Posts by Will Gresham

You can set the order that the data comes in your query, example MySQL:

SELECT *
FROM `table`
WHERE `column` = "value"
ORDER BY `column` ASC

@HunainHafeez
Your suggestion of using double quotes over single quotes will not have any effect on the result.
The difference between double and single quotes is whether or not PHP will try to parse variable within the string or not. A single quoted string will be treated as a literal string, wheras a double quoted one will result in any variables being parsed to their values.

$var1 = 'This is a variable';

$string = 'Variable: $var1';
// Will output Variable: $var1
echo $string;

$string2 = "Variable: $var1";
// Will output Variable: This is a variable
echo $string2;

If the example provided in your post is what you are using, then you are not getting any output because of the following errors:
- Your form action is page1.php, not page2.php, so you never POST the data to the second script.
- The value attribute of your hidden tag is empty, so if you echo it you won't see anything.

Also, for the purposes of this script, there would be no reason for using get over post.

Blindly copying $_POST variables into $_SESSION variables is doing nothing different than your first script.

At the very minimum you should be doing a isset() check on them to see if they contain any data before assigning the session variable. That way you won't be overwriting the session contents with null values.

Alternatively, use $_REQUEST to fetch the values, and in any links you create add the key value pairs you need to the query string.

Generally speaking, you should not (as a web developer) be attempting to alter the browser functionality.

There are very few cases where this should be considered acceptable.

If you are interested in the javascript, a very quick Google search will tell you what you need to know.

http://lmgtfy.com/?q=delete+multiple+records+using+checkboxes+in+php

That all makes a lot of sense, but it seems like a lot of coding.

Not really, although if it were simple and quick to make a secure script, then everyone would be doing it.

So by coding it as indicated above, I would have to individually create a page for each member and provide access to only certain staff members. That is a lot of work.

Again, no.

Lets take an example I have knocked up quickly, replace any comments with relevant code. Note this isn't a copy-paste job, it will still require work. This will be the basic design for the 'memberinfo.php' page, I'm going to leave the previous page to you and assume that the memberid is still sent in the GET.

<?php
session_start(); //Start the session

/* Ideally this chunk should be done on another page when the staff member logs in, not on every page.
//Insert SQL statement here to get the staff

$_SESSION['id'] = $mysql_result['id'];
*/

$memberid = $_GET['memberid'];
$staffid = $_SESSION['id'];

// Sample SQL to check permission: SELECT * FROM `permissions` WHERE `staff_id` = $staffid AND `member_id` = $memberid

if(mysql_num_rows($permission query) == 0) {
  // Display an error, the staff member is not allowed to view this
} else {
  // Insert code to display info
}

?>

As I said, this will require some thought and modification on your part, I don't believe providing you with all the code will benefit you in any way. Read through that and by …

Look forward to it :)

You might find this of interest

http://jquery.com/

download and include in your php file

I would disagree with that, I would always suggest using a CDN one, such as the one on google code (http://code.google.com/apis/ajaxlibs/documentation/#jquery)

This article sums up my reasoning for this quite well.

I'm not convinced on Bing. It seems to be a re skinned Google.

Do identical searches on both and the results are generally the same, maybe a slightly different order but no major differences for a good query.

Why they market it as a 'decision engine' is beyond me, it doesn't appear to do anything new or any neat tricks... Unless I am missing something..

No extraction required, just count $_POST['label'] :)

Ah, whoops, wrong brackets as well. Missed that on your first post :P

For functions, use standard braces ( and ).

Curly braces are for statements and function definitions.

So it should be substr($_REQUEST['cc_number'] , -1, 4)

Disable the ads?

No ads here and the site loads in a decent time, not quite instant but it doesn't have a noticeable delay either :)

May help to post some more of your code.

But I assume you are running an empty() check on the POST vars?
From the PHP manual:

Returns FALSE if var  has a non-empty and non-zero value.

The following things are considered to be empty:

    * "" (an empty string)
    * 0 (0 as an integer)
    * "0" (0 as a string)
    * NULL
    * FALSE
    * array() (an empty array)
    * var $var; (a variable declared, but without a value in a class)

I would say in this case possibly use the isset() instead, this will return false on a NULL value, rather than a 0.

Otherwise, post the code so we can look.

darkagn is correct, looks like you are missing multiple commas in the values of the query.

Also, may I suggest that you sanitize the input from the form.. Entering unchecked POST data into your database is asking for trouble.

Instead of putting a password hash in the URL (Not a very good idea) why not generate a random string when the user is created and just put this (and possibly the username) in the URL.

Then, check that the string in the URL matches the one in the database when they visit the page.

Your write function has a name which looks familiar.

