Posts by nav33n

You have to assign the return value to a variable before using it.
ie., $result = selecttbl("user");

I just re-checked my code to see why that is and it seems for forms with XSS injection the feature needed adding (very simular to the SQL injection feature) however I have a problem with a preg_match_all statement I use. The following is the preg match all statement and it just returns empty arrays even though theoratically it should match the form. Could anybody help me debug the following code to return the form if the form contains the word 'user' or the word 'password'.

<?
preg_match_all('/\<form(.*)(user|password)(.*)\<\/form\>/i',file_get_contents('http://xss-login.appjet.net/'),$forms);

//display the result
echo '<xmp>';
print_r($forms);
echo '</xmp>';
?>

I have tried many variations of this code with no luck.
Thanks for the help.

You mean like this ?

preg_match_all('/\<form(.*)(user|password)(.*)\<\/form\>/is',file_get_contents('http://xss-login.appjet.net/'),$forms);

Instead of calling the names directly, like $delete, try $_POST. ie., instead of

if($delete){

Try,

if(isset($_POST['delete'])) {

If that doesn't work, post your updated code.

i have a database and it has a column thats id its auto incrementing and one called download_link
i want to have that autofill with a url thats concatinated with my id
so localhost/upload/downloadtest.php?id=
adds the id and becomes
localhost/upload/downloadtest.php?id=1
localhost/upload/downloadtest.php?id=2
localhost/upload/downloadtest.php?id=3

etc

how could i do that be done

First, query the table and select all records.

$query = "select * from table";
$result = mysql_query($query);

Then for every id, concat $id to a string and store it in the array.

$data = array();
while($row = mysql_fetch_array($result)) {
 $id = $row['id'];
$string = "http://localhost/upload/downloadtest.php?id=".$id;
$data[$id] = $string;
}

By the end of execution of this while loop, you will have an array called data with the urls and ids as array indices.
Then use foreach loop to update the table.

foreach($data as $key => $value) {
  $update_query = "update table set download_link = '".$value."' where id=".$key;
mysql_query($update_query);
}

Thats it! Clear enough ? :)

You are welcome! Glad I could help :) Cheers!

Use & not +.

header("location: somepage.php?username=".$username."&password=".$password);

In all the queries, change my_db to user. :) Then I guess it should work fine!

Ah! :'( Yes !!!

Okay! The query looks good. Are you sure the table name is correct ? Because I noticed your database and table have the same name! :-/ If it is correct, execute this query in phpmyadmin or mysql console and see if it throws any error!

Okay! Add echo $realUser_query; before $realUser_result = mysql_query($realUser_query); and tell us what it prints.

if(!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
mysql_select_db("my_db", $con);
$user = mysql_real_escape_string($_POST['user']); //request posted data and sanitise it using mysql_real_escape_string
$pass = mysql_real_escape_string($_POST['pass']);
$realUser_query = "SELECT Username FROM my_db WHERE Username = '$user'"; // create the query
$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0
	$usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerow
	$realUser = $usernamerow['Username']; //assign Username to $realUser
}
if($user != $realUser) {
        echo "No Such User";
} else {
        $realPass_query = "SELECT Password FROM my_db WHERE Username = '$user'";
        $realPass_result = mysql_query($realPass_query);
        if(mysql_num_rows($realPass_result) > 0 ) {
        	$passrow = mysql_fetch_array($realPass_result);
        	$realPass = $passrow['Password'];
				}
        if($pass != $realPass)
                {
                echo "Incorrect password";
                }
        elseif($pass == $realPass)
                echo "Welcome!";

        }

Try this out! I have added comments for you to understand.

Can you post your code here ? And don't echo $realUser, echo $realUser_q.

First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?

If nothing is stored, then maybe $user is empty. Try this and let us know what it prints.

$realUser_q = "SELECT Username FROM my_db WHERE Username = '$user'";
echo $realUser_q;
$realUser_r = mysql_query($realUser_q) or die(mysql_error());

And as for your second question, _q don't do anything. Its just another variable.

