Stuart
-
Posts
141 -
Joined
-
Last visited
-
Days Won
12
Posts posted by Stuart
-
-
It's not something I've ever had to do but this works:
echo htmlspecialchars(htmlspecialchars('&'));OR
echo htmlspecialchars('&');There might be another way but like I said never had to do it before.
-
The checkdate is a useful function here and will help prevent an incorrect date. However a few points about your function:
The function accepts arguments but then uses the values directly from the $_POST array which makes them redundant. It would be more portable if you use the arguments being passed to it - however I question if this needs to be a separate function anyway.
Also technically the function still allows for an incorrect date to be submitted (admittedly only by a malicious user and would have no real impact if errors are being handled correctly) but still a user submitting decimal values would not be caught and would cause a MySQL error. Although you're typecasting in your check you then use non-cast numbers in the query.
So...
Year: 2010.88
Month 08.81716
Day: 14.99918
Would still pass your date check (because they are typecast to 2010-08-14) but would cause an error when inserting into the database as 2010.88-08.81716-14.99918.
Just thought I'd point it out its easy to let little things like that slip through.
-
Hi Kerry,
Please can you use the code tags when you post code else it makes it hard work reading.
The issue is here:
$_SESSION['order_id'] =$order_id;
That's the first time $order_id is used on that page meaning it doesn't have a value.
Make sure you have error reporting turned on which would highlight trying to assign a variable that does not exist.
Hope that helps.
-
1
-
-
Hi Antonio thanks for that - it is the solution! Like I said above the example in the PHP manual just confused me slightly.
Thanks
-
The only thing I'd add is that if you're giving the user free range to input a value you will never know which format they are going to use - so you can't guarantee that the date will be unambiguous and although strtotime will return a valid timstamp which will convert into a valid MySQL date format it may not be the date the user intended.
The solution is either the jQuery approach I mentioned which provides a pop up calendar for the user to select a date from which returns a UNIX timestamp. If you didn't want to rely on javascript support then you could create a series of dropdowns for day, month and year instead.
-
1
-
-
Thanks for that Larry I had looked at the manual already but got confused by this example:
<?php // outputs the username that owns the running php/httpd process // (on a system with the "whoami" executable in the path) echo exec('whoami'); ?>Hence why I tried to just echo/assign the result of exec - all working now after a closer inspection thanks.
-
Like I said in a previous post I'm using the Zend_Lucene article from your blog to index the text I'm extracting from a number of PDFs. I've managed to get XPDF installed on my local MAMP server and can convert PDF's to text files using this line:
exec ("/Applications/MAMP/htdocs/bin/pdftotext -f 1 -l 1 " . $pdf_filename . ".pdf " . $pdf_filename . "1.txt");From the docs I've found here it says if you supply '-' as the text file name the text will be sent to STDOUT. Should this not mean I can assign that value to a variable like:
$text = exec ("/Applications/MAMP/htdocs/bin/pdftotext -f 1 -l 1 " . $pdf_filename . ".pdf -");or print it out using:
echo exec ("/Applications/MAMP/htdocs/bin/pdftotext -f 1 -l 1 " . $pdf_filename . ".pdf -");Because neither of them seem to work yet converting to a text file does? Do I need to do something else to gain access to the SDTOUT?
If you fancy writing a Linux and Apache book I'd buy it! I seem to only be half a LAMP stack developer
-
As far as I was aware it's not possible to run a FULLTEXT search across more than a single table - from PHP 6 and MySQL 5:
But a fulltext index can only be applied to a single table at a time, so more elaborate Web sites, with content stored in multiple tables, would benefit from using a more formal search enginesI'm also under the impression that using a UNION statement doesn't really work because the scores generated from one dataset cannot be compared to that from another accurately. In my opinion the two options would be either creating a non-normalised search table where you dump and index the text (and just enough to display search results) then link to the relevant page where you extract the full dataset from the source tables.
