Posts by edwinhermann

Thanks! This has been informative to say the least and I apologize about the lack of details.

I DO know the names of all the variables, it's the values and the combination that I won't know.

The form is an order processing script, where the user selects one of the known products, selects if it's going to be Net30 or Credit Card, then submits information depending on Net30 or CC chosen as the payment method.

In that case you just build the logic by checking whether certain information has been submitted, e.g.

if (isset($_POST["FirstName"))

or whether it's empty:

if ($_POST["FirstName"] == "")

and other such logic.

Since I know the variables, I usually use:

<?php
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
// rest of post items...

And so on. The problem that I have with this is that I'm declaring all of the variables one-by-one and I feel that it's being far more tedious than it should be. I also feel that calling "$_POST" everytime I need it is excessive, but I may be incorrect on this one.

There are two approaches:

1. You can turn on Register Globals (see http://php.net/manual/en/security.globals.php) but I advise against it because of its security implications, and it's also just not a very clean method. Register Globals allows you to reference $_POST["abc"] as just $abc. You can probably guess the dangers of this. Also worth noting is that Register Globals is deprecated as of version 5.3.0 and removed in PHP 6.0.0, so even …

Your could should work but I don't see the link between processing the form variables at the beginning and the mailing code.

You might need to provide more information as to what you are wanting to do. The nature of your logic will determine the logic required in your code.

Just to clarify: If you know what the names of the POST variables will be you don't need the foreach loop. But (if I've understood you correctly) your form is dynamic and you don't know what the names of the variables will be, in which case the best thing to do is to use a foreach() loop.

If you DO know all the possible variable names, just that some might not be present, you can do it differently, like this:

$use_name = "";
if (isset($_POST["FirstName"])) {
  $use_name = $_POST["FirstName"];
  if (isset($_POST["LastName"])) {
    $use_name .= " ".$_POST["LastName"];
    }
  }
elseif (isset($_POST["Title"]) || isset($_POST["LastName"])) {
  $use_name = $_POST["Title"]." ".$_POST["LastName"];
  }
else {
  $use_name = "Customer";
  }

and later in your code when you send the email:

$email_message = "Dear ".$use_uame.",\nThank you for signing up to our newsletter....";
// more code to determine the rest of $email_message
if (!mail($email_to,$email_subject,$email_message,$email_headers)) {
  echo "An error occurred!";
  }
else {
  echo "We have sent you a welcome email.";
  }

The two pieces of code determine how to write the greeting line of an email. It will produce:
Dear John Smith (if both names are available)
Dear John (if only the first …

That would be the best way. You'd do something like this:

foreach($_POST as $name => $value) {
  switch ($name) {
    case "colour":
    // logic here to handle the colour
    break;
    case "size":
    // logic here to handle the type
    break;
    case "type":
    // logic here to handle the type
    break;
  }
}

foreach is the best way of stepping through an array (such as $_POST) to find all the values and keys

The site you showed uses images. Here's one of the rounded corner images on that site:
http://www.mtibwasugar.com/images/modtbo_t.gif

Rounded corners (other than by images) is something that is part of CSS3. Check out http://www.w3.org/TR/css3-background/

(!$var)

To extend on what @Calver said, it tests whether a variable is false.

The following variables will evaluated as "false":

1. NULL
2. Empty string
3. Boolean false
4. 0 (zero)
5. Non-existant variables

Sory for the bad code guys

It's just terrible, I feel sick just thinking about it.

Okay, I too have no idea what you're on about :D

hi, i've got a problem,
hmm...there are three groups (A,B, and C) and their IP address are:
A ==> 10.204.xxx.xxx
B ==> 10.205.xxx.xxx
C ==> 10.206.xxx.xxx

how to read an IP Address, but only for 2 octet, (10.204, 10.205, 10.206)?
I want to put them on index.php, so:
if user IP come from 10.204.xxx.xxx, it will directing to: www.portalA.com,
10.205.xxx.xxx www.portalB.com

The following will work so long as there's no proxy in the way. If there is, you'll need to first check whether $_SERVER["X_FORWARDED_FOR"] exists, and if so, assign $ip that value, otherwise assign S_SERVER["REMOTE_ADDR"].

