Posts by cereal

I don't know what this is as still a beginner: var_dump($numrows);

var_dump() returns information about expressions TRUE < FALSE or variables. For example:

$stmt = TRUE === TRUE || TRUE < FALSE && TRUE === FALSE;
$str  = 'Hello';
$fp   = fopen('php://memory', 'w+');
var_dump($stmt, $str, $fp);

It will return the data type and the value:

bool(true)
string(5) "Hello"
resource(3) of type (stream)

In my previous comment, I suggested you to verify the contents of the $numrows variable, to make sure you were receiving an integer (as expected) or NULL, which would suggest an error with the query.

About the code, I understand what you want to achieve, however query to verify only if the username or the email address exists, exclude the password for now, so do:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' LIMIT 1;

I'm adding LIMIT 1 here, which can be avoided if you set unique keys on usernames and emails columns.

Once you get the row, fetch the password from the result set and compare it with the one submitted in the login request.

Right now, I suppose you are saving passwords in plain text, you should use password_hash() to generate the hash to save into the database and password_verify() to verify the attemp with the hash.

Read the following tutorial by Diafol, #11 Storing and Retrieving Authentication Data, which shows exactly the same approach that I would use here:

• https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php#post2183501

It is developed for PDO and uses prepared statements, …

Hi,

what you get with var_dump($numrows);?

Besides, look at your query:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' AND passwords='WRONG_pass';

Basically it is like writing:

SELECT TRUE OR FALSE AND FALSE;

Which evaluates to TRUE:

+---------------------------+
|   TRUE OR FALSE AND FALSE |
|---------------------------|
|                         1 |
+---------------------------+

In this case by knowing the username you can access without the correct password. It happens because in MySQL AND has an higher precedence than OR, so the expression is read by the database like:

SELECT TRUE OR (FALSE AND FALSE);

To avoid the issue do:

SELECT (TRUE OR FALSE) AND FALSE;

Which evaluates to:

+-----------------------------+
|   (TRUE OR FALSE) AND FALSE |
|-----------------------------|
|                           0 |
+-----------------------------+

As expected.

See: https://dev.mysql.com/doc/refman/5.7/en/operator-precedence.html

@Luzinete

Hi,

please, open a new thread with the error message and the code that generates that error.

Has 7 made any difference to the way you code?

A bit.

To be honest, a part personal code, I have used PHP 7 only for one client's project because it was starting with that version, in that case I used strict type declarations, CSPRNG functions and Throwable to catch common errors.

For me the former and the latter were missing bits in PHP. I'm happy these were introduced. I would like to see Throwable also for warnings and notices rather than setting an error handler.

Are they massive time savers (coding-wise or run-wise)?

At the moment no, not for me.

Something I would like to see is overloading, what is currently used in PHP smells more like overriding and I find it chaotic.

Hi,

at line 7 you have:

$update_id = $post_id;

while $post_id is initialized at line 68:

$post_id = $row_post['post_id'];

Which in practice depends on $edit_id defined at line 60:

$edit_id = $_GET['edit_post'];

So, it seems that you open the page like this:

page.php?edit_post=123

All you have to do is to initialize $edit_id on top, at line 4, so that is available to the POST conditional statement and to the other code.

Do not use $_GET directly, filter the variable:

$edit_id = filter_input(INPUT_GET, 'edit_post', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

Then replace:

$update_id = $post_id;

With:

$update_id = $edit_id;

Or simply adjust the following code to use $edit_id. Use the filter functions also for the other input coming from POST and GET requests, and use prepared statements too:

• http://php.net/manual/en/book.filter.php

Hello Dani,

I don't think it's the user agent, I'm testing with Phantomjs and it uses this user agent:

Mozilla/5.0 (Unknown; Linux i686) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1

The testing script render.js:

var page   = require('webpage').create(),
    system = require('system'),
    vsize  = {width: 1280, height: 1024},
    address, output;

address = system.args[1];
output  = system.args[2];

page.viewportSize = vsize;
page.clipRect = {
  top: 0,
  left: 0,
  width: vsize.width,
  height: vsize.height
};

page.open(address, function() {
  page.render(output);
  phantom.exit();
});

Execution:

./phantomjs render.js LINK output.png

And it works fine. In this specific case Microsoft is rejecting HEAD requests, it allows GET requests, in fact, it returns 200, but the page has no contents because are loaded by Javascript: test with Postman to see how it renders. So, it seems it needs a rendering engine to show the contents.

