Posts by Will Gresham

i think that is the site trying to parse the url. not the code.

Possibly, we'll need the OP to confirm that :)

Also, I will point out that there is no sanitation of the values.. Never a good idea to put POST data directly into SQL or such without checking what the user has actually entered.

Do you notice anything wrong with line 41?

$yoursite = ‘[url]www.sitename.co.za’;[/url]

http://www.tizag.com covers alot of the basic PHP/SQL functions as well as others

$fullProductId = explode("-", $value)
$productId = $fullProductId[0]

Should work

Th JavaScript code for this will be similar to: (You will need to modify this)

<script type="text/javascript">
function createRequestObject() {
	var ro;
	var browser = navigator.appName;
	if(browser == "Microsoft Internet Explorer") {
		ro = new ActiveXObject("Microsoft.XMLHTTP");
	}else {
		ro = new XMLHttpRequest();
	}
	return ro;
}
var http = createRequestObject();
function sndReq(action) {
	if(action.length < 3) {
		if(action.length == 0) {
			document.getElementById('usernamecheck').innerHTML = "<br />";
			return false;
		}
		document.getElementById('usernamecheck').innerHTML = "Username too short";
		return false;
	}else { 
		http.open('get', 'rpc.php?action='+action);
		http.onreadystatechange = handleResponse;
		http.send(null);
	}
}
  function handleResponse() {
	if(http.readyState == 4) {
		var update = http.responseText;
     		if(update!="This name is Avaliable!") {
			document.getElementById('usernamecheck').innerHTML = "This name is unavaliable, please try again";
		}else {
			document.getElementById('usernamecheck').innerHTML = "<a href='Javascript:EnableDisable()'>"+update+" Click to change</a>";
		}
	}
}
</script>

HTML for the username box:

<input type="text" name="un" onchange="sndReq(this.value)">

And rpc.php

<?
	//connect to db first
	$user=mysql_query("SELECT * FROM user_table WHERE un = '".$_REQUEST['action']."'")or die(mysql_error());
	$countrows=mysql_num_rows($user);
	if($countrows > 0) {
		echo "This name is Unavaliable";
	}
	else {
		echo"This name is Avaliable!";
	}
?>

Note, the PHP code if not good, there is no checking for bad data so it is not secure, just an example

Do you mean the back button on the browser or do you have a back link on the page?

With your code you should be able to go back using the url vars, but depending on how your search page works it may not work with the browsers back button

I would assume you want to put this before for insert the data into the database, so withing the write part of the switch before the SQL query.

If you are inserting a new row into the table, then you want to use the Insert not Update, take a look at this

The code from formtoemail.php may help here

Surely if you are creating your own then you will write the source code your self...

Or do you mean you want an open source one?
Try:
Vanilla
or
phpBB

Not sure how I can put it any clearer...

Is there any way to automatically put the validation back into cells after someone cuts/deletes the values?

No way of knowing without seeing some code.

Hi All

I have an Excel workbook (Excel 2002) which is accessed and modified by multiple people, there are 3 sheets within the workbook, 'Processing', 'Completed', and 'List Data'.

On the processing sheet there are open jobs with drop-down validation in 2 cells which fetches options from the list data sheet, this is fine but when the job is completed, the row is moved from the processing sheet to the completed sheet, however, I am having to go through daily and re-do the validation on the cells because people are Cut-Pasting into the completed sheet rather than Copy-Paste then clearing the cell contents.

Is there any way to automatically put the validation back in place after someone cuts the cells?

Edit:
Apparanty the below is irrelevant since you say it now works. :)

-----------------------------
Does the file include/site_functions.php exist?

Can you post line 15 from common.inc and a few lines before and after it since this seems to be the cause of the problem if the file does exist.

If the <head> is echoed in the top() function then it should work as you have it, if it is echoed automatically by the common.inc then you should define the title before including the file.

For the title, do this in each file:

define ("PAGE_TITLE", "Title for the Page");

And in common.inc put something like:

<title><? echo PAGE_TITLE; ?></title>

For the Meta tags, you could put together an array on each page like follows:

$page_meta_tags[] .= '<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />';
$page_meta_tags[] .= '<meta name="description" content="stuff here" />';

And then in common.inc

foreach($page_meta_tags as $value) {
  echo $value;
}

This may need adjusting for your application, just an idea..