Not all proxies forward on the original IP address, in which case it will be impossible to tell the real IP address.

However, if you're on a LAN or there's no proxy, the following will work:

<?php

$ip = $_SERVER["SERVER_ADDR"];
$twoOctets = substr($ip,0,strpos($ip,".",strpos($ip,".")+1));
switch ($twoOctets) {
  case "10.204":
  header("Location: http://www.portalA.com");
  exit;
  break;
  case "10.205":
  header("Location: http://www.portalB.com");
  exit;
  break;
  case "10.206":
  header("Location: http://www.portalC.com");
  exit;
  default:
  // put code here to cover no match
}

?>

.htaccess can password protect portions of your site. If your private pages are intermingled with public pages in the same directory, you can create a .htaccess file to go in the root of your Web directory, like this:

<Files private_*>
AuthUserFile /path/to/.htpasswd
AuthName "Private"
AuthType Basic
Require valid-user
</Files>

That means that any php files beginning with "private_" (e.g. private_showusers.php, private_editaccount.php) will be password protected. Note that with AuthType set to "Basic" means that your password is sent in the clear, so it's not particularly safe unless you do it over SSL (i.e. as part of https://)

The .htpasswd file takes the format:

username:hash

where "username" is the login name (you can pick one) and "hash" is the standard unix password hash of a password. If you don't know how to use crypt() on Unix, you can use PHP as follows

<?php echo crypt("mypassword","salt"); ?>

Replace "mypassword" with your password (pick one) and replace "salt" with two random characters (e.g. 6v or dR etc).

Alternatively, you can use this online tool to do it: http://www.functions-online.com/crypt.html

The .htpasswd file should live outside of the public Web directories, but be readable by at least the Web server process.

A better way is to have all your private pages in a directory of their own (rather than mixed in with public pages in the same directory), in which case the .htaccess file would go in the root of that private directory and you can …

You can't block those things. This applies to PDFs, images, any object embedded in HTML can be downloaded. Your browser must be able to download it in order to view it. Therefore, you can download it yourself if you use an alternative to the right-click method if that has been disabled by Javascript.

Disclaimer: Streaming content is different because it is not an embedded object. It's a stream of data continuously being transmitted. Streaming content is more difficult to capture, and depending on the format, sometimes impossible.

sure,I will love to play around with it.here it is that.
Note the image in the gallery in the upper part of it -
http://timesofindia.indiatimes.com/

I wasn't able to right-click, but I got the image by dragging it off the browser and onto my desktop. I've attached it as proof.

According to my Activities window in my browser, the URL of that image is http://timesofindia.indiatimes.com/photo/5105277.cms You can navigate to that URL to see the image.

None of this prevents people from copying images. It just means they can't do it via right-clicking. But there's nothing stopping them from dragging and dropping and image from the browser to the desktop, or disabling Javascript and then right-clicking to do a "save target", or to download the image by visiting the Activities window.

Again - here's a challenge: show me a Website that attempts to prevent people stealing their images, and I'll demonstrate how I can get them.

I'm sure printing can be restricted, but the save as copy simply can't because if I can read the bytes and store them in memory (in order to display the PDF), I can store them on disk. THat's nothing to do with the PDF itself. It's at the dat level underneath that.

If you can show me a PDF on a site which claims that it cannot be saved, post the URL here and I'll be happy to demonstrate how I can save a copy.

I'll leave it to someone else to address the print question, but about copying and saving - it's impossible to restrict this. If the browser can see the PDF data, it can be downloaded to the computer.

You have an extra tab character after EOSTYLE; (line 29 in your code above)

Delete that line and retype it, taking care not to add any extra characters after the semi-colon.

If you're wanting to encrypt it so that clients can't "steal" your code, then there are a number of solutions out there - codejoust has suggested one (zend encoder). Zend is apparently very good but very expensive ($600 I think).

There is also:

Ioncube - http://www.ioncube.com/sa_encoder.php ($199)
Source Guardian - http://www.sourceguardian.com/ ($199)
Nusphere - http://www.nusphere.com ($149)
PHPshadow - http://phpshadow.www.co.nz ($90)

Not sure why you're using define(). The syntax for define is define(name,value) which is clearly not how you're using it.