Hi! You can use pathinfo() or a directory iterator:

$ext = pathinfo($file)['extension'];

BUT right now the img() function can, potentially, allow the access to the contents of any directory on the server, by adding ../ to the variable, as example you can write the following and access /etc/:

pictures.php?imageID=images/../../../../etc

It depends on the position of the document root in the file system. You could use an integer and make sure it's valid, for example:

$imageID = filter_input(INPUT_GET, 'imageID', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

if(TRUE === is_null($imageID))
{
    # redirect or show 404
}

# continue if $imageID is valid

See also: https://www.owasp.org/index.php/Path_Traversal

Hi,

I do not see the conditional statement to apply the comma. Do you have an example of the input?

Hi,

enter the bios, change the start up order to read the USB media before than the primary disk, save and restart.

Here you can find more suggestions:

• https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_install/performing-a-windows-10-update-everything-seemed/663f38cf-b941-431e-858f-2881c7793ff1?page=1

Bye!

From the documentation:

If called from within a function, the return statement immediately ends execution of the current function, and returns its argument as the value of the function call.

It is like doing:

echo 'hello';
exit;
echo 'world';

so in your function you can store the value that you want to return into a variable, you can use the assignment operator .= and then return the variable at the end of the function execution:

function generate_list($rows)
{
    # initialize the $str variable
     $str = "
     <table>
     <tr>
         <th>Firstname</th>
        <th>Sirname</th>
        <th>Email</th>
        <th>Phonenumber</th>
        <th>Information</th>
     </tr>";

     while($row = $rows->fetch_assoc())
     {
         # append values to the $str variable
         $str .= "
         <tr>
            <td>{$row['Firstname']}</td>
            <td>{$row['Sirname']}</td>
            <td>{$row['Email']}</td>
            <td>{$row['Phonenumber']}</td>
            <td>{$row['Information']}</td>
        </tr>";
     }

     # append values to the $str variable
     $str .= "</table>";

     # finally return the contents of $str
     return $str;
}

$results = $con->query("SELECT * FROM listing");

# store the results of the function into $list
$list = generate_list($results);

# print the contents of $list when needed
echo $list;

$results->free();
$con->close();

About the connection to the database, you could set that outside of the function scope, what happens if you have 30 functions pulling results from the database and you have to change the credentials?

@UI

Hi!

in addition to previous comments, if you are learning PHP for work, sooner or later you will handle legacy code, you will be asked to add functionalities, not always to port it. You cannot always choose the version to work with. For example, something simple like:

$i = 1024**2*10;

returns a syntax error if you use PHP <= 5.5 and works fine when using the latest versions. To avoid issues in such case, you would write:

$i = 1024*1024*10;

Or see how list() changed the behaviour between PHP 5 and 7 when using array indices, that's just insane (it was from the beginning). IMHO, you need to know these things too, to become more efficient.

Hmm, the session in this case it is not, probably, the best approach: what happens if, in the current session, you open multiple tabs of A.php with different IDs?

A.php?id=123
A.php?id=124
A.php?id=125
...

It would screw up, because the session value would be rewritten by the latest loaded tab. Append the query string to B.php, so if you are using a form you can do:

<form method="get" action="B.php?id=123">

Or hide it in the input fields:

<input type="hidden" name="id" value="123">

If you want more appropriated help, share an example of what you are trying to do.

