Posts by Will Gresham

Rather than

$message .= "Today's Calendar Events Reminder: $title\r\n";

Just put

$message .= "$title\r\n";

Then before use mail() put:

$message = "Today's Calendar Events Reminder: " . $message;

When you assign a value to $message, use .= rather than just = , this will append the text to the end of the current value. You may also want to put an \r\n onto the end of the string to add a new line at the end of each event.

EDIT: Also, take some of those statements that will not change out of the WHILE statement (i.e. the $from and $subject) otherwise they are having the same values written to them multiple times.

While will loop through all results.

It should be

$query = "SELECT * FROM pec_mssgs WHERE m=$todaysMonth AND d=$todaysDay AND y=$todaysYear";

Edit: Ezzaral beat me to it :)

Try replacing (!$sqlStr==... with ($sqlStr != ...

I am not sure I understand exactly what you are trying to do here, but surely passing a table name in the URL is a very bad idea.

Isn't the reason that SQL errors should be suppressed in production sites because the developer does not want the table name to be known?

If you can explain a little more what you want to do then I am sure someone will be able to help.

It would be better to store the dates in the database as a timestamp, and use these in the query. Take the normal date in PHP, use strtotime to convert it to a timestamp and search this.

Your queries will be faster if using integers rather than full text searching..

Upload the PDF files to a directory and have the PHP script check the directory and list any PDF files in there.

Aside from the comments in the previous post, you ahave a lot of redundant code there.

Rather than coding HTML like:

echo "<html>";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "<table align=center border=1 cellpadding=0 cellspacing=0  bordercolor=#FF6600 bgcolor=#C0C0C0 width=50% height=10>";
echo "<tr> <td align=center><p font color=black span style=font-size:11pt;><b>Minimum length values for Username or Password or Pincode or Mobile is missing. Please try again with correct values.</b></span></font></p></td> </tr> </table> </html>";

This would be better:

?>
<html>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<table align=center border=1 cellpadding=0 cellspacing=0  bordercolor=#FF6600 bgcolor=#C0C0C0 width=50% height=10>
<tr>
<td align=center>
<p font color=black>
<span style=font-size:11pt;>
<b>Minimum length values for Username or Password or Pincode or Mobile is missing. Please try again with correct values</b>
</span>
</font>
</p>
</td>
</tr>
</table>
</html>
<?php

You also had missing brackets (> and <) between the P and the Span elements.

Also, since you are using the same styles for each table, it would be better to use CSS to save duplication of code.

Finally, there is no validation of POST data, very bad idea, you might want to look at sorting that.

You could use a meta redirect to redirect the page after a period.

This would go to a page which unsets the session

<meta http-equiv="Refresh" content="300; url=http://www.site.com/logout_page.php" />

^That goes in the head of the document.

The problem is that you have mixed double and single quotes, it should be:

<a href="delete.php?id=' . $row['autoid'] . '">

But your coding style needs alot of work, suggestions posted above are good ones.

Ok, in the other thread you started, you posted this example:

<?php
function myfunction(){
mysql_query('INSERT INTO `table` SET `column`="value"') or die(mysql_error());
return 0;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script language="javascript" type="text/javascript">
function ILovePHP() {
b = "<?=myfunction();?>";
alert(b);
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<form action="" method="post"><input name="" name="" type="text" onChange="ILovePHP();"></form><p>
</body>
</html>

Now, load a page with that script in, then check your database BEFORE you click the textbox or do anything, I can guarantee you that the new entry will be in the database, meaning that it has been executed BEFORE you trigger the onChange event, meaning that the onChange WILL NOT update the database, it has already been done when the script loads.

You have been told the same in 2 threads on Daniweb, and you say that you found the same answer on other sites. This should indicate that Javascript cannot interact with PHP in the way you are claiming it does.

Yes, this will work for static pages, but the PHP is being processed server side BEFORE it is sent to the browser, look at the source code in your browser, no PHP there.

PHP = Server Side
Javascript = Client Side

You can use pre-defined PHP variables in Javascript, but you cannot /do/ anything with PHP after the script has been processed and sent to the client.

The code you put would be exactly the same as typing

<script language="javascript" type="text/javascript">
function ILovePHP() {
b = "I love PHP ! by Arman de Guzman de Castro :-)";
alert(b);
}
</script>

As ShawnCplus said, PHP is not being run in the onChange event.

To 'run' PHP code in the onChange event, look into ajax to send requests to your PHP script and get the results without the requirement of a page reload.

