Posts by Will Gresham

Click

Plenty of guides (and ready made open source code) online if you actually search for it.

Looking at your code, I think you have your variables in a mix:

echo '<a href="' . $row['thumb']. '"><img src="' . $row['url']. '" /></a>';

Would output (for row 1)

<a href="001.jpg"><img src="001.php" /></a>

Swap over the variables so that the thumb is in the img tag and the url is in the a tag.

Have you tried echoing $addtolist to make sure that it contains the value expected?

Try

mysql_query("INSERT INTO `list` (`title`, `url`, `description`) VALUES ('$title', '$addtolist', '$description')");
mysql_query("DELETE FROM `spider` WHERE url='$addtolist'");

Had another look, you should define $directory as a global in the functions, just as the $thmb and $columns variables are.
Also, use a relative directory, change $directory = "G:/xampp/xampp/htdocs/"; to $directory = "."; and see if you get the correct output.

Best way to convert the dates:

// Get the data from the database
$new_date = strtotime($date_from_db);
// Insert the date back into the database

It would be worth checking the date is converted correctly before updating the db, if all your dates are in the same format then you should check a random 2 or 3.

You should always check the data just before it is entered into the SQL query, especially with POST and REQUEST values, so it is not a bad idea to check this twice (even though you are using sessions).

It may also be a good idea to restrict the characters in the username, so if you only want to have alphanumeric characters and select symbols then use preg_replace() to stop entry of anything else.

I beleive what he meant was this:
in your code (below with line numbers for reference) the loop is started on line 5 and ended on line 27, the <select> is started on line 12 and ended on line 24, you need to have the <select> before line 5 and </select> after line 27. If that makes sense.

At the moment what it is doing is looping (which it should be) but since the <select> is within the loop it processes this every time it loops through, it should be:

<select>
{start_loop}
//looping here
{end_loop}
</select>

{* Generate the list of attribute values *}
		<p class="attributes">
		
		{* Parse the list of attributes and attribute values *}
		{section name=1 loop=$obj->mProducts[k].attributes}
		
		  {* Generate a new select tag? *}
		  {if $smarty.section.1.first ||
		      $obj->mProducts[k].attributes[1].attribute_name !==
			  $obj->mProducts[k].attributes[1.index_prev].attribute_name}
			{$obj->mProducts[k].attributes[1].attribute_name}:
		  <select name="attr_{$obj->mProducts[k].attributes[1].attribute_name}">
		  {/if}
		  
		    {* Generate a new option tag *}
			<option value="{$obj->mProducts[k].attributes[1].attribute_value}">
			  {$obj->mProducts[k].attributes[1].attribute_value}
			</option>
			
		  {* Close the select tag? *}
		  {if $smarty.section.1.last ||
		      $obj->mProducts[k].attributes[1].attribute_name !==
			  $obj->mProducts[k].attributes[1.index_next].attribute_name}
		  </select>
		  {/if}
			
		{/section}
		</p>		  
	  </td>

Something like this would echo textboxes with the database values:

<form action="pagename.php" method="post">
<?
$sql_query = mysql_query("PUT THE SELECT QUERY HERE")or die(mysql_error());
$sql_results = mysql_fetch_assoc( $sql_query )or die(mysql_error());
foreach( $sql_results as $key => $value) {
  echo "<input type=\"text\" value=\"$value\" name=\"$key\" /> <br />";
}
?>
</form>

Then to put it back in the database something like:

<?
$sql_query = "UPDATE table_name SET";
foreach( $_POST as $key => $value) {
  //Do some validation on the data in the field here
  $sql_query .= " $key = '$value',";
}
//Remove the final , from the query
$sql_query = substr_replace($sql_query, "", -1);
mysql_query("$sql_query WHERE condition_here")or die(mysql_error());
?>

There is no data cleansing or validation in the above script, this leaves your code open to injection, make sure you validate any input before processing it.

Make a script with something like:

$table="abc";
mysql_query("TRUNCATE $table");

This removes all entries from the table and resets the auto-increment to 0.

You could setup a Cron Job to run the script at set intervals.

Edit: Not recommended if you are using transactions as this is not able to be rolled back.

No, check line 28 of his sendemail.php script:

$attn = $_POST['attn'];

Also, he has been echoing the attn value and it is printing the correct item.

You can use a While statement to do this:

while($row=mysql_fetch_array($set)) {
  //Processing of the returned row
}

This will loop through the same amount of times as rows returned and the code will be run (in this case, 3 times).

The best way would be to obfuscate the code prior to uploading it to the server PC, by doing this there is no alterations needed to the operating system/accounts. Also, look at http://www.raizlabs.com/software/phpobfuscator/ since this one would probably require little change to your source code to get this working. Providing the server is running PHP5 this would be the easiest option.

So are you looking to put $_POST into $reference1 and $_POST into $reference2 etc. ?

If this is the case, use something lie:

foreach($_POST as $key => $value) {
 $$key = $value;
}

Note the double $ in there.

This effetively does the same as enabling register_globals although only with the $_POST array so ensure that the data is cleaned and validated before any processing is done on it.

Please use the code tags to put code on here.

From the information you provided it would not be possible to tell you what the issue is:
1. You have not said what is and what is not working
2. In the code you have posted you are using objects/variables which are not defined or described

In order to help we would need to know what the script is supposed to do and be able to see the classes and procedures used to populate the variables mentioned above.

This is fairly simple, use the RAND function in the SQL query:

$sql = "SELECT * FROM tablename WHERE somefield='something' ORDER BY RAND() LIMIT 10";

try doing this:

// Then i would have the line here, to be run again - second instance
$result = mysql_query($sqlQuery,$connect);
if(mysql_num_rows($result)>0) {
//Process second instance
} else {
echo 'No Data';
}

This will tell you if the query is actually fetching a row, if it is, make sure that you put the result into an array before trying to use it:

$data = mysql_fetch_array($result);