Posts by cereal

I'm sorry but cannot help here, I don't have experience with Angular & co.

Hi,

probably putting the server offline, removing the disk and accessing it in readonly mode from an OS that will not execute any of the code in that disk could be a starting point to backup what is still available.

It's important to make sure it cannot spread in your lan, through wifi or shared folders.

For the removal and recovering it depends on the version that affected your server, see if this helps: https://www.pcrisk.com/removal-guides/11217-amnesia-ransomware

Bye.

Hi,

are you following his tutorial? https://www.9lessons.info/2017/06/ionic-angular-php-login-restful-api.html
The part in which he writes about how to "Create an Authentication Service Provider" explains how to connect to the api.

The name is well defined, otherwise you would get an exception:

Route [navcolor] not defined.

The error message says Call to undefined function routes(), which in other words means that the function you are trying to call does not exists. Have you read the documentation? I posted the link for you in my previous message. You already have the solution, you could have solved this hours ago.

Hi,

supposing you are not trying to load a user defined function named routes(), have you read the documentation? https://laravel.com/docs/5.5/routing#named-routes and the source in which this function should be defined? Does exists?

Use an editor that can autocomplete the code, in SublimeText for example, when you hover a method/function it shows you in which files this is defined and you can click it to see the code. Also add a linter plugin to enlight obvious mistypes and forgotten operators.

Hi Andris,

you may want to use SELECT ... INTO OUTFILE 'file_name_here' and perhaps use CONCAT() to create the query, if you do:

set @file = concat('/tmp/file_', UNIX_TIMESTAMP(), '.log');
select 'hello' into outfile @file;

It will not work, so you have to do:

set @file := concat("/tmp/file_", UNIX_TIMESTAMP(), ".log");
set @query := concat("select 'hello' into outfile '", @file, "'");
prepare stmt from @query;
execute stmt;
deallocate prepare stmt;

As suggested here:

• https://stackoverflow.com/a/13549427
• https://dev.mysql.com/doc/refman/5.7/en/select-into.html

But it's mandatory that the destination file does not exists, otherwise the query will fail, this is done to avoid overwriting files with random content. The alternative, if you want to append results, for example, is to use mysqldump or something like this:

mysql -uVAR -pVAR -e "SELECT 'hello';" > /tmp/random.log

To execute, if using PHP, from exec().

// Edit
But looking at previous answers, now I'm not sure is this you where searching for.

Hi,

according to the source of the get_where() method in system/database/DB_query_builder.php, sending NULL is acceptable as it would skip to set the WHERE conditions. So looking at your code:

$data['result'] = $this->myguestbook_model->read(null, null, null);

It seems it should work fine. So, in order to debug, change the configuration so that it returns to you the last performed query: in application/config/database.php set save_queries to boolean TRUE, then go back to your model and right after line 3, i.e. where you perform the $query, write:

print $this->db->last_query();
die;

And see what you get. Then try to run the query into a MySQL client and see if you get results. Once you end the debugging process set save_queries to FALSE again, as it slows down the execution of the code. Also, for a better debug process I suggest you to add Kint:

• http://kint-php.github.io/kint/

Can I ask why you are using CodeIgniter? It's for a new project or just maintaining legacy?

The code seems to be okay, are you sure opcache is disabled? If you are using PHP 7.0 then it's enabled by default, so if you ran the delete.php script and this was cached by the engine, then even after changing the code you still hit the cached version, until expiration, so while developing you can get an unexpected result. If this is the case you should disable it.

Run:

print var_dump(opcache_get_status());
die;

To see the current status, it does not matter from which script you run it, if enabled, it will return the list of cached scripts

The above would not be an inline code, which is defined by backticks. Here you should use a code block, when you want to do such and you have other text above, then hit Return two times, so that you go to a new line and set a line of space between the text and the code. Hit TAB (or hit 4 spaces) and paste the code. If you are copying from your editor, then you can tab there, just make sure it equals at least at 4 spaces.

This textarea does not act like you would expect, so using the TAB key here does not focus on the next form element.

When the code is under 4 spaces then it's parsed as simple text.

At the end of the code block, if you want to insert other text, then again hit Return two times, otherwise there could be a parsing issue with the following text.

In alternative use the CODE button above, it will open a modal to paste the code.

For the XAMPP issue, see if the Apache error log gives information. Also, make sure the file has the .php extension.