This may not be the best way to do it, but it should work

$thisYear = date('Y');
$nextYear = $thisYear + 1
$nowdate = $thisYear "-" $nextYear;

I really need to go to sleep :D

Actually the math is 8^62 8 positions with 62 possibilities in each, special characters excluded 62 positions where each will only be 1 of 8 options yields significantly less possibilities.

Not to nitpick your math, because ultimately, our points were the same as the one you made, it would take to long to generate them all.

Whoops, should have checked that, I always get them mixed up :( knew I should have paid more attention in Math :D

So add alot more zero before the decimal point in my last post and you'll have a closer figure (as if the numbers I 'worked out' weren't big enough)

On the basis of an 8 character password, where each letter can be 1 of 62 possibilities (a-zA-Z0-9) that is 9.807971461541689e+55 possibilities.

Or 62^8, or 218,340,105,584,896 possibilities...

i was able to get 650 attempts per second with my laptop alone and I have 5 exactly the same

Ok, 5 of them, assuming you figure a way to start at a certain position and not just do the exact same on all 5 would be 3,250/second.
or 3,639,001,759,748.26 Seconds,
or 60,650,029,329.13 Minutes,
or 1,010,833,822.15 Hours
or 50,541,691.10 Days
or 138,470.38 Years
(please correct me if my math is wrong, its the end of a long day :))

Either way, it will take a long time with a PC (or PCs) like yours.

Oh, and in response to your actual question:

Is there any way to get my PHP app to generate passwords in sequence

Yes.

Very informative :)

I will remember this one for future reference. Rep+ for you all :)

The last part should be

$result = mysql_query("SELECT url FROM blacklist WHERE url = '$hostname'");
if (mysql_num_rows($result) != 0) {
  echo 'URL already in DB';
} else {
  for ($i = 0; $i < $hrefs->length; $i++) {
    $href = $hrefs->item($i);
    $url = $href->getAttribute('href');
    echo $url.'<br />';
    $query = "INSERT INTO spider (url, site) VALUES ('$url', '$hostname')";
    mysql_query($query) or die('Error, insert query failed');
    $query1 = "INSERT INTO blacklist (url) VALUES ('$url')";
    mysql_query($query1) or die('Error, Blacklisting failed');
  }
}

Any chance you can post some more of the script, for example what $hrefs contains?

I dont think that will work, but if you post up some more it would be easier to provide a decent response/suggestion.

Make another column in the database for hostname (call it whatever you like) and store the result of $hostname[1] in there.

Then when a new URL is submitted, get the hostname, and see if it already exists in the database, for example:

preg_match ('@^(?:http://)?([^/]+)@i', $addtolist, $hostname);
$site = $hostname[1];
$result = mysql_query("SELECT `hostname` FROM `spider` WHERE `hostname` = '$site'");
if (mysql_num_rows($result) != 0) {
  // Hostname already in db
} else {
  // Not in the db
}

From what I have seen of your posts, your database contains URLs

You could use regex to strip everything from the name so instead of http://www.something.com/somepage.somefile you have something.com, store this in another column in the table, and on submission, strip everything from the submitted URL as above and see if it is already in the db, if it is, throw an error.

The first line you posted will run the query, so the if statement will always return false as the row is already deleted, change

$sql1 = mysql_query("DELETE FROM spider WHERE url='$addtolist'");

to

$sql1 = "DELETE FROM spider WHERE url='$addtolist'";

Try

mysql_query("INSERT INTO `list` (`title`, `url`, `description`) VALUES ('$title', '$addtolist', '$description')");
mysql_query("DELETE FROM `spider` WHERE url='$addtolist'");

The problem is that you have specified the height and width for the div, not the image, the div will auto expand to allow its contents no need to assign height/width in this case. Move the height and width into the img tag.

<div style="text-align: center;"><img style="height:32px; width:32px;" src="<?php echo $row_reclog['picture']; ?>" alt="" name="loginimg" border="0"></div>

The code posted by ShawnCplus would show the image and scale it down to 32x32.

Do you get the image path from the database? or are you storing the image itself in the database?

I am not sure exactly what you are asking, but I see no reason why the code from ShawnCplus won't work, post up your code onto the forum to see if anyone can spot the problem, and as said HTML issues can go to the HTML board (this will likely go there as it seems to be with displaying the image, not with retrieving the path)

Whats with the

session_start();
?>
<?php
if

You dont need the ?> and <?php there, it is likely that the line break after the ?> is causing the issue, remove the closing and opening tags altogether.

Also, you will want to look at your query, never put POST values into a query.. Sanitise them first otherwise you leave your script open to a very basic attack.