Don't you want echo() to actually output this text? And the "Navb" is completely out of context.

You need to explain how and where the content of line 2 is supposed to be used.

As ardav says, you need urlencode, but you should not use htmlentities. YOu only use htmlentities when you are outputting HTML. The header is not HTML - it's part of the underlying HTTP protocol.

You could always write your own function, like this:

function random_zfill() {
    $int = mt_rand(0,999999);
    for($i=0; $i<(6-strlen($int)); $i++)$zeroes .= '0';
    return $zeroes.$int;
}

$my_number = random_zfill();

Then why not just this:

function random_zfil() {
return sprintf("%06d",mt_rand(0,999999));
}

Hi,
I also faces this same problem then i found solution which i posted here...

$i=0;
$rand_no="";
while($i<6)
{
	$rand_no=$rand_no.rand(0,9);
       $i++;
}
echo "6 digit random no.".$rand_no;

I hope this code may help you
Thanks 
Tulsa

Or, a shorter version of what you've got is this:

$rand_no = rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9);
echo $rand_no

Just to add to Chris's reply, there's also PHPshadow (http://www.phpshadow.com) if you're deploying on Linux/BSD/Mac OS servers.

If you want to 'attach' a URL to your submitted data, the use GET. Otherwise use POST.

One example of wanting to have a URL (and therefore using GET) is as follows:
Let's say you have a news site. Each story has a unique ID. There is one PHP script which takes the ID, loads the relevant story from the database, and displays it. To view story 1283 you might visit the URL http://yoursite/viewstory.php?id=1283. Because it has a URL, it means that:
(a) people can bookmark it
(b) hyperlinks can be created for it (either on your site, or on some other site)

An example of where you wouldn't use GET is, say, for a login form.
A person enters their username and password, which is passed to a page called login.php which validates credentials and logs the person in. There is no need to have a special URL for such a page.

So in summary, the rule is: Unless you need to have a URL that incorporates the data, use POST.

That would only work if register globals is on. Also you have the following errors:

- erroneous backslash before the ampersand
- not using urlencode for URL variables
- not using the proper HTML representation for the ampersand

So try this:

echo "<param name='FlashVars' value='mp3=Slipknot-Duality.mp3&amp;bgcolor1=".urlencode($_GET["rgb"])."&amp;showinfo=1&amp;autoplay=0&amp;showstop=1&amp;showvolume=1'>";

That's a short way of assigning a variable a value that spans multiple lines and includes special characters that would normally interfere with the PHP language.

It's called NOWDOC (see http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc)

Consider this example:

$text = <<<SPECIAL_LABEL
The quick brown
fox jumps over
the lazy dog.
SPECIAL_LABEL

This assigns the sentence (including line breaks) to the variable $text.

The syntax is:

$variable = <<<LABEL
contents go here....
LABEL

So, in your example, the value stored in $post is:

<form method="post" action="">
</form>

unique, and random are mutually exclusive

They may mean different things, but they're not mutually exclusive.

For them to be mutually exclusive would mean that anything unique cannot be random and anything random cannot be unique.

It is actually possible to generate something that is both random and unique (the latter via a test against a history list).

000000
then

<?php $file = "/cgi-bin/countforms.bcnt";
$form_id = file_get_contents( $file ) + 1;
$fp = fopen($file, "w");
fputs ($fp, "$form_id");
fclose($fp); ?>
<input type='hidden' name='form_id' value='<?php echo $form_id;  ?>'>

Your code doesn't preserve the zero-padding. Changing this line:

fputs ($fp, "$form_id");

to this:

fputs ($fp, sprintf("%06d",$form_id));

would fix that.

