Posts by minitauros

Hello there. I would like to know if there is a way to write files to my server without CHmodding a certain directory. I have an auto-update script that downloads a .ZIP from my main server, and then extracts those file to the corresponding directories on the current server. However, I'm getting a permission denied error:

Warning:  ZipArchive::extractTo(../../../../index.php) [ziparchive.extractto]: failed to open stream: Permission denied in /var/www/vhosts/cms.com/httpdocs/cms/includes/modules/update/actions/update.action.php on line 149

I don't get this error after CHmodding the directory to 0777. But I don't want to CHmod ALL my directories. That wouldn't be safe, would it? Is there a workaround? Something to change in my PHP settings?

I think it should be working. Did you check if your $array really does contain all the values of the checkboxes you want to be checked?

Try using mysql_real_escape_string. You may be inserting a special character that messes up your PHP code. Try

$query = mysql_query('INSERT INTO Improv (
ID, 
Impressions, 
Appearance, 
Use, 
Content, 
Comments, 
Date
) VALUES (
NULL, 
"' . mysql_real_escape_string($Impressions) . '",
"' . mysql_real_escape_string($Appearance',
"'  mysql_real_escape_string($Use) . '",
"' . mysql_real_escape_string($Content) . '",
"' . mysql_real_escape_string($Comments) . '",
"' . mysql_real_escape_string($Date) . '"
)') or die (mysql_error());

Or maybe it's what pritaeas says ^^. // Edit: damn I'm a newb, must be what he says :).

$query = 'SELECT city_name, other_stuff FROM table';
$result = mysql_query($query);

while($fetch = mysql_fetch_assoc($result)
{
  $city_name = $fetch['city_name'];

  if(in_array($city_name, $array)
  {
    echo '<input type="checkbox" name="city[]" value="' . $city_name . '" checked="checked"/>';
  }
  else
  {
    echo '<input type="checkbox" name="city[]" value="' . $city_name . '"/>';
  }
}

This would print a checkbox for each city that is retrieved from the database, but only prints those with a value that occurs in $array as checked.

You could explode the comma separated string.

$array = explode(',', $comma_separated_string);

This would return an array. Then you could check for each checkbox if it's value is in the array, and if it is, check it? E.g.:

while(...)
{
 if(in_array($value, $array)
 {
  // Make checkbox checked.
 }
}

To create a radio button list (which allows only one option to be selected at a time, like in a <select>), you can create a list of radio buttons.

Instead of adding <option>s to the <select> you should just add <input type="radio">'s to your page.

<input type="radio" name="city" value="city1"/>
<input type="radio" name="city" value="city2"/>
<input type="radio" name="city" value="city3"/>

Now when the form is submitted, $_POST will have the value of the radio input that was selected. In case you're using checkboxes, which allows multiple items to be selected, the code process should be the same. For example:

<input type="checkbox" name="city[]" value="city1"/>
<input type="checkbox" name="city[]" value="city2"/>
<input type="checkbox" name="city[]" value="city3"/>

When the user submits this form, there will be an array called $_POST in PHP. If for example boxes 1 and 2 were checked, it will contain $_POST[0] = city1, and $_POST[1] = city2. Was this then what you meant? :)

Can you please wrap your code in [ code ] tags for our convenience? ;)

As for your question: If you store a password encrypted in your database, you will also have to retrieve it encrypted.

So for example if you do this:

mysql_query('INSERT INTO table (username, password) VALUES ("' . $_POST['username'] . '", '" . md5($_POST['password']) . '")

Then you would have to retrieve it like this

mysql_query('SELECT username, password FROM table WHERE username = "' . $_POST['username'] . '" AND password = "' . md5($_POST['password']) . '"

So both in your insert and select query, you should use the encrypted password. To explain this: if you insert an md5'd password, your database will contain a password like 26lj2asdf8y80sdf8y (which is an md5 encrypted password). Then, when you retrieve that password, you cannot simply retrieve the password as the user submitted it. User password "mypw" will be jasdo8gyas80ga9sg79asg6 in md5 encryption, so beware that you dont match "mypw" against the md5 version in your db. You should first encrypt the password that the user submitted when he logs in and THEN match it against the encrypted password in your database.

Hm I'm still not sure what you mean, but if you for example have this checkbox

<input type="checkbox" name="imacheckbox" value="hello"/>

then $_POST will have the value "hello". Is that then what you mean?

It appears to be a problem with your $custom[0]->value indeed. Have you tried to use

var_dump($custom);

to see what's actually in $custom?