Right now, change line 13 to:

if(mysqli_num_rows($query_run)>0)

There is also another error here:

$query_run = mysqli_query($query,$db);

The first argument of the function must be the link to the database, the second the query statement. So:

$query_run = mysqli_query($db, $query);

Regarding prepared statements you have to change the approach and use the MySQLi Prepared Statement class. You can find the documentation here:

• http://php.net/manual/en/class.mysqli-stmt.php

So, define the query to perform:

$query = "SELECT * FROM `tbl_employee_information` WHERE `employeeno` = ? AND `name` = ?";

Instead of writing variables directly inside the query string, replace them with placeholders and bind the parameters through the bind_param() function.

MySQLi allows procedural and object oriented styles.

Procedural style:

$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'is', $empNo, $name);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);

if(0 < mysqli_stmt_num_rows($stmt))
{
    # code
}

mysqli_stmt_free_result($stmt);

The object oriented style looks like:

$stmt = $db->prepare($query);
$stmt->bind_param('is', $empNo, $name);
$stmt->execute();
$stmt->store_result();

if(0 < $stmt->num_rows)
{
    # code
}

$stmt->free_result();

The is stands for i integer, s string, for the $empNo and $name variables. You can find which types you can define, inside the bind_param() function documentation.

A word on $empNo and $name, you are currently using $_POST, use filter_input(), instead, as you can sanitize the input:

$empNo = filter_input(INPUT_POST, 'employeeno', FILTER_SANITIZE_NUMBER_INT);
$name = filter_input(INPUT_POST, 'employeeno', FILTER_SANITIZE_STRING);

The docs about the filters:

• http://php.net/manual/en/book.filter.php

Bye!

It's line 4:

echo '<td>'.<img  src='images/blank_big.jpg' height='150px;' width='150px;' />.'</td>';

The way you are using the concatenation operator (dot operator) is not correct, as <img ... is a string, so it must be quoted. Do:

echo "<td><img src='images/blank_big.jpg' height='150px' width='150px' /></td>";

Bye!

Hi,

in this case the error message is very descriptive:

PHP Parse error: syntax error, unexpected '"', expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /home/sn/public_html/sn/home.php on line 168

It points to a specific file and line of the code. If you don't find the error in that line then search above. On line 133 of home.php there is a backtick:

exit();` // <-- remove this

If you want to learn PHP, learn to reproduce bugs: isolate the code that generates the error and try to get the same error message:

<?php

print 'hello';`
print 'world';

Generates:

PHP Parse error: syntax error, unexpected end of file, expecting '`' in /tmp/a.php on line 5

Also the backtick operator as a specific meaning in PHP as it's an alias of shell_exec(), you can run a command like this:

$arg  = array_key_exists(1, $argv) ? escapeshellarg($argv[1]) : '';
print `find . -type f -iname "$arg" 2> /dev/null`;

> php a.php *.jpg

More info: http://php.net/manual/en/language.operators.execution.php
The comment part of the manual, sometimes, is very useful.

Hello,

please share the code otherwise we cannot help.

Remove or comment lines from 13 to 19, i.e. these:

$event_type = "";   
$event_date = "";   
$event_country = "";   
$event_postcode = "";   
$event_title = "";   
$event_description = "";   
$event_ltm = ""; 

Because with these you are resetting the values assigned in the previous lines (from 5 to 11) to the same variables.

Okay,

a part lines from 13 to 19, which are blanking the variables and I suppose it's just an error here in the paste, at line 21 (the $query) you have " or die(mysqli_error($conn)); at the end of the string, so when you run the query at line 22, it will fail, change this:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')" or die(mysqli_error($conn));

To:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')";

And try:

$result = mysqli_query($conn, $query);

if( ! $result)
    print sprintf('Error (%s) %s', mysqli_errno($conn), mysqli_error($conn));

You could also print the $query statement and try if it works fine through a MySQL client:

print $query;

Hi Janice,

the error is given by this $_SESSION['last_id'], because is not set. Before running the query you can make sure the index is set by running:

if(TRUE === array_key_exists('last_id', $_SESSION))
{
    # execute query
}

Between Ask and Discussion I prefer Submit as it fits both.