Try not to use names of actual JavaScript functions.
What is happening is that you are saying:

onclick="write(document.getElementById('words').getAttribute('value'));" >

Which is doing the same as if you have put:

onclick="document.write(document.getElementById('words').getAttribute('value'));" >

See the problem?

I use the same password for everything (nearly everything anyway) it contains part of the WPA2 key for my router, part of the phone number at my previous address and part of my name :P

It is not a dictionary word, is 16 characters long has a mix of alphanumeric characters and symbols, so I would like to think it is fairly secure :)

Even with your broken English, the answer it the first result on Google

At least attempt to do your own research :(
PHP

Well, these messages are obviously not so secret anymore...

But, IMO promotion of any single religion by any government is not right.

Apparently this server has a mind of it's own :P

Allsorts of fun with subscription emails being duplicated and other bits :D

I have posted that a few times, mainly when a search on the exact text they used as the thread title will bring up the answer as the first result.

I tend to think, if they cannot be bothered to search, I cannot be bothered to actually help them.

When I come to DW I have the C++ forum bookmarked. So the first thing I do is look at the threads in that forum to see if I need to reply to any of them (via the New button). Then I'd use the Favorite Forums links to do the same with the other favorite forums. In the 4+ years that I have been a member here I think I may have visited the DW Home page 5 or fewer times.

Practically the same for me, but for the PHP forum.

Also +1 to Sknakes point, I look at the HTML and CSS & Site Layout often, and that is 2 layers.. not a huge difference in the amount of time to get there, but it was so much easier when they were always on the right.

I also rarely view the homepage, had to go look just now to actually remember what is on there (I can see why it is useful, but personally I have no use for a list of topics from all forums), I almost always enter the site from a bookmark to PHP or Geeks Lounge, if not then its from history.

I cannot see a call to the mail_it function in the code you posted, but what you will need to do is change the $recipient value that is being sent to the mail_it function depending on which option is selected.

Have to wonder why this guy bothers coming back :D

You can see your topics here: http://www.daniweb.com/forums/search.php?do=process&userid=191738&exactname=1&starteronly=1

And you can see your posts on this link: http://www.daniweb.com/forums/finduser191738.html

<?=$delay?>

look at this place and similar ones
what i can say (maybe I am not experienced in such things), but if you say this is php, then I think it is quite a bad code here. I think

That is an acceptable way to echo a variable within HTML code,

The problem is this line (Line 61):

<td><input type=text name=site value="<?=get_setting("site") size="20"?>" size=30></td></tr>

size="20" is within the PHP braces.

yes, its cool too, but the process by ajax will be done in the backend.
page won't refresh while sending the mail.

Reread the first post and the title.

The OP wants a mailto link, not a PHP mail() function.

As Atli says, Blowfish is an encryption cipher, not a hashing algorithm.
It is in the mcrypt library (http://php.net/manual/en/book.mcrypt.php)

There was a whole thread a while back discussing passwords and some good methods. I'll see if I can find it...

EDIT:
Thread is here:
http://www.daniweb.com/forums/showthread.php?t=178241

$data = mysqli_query($dbc, $query);

Should this be:

$data = mysqli_query($query, $dbc);

Having not used mysqli - I can't comment, but I think the first parameter should be the query, then the connection link identifier.

Nope, for some reason they swapped them for mysqli, although if no connection is specified, it will default to that last connection that was established I believe. :)
http://www.php.net/manual/en/mysqli.query.php

You would probably be better asking this in the HTML/CSS forum: http://www.daniweb.com/forums/forum143.html

As ardav said, you will need to use the API:
http://rapidshare.com/dev.html

If you want to use preg functions, then this should work to match strings containing alphanumeric characters and spaces:

$pattern = '#^[a-z0-9\x20]+$#i';
if (preg_match($pattern, $new_pagealias)) $error = "Invalid page alias. Use only normal characters.";

You can avoid this problem by using a statement similar to CFROGs suggestion. Make sure all fields have a default value, or are allowed to be NULL.

Also, please look at your code, this can probably be reduced by 50% (in terms of the number of lines) due to a lot of repetition. For example, this:

if ($fname){
if (strlen($fname) > 20){
$num ++;
echo "<tr><td>".$num.". Firstname is too long.(3-20)</td></tr><br />";
}
}
if ($fname){
if (strlen($fname) < 3){
$num ++;
echo "<tr><td>".$num.". Firstname is too short.(4-20)</td></tr><br />";
}
}

Could become this:

if ($fname){
  if (strlen($fname) > 20 || strlen($fname) < 3){
    $num ++;
    echo "<tr><td>".$num.". Firstname must be between 3 and 20 characters.</td></tr><br />";
  }
}

That will do practically the same thing, but is only 6 lines rather than 12.

