Another suggestion: If you are worried about search engines accessing pages other than the first, you can either set the robots.txt to allow a web spider access to the first page of every article. You might also want to try setting up a simple script that you include on pages other than the first that checks if the referrer is from a search engine and add some Javascript to manually force Google Analytics to track the user.
If you are satisfied with your solution to the problem, I ask that you close the forum and continue to post on the DaniWeb forums!
1. Notepad++ or Dreamweaver (I know! But for some reason I have stuck with it) 2. Well I use my own PHP libraries for handling MySQL and I prefer jQuery, but I'm also working on my own JS library! 3. None! Hate frameworks! They make things way too complicated (Besides, why not stick to what I know instead of trying to teach myself Cake Php). 4. Nope....
If you are attempting to create an IE compliant page you may also want to look into IE conditional comments. Anything between them is only shown by the appropriate version of IE.
I am sorry about upload nudity images in my orkut account, I was not knowing about your terms and conditions.
So, I request you to please reactivate my orkut account so that I can delete that nudity photos from my account and promise you that I will never ever break the rules of all google account which i access
Regards, Vijay
Wow! Haha! :D Uhh..I think you have the wrong forum!
Can you please describe the exact functionality you are looking for in this script? It really helps to be descriptive!
Well by simple logic, why not assume that one unique view is viewing the first page of an article. If so, why not just count the unique views on the first page of each article.
A note about search engine bots: Most search engines identify themselves with a special HTTP header. If you can write your own unique view counter (Cookies will work; it's how Google does it!), simply set it to ignore search engine spiders. Googlebot uses the Useragent String "Googlebot", so simply ignore the view counter when the $_SERVER['HTTP_USER_AGENT'] is "Googlebot".
Side Note: I would strongly advise against using an IP to track a user. First, if a user is on a large network running through a central router, all the computers on that network would have the same IP address. Large businesses and colleges usually have several IP addresses, but not a unique IP for each computer. This means that if 100 unique people on one network view an article once in a 24 hour period, it will only register as 1 unique view, instead of 100. Beyond this, IP addresses are easily masked. Users can hide behind a proxy or use a client such as Tomato to change IP addresses.
It's probably a missing header, IE is always picky! One thing to note though if what if I was a user and I entered "htdocs/index.php" or "www/index.php"? With some luck you script would print out the code stored inside the index.php file (The browser would confuse it for a PDF, but any advanced computer user could fix this). I would suggest altering you code a little:
$file = str_replace("/", "", str_replace("\", "", $_GET['file'])); //Safe file name
In PHP it's fairly simple to connect to your MySQL database:
//Start by connecting to the database or die showing MySQL Error
mysql_connect("localhost", "USERNAME", "PASSWORD") or die(mysql_error());
//Next select the database or die again showing the MySQL error
mysql_select_db("DATABASE NAME") or die(mysql_error());
$result = mysql_query("SELECT * FROM query"); //Perform a query
//Cycle through rows with mysql_fetch_array, passing the query result
while($row = mysql_fetch_array($result))
{
echo "Row: " . $row['column_name']; //Echo a column from the row
}
These are the basics to MySQL in PHP. For a more detailed tutorial on MySQL, I would suggest W3Schools MySQL Tutorial. After that, explore the PHP MySQL Tutorial on W3schools for more detailed information. Good Luck...and be sure to post any MySQL or PHP related question to the forums!
Try this..you need some quotes (You also need a form action..which can be easily fixed by PHP_SELF which will insert the name of the current PHP page):
If you have moved this question to the proper form, I just ask that you mark this thread as solved, unless of course you have another question! Good Luck with AJAX!
Man, I think he means maybe using some AJAX to fetch results instead of having to request a new page. For that one, you would need to see the JavaScript forum, man! :D
Looks like your dealing with WordPress! I'm not sure how you can get the is_sticky() outside of the have posts loop. The only thing I can think of is using absolute positioning in CSS and creating a table where the is_sticky() is and then position it at the top of your page where you want the sticky to be:
#sticky { position: absolute; top: 100px; } /* Position it 100px from the top of the page */
Then the only thing you would have to do is add some margin on the element below or above where the sticky would be placed so the absolutely positioned table won't overlap anything.