Take a look at the wordwrap function in PHP:
http://uk.php.net/wordwrap

wordwrap($text, 100, "<br />\n", true);

Your assumptions are spot on to both of those :)

Try removing the $row line from the top if there is no URL variable, and add the while into the body. for example:
Head:

if (!isset($post)) {
$result = mysql_query ("SELECT * from blog ORDER BY blog_id DESC") or die(mysql_error());
$page_title = "Welcome to my Blog!";
} else {

And Body:
change

} else {
echo "<h1>" . $row['blog_id'] . "-" . "<a href='?b=" . $row['blog_id'] . "'>" . $row['blog_title'] . "</a> </h1><br>" . nl2br ($row['blog_body']) . "<br><br>";

}

To:

} else {
while ( $row = mysql_fetch_assoc ( $result ) ) {
  echo "<h1>" . $row['blog_id'] . "-" . "<a href='?b=" . $row['blog_id'] . "'>" . 
  $row['blog_title'] . "</a> </h1><br>" . nl2br ($row['blog_body']) . "<br><br>";
  }
}

$row will be empty with the way you are doing this, you will need at a minimum:

$result = mysql_query ("SELECT * from blog ORDER BY blog_id DESC")or die(mysql_error());
$row = mysql_fetch_assoc ( $result )or die(mysql_error());

This way the $row will be set and can be used. This will need to be done for all queries.

Also, $post = $_GET['b']; is NOT good practice, anyone can put anything into the query string and it will be included in the sql query. Do some validation on the input, for example:

if (is_numeric($post)) {
  // Code if is numeric value
} else {
  // Tell them off for entering a non-numeric value.
}

I am unable to decipher exactly what youa re asking from your post, but try the oscommerce forums and site, they have boards for support and since the package is open source there are many add-ons to choose from on their site.

If you do not have users logging in you could use cookies to store the time/date they last accessed the site for this.

Thanks, I wasn't sure about that one.

Still trying to find the weak point in the code which is allowing null db entries..

I have got a slight problem with the code below, I am getting entries into the Database with null values, which as far as I can see should not be possible I have both Client-side JS to validate the fields are not empty and PHP to do the same, Just wanted to know if anyone with a bit more knowledge of PHP has any ideas on this..

I know the code isn't perfect, I am working on improving it but it is on a live site which I have recently taken over for a friend but I would like to get this issue resolved before proceeding.

<?
session_start();
if($_REQUEST['action'] == "check") {
  foreach($_POST as $key => $value) {
    $_SESSION[$key] = $value;
    if(trim($value) == "" && $key != "send") {
      $dirtyPage = 1;
      $emptyFields.= $key . "=1&";
}
}
  if($emptyFields != "") {
    header("Location: /signup.php?empty=1&$emptyFields");
    end();
}
$_REQUEST['action'] = "submit";
}
  include("resc/header.php");
?>
    <script type="text/javascript">
	// Cut AJAX code for checking if username exists and form checker for null fields
</script>
<br />
	<table width="100%" border="0" width="80%">
		<tr>
			<td class="content" valign="top">
<?
  if($_REQUEST['empty']==1) {
    if ($_REQUEST['un'] == 1) { $fieldList .= "<li>Username</li>"; }
    if ($_REQUEST['fn'] == 1) { $fieldList .= "<li>First Name</li>"; }
    if ($_REQUEST['ln'] == 1) { $fieldList .= "<li>Last Name</li>"; }
    if ($_REQUEST['email'] == 1) { $fieldList .= "<li>E-Mail Address</li>"; }
    if ($_REQUEST['password'] == 1) { $fieldList .= "<li>Password</li>"; }
    if ($_REQUEST['confirm'] == 1) { $fieldList .= "<li>Password Confirm</li>"; }
    echo 
    "<div style=\"border: 1px #000000 solid; background-color: #FFFFFF; …

What is the error it is throwing at you? If it is giving a syntax error it will give the problem and the line number.

Is the included file just basic PHP, or does it have classes/functions in it, if the file uses functions you may need to register the variable as a global variable within each function you want to use it in.

Otherwise, post up your code so we can see what you are doing.

I don't see why you wouldn't be able to manually add the rows...

The URL is not stored in the database, it is stored in the .htaccess file in the root directory... When you view a page, it will appear in the URL as 'http://domain.com/view/node/1234' where 1234 is the 'nid' in the database.

If you open the .htaccess file and look for user/manage/books/add it will tell you which page it is actually going to.

Look at the .htaccess file, it is using rewrites, they will all be listed there.