You probably won't see a difference in response in a script like this or on a low traffic site, but in busy sites or much longer scripts then cutting back on unneeded characters and whitespace can help performance :)

Not sure if this has been mentioned before.

One thing that irritated me for a while was seeing '1 hour ago' '2 hours ago' and such on posts. I like seeing the actual Date/Times, but maybe that's just me :)

I have had a look in the CP today and found the settings to change this, my query is on the naming of the options..
It appears that the 'Normal' setting will show a standard date/time of the post; such as 'Oct 27th, 2009, 06:00', 'Yesterday/Today' will do what it says, and 'Detailed' will show the '1 hour ago' '2 hours ago' and such.

Personally, I would expect the results of the Normal and Detailed to be reversed, to me, detailed means more information, which would be the actual timestamp, not just 1 hour ago :)

Just my thoughts :icon_smile:

Remove the spaces between the %s and the value.

If the user entered 'Google' then the search query would look like:

$query = "SELECT * FROM products WHERE artist LIKE '% Google %'";

This would return values where the products column had an entry of 'something Google something'

Why thanks :) I'll be getting this camera soon [link], I can't wait. Those pictures were taken with my awful Samsung S570, it will be nice to use a real camera for once.

That is an expensive camera :-O

Pics do look really good though :)

Rather than using

$date = date("d-m-Y");

Save the date as a timestamp in an int(11) field, do not save dates as DATETIME, DATE or any other date specific SQL type..
Since this will be a number, you can then sort by the date column in descending order to get newest to oldest :)

Simply use your $date = date("d-m-Y"); on the timestamp when you display the information.

Yes, I sit in front of a monitor all day a work. Very nice not to have light glaring at you :)

Books > The computer

This should work...

mysql_query("CREATE TABLE IF NOT EXISTS `table_name` (
`field_name` int(11) NOT NULL AUTO_INCREMENT,
`field_name` varchar(65),
...,
...,
...,
PRIMARY KEY (`field_name`)
)");

function mapRefresh(timeoutPeriod) {
	setTimeout(load(),timeoutPeriod);
}

Then add mapRefresh(10000) to the Onload event.

Again, off topic, but I think he is trying to get help for this still :P

Cant edit the post above any more.. but if you need clarification on the script, just ask :)

So basically you are talking crap, like we thought for 99% of this thread.

Are they? There aren't any exploits that affect the IPhone's security, just as there aren't any exploits that affect Linux's security. In fact the IPhone is one of the most secure platforms around.

But Apple keeps plugging them, and pretty quickly.

Slight contradiction of yourself there.

The only problem I really have with Vista is the annoying, consistent 'do you really want to do X activity' messages and the fact that it hogs my RAM (which isn't a problem on my 4GB computer I now have). All I use is ad-aware and I have never had any problems with malware.

I don't know about most of your points, but it seems that you don't know the definition of an opinion. In any case, I have spoken with a number of IT professionals, and they all have claimed that windows' security problems are more due to its popularity than its inherent flaws.

From what I have seen, Vista will just take a chunk of your RAM and sit on it, regardless of whether or not it needs it, and it appears it will take more RAM if you have more available...

Personally, I disable UAC straight away, I have a decent firewall which alerts me to any untrusted programs trying to access system files/registry keys/whatever :)

On topic, I have used multiple flavours of Linux. I find that if you go out and get your own hardware Linux is ok, but if you have a unit with OEM hardware (especially some Broadcom wireless chips) then drivers become somewhat of a nightmare.

Comparing the latest Ubuntu and OpenSuse distros to Vista, yes, installing the OS is faster than Vista, but Vista picks up the drivers in both my PC and Laptop no problem, but i …

Let this be a warning to any loud mouth drunk yobs...

The next person you start on may not be as easy as you think :D

http://www.mirror.co.uk/news/top-stories/2009/10/07/we-re-very-cross-cross-dressers-115875-21728860/

Good to see someone stand up to the violent youths :)

Your script can be as secure or insecure as you want.

Generally, the end user would not see constants or any of the actual code as this is executed on the server. All the end user should see is the output of any functions in your script.

If you are worried that a function may output some important data, use an @ symbol before it to suppress the standard errors: @mysql_connect("...", "...", "..."); Or better, add error handling into your code to make sure that if an error occurs then you have a specific response for it.

Shawshank Redemption is up there at the top of my list :)

It should be

$query = "SELECT * FROM pec_mssgs WHERE m=$todaysMonth AND d=$todaysDay AND y=$todaysYear";

Edit: Ezzaral beat me to it :)