You need to connect to a database (Such as MySQL) then perform the queries in your arrays (You also need to unescape the quotes after the "tfr", it will stop the query from working). Try something like this:
<?php
//Why do all three of these have the same name
//Is it your intention to reset them three times?
$qualifiers_array[0] = "SELECT * FROM table WHERE trk is not null AND WHERE tfr = '1'";
$qualifiers_array[1] = "SELECT * FROM table WHERE tfr='2'";
$qualifiers_array[2] = "SELECT * FROM table WHERE tfr='3'";
?>
You can check for a search by the employee's name. Then you can check for a space. If there is a space you can split the two names with explode and then perform a query that matches first and last name. If there isn't any spaces only perform a query for the first or last name (Depending on what you want).
<?php
if(isset($_POST['searchType'])) //Check first, get values later
{
$method=$_POST['searchType'];
$search=$_POST['query'];
switch ($method)
{
case 'EmployeeFName': //Switch is not like if...you don't need an expression, just a value will do
if(empty($_POST['query'])) exit("Please Fill in a name of an employee you want to search. Click <a href=search.php>here</a> to go back.</p>");
else
{
echo"<i>Your search for {$search} had the following results:</i>";
//Here's the magical splitting of the names
$arr = explode(" ", $search);
$search_first = $arr[0];
$search_last = $arr[1];
$query = mysql_query("SELECT * FROM Employee WHERE EmpFName = '".$search_first."' AND EmpLName = '".$search_last."'");
$result = mysql_query($query);
if(mysql_num_rows($result)==0) echo exit("<font color='red'>No Record Found</font>");
echo"<table class='full'>";
echo"<th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
while ($row = mysql_fetch_array($result)) //Ohh! You can only fetch from a result RETURNED by mysql_query, not the actual query
{
//No need to setup individual variables...just use the $row array!
echo"<tr><td class='view'><form action='employee.html' method='post'><div><input type='submit' value='View' class='button' /></div></td><td name='userID' class='id'>".$row["EmployeeID"]."</td></form><td name='userName' class='record'>".$row["EmployeeFName"];." ".$row["EmployeeLName"]." </td><td name='userTitle' class='record'>".$row["EmployeeTitle"]."</td><td name='userTeam' class='record'>".$row["EmployeeTeam"]."</td><td name='userDept' class='record'>".$row["EmployeeDepart"]."</td></tr>";
}
}
break;
//And on, and on, etc.
}
}
function mysqlConnectAndSelect()
{
checkLogin();
sqlConnect();
mysql_select_db("titans", $con);
}
?>
There are also lots more problems beyond this one. I'd be glad to fix them all for …
Alright then, have you replaced all your files (for this project) with one file called paycheck.php and added only my code to it. Line 10 is the end of the first if block. I tried it on my XAMPP and it worked perfectly and didn't have any errors. (And the reason why the form is being filled out again is because a value is missing...it simply fills in the values you gave it and leaves the other required ones blank). On a side note: Don't worry about all the questions. When you are new to a language it's hard at first, but you'll get it eventually and maybe answer people's questions on DaniWeb!
EDIT: One little fix that I just remembered. It shouldn't fix your error, but it should fix and output problem:
<html>
<head>
<title>Paycheck Calculator</title>
</head>
<body>
<?php
//If the form has been submitted
if($_GET['submit']=="Submit"&&isset($_GET["hoursWorked"])&&isset($_GET["wagesRate"]))
{
//Return the paycheck and give user the option to calculate again
echo "Your Paycheck is: <b>".(($_GET["hoursWorked"] * $_GET["wagesRate"]) + (($_GET["hoursWorked"] - 40) * $_GET["wagesRate"] * 1.5))."</b><br/>\n<a href='paycheck.php'>Calculate Again</a>";
}
else
{
//Else return the form with the values that need to be filled
echo "<form action='paycheck.php' method='get'>\n <label for='hoursWorked'>Hours Worked: </label><input type='text' name='hoursWorked' value='".$_GET["hoursWorked"]."' /><br/>\n <label for='wagesRate'>Wage: </label><input type='text' name='wagesRate' value='".$_GET["wagesRate"]."' /><br/>\n <input type='submit' name='submit' value='Submit' />\n</form>";
}
?>
</body>
</html>
Well first I see a huge gaping security hole! Never, never use a variable for the table name (Unless the user has no control over this variable, meaning nowhere is it set from a $_GET,$_POST , or $_REQUEST value). I would also escape all variables with mysql_real_escape_string() . Beyond that, this code isn't working due to a input error. Try printing the query before submitting it to see if there are any problems. Run this printed query through PhpMyAdmin and see if it throws up any errors.