Add a friends table to the database, with something along the lines of the following:
id: int - Unique ID, auto increment.
user1: int - ID of the user who sent the friend request
user2: int - ID of the user receiving the request
status: bool - Whether or not the request has been accepted

Query this table for records where user1 or user2 are equal to the logged in user ID.

Think of it as a duplicate table to the forums, its similar - just a few changes:
Heres a very basic table:
message_id: int(10), auto_increment, primary - Message ID
message_from: int(10) - ID number of the user the message is from
message_to: int(10) - ID of the user the message is to
message_title: text - Title of the message
message_content: text - Message body
message_sent: int(11) - Timestamp of the date/time the message was sent

Thats probably the bare minimum you can get away with, when the user goes to view their messages, just search the db for records where the column message_to is equal to the id of the logged in user. You can expand it to add bool values for if the message has been read or replied to for example.

Also, looking at the structure of the tables you posted, it would be beneficial to change your datetime fields to int(11) and just store the timestamp in them. This can help with performance, especially on larger databases or if you search by these values.

Since this would probably be against Adsense Policies, I doubt you will get any help.

Encouraging clicks

In order to ensure a good experience for users and advertisers, publishers may not request that users click the ads on their sites or rely on deceptive implementation methods to obtain clicks. Publishers participating in the AdSense program:

* May not encourage users to click the Google ads by using phrases such as "click the ads," "support us," "visit these links," or other similar language
* May not direct user attention to the ads via arrows or other graphical gimmicks
* May not place misleading images alongside individual ads
* May not promote sites displaying ads through unsolicited mass emails or unwanted advertisements on third-party websites
* May not compensate users for viewing ads or performing searches, or promise compensation to a third party for such behavior
* May not place misleading labels above Google ad units - for instance, ads may be labeled "Sponsored Links" but not "Favorite Sites"

Make another column in the database and store a timestamp in it when the user logs in (much better than a formatted date anyway) and then work out this time yesterday

<?php
// Find out the timestamp for yesterday
$yesterday = time()-86400;
if($timestamp_from_db >= $yesterday) {
  // User logged in within the last 24 hours
} else {
  // User has not logged in within the last 24 hours
}

If you want to go further than 24 hours, add another 3600 to the 86400 for each 24 hours.

Seeing as you have the username already in a session $_SESSION['MM_Username'] = $loginUsername; , why not just use this in the query?

If you decide to do that you will need to use Session/Cookie/POST data to tell the server what the product is, as you have have 2 or more products with the same name - this will cause issues if you just have the product name.

Send the product id as POST data or assign it to a cookie or the users session and run the query from there (of course, make sure you sanitize/clean the data before the query)

To echo the values of the array you would need another foreach:

foreach ($final as $var) {
  echo "HTML code or other items " . $var;
}

You could also put the database query within the foreach so that it does it for each one.

Try using an array:

foreach( $raw as $key ){
  $final[] = $key;
}

This will put each result into the array.

i think that is the site trying to parse the url. not the code.

Possibly, we'll need the OP to confirm that :)

Also, I will point out that there is no sanitation of the values.. Never a good idea to put POST data directly into SQL or such without checking what the user has actually entered.

Do you notice anything wrong with line 41?

$yoursite = ‘[url]www.sitename.co.za’;[/url]

The code from formtoemail.php may help here

For the title, do this in each file:

define ("PAGE_TITLE", "Title for the Page");

And in common.inc put something like:

<title><? echo PAGE_TITLE; ?></title>

For the Meta tags, you could put together an array on each page like follows:

$page_meta_tags[] .= '<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />';
$page_meta_tags[] .= '<meta name="description" content="stuff here" />';

And then in common.inc

foreach($page_meta_tags as $value) {
  echo $value;
}

This may need adjusting for your application, just an idea..

Try removing the $row line from the top if there is no URL variable, and add the while into the body. for example:
Head:

if (!isset($post)) {
$result = mysql_query ("SELECT * from blog ORDER BY blog_id DESC") or die(mysql_error());
$page_title = "Welcome to my Blog!";
} else {

And Body:
change

} else {
echo "<h1>" . $row['blog_id'] . "-" . "<a href='?b=" . $row['blog_id'] . "'>" . $row['blog_title'] . "</a> </h1><br>" . nl2br ($row['blog_body']) . "<br><br>";

}

To:

} else {
while ( $row = mysql_fetch_assoc ( $result ) ) {
  echo "<h1>" . $row['blog_id'] . "-" . "<a href='?b=" . $row['blog_id'] . "'>" . 
  $row['blog_title'] . "</a> </h1><br>" . nl2br ($row['blog_body']) . "<br><br>";
  }
}

$row will be empty with the way you are doing this, you will need at a minimum:

$result = mysql_query ("SELECT * from blog ORDER BY blog_id DESC")or die(mysql_error());
$row = mysql_fetch_assoc ( $result )or die(mysql_error());

This way the $row will be set and can be used. This will need to be done for all queries.

