Posts by broj1

I sent you a message 11 hours ago with my gmail email address. There is a menu on top of the forum page that says Private messages. Click on it and you will see my message.

I have already done that. Have a look at your personal messages.

Sory, I did not know this but it seems it is not possible. I sent you my email in a PM.

If you click on my avatar or name on the left side of the post you get to my profile page. Find a button there that says Send private message. I have just sent you a provate message so you can also just reply to it.

If you look at the source code for the html in browser you will see a script inserted into the jquery load method (probably through the search box):

// the script is inserted after this code
$("#result").load("search-data.php?keyword=

The script is encoded in a way using character codes, and you can decode it using fromCharCode function. This code is then executed using eval. It checks/sets a cookie and opens an iframe, positioned off your screen. The source for the iframe is a php script (http://davidedwardsphotos.com/cubsdb/64P2WFxK + php exstencion) which I could not access anymore.

See the code in attached pdf.

It is important that you sanitize all input by removing all the tags from the input data using i.e htmlspecialchars() function if there is a chance that the input will get to the html code (as in your case).

You can zip the affected scripts and send them as a personal message to me here. Pease include the database structure and a few rows of data (export in sql format from phpmyadmin).

Has this solved your problem? If yes, please mark the question as solved. Happy coding.

BTW, have you tried to ask the question on the fpdf forum?

First check if you got the path to the image correctly. Put this temporary debug code immediatelly after line 27 in your fpdf code:

die($name);

This will display the path to your image. Check it whether is OK. Please post it here.

First thing, please do not start two threads in a very short time span for the same problem.

The problem I ran into was that fpdf's image method expects a file with an extension for supported images. This is why it is a problem to pass it a binary data from the db. A workaround could be to write the binary data into a temporary image file, pass the path to the file to the image method and then remove the file but this seems a bit awkward to me.

The easier method is obviously having images saved in filesystem and only paths (and other image data) in the db. Then using the image method is straightforward.

I suggest you post your question also on the fpdf forum.

For some ideas see this tutorial.

If you have image path in the DB and the image stored in the filesystem, then it is easy:

First get the image path form the DB, i.e:

// establish a link to the database
$link = ...

// a query to read the path
$query = "SELECT imagePath FROM images WHERE imageId=$someImageId";)

// send the query
$result = mysqli_query($link, query);

// get the row
$row = mysqli_fetch_row($result);

// image path is the first (and the only) element of the $row array
$imagePath = $row[0];

Then assemble the PDF document and use the fpdf image method:

$pdf = new FPDF();
$pdf->AliasNbPages();
$pdf->AddPage();
$pdf->Image($imagePath);
$pdf->Output();

For optional parameters for the image method see the FPDF manual.

For retrieving an image stores in a blob I did not have time to research. What was the method to store the binary data? Was it using a function file_get_contents? Was the data base64 encoded?

This is a bit tricky for me, I must admit :-). I have never used this approach. You could try sending the blob data base64 encoded to the Image method and see what you get. This is really a wild guess and I do not have time to try it right now. Maybe this link can help you: http://stackoverflow.com/questions/13225726/i-need-my-php-page-to-show-my-blob-image-from-mysql-database

I will give it a try tonight if I find some time. Meanwhile I hope other members with experience in this will be able help.

Many solutions to that. Basically you have to have two columns for each value in different languages. The field names can have language in their names (such as comment_en, comment_fr for english and french languages). The language is stored somewhere (like in a cookie, in a session or as user preference). So if using a session variable you would select a comment in selected language like this:

if(isset($_SESSION['lang'])) {
    // read the language abbreviation if set
    $lang = $_SESSION['lang'];
} else {
// otherwise set to default (english)
    $lang = 'en';
}
$query = "SELECT comment_$lang FROM comments";

If you would like to provide interactive change of language, you can put language in querystring (or use ajax in specific cases).

Is the image stored in a database (as a blob) or is it just a path to the image stored in the DB?

The image method: http://www.fpdf.org/en/doc/image.htm
The tutorial: http://www.fpdf.org/en/tutorial/tuto2.htm

The problem is that $offerpricepl is not defined yet in the first iteration of the while loop. Put the test first and then echo the row:

...
while($row1 = mysql_fetch_array($result1)){  

    // this is the heading row
    echo "<tr><td>" . "Selection" . "</td><td>" . "Profit/Loss" . "</td></tr>";

    // now define the value of the $offerpricepl variable
    if ($row1['selection']=='eur/usd')
                {
                $bidpricepl=$bid;


            $offerpricepl=$bid1;

            }
    elseif ($row1['selection']=='usd/jpy')
            {
            $bidpricepl=$bid2;

            $offerpricepl=$bid3;

            }
    elseif ($row1['selection']=='usd/cad')
            {
            $bidpricepl=$bid4;

            $offerpricepl=$bid5;

            }
    elseif ($row1['selection']=='eur/jpy')
            {
            $bidpricepl=$bid6;

            $offerpricepl=$bid7;

            }
    elseif ($row1['selection']=='eur/chf')
            {
            $bidpricepl=$bid8;

            $offerpricepl=$bid9;

            }
    elseif ($row1['selection']=='gbp/usd')
            {
            $bidpricepl=$bid10;

            $offerpricepl=$bid11;

            }
    elseif ($row1['selection']=='aud/usd')
            {
            $bidpricepl=$bid12;

            $offerpricepl=$bid13;

            }
    elseif ($row1['selection']=='usd/chf')
            {
            $bidpricepl=$bid14;

            $offerpricepl=$bid15;

            }

    // now you can use the $offerpricepl variable
    echo "<tr><td>" . $row1['selection']."<td>".$offerpricepl. "</tr>";
}
echo "</table><br>";

The code would be also cleaner if you used switch instead of if / elseif.