The onload event is one which can be used in JavaScript, I am not sure exactly what you are asking although if you want to do something after the page loads, ie client side, you will need a client side language(such as JavaScript) otherwise this may be possible in PHP, can you provide more details on exactly what you want to achieve.

You can't, Sub-Domains are managed by the web server. Speak to your host for information on how to set one up.

Can you clarify this:

(e.g. john smith, NOT john or smith which is what I want.)

Do you want to look for john OR smith or are you looking for john AND smith?

Also, this may help: http://www.iamcal.com/publish/articles/php/search/

Be more specific....
What OS,
What version of Apache
What version of PHP
What have you done so far
Did you download the binaries or the source?

Not sure why you posted in PHP for this as there is no mention af anything apart from mod_rewrite s this should have been posted in the Apache Forum

You cannot use any characters apart from alphanumerics and the special characters $ - _ . + ! * ' in a URL. You will either need to remove the invalid special characters from the URL or encode them to their hexadecimal value. A full list can be found here http://www.degraeve.com/reference/urlencoding.php

Sorry, my mistake. This would work for what you want to do, I misunderstood things..

Although, rather than having the query spread over 2 lines, you may as well remove the $sql_query .= and put it all onto one line.

Please read the Community Rules, linked at the top of each page.

Quoted from the 'Keep it Organized' section of the community rules

Do not post homework problems expecting a quick answer without showing any effort yourself. This especially pertains to the software development forums. For easy readability, always use the Insert Code tool. If you post a question and it gets resolved, please use the Mark Solved link to mark your thread solved.

Show us what you have already and we can help you identify problems and solutions to your code, but as above, show some effort first.

To update:

foreach($_POST as $key => $value) {
	if ((is_numeric($key)) && ($value > "")){
	//Do some validation on the data in the field here
		$sql_query = "UPDATE table_name SET";
		$sql_query .= " `column_name` = '".$value."',";
	//Remove the final , from the query
		$sql_query = substr_replace($sql_query, "", -1);
		mysql_query("$sql_query WHERE `id` = '".$key."'")or die(mysql_error());
		echo $sql_query;
	}
}

This would be ok for just updating 2 columns in the DB, but if you look at the code, you have

$sql_query = "UPDATE table_name SET";
		$sql_query .= " `column_name` = '".$value."',";

inside the foreach loop, this isn't needed, what it is doing is each time you run through the foreach it is executing an sql query, so if you have 2 fields it is running 2 queries..

I would suggest trying it as it was in my post:

$sql_query = "UPDATE table_name SET";
foreach( $_POST as $key => $value) {
if ((is_numeric($key)) && ($value > "")) {
	//Do some validation on the data in the field here
		$sql_query .= " `column_name` = '".$value."',";
}
}
//Remove the final , from the query
$sql_query = substr_replace($sql_query, "", -1);
mysql_query("$sql_query WHERE condition_here")or die(mysql_error());
?>

Basically your code will do run 2 seperate queries:

mysql_query("UPDATE table_name SET `column_name` = '$value'");
mysql_query("UPDATE table_name SET `column_name` = '$value'");

rather than running it all at once after the loop:

mysql_query("UPDATE table_name SET `column_name` = '$value', `column_name` = '$value'");

I beleive what he meant was this:
in your code (below with line numbers for reference) the loop is started on line 5 and ended on line 27, the <select> is started on line 12 and ended on line 24, you need to have the <select> before line 5 and </select> after line 27. If that makes sense.

At the moment what it is doing is looping (which it should be) but since the <select> is within the loop it processes this every time it loops through, it should be:

<select>
{start_loop}
//looping here
{end_loop}
</select>

{* Generate the list of attribute values *}
		<p class="attributes">
		
		{* Parse the list of attributes and attribute values *}
		{section name=1 loop=$obj->mProducts[k].attributes}
		
		  {* Generate a new select tag? *}
		  {if $smarty.section.1.first ||
		      $obj->mProducts[k].attributes[1].attribute_name !==
			  $obj->mProducts[k].attributes[1.index_prev].attribute_name}
			{$obj->mProducts[k].attributes[1].attribute_name}:
		  <select name="attr_{$obj->mProducts[k].attributes[1].attribute_name}">
		  {/if}
		  
		    {* Generate a new option tag *}
			<option value="{$obj->mProducts[k].attributes[1].attribute_value}">
			  {$obj->mProducts[k].attributes[1].attribute_value}
			</option>
			