If the query does not return a result set, then the loop will not assign any value to $_SESSION and the print statement will show the previous value associated with that index: $_SESSION['status'].

I take the above for an example, but if $muser and $mypass are not set then the query will return all rows in the table.

So, if multiple rows are returned by the query, then $_SESSION will be overwritten and show the values of the last loop.

Right after session_start() add:

print print_r($_SESSION, TRUE);

This should tell you if you are carrying the value set by a previous step. Do the same after the loop. And see what you get.

@Prasanna_5

Hello, please open a new thread and search also the forum, this thread could help you:

• https://www.daniweb.com/programming/web-development/threads/506840/autocomplete

Just tested on two others Ubuntu 16.04: 32 and 64 bit, and it works fine with the same database version. So it may be my specific box.

Thank you for support Dani and Jim!

Hi, use r+ to read and write from the top or a+ in case you want to append data:

$fopen = fopen($filename, 'r+');

With the w+ flag the file is cleared:

Open for reading and writing; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

See: http://php.net/fopen

Hi, codeIgniter can log errors. If enabled set it to max verbosity (through application/config/config.php) and see if it gives you some additional information.

Another random fact: sometimes in logs you see Google's bot user agent but it's just another crawler trying to avoid filters.

Localhost? It seems a ramsonware, a virus that encrypts data and ask money to return the files back. If you are using Windows that's probably in your system, so it should not be related to the application code. The same can happen if the folder is shared in a local network and the virus is compromising all the files it can reach.

Good luck with that.

Italy? :D They need to improve a lot, but here we felt the change in their approach, hope to see some great games this year!

Dunno, add an error check and see what you get:

if( ! $result2)
    print sprintf('Error (%s) %s', $conn->errno, $conn->error);

Note - on lines 22/23 you are accessing mysqli through procedural mode, instead of OOP, this should not make difference in the code execution, but keep it in consideration.

This line will raise an error and kill the execution:

trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);

If you want to use it, then you have to create a condition, something like this:

if( ! $result)
    trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);

Otherwise it will run at each execution.

Hi! You could try with:

$url = get_field('url');

if(FALSE === $url)
{
    # code for empty value
}

else
{
    # code for assigned value
}

See: https://www.advancedcustomfields.com/resources/code-examples/#using-conditional%20statements

Hi,

the recommended way to hash passwords in PHP is through password_hash(), see the examples in the documentation page:

• http://php.net/password-hash

The example #3 seems similar to your request. If you will use PHP 7, then you can enable strict mode and you can write something like this:

<?php declare(strict_types=1);

function GetSaltedHash(string $pw, string $salt) : string
{
    $tmpPw   = mb_convert_encoding($pw, 'UTF-8');
    $tmpSalt = mb_convert_encoding($salt, 'UTF-8');

    $options = ['cost' => 11
              , 'salt' => $tmpSalt];

    $hBytes = password_hash($tmpPw, PASSWORD_BCRYPT, $options);

    return base64_encode($hBytes);
}

function CreateNewSalt(int $size) : string
{
    # default size
    if($size < 22)
        $size = 22;

    return base64_encode(random_bytes($size));
}

$pass = 'hello';
$size = 30;
$salt = CreateNewSalt($size);
$hash = GetSaltedHash($pass, base64_decode($salt));
$decd = base64_decode($hash);

print 'base64 encoded: ' . $hash . PHP_EOL;
print 'base64 decoded: ' . $decd . PHP_EOL;
print PHP_EOL;

if(TRUE === password_verify($pass, $decd))
    print 'The password is valid';

else
    print 'Validation failed';

print PHP_EOL;

See also:

• http://php.net/manual/en/function.random-bytes.php
• http://php.net/manual/en/function.password-verify.php
• https://github.com/ircmaxell/password_compat

Hello,

I just saw your question, so according to FB best practises:

Use images that are at least 1200 x 630 pixels for the best display on high resolution devices. At the minimum, you should use images that are 600 x 315 pixels to display link page posts with larger images. Images can be up to 8MB in size.

