to the link and then access it through $_GET as in pure PHP or by using $this->input->get('keyword').

For example, you have controller Blog with method show($title_slug) and you want to append a query string to show the comments, your link would look like:

http://website.tld/blog/show/hello-world-title?comments=on

in controller:

class Blog extends CI_Controller
{
    public function __construct()
    {
        parent::__construct();
    }

    public function show($title)
    {
        $comments = $this->input->get('comments');

        # other code ...
    }

}

Hi, I've suggested you a solution some time ago:

• https://www.daniweb.com/programming/web-development/threads/497916/diference-between-two-dates

Have you tried that library?

Hi,

in PHP you could move the uploaded file to a directory outsite public_html, so that is not directly accessible by a remote client, the file then can be served only through a script. If you cannot move it out, then you can use .htaccess rules to limit the access to the defined directory.

However I don't know if Joomla allows such setups. I see they suggest how to block access to some specific files:

• https://docs.joomla.org/Security_and_Performance_FAQs#Isn.27t_locating_all_Joomla.21_files_inside_public_html_a_security_risk.3F

But they do not talk about static files, so you may want to search for a well known plugin that can do that or ask their support for a core solution.

Line 30, $options = array(). Why did you need to declare $options as a parameter?

The constructor works like a function, so you have to declare the expected parameters, as example when you call:

$sys = new Engine(array('abc'));

In the class you need:

class Engine {

    public function __construct($data)
    {
        # work with $data
    }

I added a default value $options = array() in case Engine is defined without a parameter:

$sys = new Engine;

But it would raise warnings, as there will be some undefined indexes. It's up to you to define the behaviour of the class, so you can decide to check if the parameter exists and if it's an array and if the indexes are those expected...

I can't understand what you mean, could you shine some more light on it? Are there any changes in outcome or something?

With your current code:

return $z;

You get:

Array
(
    [IMAGES2] => image3.jpg,image2.jpg,image1.jpg

    [IMAGES] => image1.jpg,image2.jpg,image3.jpg

    [TITLE] => Job=test

)

Which apparently is correct, but each index is spaced by a carriage return. By replacing that return with:

return array_map('trim', $z);

You get:

Array
(
    [IMAGES2] => image3.jpg,image2.jpg,image1.jpg
    [IMAGES] => image1.jpg,image2.jpg,image3.jpg
    [TITLE] => Job=test
)

This reflects in the first $toReplaceTemplate array, the result will change, as with your code the unmatched expressions were looking like:

[10] =>         --for image1.jpg,image2.jpg,image3.jpg
 as IMAGE--

With my suggestion they will change to:

[10] =>         --for image1.jpg,image2.jpg,image3.jpg as IMAGE--

Hi,

what is the error message? Have you tried by contacting their support service? From what I've seen you have to perform a curl request and get a response in JSON format:

• https://www.swipehq.com/support/support_detail.php?cat=Developers&title=Example+Code

But from the documentation I cannot see what would happen in case of error and what to expect. I would ask them to point you to full documentation about their API and see if there's already an official or recommended PHP SDK.

Besides, if you feel unconfortable with curl, you can use guzzle, which is an easy PHP HTTP client:

• http://docs.guzzlephp.org/en/latest/

By changing line 50 with:

return array_map('trim', $z);

you avoid new lines in the ParseVariables() generated array and let the regular expression match the pattern.

A problem I see is an undefined index at line 60, which is:

$toReplaceTemplate[$index] = str_replace($contentFrom, $replaceDict[$indexToGo], $toReplaceTemplate[$index]);

And in particular is caused by $replaceDict[$indexToGo]. The $indexToGo matches ++VAR++ and your class is not checking the exceptions, so you could do:

"exceptions"        => array("VAR")

At line 11, then at line 58:

$indexToGo = str_replace("++", "", $output[0]);
if(in_array($indexToGo, $options['exceptions']))
    continue;

You have to add also global $options, but I would avoid such and move the options array to constructor.

You can see the diff here: http://www.mergely.com/f2MpuXAB/

Check also: http://regexr.com/

As test, try to replace line 63 (the insert query) with:

if( ! mysqli_query($dbc, "INSERT INTO ...")) {
    printf("Errormessage: %s\n", mysqli_error($dbc));
}

If the problem is related to the insert query, then it should display the error returned by the database.

error is still present...

and the error is?

Hi,

the insert query is missing the VALUES closing parenthesis:

... ADDDATE(NOW(), INTERVAL 1 MONTH))

When in doubt add mysqli_error():

• http://php.net/manual/en/mysqli.error.php

Bye!

If you don't have access to those commands then you may have to ask to your hosting helpdesk. You can also test the syntax of your configuration files:

nginx -t -c /path/to/nginx.conf

The -c flag is used to test a specific configuration file. Otherwise just run nginx -t

Hi, what you got from:

See systemctl status nginx.service and journalctl -xe for details

Ok with Microsoft-IIS/8.0 you can try to add a rewrite rule to your web.config file:

<rule name="Prevent image hotlinking">
    <match url=".*\.(gif|jpg|png)$"/>
    <conditions>
        <add input="{HTTP_REFERER}" pattern="^$" negate="true" />
        <add input="{HTTP_REFERER}" pattern="^http://site\.tld/.*$" negate="true" />
    </conditions>
    <action type="Rewrite" url="/images/say_no_to_hotlinking.jpg" />  
</rule>  

As explained here:

• http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/#hotlinking

Note: I don't have much experience with IIS, so I cannot help much further, if you still need help wait for other daniwebers. Bye!

Maybe these are affected by other CSS rules. What happens if you isolate this portion and apply only his own rules?

Hi,

I have few questions:

1. in your tags there are PHP and database: how these are involved in this issue?
2. The static files are served directly or by script?
3. Are these files stored into a folder accessible from remote?
4. Are you trying to block access to all static files or only some specific types?
5. Are you using Apache or IIS? (You said you are on Windows but not which server you're using).

Thats exactly what i am trying to void i dont want to loop <span>abc</span><span>def</span><span>ghi</span> the one under the other but in the same line.

To put them inline use span { display:inline-block; } or simply inline. However with the former you can set height, width, padding and margin properties:

• http://jsfiddle.net/tdk1ms94/