Its not loading slowly at all. And yea, I see now, it's the white banner at the top I was talking about. I thought it was just plain white space. No problems there, then, only that the quality of your background image is a bit low hehe ;). Oh yeah, and the "Enter site" button remains unclickable - the text slides to the right before I can click it.

So the problem is solved? ;)

If you have a multiple-steps form, you could consider temporarily saving form information in a session. If you don't know which information your post data contains, you can print the post data on your screen as follows:

<?php
print_r($_POST);
?>

This will print all the data the user has submitted through a post on your screen. It will also contain the values of your checkboxes, in case you need to check what those values are.

Hope that's what you meant? :)

I have no problems viewing your page, but I seem to be unable to click the Enter Site button: it moves away when I try to click it :P. Also after I have entered, the background does not fill up the entire screen as it does on the intro page.

As Baig says, to run PHP on your local machine you need to be running a server. This can also be done locally, for example by installing XAMPP (http://www.apachefriends.org/en/xampp.html). Once installed, you should move your project to the /htdocs folder, which is located in your XAMPP folder. Then start up XAMPP and start up Apache from the control panel that appears. Go to http://localhost/yourprojectname and it should run.

If they have logged in you could create a session that says that the user is logged in, and then on the other page, if the session exists, you could show the download links?

Of course this is just a simple suggestion, I have yet to mention security etc. ;)

http://stackoverflow.com/questions/8685318/performance-between-dom-parsing-and-regex

If you put

alert('datas: ' + datas);

(or console.log, whatever you like) in your AJAX' success: ... part, does it output the correct data?

Is there a specific need to show it as JSON? Also, if you want to display it as HTML output, why not just make your headers output it as HTML?

I've never done it and I don't know the best way to do it, but if you can't think of another solution, I'm fairly sure this should do the trick:

Don't even use a real <select> box. I would maybe create it, but place some div over it that, when it is clicked, shows a hidden div that looks like the contents of the select box, containing radio buttons that are styled like <select> <option>s. Those radio buttons should then by styled to look like your example.

I think you should look into the MySQL COUNT() function. For example

$q = 'SELECT COUNT(id) AS number_of_something
FROM table
WHERE conditions';

This returns a certain count. Hopefully it's what you are looking for ^^.

It might be me, but I don't completely understand what your question is. Or, better said, I understand your question, but the context is kind of unclear to me.

If you want to work with password encryption in your PHP / MySQL setup, you should take in account the following:

When a user registers, a password is inserted into the database. If you clean this password with for example stripslashes, like in your case, you should execute the exact same procedure when the user logs in.

In other words, in your case, if you don't strip slashes from the password when the user registers, but if you then do when he tries to login, some errors might occur ;).

So just make sure that if you alter the data that is inserted into the database when a user registers, you alter that data exactly the same way when you retrieve that info from that database. If you don't, the data won't match.

For example if you have two computers (that are on the same local area network!), the computer with the name "ComputerA" is running XAMPP, and you want to access this XAMPP server from the computer with the name "ComputerB", then here's what you do:

On ComputerB, start up your web browser. In the address bar, type: ComputerA/projectname. For example if you have a project called "testproject" in your XAMPP's htdocs folder, you can access it by going to "ComputerA/testproject". Hope this helps :).

Is it an idea to auto expire a session after x minutes? So for example when a user leaves your website and remains inactive for 10 minutes, after which he returns, your system detects he has been away too long and unsets the session?

Most of the times, such an error also reports on which line in your script the error is occurring. Does it not?

Here's a good tutorial on regular expressions:

http://www.phpro.org/tutorials/Introduction-to-PHP-Regex.html

In your case, I think you're looking for something like

preg_match('/^[0-9A-Za-z_\-]+$/', .....)

Which returns true if the input string contains nothing more than letters, numbers, underscores and dashes, or indeed, like pritaeas says

preg_match('/^[\w-]+$/', .....)

which is similair to that.

Make use of the mysql_real_escape_string() function to escape certain special characters: http://nl3.php.net/manual/en/function.mysql-real-escape-string.php

Also you can convert all HTML characters to their HTML encoded equivalents. For example < would become &lt; This is done with the htmlentities() function: http://nl3.php.net/manual/en/function.htmlentities.php

You can decode this with the html_entity_decode() function: http://nl3.php.net/manual/en/function.html-entity-decode.php

Well I must say that it's kind of unclear to me which part of the code you want us to look at, but what usually works is finding the current quantity of the item in your shopping cart, and then substracting or adding a certain value from or to that quantity. Then save the new value as the current quantity. That's the update.