Looking at your query, I guess $user is a string. So

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());

will generate an error. You have to put single quotes around $user. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = '$user'") or die(mysql_error());

You don't need single quotes if you are querying with integers. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Userid = $userid ") or die(mysql_error());

Hope thats clear!

I thing u r stretching this thread now. unnecessarly posting two times as an answer. I said developer because i want to show how this solution matters to me

Posting as an answer ? Did I ever mention those replies were "answers" ? I have no reason to stretch this thread. Its you who is bumping a 3 year old thread with unwanted replies (which is no way related to the question posted).

I don't want to waste my time after this.

I am happy that you are a quick learner. :)

Edit: I also wonder if header is the panacea for every CGI problem. Hmm..

Well, this is how I code it

if(user_has_not_used_code_tags) {
	if((users_total_post_count > 5) {
              if( warning_previously_issued )
                     issue_infraction;
             else
                     issue_warning;
	} else {
		//new user; Please use [code ] tags.
	}
}

Thanks for the pseudocode AD! I will implement the same! ;)

Hello Mr I am a developer
I have put this info because when somebody gets such error he should know every possibility whenever he searches for it, these threads are always usefull while coding for all time so in my opinion this is not dead and i don't write that you will say thanks or abuse it.

First of all, breathe (or you will run out of breathe). I agree, If someone searches for this particular question, he will eventually get here. But I don't find your answer relevant to the question. That answer doesn't make any sense either.

do u understand.

No. Unfortunately, I didn't understand a word you said.

just don't show that u r somebody ok.

Huh! What does that even mean Mr. Developer ?

check if this works
This error happens when you do syntax error in the code of the command

header("Location:$redirectto")

, i.e. used to redirect to the location

Stop reviving old dead threads for god's sake!

Pretty straight forward. You are having <?=$options?> in echo.
End the echo statement then echo $options.
Example,

echo'<form action=\"insert_interest.php\" method=\"POST\">

		<h4>Select which course you would like to register your interest in</h4>
		
		<h5>Option 1</h5>
		   <select name=\"radio\">
				  <OPTION VALUE=0>Please select an option';
				  echo $options;
		   echo '</select>
		<h5>Option 2</h5>
		(only select more options if needed)<br />
		<br />
			<select name="radio1">
				<OPTION VALUE=0>Please select an option';
				echo $options;
//and so on...

:) Cheers man!

Thats strange. Because that same script showed scroll bar for me.

So, what is the problem ? Did you check if register globals are on in php.ini ?

You are welcome :)

I want to dsiplay it irrespective of year for example if i give the date that belongs to year 1987 it should display the day with respect to present year.

Yes. That is what it does. Try out that example by giving 1987's date :)

I can see scroll bar on both the cases. :-/ In both IE and FF3.

Convert that date to unixtimestamp using strtotime. Then use date("l") to get the day.
http://in.php.net/date
eg.

$date = "2009-03-31";
$timestamp = strtotime($date);
echo date("l",$timestamp);

:) Look closely and find that 1 difference yourself!

$date = "2009-03-31";
echo date("Y-m-d", strtotime($date ."+n days" ));
//where n is the number of days to be added

Bingo! You are right. Check this link!
http://www.webmasterworld.com/forum88/9091.htm

Replace all occurance of " with ' in your message. :)

Could be many reasons.
1. php short tags may be disabled. Use <?php
2. Register globals may be disabled. Use $_POST instead of $form_element.
This is an example.

<?php
if(isset($_POST['submit'])) {
	foreach($_POST['checkbox'] as $checked) {
		//delete checked record
	}
}
?>
<html>
<body>
<form method='post'>
<input type='checkbox' name='checkbox[]' value='1' /> 1 <br />
<input type='checkbox' name='checkbox[]' value='2' /> 2 <br />
<input type='checkbox' name='checkbox[]' value='3' /> 3 <br />
<input type='checkbox' name='checkbox[]' value='4' /> 4 <br />
<input type='submit' name='submit' value='submit' />
</form>
</body>
</html>

Welcome to Daniweb BTW. Please read the guidelines on how to use [ code ] tags for better readability of your code.