Also, $post = $_GET['b']; is NOT good practice, anyone can put anything into the query string and it will be included in the sql query. Do some validation on the input, for example:

if (is_numeric($post)) {
  // Code if is numeric value
} else {
  // Tell them off for entering a non-numeric value.
}

If you do not have users logging in you could use cookies to store the time/date they last accessed the site for this.

What is the error it is throwing at you? If it is giving a syntax error it will give the problem and the line number.

Is the included file just basic PHP, or does it have classes/functions in it, if the file uses functions you may need to register the variable as a global variable within each function you want to use it in.

Otherwise, post up your code so we can see what you are doing.

Can you clarify this:

(e.g. john smith, NOT john or smith which is what I want.)

Do you want to look for john OR smith or are you looking for john AND smith?

Also, this may help: http://www.iamcal.com/publish/articles/php/search/

Sorry, my mistake. This would work for what you want to do, I misunderstood things..

Although, rather than having the query spread over 2 lines, you may as well remove the $sql_query .= and put it all onto one line.

To update:

foreach($_POST as $key => $value) {
	if ((is_numeric($key)) && ($value > "")){
	//Do some validation on the data in the field here
		$sql_query = "UPDATE table_name SET";
		$sql_query .= " `column_name` = '".$value."',";
	//Remove the final , from the query
		$sql_query = substr_replace($sql_query, "", -1);
		mysql_query("$sql_query WHERE `id` = '".$key."'")or die(mysql_error());
		echo $sql_query;
	}
}

This would be ok for just updating 2 columns in the DB, but if you look at the code, you have

$sql_query = "UPDATE table_name SET";
		$sql_query .= " `column_name` = '".$value."',";

inside the foreach loop, this isn't needed, what it is doing is each time you run through the foreach it is executing an sql query, so if you have 2 fields it is running 2 queries..

I would suggest trying it as it was in my post:

$sql_query = "UPDATE table_name SET";
foreach( $_POST as $key => $value) {
if ((is_numeric($key)) && ($value > "")) {
	//Do some validation on the data in the field here
		$sql_query .= " `column_name` = '".$value."',";
}
}
//Remove the final , from the query
$sql_query = substr_replace($sql_query, "", -1);
mysql_query("$sql_query WHERE condition_here")or die(mysql_error());
?>

Basically your code will do run 2 seperate queries:

mysql_query("UPDATE table_name SET `column_name` = '$value'");
mysql_query("UPDATE table_name SET `column_name` = '$value'");

rather than running it all at once after the loop:

mysql_query("UPDATE table_name SET `column_name` = '$value', `column_name` = '$value'");

Something like this would echo textboxes with the database values:

<form action="pagename.php" method="post">
<?
$sql_query = mysql_query("PUT THE SELECT QUERY HERE")or die(mysql_error());
$sql_results = mysql_fetch_assoc( $sql_query )or die(mysql_error());
foreach( $sql_results as $key => $value) {
  echo "<input type=\"text\" value=\"$value\" name=\"$key\" /> <br />";
}
?>
</form>

Then to put it back in the database something like:

<?
$sql_query = "UPDATE table_name SET";
foreach( $_POST as $key => $value) {
  //Do some validation on the data in the field here
  $sql_query .= " $key = '$value',";
}
//Remove the final , from the query
$sql_query = substr_replace($sql_query, "", -1);
mysql_query("$sql_query WHERE condition_here")or die(mysql_error());
?>

There is no data cleansing or validation in the above script, this leaves your code open to injection, make sure you validate any input before processing it.

Make a script with something like:

$table="abc";
mysql_query("TRUNCATE $table");

This removes all entries from the table and resets the auto-increment to 0.

You could setup a Cron Job to run the script at set intervals.

Edit: Not recommended if you are using transactions as this is not able to be rolled back.

This will be some line on your script is missing something, such as a " ' ; } or similar and as there is nothing after line 246 it is encountering an unexpected end of file when it tried to read line 247 (even though that line does not exist, it is saying it is expecting something) can you post/attach your most recent code.

Make sure you have the GD library installed/configured on your server to use the first example.