You forgot a } before "catch". Try:

function connect($db_host,$db_database,$db_user,$db_pass) {
global $db_connection;
try {
  $db_connection = mysql_connect($DB_HOST,$db_user,$db_pass, true);
  if(!$db_connection) {
    throw new Exception('MYQSL Connection Database Error: ' . mysql_error());
    }
  else {
    $connection = true;
    }
  }
catch (Exception $e) {
  echo $e->GetMessage();
  }
}

You'll need to do the distance calculation in mySQL. It's not that hard - I've taken your code and run a quick test on my server.
The only thing is you haven't said what your database tables are like, so you'll need to modify the table name, table columns and the WHERE condition accordingly:

$units_multiplier = (strtoupper($distanceType) == "K") ? 1.609344 : 1.0;
$sql = "SELECT lat1, lon1, lat2, lon2, ( $units_multiplier * 60 * 1.1515 * DEGREES( ACOS( SIN(RADIANS(lat1)) * SIN(RADIANS(lat2)) +  COS(RADIANS(lat1)) * COS(RADIANS(lat2)) * COS(RADIANS(lon1 - lon2)) )) ) dist FROM db_table WHERE (...) ORDER BY dist ASC";

Here's the output from my test directly from the mySQL database:

SELECT lat1, lon1, lat2, lon2, ( 1.0 * 60 * 1.1515 * DEGREES( ACOS( SIN( RADIANS( lat1 ) ) * SIN( RADIANS( lat2 ) ) + COS( RADIANS( lat1 ) ) * COS( RADIANS( lat2 ) ) * COS( RADIANS( lon1 - lon2 ) ) ) ) ) dist
FROM test
ORDER BY dist ASC 

lat1	lon1	lat2	lon2	dist 
67	28	67.5	30	63.62514789654
44	36	45	36.5	73.351606232911
61.5	60	62	57.5	88.745649991595
21.5	50	22.5	52.5	174.41105163118
38	21.5	41	21.5	207.27
27	58	27	54.5	215.45183608755
23	64.5	22.5	69	288.77814017427
72	68.5	54	53	1325.6352829963

You've stated that you're already using database calls, so I haven't shown any further code on reading the DB results and displaying that - I assume you know that part.

Also, I haven't checked your actual mathematical logic - I assumed you've done your calculations correctly in PHP and converted it to mySQL code.

There is a way to specify this in HTML, but not all browsers adhere to it. Use the attribute accept in the <form> tag. Assign it comma-separated MIME types. For example:

<form accept="image/gif,image/jpeg" enctype="multipart/form-data" action="upload.php" method="post">

See http://www.w3.org/TR/html401/interact/forms.html#h-17.3 for more information.

Hello, I'm working on a recursive loop subcategory system. The code below is ALMOST where I need it. The last thing I'd like to do is indent each subcategory based on levels deep, rather than just separate by commas. I can't seem to wrap my head around it. Any suggestions?

Not sure if you're wanting to return HTML code or plaintext.

Try this for plaintext:

function showlist($parent, &$catlistids="",$depth = 0) {
  $result = mysql_query("SELECT component_part_id, component_part_quantity_used FROM builds WHERE build_part_id='$parent'");
  while ($line = mysql_fetch_array($result)) {
    for ($i=0;$i<$depth;$i++) {
      $catlistids .= "  ";
    }
    $catlistids .= get_part($line["component_part_id"]) . ' ' .  $line["component_part_quantity_used"]."\n";
    showlist($line["component_part_id"], &$catlistids,$depth+1);
  }
return $catlistids;
}

Or for HTML:

function showlist($parent, &$catlistids="",$depth = 0) {
  $result = mysql_query("SELECT component_part_id, component_part_quantity_used FROM builds WHERE build_part_id='$parent'");
  while ($line = mysql_fetch_array($result)) {
    for ($i=0;$i<$depth;$i++) {
      $catlistids .= "&nbsp;&nbsp;";
    }
    $catlistids .= get_part($line["component_part_id"]) . ' ' .  $line["component_part_quantity_used"]."<br>";
    showlist($line["component_part_id"], &$catlistids,$depth+1);
  }
return $catlistids;
}

Woohoo, works like a charm! Thanks! :)

I'm confused now as to what the fuss is about reset()ing multidimensional arrays though.

You're welcome.

You can use next() prev() or current() to walk through the array, by advancing a pointer. reset() resets the pointer back to the beginning.

If you don't use those it's unlikely that you need to reset() the array.