If your image is smaller than 600 x 315 px, it will still display in the link page post, but the size will be much smaller.

We've also redesigned link page posts so that the aspect ratio for images is the same across desktop and mobile News Feed. Try to keep your images as close to 1.91:1 aspect ratio as possible to display the full image in News Feed without any cropping.

And last:

The minimum image size is 200 x 200 pixels. If you try to use an image smaller than this you will see an error in the Sharing Debugger.

Source: https://developers.facebook.com/docs/sharing/best-practices#images

What rproffitt said. The support form for the plugin is:

• https://translate.wordpress.org/projects/wp-plugins/tablepress

An answer by the plugin's author to your same request:

• https://wordpress.org/support/topic/is-it-possible-to-create-an-input-form-that-updates-the-table/

The reason is this:

554 delivery error: dd This user doesn't have a yahoo.com account (deacleodor@yahoo.com)

In other words the email address does not exists.

@Dani

... And regarding Nginx, if you were able to get Nginx to work with PUT and PATCH, please let me know how! Whenever I try, Nginx short circuits and returns back a status of 501 not implemented and with a message body of "This method may not be used."

From my understanding, you can compile Nginx with a module to override this, and enable PUT, PATCH, and DELETE but when doing so, Nginx again short circuits PHP and actually PUTS/DELETEs files in the file system!

I have tried that and, yes, it works like in your description but only if webdav is enabled for that location. Otherwise it works like in pty's example.

For a basic test try:

<?php

$stream = [];
$method = $_SERVER['REQUEST_METHOD'];

parse_str(file_get_contents('php://input'), $stream);

print "Method $method" . PHP_EOL;
print print_r($stream, TRUE) . PHP_EOL;

And then send requests:

http --form PUT http://site/script.php msg="hello" --verbose

And you should see something like:

PUT /a.php HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 9
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: HTTPie/0.9.2

msg=hello

HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Server: nginx/1.6.2
Transfer-Encoding: chunked

Method PUT
Array
(
    [msg] => hello
)

Here are the reasons:

• https://dev.mysql.com/worklog/task/?id=6073

Mainly because the new default engine in 5.7 is InnoDB.

Check arp-scan -ln it outputs something like this:

> arp-scan -ln
Interface: wls1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.0.1     00:c0:9f:09:b8:db       QUANTA COMPUTER, INC.
192.168.0.5     00:02:a5:90:c3:e6       Compaq Computer Corporation
192.168.0.87    00:0b:db:b2:fa:60       Dell ESG PCBA Test
192.168.0.90    00:02:b3:06:d7:9b       Intel Corporation
192.168.0.153   00:10:db:26:4d:52       Juniper Networks, Inc.
192.168.0.191   00:01:e6:57:8b:68       Hewlett-Packard Company
192.168.0.196   00:30:c1:5e:58:7d       HEWLETT-PACKARD

7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.628 seconds (157.25 hosts/sec). 7 responded

And you could simply parse the output. But I'm not sure if there is a version for Windows platforms. Some info here:

• https://github.com/royhills/arp-scan

i am just curious how to access social media accounts like facebook, watspp etc. with the users' permission in order to help them prevent unethical hackers from breaking into their accounts.

Even if ethical, that would probably be a misuse of FaceBook terms of services. There are projects, like BugCrowd, which allows you to hack into a service, limiting the activity to specific targets requested by the owner and following specific rules: non disclosure & co. Facebook partecipates to that, and usually pays bounties through their system. So, if you are really interested check it out: https://bugcrowd.com/

Ok,

it does not work because you are not accessing to the returned row when you call $stmt->otdq_ordernum.

Use:

$row = $stmt->fetch();

And then:

$row->otdq_ordernum;

Or use a MySQL variable.