Also I do not know why heading row must be repeated each iteration.

You forgot to enclose index name in single quotes. If you want to use double quotes you also have to enclose the array element in curly braces:

echo "<div>{$abc['ID']} $id</div>";

The issues with your function are:

• The function has it own scope so $row array is unknown to it. Pass the $row array as a parameter.
• the code $bid==$bidpricepl; and other similar do nothing (== is a comparison operator)
• if the function echoes something you do not use it the way you did echo assignment(); but just call it assignment();
• there are unknown variables in the function such as $bidpricepl and $offerpricepl, which have not been declared within the function scope
• the logic of the function is unclear; I am not sure if I understood the requrement for it from your post either.

In real life nothing is 100% secure. But if you are opening access only for a short time (only for assessment), you should be quite safe. Nevertheless consider the following:

Your phpmyadmin should be configured securely: create a user for your teacher, grant him only the necessary privileges, allow him to access only from predefined IP address (or range).

Also mysql should be installed securely (I hope you ran mysql secure installation script).

Make sure your webserver is setup securelly, too. You can google for tips about that (i.e. if you are using XAMP google for xamp security).

Shut down unnecessary services, especially insecure ones (ftp, telnet...).

So be it. Please mark as solved. Happy coding.

How to make a captcha code unhackable ?

What do you mean by this? Captcha is meant to protect against automated scripts and robots (it tries to confirm that the human is using the service). It is not meant to protect from unaothorised access fom hackers.

How to many ways a hacker can hack a web ?

Most common: SQL injection, Cross site scripting or XSS, session hijacking, but there are many others.

A good starting point for securing your web app is OWASP, escpecially the OWASP top ten cheat sheet.

Another thing that might be causing the troubles is permissions. When transferring files from one computer to another permissions might change. Usually directories should have 755 (read, write and execute for the owner, read and execute for group and others). PHP scripts should have 644 (read and write for the owher, read for gorup and others). The files should be owned by the author (you) so you can do the editing (not root). These are just guidelines since I am not familiar with OSX.

Why did i got my comment voted down ?

I can't see any downvotes on your comment.

html files can not execute php code so give all files a php extension.

Another way of doing it is using Javascript to store the screen resolution to a hidden fields (width and height) in a form that has get as a method. This way the server will get the resolution in a $_GET array. Please note, the form has to be submitted somehow.

Yet another way is using a cookie.

Then what to be done with form.html. It sholud be opened thorugh html page or through http://localhost/form.php....

The html page should be opened through form.html.

Dont u think that submit button should take the browser to the server's responsed page??

Submit button will open the page that is defined in the action attribute (it can be the same page as the form if you wish).

You can use ajax for that (if it is worth the trouble). See jquery ajax.

As I said, it works OK on my computer.

I would change the above code to:

<html>
<head><title>form.php</title></head>
<body>

<form action="extra.php" method="POST">
What is your name?
<input type="text" name="fname">
<br>
<br>
<input type="submit">
</form>

<?php
if(isset($_POST["fname"])) {
    echo 'Welcome. Your name is: ' . $_POST["fname"];
}
?>

</body></html>

You have to check for existence of the $_POST["fname"] element before using it (it won't exist until form is submitted).

nOw its irritating alot as it is second day m facing this problem

I believe that. Have you tried the debug code from my previous post? Is there any output?

I am not familiar with OSX but the only thing that comes to my mind is the personal firewall on the host computer (not only on the router). Try to disable firewall on the host computer and or set it to allow port 8080 and httpd (if applications are filtered as well). I am assuming that the web server (httpd) on the host computer is configured correctly to serve php files.

What is the OS of the host computer? Is it on the same LAN or elsewhere? What is the Listen directive set to in the httpd.conf for the particular host ?

You can also put this temporary debug code on the very beginning of the extra.php file (before the <html> tag):

<?php
die(print_r($_POST, 1));
?>

Upon submitting the form it should display the contents of $_POST and stop the script. Post the displayed output here.

It works OK on my comp. Check if the code and filenames are the same:

form.htm

<html>
<head><title> form.htm
</title></head>
<body>

<form action="extra.php" method="POST">
What is your name?
<input type="text" name="fname">
<br>
<br>
<input type="submit">


</form></body></html>

extra.php

<html>
<head><title>form.php</title></head>
<body>

welcome.Your name is:
<?php

echo $_POST["fname"];


?>
</body></html>

Make an empty php script (say test.php) to test your PHP instalation. The only code in the script should be:

<?php
phpinfo();
?>

Does it display the information about your installation?