echo "UPDATE ".$table." SET ".$sub_code."='".mysql_real_escape_string($marks)."' WHERE r.no='".mysql_real_escape_string($r_no)."' LIMIT 1";
I would also suggest being more specific about getting variable from forms. Use $_GET[] for get requests and use $_POST[] for post requests. Also, there is one more problem involving the $paycheck variable. You set the x variable to be the value of paycheck, then you do some calculations, but only show the original paycheck variable. Did you mean to set paycheck to the value of the calculations and then show that variable?
No, and I wouldn't have a clue to why this belongs in the PHP forum on DaniWeb. Are you possibly looking for mafia wars on Facebook? Maybe just try Googling "Online Mafia Game".
<?php
session_start();
$slugtalk = "I may not move fast but I can still slug you.";
$slugtalk.= " I'm a slug...\n";
for ($i=0;$i<6;$i++) {
if ($i==round($i/2)) {
$slugtalk.=$slugtalk;
} else {
$slugtalk.="Hey, how about me!\n";
$slugtalk.='Testing';
for ($v=1;$v<=$i;$v++) {
$slugtalk.=' '.$v;
}
$slugtalk.=".\n";
}
}
$DB = mysql_connect("localhost", "user", "pass") or die("Slug Squashed!");
mysql_select_db("someDB") or die("The slug was too slow!");
$res = mysql_query("SELECT id FROM `table` WHERE slug='".mysql_real_escape_string($slugtalk)."'");
$results = new array();
while($arr = mysql_fetch_array($res))
{
$results[] = (int)$arr['id']+count($results);
}
<?php
session_start();
$slugtalk = "I may not move fast but I can still slug you.";
$slugtalk.= " I'm a slug...\n";
for ($i=0;$i<6;$i++) {
if ($i==round($i/2)) {
$slugtalk.=$slugtalk;
} else {
$slugtalk.="Hey, how about me!\n";
$slugtalk.='Testing';
for ($v=1;$v<=$i;$v++) {
$slugtalk.=' '.$v;
}
$slugtalk.=".\n";
}
}
$DB = mysql_connect("localhost", "user", "pass") or die("Slug Squashed!");
mysql_select_db("someDB") or die("The slug was too slow!");
mysql_query("SELECT id WHERE slug='{$slugtalk}'");
Sure. Everyone just adds a line...but after the second post, there really wasn't anything that could be done....but we can ignore that post:
<?php session_start(); $slugtalk = "I may not move fast but I can still slug you."; $slugtalk += " I'm a slug...\n"; ?>[code=PHP] <?php session_start(); $slugtalk = "I may not move fast but I can still slug you."; $slugtalk += " I'm a slug...\n"; ?>
So you want to have a user upload an image that will be stored in a folder and then recorded in a database? Then you want code to be able to retrieve that image? Is that correct?
Since you didn't give your email address, nor did you specify the address to CC to I've just put a empty mail function there. If you can provide a email addresses I can help you out. For more on mail() see the PHP.net documentation.