Just to support rproffitt's, on Ubuntu 16.04 it redirects to 127::1:

» ping -c 3 0.0.0.0                                                                                       
PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.048 ms

--- 0.0.0.0 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.029/0.044/0.055/0.011 ms

On Mac OS it fails:

$ ping -c 3 0.0.0.0
PING 0.0.0.0 (0.0.0.0): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
^C
--- 0.0.0.0 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

// EDIT
I just saw your reply, I'm glad you solved!

// Old answer
Hmm,

as far $permissions is defined by the input and defaulting to the database and not like an array:

$permissions = ((isset($_POST['permissions']) && $_POST['permissions'] != '')?sanitize($_POST['permissions']):$User['permissions']);

you can hardcode the options in the select tag, and then just compare which is set:

<select name="permissions">
    <option value="editor" <?php echo (0 == strcasecmp($permissions, 'editor')) ? ' selected="selected"' : ''; ?>>Editor</option>
    <option value="admin,editor" <?php echo (0 == strcasecmp($permissions, 'admin,editor')) ? ' selected="selected"' : ''; ?>>Admin,Editor</option>
</select>

For the sanitazation you could also write:

$permissions = filter_input(INPUT_POST, 'permissions', FILTER_SANITIZE_STRING) ? : $User['permissions'];

filter_input() will fail to FALSE or NULL if the filter fails or the input is not set, in both cases will fallback to $User['permission'], instead, it will return a string on success.

I usually manage selects through two functions:

if ( ! function_exists('_form_select'))
{
    /**
     * Create <select>
     *
     * $array_options format:
     *
     *  'option value' => 'text'
     * 
     * @param  string $name
     * @param  string $label
     * @param  array  $array_options
     * @param  string $selected
     * @return string
     */
    function _form_select($name, $label, $array_options, $selected = FALSE)
    {
        $template = '
        <label for="%1$s">%2$s</label>
        <select name="%1$s" id="%1$s">
            %3$s
        </select>
        ';

        $options = '';

        foreach($array_options as $key => $value)
            $options .= _form_options($key, $value, $selected);        

        return sprintf($template, $name, $label, $options);
    }
}

if ( ! function_exists('_form_options'))
{
    /**
     * Create <option>
     * 
     * @param  string  $key
     * @param  string  $value
     * @param  boolean $selected
     * @return string
     */
    function _form_options($key, …

Hi,

you are trying to iterate the same result set two times: on line 28 and 106. On line 28 you get the first row, so if the query returns only one, you don't get anything when you call mysqli_fetch_assoc() again on line 106. You can use $User otherwise, if you need to loop again, insert data_seek() at line 105:

mysqli_data_seek($userResults, 0);

This will rewind the result set. Documentation:

• http://php.net/manual/en/mysqli-result.data-seek.php

Hi,

if you don't want to allow duplicates then set a unique constraint to the brand column, and then use INSERT IGNORE ..., INSERT ... ON DUPLICATE KEY UPDATE ... or a regular update query. An example:

create table `brands` (
  `id` int unsigned auto_increment primary key,
  `brand` varchar(100) unique not null
) engine = innodb;

insert into `brands` (`brand`) values('sony'),('canon'),('nikon'),('fuji'),('pentax'),('zeiss');

> select * from `brands` order by `id`;
+------+---------+
|   id | brand   |
|------+---------|
|    1 | sony    |
|    2 | canon   |
|    3 | nikon   |
|    4 | fuji    |
|    5 | pentax  |
|    6 | zeiss   |
+------+---------+
6 rows in set
Time: 0.003s

Now, if you try a regular insert, you get an error for duplicated entry:

> insert into `brands` (`brand`) values('Canon');
(1062, "Duplicate entry 'Canon' for key 'brand'")

If instead you use the INSERT ... ON DUPLICATE KEY UPDATE ... the existing row gets updated and your script can continue:

> insert into `brands` (`brand`) values('Canon') on duplicate key update `brand` = 'Canon';
> select * from `brands` order by `id`;

+------+---------+
|   id | brand   |
|------+---------|
|    1 | sony    |
|    2 | Canon   |
|    3 | nikon   |
|    4 | fuji    |
|    5 | pentax  |
|    6 | zeiss   |
+------+---------+
6 rows in set
Time: 0.003s

What can happen? If in the edit form you select Canon id, and in the input field you write Zeiss, with this …

but there's no PM option.

I remember that without reputation points a new user cannot send private messages. It probably depends on this. Bye!