Rename form.php file to extra.php and it should work.

Make sure that the hosting computer's firewall is not blocking http (port 80).

x.x.x.x:3306/signup.php?... and x.x.x.x:8080/signup.php?

Usually http is on port 80 if you haven't changed it. 3306 is a mysql server's default port number so it should not work for http.

The $applicants array now contains applicants IDs as keys and ranks as values, sorted by lowest value first (lowest value = highest rank). You can also use a foreach loop:

// define a counter so you can see when you have 10 applicants
$counter = 1; 

// display an introductory text
echo 'The 10 most appropriate applicants are:<br>';

// loop through the $applicants array
foreach($applicants as $id => $rank) {

    // display each applicant's ID and rank
    // (in reality you would get and display it's name)
    echo "Sid, ranked $rank<br>";

    // check if the counter reached 10 to break out of the loop
    if($counter == 10) {
        break;
    }

    // increase the counter
    $counter++;
}

This is just a principle you can adapt to your needs.

Many issues here:

• database is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks
• sending two queries is not necessary if you retrieve all data with the first one
• escape all the values from $_REQUEST before using them in queries otherwise you risk an SQL injection attack: $username = mysql_real_escape_string($_REQUEST['username']);
• better use $_POST and $_GET arrays instead of $_REQUEST since you already use GET and POST in the same script
• check for existence of values before using them: if(isset($_REQUEST['username'])) ...
• mysql database extension is very old, witch to mysqli or even better to PDO

First try to turn error_reporting to E_ALL and display_errors to on in the php.ini. Your script probably has some errors but the errors aren't displayed (just my guess).

When you start a New thread send me a private message through DW to remind me.

If the other issue is not related then please mark this thread as solved and start a new one.

The nature of the forum is such that all memebers see the topic and the ones that have time try to help. Everyone gains by learnig solutions to various problems. This is why I would prefer that we carry on through the forum not on skype. I do not have much time to offer you a full time assistance and also am on a 3G connection most of the time (limited bandwith and traffic) so Skype is not my favourite way of communication.

So try to describe the problem as clearly as possible, post the relevant code and help will come sooner or later.

Great. What have you done to solve it? Otherwise I am in central europe (quite far from India :-).

Quite possible. But it is hard to tell just by looking at the snippet of code. Maybe you should store the I'd in a hidden field so it Would be available through the POST array.

Post the latest version of the scripts that are involved and the structure of the tables and data in a SQL format (export from phpmyadmin) for all the tables that are mentioned in queries. I will import the tables and data into my test database and try to run scripts on my local server. This is the only thing that comes to my mind to help you find the solution to the problem.

To export the tables structure and data in SQL format select the table in phpmyadmin, click on the export tab, leave all options default and click Go. You will be able to save the SQL statement (describing table structure and data) on your local machine. Do this for all tables in question and send everything as an attachment. I will do import (in phpmyadmin) and test the scripts in my environment.

If you are uncomfortable doing this you do not have to. Also if you prefer you can send all this as a personal message to me here on DW.

OK, you were too fast for me. Next thing we can do is you post the last version of the scripts and the tables in question (structure and data). I can try to recreate the problem here in my environment. If you post the table do it in a SQL form. Make sure confidental data is anonymized.

We have to find out why the app can not update the table. Change the code to this:

if ($has_data == true)
{
    $sql = "UPDATE db_purchase_form SET ";
    $sql .= "db_product_name = '" . $product_name . "', ";
    $sql .= "db_actor = '" . $choice_actor . "', ";
    $sql .= "db_user_name = '" . $user_name . "', ";
    $sql .= "db_user_email = '" . $user_email . "', ";
    $sql .= "db_vdo_script = '" . $vdo_script . "', ";
    $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
    $sql .= "db_port_approval = '" . $portApproval . "', ";
    $sql .= "db_delivery = '" . $delivery . "', ";
    $sql .= "db_price = '" . $net_price . "', ";
    $sql .= "db_date_time = NOW() ";
    $sql .= "WHERE id = '{$id}'";

    $result = mysql_query($sql);

    // debug code
    if($result == true) {
        $msg = 'Query executed successfully:' . $sql;
    } else {
        $msg = 'Query did not execute successfully: ' . mysql_error(); 
    }
    die($msg);
    //end debug code
}

Post the output here.

i do not know how to do it, and id is correct one, shall i show the screenshot of phpmyadmin?

In phpmyadmin select the database, click on the SQL tab and paste the query (displayed by the die statement) into the textarea. Click the Go button and the query will execute on your database. If there are errors in the query phpmyadmin will tell you.

Sometimes you do not see a forest because of the trees :-). There is a very nice reply on SO:

I dont see where you are executing your UPDATE STATEMENT.

In fact, the query seems to be OK, but you are not executing it. This very important part of the code is missing:

$result = mysql_query($sql);

Put it instead of the die (debug) statement.

Have you copied the displayed SQL into phpmyadmin and tested it there? And is the ID correct one?