<?php
if($_POST['submit']=="Submit"&&!empty($_POST['name']&&!empty($_POST['phone'])&&strlen($_POST['phone'])>10&&!empty($_POST['email'])&&#
preg_match('/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/',$_POST['email'])&&!empty($_POST['comments']))
{
//Form is Valid
echo "Thanks! Your submission was sent!";
mail(); //<--Will Not work!! You need a email address, a subject, a body, and headers
exit(); //Prevents user from seeing the form again
}
?>
<html>
<head>
<title>Form Submission Test</title>
</head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<label for="name">Name: </label><input type="text" name="name" value="<?=$_POST['name']?>"><br/>
<label for="phone">Telephone: </label><input type="text" name="phone" value="<?=$_POST['phone']?>"><br/>
<label for="email">Email: </label><input type="text" name="email" value="<?=$_POST['email']?>"><br/>
<label for="radio">Radio Button</label><input type="radio" name="radio" value="radio1'"><br>
<label for="comments">Comments: </label><textarea name="comments"><?=$_POST['name']?></textarea><br>
<input type="submit" name="submit" value="Submit"> <input type="reset" name="reset" value="Reset">
</form>
</body>
</html>
Also, I believe the problem was that instead of $links , %links as used, but your solution provides a safety if there are no rows returned (Which is a good thing to have!).
The proper use of this would be declaring the $link variable as an array before you start looping through the array results of the query. Your code should look like this:
$result = mysql_query($sql); //Make sure to use a semicolon at the end of a line, not a colon!
$link = array(); //Here is where you declare the array
while ($row = mysql_fetch_array($res))
{
//$row[tableLegends]; <---Not sure what this is for, and since it doesn't appear to have a function I commented it out
$link[] = $row; //You were right by approaching this with $link[] and not $link, if you used $link then link would only contain the value of row and won't be an array of the rows
}
Also looking at your foreach code, what is %links . Don't you mean $links :
As long as you don't use the $_GET[] variable without sanitizing or replacing html entities you should be safe. If you don't use it, there's no way for it to be hacked!
You probably should use htmlentities as it is a function that is packaged with PHP and therefore does a lot more then replace the < and >. In fact, htmlentities escapes all characters that have HTML "entity equivalents" (> or < for example). Since htmlentities does a lot more then my two str_replaces, I would use htmlentities. Off the top of my head, I can't think of anything else if you've tried something similar to my unique key system (and removed that cookie that stores the user's password!).
It's very possible. mysql_real_escape_string() only escapes special characters such as " and ' that can make your queries vulnerable to a MySQL injection. Inserting script into a query is not MySQL injection as it doesn't affect the database. The danger is when other people view a page that uses this content. The script can get cookies from the user such as password and username and send them to script on their site that saves them. To protect again this all you have to do is escape < and > with their HTML equivalents ( < and > ):
Well for the users table in your MySQL database add a new column called session id. When the user logs in, create a long random string (unique key) to save as a cookie on the user's computer and in the user's row in the MySQL database (You would put it in the column you created for the unique keys). Then on every page where you authenticate the user, add code to create a new random string (unique key) and change the key in the cookie and the database to the new one you just created. This way you won't need to store a password in a cookie. You will only need to store the username and the unique key as a cookie on the user's computer (and add a column to your users table for the keys). To authenticate, check the username and the unique key and then regenerate the unique key.
I don't think you understand where you are supposed to escape the string. The function should be used right before the variable is inserted into the database. This was if a user didn't fill out a field, they won't have to wait for the escaping of all the variables before they are validated (It could save a few milliseconds, but probably won't matter that much). Where you are getting the error, I would use:
Well, it doesn't appear anything is wrong. (I do agree, you should use mysql_real_escape_string() in your registration script too). I must say, it is a huge security flaw to save passwords and other sensitive data in a SESSION variable. It would be much better if you have each user a unique key that changed every few minutes and stored that in a SESSION variable instead of the password. Since you code looks fine to me, what errors/problems are you seeing with this script?
You will know if magic_quotes_gpc is on by asking your host (If they have the latest version of PHP it shouldn't be!). That might not be it. The only way for us to help you is if you post your code.