On my site there is a horizontal menu. When I hover over a menu button, which is a <div>, a <div> inside that <div> is shown with control options for that button (for example to edit the button text). This is done with Javascript (jQuery). It uses $.hover.

So, when I click the "edit button text" button in the <div> that shows when I hover over the menu button, the inner content of the menu button <div> is changed to a text field through AJAX, so that I can edit the button's text. The hover <div> is not replaced when the AJAX load is performed.

The problem lies here: When I edit the text inside the text field and press [enter], the text field is replaced by the new button text through a new AJAX load. When I press [enter] while my mouse is hovering over the textfield, the hover functionality breaks: the <div> with control buttons now flickers when I hover over the menu button <div>. However, when I press [enter] while typing in the text field, while my mouse is NOT hovering over the text field, the hover functionality is kept intact.

Any suggestions on how to fix this? :)

Solved. The problem was not that it's impossible to load <script> tags, it was just an error in the code.. Stupid me :).

I would like to execute some Javascript after the document has loaded and even after the document.onload functions have been executed.

Situation:

I'm loading a text-edit field through ajax. When the user submits the form, he is redirected to a PHP file. That PHP file redirects him back to "file.php" using header('location: file.php');

What I want to do is to execute some Javascript actions in file.php, but when I print the <script></script> tags the file id displayed blank - nothing is loaded at all. As soon as I leave them out, the page does get loaded.

Any suggestions?

The table structure is like this:

Each record in the persons, artists, companies and events table is a profile. User_id is the id of the superuser that is the owner of the profile.

Table "connections" looks like this:

connect_from_type,
connect_from_id,
connect_to_type,
connect_to_id

I guess you can guess what each of those fields means.

The suggestion you did would count all the profiles, while I would like to count the connection requests made to all the profiles of one specific user. Does that clear things up? :) Thanks for the help in advance!

P.S. By "does not work" I mean that one option returns 0 results, and the other option returns too many results (for example it returns 14 connections when there are actually 6 connections).

The case:

On my site there are four profile types: persons, artists, companies and events. A user can create multiple profiles. Each profile can be connected to another profile. So a person-profile can for example connect to an artist-profile, but also to an event-profile, and an event-profile can connect to a person-profile, but also to a company-profile or an artist-profile, etc.

I want to count the number of connection requests that have been made to a certain user with a certain super_id ($user_id in the query below). The super_id defines the owner of the person, artist, company or event profile.

Shortly explained: I want to count the connection requests that are made to all the profiles of a certain user with a certain super_id, expressed as $user_id in the query below.

SELECT COUNT(connections.connect_to_id) AS number_of_requests,
        CASE connections.connect_to_type
            WHEN 1 THEN persons.user_id
            WHEN 2 THEN artists.user_id
            WHEN 3 THEN companies.user_id
            WHEN 4 THEN events.user_id
            END AS owner_id
        FROM connections
        LEFT JOIN persons ON connections.connect_to_id = persons.id
        LEFT JOIN artists  ON connections.connect_to_id = artists.id
        LEFT JOIN companies  ON connections.connect_to_id = companies.id
        LEFT JOIN events ON connections.connect_to_id = events.id
        WHERE connections.status = 0
		AND (persons.user_id = "' . $user_id . '"
	    OR artists.user_id = "' . $user_id . '"
	    OR companies.user_id = "' . $user_id . '"
	    OR events.user_id = "' . $user_id . '")
        HAVING owner_id = "' . $user_id . '"

But this code does not work. I have also tried leaving the "HAVING ..." part out …

I have ran into this problem and I solve it by using php to handle this. Pretty much you send the entire url to a php page in a url variable.

Ex.

RewriteRule ^(.*)$ your_page.php?_url_=$1

Then with php you get the data and parse it yourself.

if ( isset( $_GET['_url_'] ) ) {
  //parse url
}

Worked great and still does in my custom mvc framework.

Maybe not the solution you are wanting, but will give you the flexibility you require.

Very inventive. Might give it a try :). Thanks!

Well it is possible to do if statements in regex like the following:

RewriteRule ^/?([\w]+)/(([\w]+)/(([\w]+)/(([\w]+)/(([\w]+)/(([\w]+)/(([\w]+)/|)|)|)|)|)|)$ index.php?a=$1&b=$3&c=$5&d=$7&e=$9&f=$11&g=$13

And in that regex up the 7 forward slashes may be used with [\w]+ between them. It will dynamically match from 1 forward slash to 7 foward slashes. But keep in mind for it to work you will need it to match [\w]+.