You can also try by email https://www.daniweb.com/welcome/contact just keep in mind timezones.

Hi,

that's a JSONP response, so in order to process this through PHP you need to remove the callback function that wraps the JSON data, for example:

callback({JSON DATA});

At this point you can remove it from the string:

<?php

$jsonp = 'callback({"name": "micheal"});';
$callb = 'callback'; // to remove

$s = substr($jsonp, mb_strlen($callb) + 1); // +1 to include the opening `(`
$s = substr($s, 0, -2); // -2 to remove `);`

print_r(json_decode($s, true));

Now, most JSON servers allows the client to define a callback in the requesting link:

http://url/page.php?callback=foo

So you receive:

foo({JSON DATA});

This allows you to write a more robust solution, as it's should not affect your script if they change their default callback function. See also if the server allows to get other formats, like simple JSON or XML.

I honestly do not know. I don't doubt what you say, but I don't see how the original script could work with a base64 string, regardless if it was hosted locally or remote. Maybe the input was sent via the pixel $_POST['type']? In that case $im could be populated correctly.

However internalImageUpload() writes only to the database.

Instead, it's in:

imagejpeg($im, $upload_path.$filename);

I overlooked that, and yes by defining a second parameter you would save the resource loaded into $im. However you cannot inject (as far as I know) the contents from $_POST['image'] to $im.

Try something like this:

<?php

$uid      = $_POST['uid'];
$token    = $_POST['token'];
$group_id = $_POST['group_id'];
$needle   = $_POST['image'];
$haystack = 'data:image/png;base64,';
$png_blob = substr($needle, mb_stripos($needle, $haystack) + mb_strlen($haystack));

$upload_path = '../' . UPLOAD_PATH;
$filename    = time() . $uid . '.jpg';

// save to image folder
file_put_contents($upload_path . $filename, base64_decode($png_blob));

// save to database
internalImageUpload($uid, $filename, $group_id, FALSE);

$imageID       = internalGetUploadImage($uid, $filename);
$fullImagePath = BASE_URL . UPLOAD_PATH . $filename;

echo "<img src='".$fullImagePath."'  class='webcam_preview' id='".$imageID[0]->id."'/>";

Just make sure the path is correct, that ../ in $upload_path makes me nervous :D as it would always be relative to the link in the frontend side and to the system path in the backend side.

So, how would you write the image to the image folder? Through internalImageUpload()?

The point is that you cannot use $_POST['image'] that way. See the definition of imagecreatefrompng():

resource imagecreatefrompng ( string $filename )

It means it expects a string to define the filename, not the contents. Something that would work would be:

$im = imagecreatefrompng('file.png');

And from here you create a resource that will be saved into file.png, you cannot import the value of $_POST['image'] into this resource. The value in $_POST['image'] is a base64 encoded string, which once decoded is a binary blob.

Hence, you don't need that code to save the input.

For more details, take this part:

$image = $_POST['image'];
$filter_image = str_replace("data:image/png;base64,", "", $image);
// input is in format 1,2,3...|1,2,3...|...
if($filter_image == $invalid)
{
    $im = "";
    echo "false";
}
else
{
    $im = imagecreatetruecolor(320, 240);
    foreach (explode("|", $_POST['image']) as $y => $csv) {
        foreach (explode(";", $csv) as $x => $color) {
            imagesetpixel($im, $x, $y, $color);
        }
    }
}

the comment says the expected format is: 1,2,3...|1,2,3...|... but it is not like this, it is something like:

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKAQMAAAC3/F3+AAAABGdBTUEAAYagMeiWXwAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABlBMVEUA///+/v7eZjVAAAAAAWJLR0QB/wIt3gAAAAd0SU1FB+EIAQ0VMIC0C8gAAAALSURBVAjXY2DABwAAHgABboVHMgAAAABJRU5ErkJggg==

Which, decoded with my post.php script, produces a 10x10 cyan PNG image. Call it a.png.