Well what kind of files would you be uploading. Images? Document? Presentations? Some of these are extremely easy to view as html. For most images (except for PSD's and others that won't display in a normal browser) all you have to do is just output a simple HTML document and use the img tag to include the image in it. For non-supported formats of images, you will need to convert them to a more standard format such as PNG or JPG. This can be done simply by Googling for a php PSD to PNG converter. The same goes for any kind of document. You can find PDF to HTML converters, you can find Doc and Docx to HTML converters. All you have to do is search Google for all the file types you would like to support. I've found some of these PHP converters for you:
Well this is definitely an improvement! I believe you problem lies in the fact that the passwords in the database aren't hashed using md5(). You need to create a temporary PHP file on your site with just one line of code:
echo md5("password here");
Then all you have to do is go through you your databases passwords and plug them into the md5 function. After that just replace the old password with the new hashed string. (It is important to make sure that the row that holds passwords can handle a hash. If it is a Varchar it needs to be at least 32 in length). Next, you might need to know if your host has magic_quotes_gpc on (Chances are your host has it on). If so, on the server you will need to change the code so that before you mysql_real_escape_string() a string that you pass it through stripslashes:
The reason for this is that when magic_quotes_gpc is on, most strings will automatically be escaped already (but not escaped for MySQL!). You will need to use stripslashes() before you use any MySQL escaping functions on it, so that the string is unescaped. This may sound confusing (In fact, it's been deprecated in PHP 5.3 and will be removed in PHP 6), but I believe this could be your solution.
Ok this makes much more sense! I'll take a look and see if I can come up with something. One question: When you click submit, do you want PHP to show the background and text combined together into an image, or replicate the table on the forum page?
No you don't use stripslashes() after you use mysql_real_escape_string() . You use it when you get the data back from the database. If you remove the backslashes, you are allowing a MySQL injection. You have to simply live with the backslashes and then when you get one of the row that is backslashed, you can use strip slashes to remove the backslashes. Here's an example: insert.php
<?php
mysql_query("INSERT INTO table (id, value) VALUES(NULL, '".mysql_real_escape_string($POST['value'])."')");
?>
Koyel555, I think you might need to give your controls some more thought. You say there are several divs and several factors (font, color, size) but you only mention one control - a select menu.
It depends exactly what you want but you may need one menu per div, and possibly one menu per factor per div.
Another way of diing it would be to have a single set of controls (one per factor) and a way to signify an "active" div on which they operate - one div at a time.
It is certainly hard to see how a single select menu would offer adequate control.
Airshow
Ahh....yes! I clumsily forgot to place .style before the .color or any other property. :D Wouldn't be the first time... ;)
I'm not sure if this can be done in JavaScript, because printing involves browser-controlled dialogs and there can be other complications such as the printer being off. You could set a timer and estimate with setInterval() .
I am using session as of right now if you noticed but I get what your saying so my cookie would be something like this..
$_COOKIE['email_address']=."$email_address".
or would that not be correct?
Also as of right now I am just in testing stages of the site so there is no md5 as of right now. Just trying to get a working login script then will modify it for more security.
That would be correct. To get the email you would use $_COOKIE['email'] and you would obtain the password with $_COOKIE['password'] . Your problem is in the home.php script you are getting these values using $_POST . In home.php, you need to use the Cookie method I talked about above.
So that I understand correctly, the PHP code you've given is for login.php. If so, remove the @ before the mysql query function and see what error comes up. It will help to know if the problem is with your query (That is if the problem is with the login.php and not home.php).
Do you mean you want Google to index your forum? If so, this is a process that you will have to wait for. Google follows links on other sites, so when the Google Bot finds a like to your site it will follow it to your forum. Most people don't know this, but Google might have already indexed their pages. Do a Google search for site:[YOUR URL HERE] to see if your site has already been indexed. If not, you can submit it on this Google Submission Page. Make sure there are links to your site though. Place it in your forum signature, spread the link around the web, tell people about your forum, and you should have a higher page rank and a better chance of being #1 on a Google search for your forum. It might be a good idea to submit to Bing and Yahoo. Even though they aren't as popular, you will have a better chance of being found.
Google Docs and HTML are two different things. Do you want a link that shows the HTML of a document or do you want a link to view the document in Google Docs?
It would help if you could use some clear and exact English so that we can all understand your question. First off, why are you placing DIV's inside of a table? TR's belong in a table and TD inside that. Why not use a bunch of DIV's? How is the background being changed? Couldn't you just create in invisible text field containing the address of the background image since it is dynamically created?