By the way, foreach() automatically resets the pointer to the beginning of the array, so reset() is not needed before it.

foreach ($rows as $rows) is invalid - you can't use the same variable name twice.

Try this:

$result = $database->query('SELECT * FROM testtable ORDER BY timestp DESC;');
		
$rows = array(array());

while ( $tmp = $db->fetch_assoc( $result ) )
  {
  $rows[] = $tmp;
  }
		
foreach ( $rows as $row)
  {
  echo '<br />';
  echo $row['id']." --> ".$row['timestp']." --- ".$row['val'];
  }

reset($rows);

And even then the analogue hole remains, although admittedly only a small percentage of people would go to the trouble. Tools like Quicktime can record the screen (or parts of the screen) as a movie with sound. If it's playable, it's recordable.

i've already solved the issue by reinstalling again the whole folder system thank you for your time.. yah i've also tried that.. but i think the problem that i've encounter is that i use microsoft web expression.. rather than notepad that makes the files too heavy i think..

Ah - I suspect it was putting certain characters before the <?php open tag.

Yes, you really do need to be using a plain text editor such as TextWrangler or even just Notepad.

Is there anything between the start of the file and <?php (like a space, new line, or something)?

Seems strange that the error message is reporting output on line 1... it's almost as if you have a space at the beginning, like this:

<?php
blah blah blah

or a new line, like htis:

<?php
blah blah blah

edwin here's the code, so that you can easily analyze it:
...

Something doesn't add up. The error reported is on line 7 but in the code that you posted, line 7 is nothing - just a comment.

Are you sure this is the code that's running on your Web server? Have you tried re-uploading it?

As I said, line 7 reads: // database connection config so clearly there cannot be an error there. Line 14 looks more suspect but is a different line number from that reported in the error message which is what makes me think your server has different content to what you've posted here.

Nop thats pretty fine.. works with my other php's.

Well that's surprising because there doesn't seem to be any documentation on pg_exec()
See http://ch.php.net/manual-lookup.php?pattern=pg_exec&lang=en for example.

One thing I've noticed is that you're not safely escaping strings. Not only is this dangerous but it can cause statements to fail because of invalid syntax. Maybe that's what's happening.

You need to replace all your $_POST variables in the statement with pg_escape_string($_POST).

Values("'.pg_escape_string($_POST[employee_id])."','".pg_escape_string($_POST[task_no])."', ... etc

For example:

It's difficult to know your setup, so I'm only guessing, but one possibility is that your server doesn't accept short tags.

I notice that in process.php, after <body> you open your PHP code with <?

Try using <?php instead.

You need to get it such that if someone browses to http://yoursite/process.php, the code does NOT show up. If it's not fixed by my suggestion, I suspect it's a server setting somewhere.

Do the pages welcome.php, view.php, payment.php etc exist? You need to create them too.

By the way I noticed a few errors:

<li><a href="direct.php?pagepage=view">Call History</a></li>

should be

<li><a href="direct.php?page=view">Call History</a></li>

and

<li><a href="direct.php?changepass.php">Change Password</a></li>

should be

<li><a href="direct.php?page=changepass">Change Password</a></li>

The "headers already sent" error is encountered when you are trying to send a header (usually with the header() function), but that output has already started (usually through echo(), print() or similar, or something outside of PHP).

The reason for the error is that once output has started, you cannot issue further headers. All headers must be sent BEFORE any output.

In your example, it sounds like line 7 of D:\xampp\htdocs\plaincart\library\config.php is trying to send a header() but already at line 1 output has started.

Is there a print or echo statement on line 1?

Did you forget the<?php tag at the beginning of that file?

If you can post the first 10 lines of D:\xampp\htdocs\plaincart\library\config.php we can probably help you more specifically - I'm only making educated guesses.

Shouldn't pg_exec() be pg_execute() ?

PHPshadow (www.phpshadow.com) is another one and supports PHP5.

Just a tip: You should be careful when outputting strings inside HTML. You should always use htmlspecialchars() to ensure that special HTML entities are properly encoded.

Consider using:

echo '<option value=\"'.htmlspecialchars($key).'\">'. htmlspecialchars($value).'</option>\n';