Thanks for the answer, that's definitely good to know. However, I have never seen a | being used inside a regex (in that place, I have of course seen it being used inside a pattern with the meaning this "or" that). What's the use of it behind a section?

What I would like to do is to create a repeating pattern inside a rewriterule. For example:

RewriteRule ^([\w]+)/([\w]+)/(([\w]+)/([\w]+))*/?$ index.php?p=$1&s=$2(&$4=$5)*

Breaking it down:

On every page my ?p=BLA refers to a certain page, and every &s=BLA refers to a certain subpage. The rewriterule for this would obviously be:

RewriteRule ^([\w]+)/([\w]+)/?$ index.php?p=$1&s=$2

But now I want to add custom $_GET data to my url. For example I want to add &search=SEARCH, and I want to add &page=15, and anotherquery=BLA. The rewriterule I just wrote does not support this.

Is there any way to support an unspecified number of arguments in a rewriterule? For example by creating a repeating pattern? Because I don't know how many new arguments I want to add to the URL in advance.

What I would like to do is to create a repeating pattern inside a rewriterule. For example:

RewriteRule ^([\w]+)/([\w]+)/(([\w]+)/([\w]+))*/?$ index.php?p=$1&s=$2(&$4=$5)*

Breaking it down:

On every page my ?p=BLA refers to a certain page, and every &s=BLA refers to a certain subpage. The rewriterule for this would obviously be:

RewriteRule ^([\w]+)/([\w]+)/?$ index.php?p=$1&s=$2

But now I want to add custom $_GET data to my url. For example I want to add &search=SEARCH, and I want to add &page=15, and anotherquery=BLA. The rewriterule I just wrote does not support this.

Is there any way to support an unspecified number of arguments in a rewriterule? For example by creating a repeating pattern? Because I don't know how many new arguments I want to add to the URL in advance.

That's the question :). Would it make difference if the varchars were used to their max? So if they were completely filled?

So no performance difference? :o

I was just giving an example ;). Let's say "the largest number available for varchar" then.

Okay so me and a friend of mine are discussing the following:

If you have 1.

a table with 10 fields, each a varchar(255)

or 2.

a table with 10 fields, each a varchar(1billion)

Which would be better, performance wise?

I say it won't matter, because MySQL reads the field names before it scans the content. My friend says it will matter, because the field size always impacts the performance of the scanning process.

Great, that's what I wanted to know, thanks! :)

In the ZEND Reference Guide I saw this:

$select = $db->select()->from('posts')->order('date_created DESC');

Now I'm wondering: what does that second arrow do? What does using more than one arrow when working with an object do? And can I use it all the times? For example

$myclass->function()->anotherfunction()->hello;

?

You could check if there are any unescaped ampersands somewhere in your XML.

Seems like you forgot to close your end tag on line 7, for starters.

Edit: Nvm, I see it :).

Do you want to produce the HTML of the invoice, or a PHP part?

I'm wondering: Why would I need to use a static variable? When I initiate a class, that class remembers the value of a variable I declare in that class anyway, right? What does the static part add to that?

For example, what's the difference between

class Hello
{
public $variable;

function increaseByOne()
{
$this->variable++;
}
}

and

class Hello
{
public static $variable;

function increaseByOne()
{
self::$variable++;
}
}

? When I execute either of the functions 10 times, $variable will always be 10, right?

function randomHash($length)
{
    if (!$length)
        $length = 6;

    $array = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9));

    for($i=0; $i<$length; $i++)
    {
        $random = mt_rand(0, count($array)-1);
        $random_hash .= $array[$random];
    }

    return $random_hash;
}

This creates a random hash with the length of $length.

Add it to your database with a simple insert query (INSERT INTO...) and then check if it is present with a simple select query (SELECT ... FROM).

PHP is almost never used to alter a website's appearance. It's designed to run in the background, before the HTML gets outputted.

The only way I know in which PHP does change a website's appearance, is for example when forum posts are retrieved from a database and outputted to the screen - that's HTML output (like madCoder said).

For example you could create a 128 length password field for a sha512 hash, which is much more secure than a sha1 hash.

You would compare the form result with the database result, and if it matches, the user will be logged in. Something like:

$password = hash('sha512', $_POST['password']); // Encrypts the $_POST['password'] to a 128 character hash.
$query = 'SELECT ..... FROM .... WHERE password = "'.$password.'"';

The password in your database must be stored encrypted to make this work.

etc.

Then:

if(retrieved user rank == 1)
{
  header('location: admin.php'); // Redirect to admin.php
}
elseif(retrieved user rank == 2)
{
  header('location: user.php'); // Redirect to user.php
}