		  {* Close the select tag? *}
		  {if $smarty.section.1.last ||
		      $obj->mProducts[k].attributes[1].attribute_name !==
			  $obj->mProducts[k].attributes[1.index_next].attribute_name}
		  </select>
		  {/if}
			
		{/section}
		</p>		  
	  </td>

Something like this would echo textboxes with the database values:

<form action="pagename.php" method="post">
<?
$sql_query = mysql_query("PUT THE SELECT QUERY HERE")or die(mysql_error());
$sql_results = mysql_fetch_assoc( $sql_query )or die(mysql_error());
foreach( $sql_results as $key => $value) {
  echo "<input type=\"text\" value=\"$value\" name=\"$key\" /> <br />";
}
?>
</form>

Then to put it back in the database something like:

<?
$sql_query = "UPDATE table_name SET";
foreach( $_POST as $key => $value) {
  //Do some validation on the data in the field here
  $sql_query .= " $key = '$value',";
}
//Remove the final , from the query
$sql_query = substr_replace($sql_query, "", -1);
mysql_query("$sql_query WHERE condition_here")or die(mysql_error());
?>

There is no data cleansing or validation in the above script, this leaves your code open to injection, make sure you validate any input before processing it.

Make a script with something like:

$table="abc";
mysql_query("TRUNCATE $table");

This removes all entries from the table and resets the auto-increment to 0.

You could setup a Cron Job to run the script at set intervals.

Edit: Not recommended if you are using transactions as this is not able to be rolled back.

This will be some line on your script is missing something, such as a " ' ; } or similar and as there is nothing after line 246 it is encountering an unexpected end of file when it tried to read line 247 (even though that line does not exist, it is saying it is expecting something) can you post/attach your most recent code.

Try:

if (mysql_num_rows($qry) > 7 ) {
  something...
} else {
 another thing
}

The is equates to

if ($total is greater than 7) {
  something...
} else {
  another thing
}

So when total=8 it will select the first one.

Spotted the problem, instead of using the variable name i should have used the POST to get the ticket number. I replace the UPDATE with the one below and all works perfect now.

$updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 1 where cab_eticket_number = ". $_POST["cab_eticket_number"] ."";

This may work but is not recommended and certainly isn't secure.

Taking variables directly from the POST, GET or QUERY in PHP is not safe, it leaves your script vunerable to injection attacks.. You should be taking the POST variable and sanitizing it first (for instance, a number should only contain the characters 0-9) you could do the following:

if(is_numeric($_POST["cab_eticket_number"])) {
$cab_eticket_number = $_POST["cab_eticket_number"];
} else {
  //Process an input which is nit numeric.
}
$updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 1 where cab_eticket_number = $cab_eticket_number";

I have used osCommerce for any instances I need a cart on a site, it is also open source and has many, many contributions from community members to add most functions you could ever want and then a few more.

However, if you dont like Zen, then you may not like this one. I have not used Zen myself but from what I understand some of the Zen developers were initally working on the osCommerce (correct me if I am wrong) project so there may well be similarities between the two..

If you are looking to change the content on the page dynamically (without reloading) then you should look into Javascript/AJAX for this.

Make sure you have the GD library installed/configured on your server to use the first example.

No, check line 28 of his sendemail.php script:

$attn = $_POST['attn'];

Also, he has been echoing the attn value and it is printing the correct item.

Change the line:

echo "You are visitor " , $count ;

to

echo "You are visitor " . $count ;

You could try using an IF rather than a switch:

if($attn == "webmaster") {
$to_email = "erich.krauz@rgl-e.com";
} elseif($attn == "info") {
$to_email = "krauz2@hotmail.com";
} else {
$to_email = "erich.krauz@rgl-e.com";
}

My bad, put the values on the case statements in the switch in '':

switch($_POST['attn']) {
case 'webmaster':
$to_email = "erich.krauz@rgl-e.com";
break;
case 'info':
$to_email = "krauz2@hotmail.com";
break;
default:
$to_email = "erich.krauz@rgl-e.com";
}
mail($to_email, $subject, $message, $from);

You could also use switch($attn) {

That's correct, if it was defined outside the functions.php page before the file was called it would be available to the functions, but if it is within the same file then it will not be usable by the functions in that file.

Take a look here for more info on this.

Add or die(mysql_error()); to the end of the SQL querys causing the problem:

mysql_query("SOME QUERY")or die(mysql_error());

and let us know what that reports.