Also rowCount() in PDO, assuming you are using it, does not return the rows found in a SELECT statement, but only the rows affected by INSERT, UPDATE, DELETE & similar statements.

See:

• http://php.net/manual/en/pdostatement.rowcount.php

Hi,

it happens because getDB() is using PDO and in the script you are using MySQLi. Fix it and it should work.

I was supposing the $_POST['Net'] arrays to hold float values, not file names. Anyway you could write:

$files    = [];
$products = [];

while($rowProduct = mysql_fetch_array($productSQL))
{
    $products[] = $rowProduct['POProductNet'];
}

if(TRUE === isset($_POST['Net']) && TRUE === is_array($_POST['Net']))
{
    $files = array_map('basename', $_POST['Net']);
    $diff  = array_diff_assoc($products, $files);

    if(count($diff) > 0)
    {
        // write data to db
    }
}

Here I'm just using the array functions, instead of the loops, it's just a choice. You can go with loops.

But if $_POST['Net'] is supposed to always be an array, then I would check it in the sanitizing step, not after the query to the database. So it would look like more:

$net = filter_input(INPUT_POST, 'Net', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);

if(FALSE !== $net)
{
    $files    = array_map('basename', $net);
    $products = [];

    // select query the database
    // populate the $products array
    // compare with $files
}

Hi,

you could use array_diff_assoc():

<?php

$sql  = [25.00, 25.00, 50.00, 82.00, 120.00, 205.00];
$post = [25.00, 50.00, 50.00, 80.00, 120.00, 205.00];

print_r(array_diff_assoc($post, $sql));

Returns:

Array
(
    [1] => 50
    [3] => 80
)

So you can manage the array through the index key of the array. But what is the goal of this compare?

@AssertNull

Hi,

just to add something: the first step to avoid spam filters is to setup SPF and DKIM in the TXT records of the domain. That way Google, Hotmail & co. can verify if the sender address is allowed and if the origin is correct. For example, take Daniweb setup:

# query Google DNS
> dig daniwebmail.com ANY @8.8.8.8

daniwebmail.com.    299 IN  MX  5 daniwebmail-com.mail.protection.outlook.com.
daniwebmail.com.    299 IN  A   169.55.25.110
daniwebmail.com.    299 IN  TXT "MS=ms74324738"
daniwebmail.com.    299 IN  TXT "v=spf1  include:spf.protection.outlook.com ip4:169.55.25.96/28 ip4:169.55.29.192/27 ip4:74.53.219.128/25 a mx include:_spf.google.com ~all"

The TXT record is saying from which IP addresses the emails should be considered valid, this includes a range of IPs, the mail server defined in the MX record and the IP from the A record.

For example last newsletter came from community@daniwebmail.com and from IP 169.55.25.110. With spfquery you can test the validity of the origin:

spfquery -guess "v=spf1 mx a -all" -ip 169.55.25.110 -sender community@daniwebmail.com

The response looks like this:

passpass

spfquery: domain of daniwebmail.com designates 169.55.25.110 as permitted sender
Received-SPF: pass (spfquery: domain of daniwebmail.com designates 169.55.25.110 as permitted sender) client-ip=169.55.25.110; envelope-from=community@daniwebmail.com;

Which is basically what are doing mail services when receiving an email message. If the SPF is genuine then there are good chances to avoid the SPAM folder. But at that point it's necessary to act like you wrote, by rate limiting messages and by choosing correct phrasing.

More info:

• http://www.openspf.org/SPF_Record_Syntax
• http://www.openspf.org/Best_Practices
• http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/exim-spf.html
• http://debian-administration.org/article/721/Validating_SPF_and_DKIM_at_SMTP-time_with_exim

Bye!