The IF statement: if($filter_image == $invalid) is trying to compare an hardcoded blank blob to what is received by $_POST, to make sure it's not an empty snapshot. This can easily fail because the PNG specification allows to set a tIME value everytime the file is modified (or created), in practice some softwares as Gimp and in some cases ImageMagick, will add it …

Okay, I got it to work, the JS function will export the canvas contents to PNG:

snapshot.toDataURL('image/png')

so, what you get in$_POST['image'] is a base64 encoded blob. All you need to do is to remove the data:image/png;base64, part, as you were doing, decode the remaining string and save it to a file, at basic:

$needle      = $_POST['image'];
$haystack    = 'data:image/png;base64,';
$png_blob    = substr($needle, mb_stripos($needle, $haystack) + mb_strlen($haystack));
$destination = __DIR__ . '/image.png';

file_put_contents($destination, base64_decode($png_blob));

So if $needle is data:image/png;base64,AAA..., $png_blob will be AAA. You don't need the GD functions unless you want to test if the resulting file is really a PNG and not a script.

Full test:

<!DOCTYPE html>
<html>
<head>
    <title>Capture</title>
</head>
<body>

    <video id="player" width="480px" height="240px" autoplay="true"></video>
    <button id="takeSnap" class="startbutton messageButton">Take Snap</button>

    <div id="webcam">
        <input type="hidden" id="uploadvalues">
        <canvas id="snapshot"></canvas>
        <div id="webcam_preview"></div>
    </div>

    <h3>Reload to see latest snapshot</h3>
    <img src="image.png">

    <script type="text/javascript" src="https://unpkg.com/jquery@3.2.1"></script>
    <script type="text/javascript">

        var captureButton = document.getElementById('takeSnap');
        var snapshot      = document.getElementById('snapshot');
        var video         = document.getElementById('player');

        // @see https://www.kirupa.com/html5/accessing_your_webcam_in_html5.htm

        navigator.getUserMedia  = navigator.getUserMedia
                               || navigator.webkitGetUserMedia
                               || navigator.mozGetUserMedia
                               || navigator.msGetUserMedia
                               || navigator.oGetUserMedia;

        if (navigator.getUserMedia)       
            navigator.getUserMedia({video: true}, handleVideo, videoError);

        function handleVideo(stream) {
            video.src = window.URL.createObjectURL(stream);
        }

        function videoError(e) {
            // do something
        }

        captureButton.addEventListener('click', function(e)
        {
            var context = snapshot.getContext('2d');

            // Draw the video frame to the canvas.
            context.drawImage(player, 0, 0, snapshot.width, snapshot.height);

            //start webcam upload
            var webcamURL = 'post.php';

            $.post(webcamURL, {type: 'data', image: snapshot.toDataURL('image/png')}, function(data) {
                    if(data)
                    {
                        var values = $('#uploadvalues').val();

                        $('#webcam_preview').prepend(data);

                        var X = $('.webcam_preview').attr('id');

                        if ($.trim(values).length > 0)
                            var Z = X + ',' + values; …

Hmm, what kind of input do you expect in $_POST['image']?

Because imagecreatefromjpeg() expects a string to be used like a file name. You are submitting $_POST['image'] instead, which it appears to be a base64 encoded string, and from the previous PHP code, it seems it should be a list of PNG image blobs.

At line 20 you have:

$filter_image = str_replace("data:image/png;base64,", "", $image);

But in the loop you refer again to $_POST['image'] so when you explode by the pipe and semi-colon chars, in practice you end up with:

$x[] = 'data:image/png';
$x[] = 'base64,HEX_STRING';

i.e. two strings that cannot be decoded by base64_decode() which, by the side, is not used in your code.

The imagesetpixel() function, instead expects an integer for the $color argument... and here I get lost because I don't understand anymore what should be the contents of $_POST['image'].

I got a message back from the provider and it's indeed not possible to edit the php,ini file because it's not only used by mine hosting package also by others. That kind of sucks!

Indeed, it sucks :| Not considering that they could use pools to provide separated resources and configuration files for each client.

I will ask if I can create a custom php.ini file in my own dcucment root to override settings.

Either that or my first suggestion: through prepended scripts, which should work for directives that can be applied at runtime, see:

• http://php.net/manual/en/function.ini-set.php

Do you mean with a dedicated interface a thing like cPanel?

Yes. Sometimes you can edit configuration files only through these forms. You can, also, try to write a custom php.ini file and save it into the document root, success however depends on hosting configuration: if it is allowed then it will override the defaults.

Hi!

Are you using PHP-FPM? In such cases the PHP engine can be located into another server and accessed through an IP address. The address is configured in the web server config files and the php.ini file is in the remote server. You can probably use ini_set() by including a script in top of the others. Through .htaccess this is done like this:

php_value auto_prepend_file "/path/to/iniset.php"

Otherwise in PHP:

require "/path/to/iniset.php";

I would also check with hosting documentation to see if you can set the directives through a dedicated interface.