Blob it is! (But still, I don't recommend it).

If you observe properly, there is one small difference between

http://download.finance.yahoo.com/d/quotes.csv?s=GOOG &f=sl1d1t1c1ohgv&e=.csv

and

http://download.finance.yahoo.com/d/quotes.csv?s=GOOG&f=sl1d1t1c1ohgv&e=.csv

And that's the extra space after GOOG. Try trimming $symbol and check again!

Are we talking about the new member profiles or the lack of location, etc. in the post headings?

We are talking bout the style of new member profile as well as the missing stuff in post heading.

You can always click on the avatar to see that information.

Yes, but that requires an extra click! :(

When posting a reply what difference does the join date make?

Not much of a difference. But I used it for the following. :)

if(user_has_not_used_code_tags) {
	if((todays_date - user_joined_date) > 50) {
		//old user; negative rep + the reason for it
	} else {
		//new user; Please use [code ] tags.
	}
}

Bah! nevermind. I will use postcount for the same from now on!

Just wondering what people thought about the update to how the profile gets viewed. Personally i kind of like it but then there is no posts/day thing. Im not sure whether thats a good thing or not personally.

To the site admins and such, is there any reason for this removal of the posts/day and to everyone else, what do you think of the update? Good or bad?

I didn't like it. Now, everything comes one after another and if we divide the screen into left and right, all the information is aligned towards left !
Social network seems ordinary (the previous one was better).

And yes, posts per day is missing. Even 'joined date' is missing while posting a reply.

Its not a good idea to store images in the table. The time required to fetch an image from the table and displaying it is more (obviously) than displaying the image from the file system. You can save the image in the file system and save its path in the table. That is what most people do. But if you intend to store images in the database, then blob would be the datatype.

Since I'm using tools for this and NOT hand coding things, I'm a little lost... Ideally using an AJAX script to check on the orgcode input field would rock...

I don't know what exactly you mean by tools. But check this example.
In the example, there is a dropdown list, but you have a text field. You can use onblur event (or onkeyup event) to call the ajax function to check if the value entered in the text field is already there in the database.

Well, I don't have an example with me. But, Instead of having an xml, you can query the table, then have a select element where you can show all the matching values. Also have an onchange event for select so that when the user clicks an option, it is inserted to the textbox.

<select name='selecttag' multiple='10' onchange='document.getElementById('txt1').value=this.value;'>

You also need to hide the border of select element.

Well I figured it out I knew it was something having to do with the pagetitle so I tried to figure out what those two threads had in common ... they both had '--' within their titles. Turns out that I had the page title commented out in the HTML code, and the way you comment html is like <!-- this -->. Well ... apparently it's a Firefox bug that if something looks like <!-- this -- this --> then it gets super confused and doesn't know where the comment is supposed to end.

Good job Dani! :)

I guess even this thread is acting the same way ?
http://www.daniweb.com/forums/post830784.html

P.S. Works fine in IE6 and Chrome.

Try it in Firefox, open Error console and see whats going wrong.

I am not aware of any function in javascript which is equivalent to php's exit function ! But I guess you are looking for <noscript> .

I tried all the scripts and they work (on both IE and mozilla) ! What error are you getting exactly ?

You have to convert the dates to unixtimestamp using strtotime.

Yes, possible. Use date_add function.

I liked the old style. This one is compact!

Adobe Flash, JavaScript, HTML 4.01 Transitional, CSS, and PHP.

Yeah he probably is promoting his site, but the links on DaniWeb are no-follow, so it wont improve the Search Engine rank.

Ah! Thanks for clarifying :)

Hi-DaniWeb community!

I'm New here and already have a question:

What software or program used <URL SNIPPED>

Best Regards
hilimili

Why do I so strongly feel this is an advertisement :-/

Wow! I can so easily guess your age from that reply of yours :icon_rolleyes:
Watch your language buddy. What you just said could cause you an infraction. :)