You could use the RecursiveDirectoryIterator() something like in this comment:

• http://php.net/manual/en/function.glob.php#92710

More precisely like this:

<?php

$path = dirname(__DIR__);

$dir_iterator = new RecursiveDirectoryIterator($path
                     , FilesystemIterator::SKIP_DOTS);

$iterator     = new RecursiveIteratorIterator($dir_iterator
                    , RecursiveIteratorIterator::LEAVES_ONLY
                    , RecursiveIteratorIterator::CATCH_GET_CHILD);

foreach($iterator as $file)
    if(TRUE === $file->isReadable())
        echo $file . PHP_EOL;

@Dani I think it's related more to prepared statements in ext/mysqli:

• http://php.net/manual/en/mysqli-stmt.bind-param.php

@Sunny

See if this comment helps:

• http://php.net/manual/en/mysqli-stmt.bind-param.php#92283

Note: when uploading a blob consider to convert it into a string, otherwise look at:

• http://php.net/manual/en/mysqli-stmt.send-long-data.php

Hi,

from the documentation the strtotime() function you can read:

Parse about any English textual datetime description into a Unix timestamp

And it expects:

int strtotime ( string $time [, int $now = time() ] )

The $stockdate is a DateTime object, not a string. So try by submitting the string:

date('l F d, Y', strtotime($stockdate->date));

Or follow the DateTime library:

print $stockdate->format('l F d, Y');

Docs:

• http://php.net/manual/en/datetime.construct.php

In addition: if the hash is generated by a salted md5 or sha1, the attacker can generate a string that outputs the same hash, it does not need to find the exact password, it just need to find a collision. See:

• https://en.wikipedia.org/wiki/Collision_attack

That would not work on Google, but it can work on other web services that are storing passwords as md5 or sha1 hashes. In some cases, you could see that the collision string does not work, for the only reason that the Z webiste is storing passwords in plain text :D

If I can suggest, change the passwords everywhere and activate the 2FA:

• https://www.google.com/landing/2step/

Also, it's a good practice to use plus addressing when signing in new services, as example name+zwebsite@gmail.com so, if you get spammy messages, you have a chance to find out the source. Plus addressing also works in Hotmail.

By the way, I use this service to get data breaches notices:

• https://haveibeenpwned.com/

It works well.

Spaces in URLs can be represented by %20 or by +, it depends on the browser and by the enctype attribute of the form tag.

Your script can receive requests like these:

term=abc++++
term=abc%20%20%20%20

Which in your code equals to:

string(7) "abc    "

So, instead of $searchTerm = $_GET['term']; do:

$searchTerm = trim(filter_input(INPUT_GET, 'term', FILTER_SANITIZE_STRING));

And the script will process the intended input:

string(3) "abc"

Note, in this case you don't need to use urldecode() as superglobals are already decoded. Also, you should query the database through prepared statements.

Ok, the blank list of results happens because JQuery expects to receive label and/or value as index keys of the result set.

Multiple types supported:
Array: An array can be used for local data. There are two supported formats:

• An array of strings: [ "Choice1", "Choice2" ]
• An array of objects with label and value properties: [ { label: "Choice1", value: "value1" }, ... ]

The label property is displayed in the suggestion menu. The value will be inserted into the input element when a user selects an item. If just one property is specified, it will be used for both, e.g., if you provide only value properties, the value will also be used as the label.

Source: http://api.jqueryui.com/autocomplete/#option-source

So change desc1 to label and should work fine. I was testing with a custom table which had a label column, so the issue didn't show up to me.

Do:

<script type="text/javascript">
    $(function() {

        $("#party").autocomplete({
            minLength: 0,
            source: "autocomplete.php",
            focus: function(event, ui) {
                $("#party").val(ui.item.label);
                $("#code").val(ui.item.code);
                return false;
            },
            select: function(event, ui) {
                $("#party").val(ui.item.label);
                $("#code").val(ui.item.code);
                return false;
            }
        })
    });
</script>

And in the PHP side:

$i = 0;
while($row=sqlsrv_fetch_array($select)) 
{
    $data[$i]['code']  = $row['code'];
    $data[$i]['label'] = $row['desc1'];
    $i++;
}