Hi,

if you can edit the main php.ini file, change the option to on:

allow_url_fopen=on

then reload the phpinfo page to see if it applied. The location of the file is defined in the Configuration File (php.ini) Path of the phpinfo view. If you cannot edit the main php.ini, you can try to create a new php.ini file in the document root. And just add the options you want to change. The Loaded Configuration File field of the phpinfo view should show if the new file is loaded.

Note: some times, the configuration (of PHP or of the web server) does not allow to override the settings through custom php.ini files, so you may need to contact your hosting support to make changes.

For more info, see the HOST and PATH directives:

• http://php.net/ini.sections

Hi,

you are missing a comma between these two columns, in the update statement:

work_carry = '$work_carry' demage_found = '$demage_found'

Then edit_customer_detail is not set by the form which, however, is okay if this is set by a previous step and carried through GET.

Not from godaddy. She cannot even log in into a backend panel to manage contents? Anyway the source code seems generated by ligthcms:

• https://www.lightcms.com/
• template: https://html5up.net/helios

In case you don't get the access, it should be easy enough to rebuild it.

Yes, it's the same on tcpiputils: https://www.tcpiputils.com/browse/domain/stacychristine.com

And if you see the result of the WHOIS you can see who is the real registrant:

Registrant Name: CCA, Lt webPHOTOMaster, Betcha Private Registration

Which is:

• http://webphotomaster.com/

It seems they developed the website, registered the godaddy DNS management for your client, then saved the website into Netsuite. If your client does not have the credentials to enter in Netsuite, then she can only ask to webPHOTOMaster support. I have some doubts you would be able to access that account. It will more probable that you could only point the DNS somewhere else, from godaddy panel, and start the website from zero. Good luck! :)

Besides: the hosting in use is powered by ASP.NET, not PHP:

> http head stacychristine.com                                                                   

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: keep-alive
Date: Tue, 30 May 2017 14:32:14 GMT
Location: http://www.stacychristine.com
Server: akka-http/10.0.0-100-netsuite-02
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

It seems godaddy was used to register and manage the DNS. Enter into the domain management page and see where it points. From those IPs you should be able to find the hosting company. The same can be done through tools like dig and whois:

> dig daniweb.com ANY

...
daniweb.com.        299 IN  A   198.23.117.137
...

> whois 198.23.117.137

...
Organization:   SoftLayer Technologies Inc. (SOFTL)
...

or through a service like:

• https://www.tcpiputils.com/

for example, if you search daniweb.com you get a summary with the hosting company name:

Domain daniweb.com is listed in the top million list of Alexa ... This domain is hosted by SoftLayer Technologies Inc. (AS36351)...

Which is http://www.softlayer.com/

MySQL suggests LONGBLOB or LONGTEXT, however with 5.7.8 there is also the JSON data type:

• https://dev.mysql.com/doc/refman/5.7/en/json.html

I have used the blob type to save small JSON objects, it works fine.

If you can use the latest version of MySQL, then you can use JSON_REPLACE:

JSON_REPLACE(data, '$.Employee_Number', '544')

See: https://dev.mysql.com/doc/refman/5.7/en/json-modification-functions.html

I don't think the margin has an issue.

That's correct, in fact, I was referring to CSS properties with a specific feature: hyphens.

In Javascript, hyphenated CSS properties margin-top & co. are converted to lower camel case, so marginTop. Line 27 has this issue.

See: https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Manipulating_documents

You have already asked this:

• https://www.daniweb.com/programming/web-development/threads/500001/changing-style-color
• https://www.daniweb.com/programming/web-development/threads/461404/change-css

You received solutions in both threads. Bye.

can you help me set up the controller and stuff ? or you cant...

Hi, what do you mean?

Hehe, sure you can!

If you want to solve it, instead, read the notice, it says Use of undefined constant session - assumed 'session', which means you probably wrote:

$autoload['libraries'] = array(session); # without quotes

Instead of:

$autoload['libraries'] = array('session'); # with quotes

By adding quotes the value is considered a string, which is what you need in this case.

Open application/config/autoload.php and set session inside:

$autoload['libraries'] = array('session');

You can do the same with other libraries or helpers that you will use constantly, like database or form.

More info: https://codeigniter.com/user_guide/general/autoloader.html

It, probably, happens because you are calling the session inside application/core/MY_Loader.php but you are loading it from the controller, which is executed after the MY_Loader. Have you tried to autoload the session?

Okay,

consider to use the identical operator === on line 20:

if ($this->form_validation->run() == FALSE)

The alpha_space_only() callback can fail when using accented characters like àèéìòùñ, so you may want to replace the regex pattern to:

preg_match('/^[\p{L} ]+$/ui', $str)

a part this your code seems fine.

But another error happen.

So, what is the error?

Hello KK,

from the screenshot is seems you are trying to load CI resources from outside the application folder. Is Contact.php a CI controller? Can you share it? Remember to remove address and password as the post is public.

Hi,

at line 7 you have:

$update_id = $post_id;

while $post_id is initialized at line 68:

$post_id = $row_post['post_id'];

Which in practice depends on $edit_id defined at line 60:

$edit_id = $_GET['edit_post'];

So, it seems that you open the page like this:

page.php?edit_post=123

All you have to do is to initialize $edit_id on top, at line 4, so that is available to the POST conditional statement and to the other code.

Do not use $_GET directly, filter the variable:

$edit_id = filter_input(INPUT_GET, 'edit_post', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

Then replace:

$update_id = $post_id;

With:

$update_id = $edit_id;

Or simply adjust the following code to use $edit_id. Use the filter functions also for the other input coming from POST and GET requests, and use prepared statements too:

• http://php.net/manual/en/book.filter.php

Hello Dani,

I don't think it's the user agent, I'm testing with Phantomjs and it uses this user agent:

Mozilla/5.0 (Unknown; Linux i686) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1

The testing script render.js:

var page   = require('webpage').create(),
    system = require('system'),
    vsize  = {width: 1280, height: 1024},
    address, output;

address = system.args[1];
output  = system.args[2];

page.viewportSize = vsize;
page.clipRect = {
  top: 0,
  left: 0,
  width: vsize.width,
  height: vsize.height
};

page.open(address, function() {
  page.render(output);
  phantom.exit();
});

Execution:

./phantomjs render.js LINK output.png

And it works fine. In this specific case Microsoft is rejecting HEAD requests, it allows GET requests, in fact, it returns 200, but the page has no contents because are loaded by Javascript: test with Postman to see how it renders. So, it seems it needs a rendering engine to show the contents.

Hi! You can use pathinfo() or a directory iterator:

$ext = pathinfo($file)['extension'];

BUT right now the img() function can, potentially, allow the access to the contents of any directory on the server, by adding ../ to the variable, as example you can write the following and access /etc/:

pictures.php?imageID=images/../../../../etc

It depends on the position of the document root in the file system. You could use an integer and make sure it's valid, for example:

$imageID = filter_input(INPUT_GET, 'imageID', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

if(TRUE === is_null($imageID))
{
    # redirect or show 404
}

# continue if $imageID is valid

See also: https://www.owasp.org/index.php/Path_Traversal

Hi Julie,

if the OS set the azerty layout try to press shift and comma to get the question mark. Anyway you should set the keyboard layout to match the keyboard not the language of the OS, see if this helps:

• https://support.microsoft.com/en-us/help/258824/how-to-change-your-keyboard-layout

Also from the Lenovo documentation for your laptop, you can get the original layout name, set that and it should work fine again.

Hmm, the session in this case it is not, probably, the best approach: what happens if, in the current session, you open multiple tabs of A.php with different IDs?

A.php?id=123
A.php?id=124
A.php?id=125
...

It would screw up, because the session value would be rewritten by the latest loaded tab. Append the query string to B.php, so if you are using a form you can do:

<form method="get" action="B.php?id=123">

Or hide it in the input fields:

<input type="hidden" name="id" value="123">

If you want more appropriated help, share an example of what you are trying to do.

Whenever I press a button on B.php, the value ID=1 gone.

Can you clarify this? Right now it seems the issue is not related to A.php but just to what happens inside B.php.

Test: https://http2.akamai.com/demo

//Okay, it's not due to HTTP/2 :p

Hi, do:

print_r($_GET);

inside allSearches.php and see what you get.

//Edit

Oh, wait, I'm not sure I have understood your request. You want to perform an AJAX request with the GET method?

Hi, use r+ to read and write from the top or a+ in case you want to append data:

$fopen = fopen($filename, 'r+');

With the w+ flag the file is cleared:

Open for reading and writing; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

See: http://php.net/fopen