The other option would be to use Zend_Lucene to index the relevant text and then do a similar display and link process as above - Larry's recently written a great article on Zend_Lucene found here: http://www.larryullman.com/2010/10/27/creating-a-search-index-with-zend_search_lucene/
I also found this article useful: http://www.kapustabrothers.com/2008/01/26/part-ii-indexing-pdf-documents-with-zend_search_lucene/
Hope that helps
-
1
-
-
OK thanks Larry I think I'll leave them as they are for now then - did wonder if they'd be performance issues. Right now the issue appears to be extracting the text from the PDF so a good chance I'll be creating a linux install post relatively soon!
-
If 0's are getting stored it simply means that the value you tried to enter into the field did not conform to the correct format. What format are the user's entering into the expire_date field? The other issue is the format you've specified isn't what's required by the date format %Y-%m-%d.
Personally I'd use jQuery's date picker which is really user friendly - you can set this to return a UNIX timestamp. Then server side I'd do something like:
if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if (isset($_POST['exiry_date']) && is_numeric($_POST['expiry_date'])){ $timestamp = (int)$_POST['expiry_date']; if ($timstamp > 0){ $date = date('Y-m-d', $timestamp); $q = "INSERT INTO events(expire_date) VALUES ('$date')"; $r = mysqli_query($dbc, $q); } } }Hope that helps
-
1
-
-
I've just started a new project which involves collating 104 years of magazine articles currently in PDF format and making them searchable. I've extracted the content from a DVD they produce and uploaded it to my development server. There's a large number of documents (approx 44000) which need to be organised including PDFs, images, XMPs and THMs.
At the moment they are arranged as they were on the DVD in folders for the volume and sub-folders for each issue within that volume. My question is should I keep this structure or recurse through and pull all the PDF's into one directory or at least into one directory per volume? Are there any pros or cons of having them organised in either way? The file names are all unique so moving into a single directory would not overwrite any files.
PS. I'm using the Zend_Lucene article you wrote to index all the PDF's too Larry so thanks for that!!
Thanks
-
Hi David,
Initial thoughts are that 2 is definitely not the way to go not scalable and a nightmare to manipulate etc...
Personally I'd either run with your first option or I'd go down the same route wordpress do with custom fields by storing the custom fields in an array, serialising (or json encoding) the array and storing key value pairs in a separate table. I guess the deciding factor between the two techniques would be how the data needs to be interrogated.
If you're only extracting and displaying the custom fields I'd use the serialisation technique - if you need to interrogate the values of those custom fields then your first idea would be my choice.
Hope that helps
-
1
-
-
Pretty sure the issue's just that you're passing a DATETIME to the date() function rather than a Unix timestamp? Just wrap it in UNIX_TIMESTAMP(date_added) AS date. I'm guessing the example in PHP5 is a timestamp column rather than DATETIME.
-
1
-
-
You've tested without Ajax - i.e. you're allowing the page to reload? And it works the first time but not the second?
Then I'm pretty sure the reason is because although you're setting the hash property it doesn't change, it remains as #charButtons. Normally that wouldn't matter but because the content is dynamically being replaced it alters the browsers reference to that point. E.g. If you did nothing but change the background image of the page I think that would illustrate the cause of your problem. That make sense?
-
1
-
-
My first question would be what's stopping you building the whole thing in php without any JavaScript? Would be a lot cleaner.
-
1
-
-
I'm not too sure about the issues of overwriting the database connection object - I'm pretty sure best practice would only to have one rather than overwriting the connection. Certainly if in your file it re-creates the connection details as constants you'd get errors resulting from trying to redefine a constant. On most of my sites I create the database connection object on every page because seldom is there a page that doesn't require a database connection at some point. Is there anything stopping you having the database connection object created once per page in a config file? Not sure what the best answer is re including files that create a DBC multiple times
-
1
-
-
No worries - that code there is outputting the next 10 days. By increasing the number it could produce any date up to 2038 - which is the limit for UNIX timestamps (that's still true as far as I know). If you wanted to output dates in the future you might also want to check out strtotime which allows for something like:
echo date('Y-m-d', strtotime('+ one week')); -
Haha OK well if that's just a typo the only problem is that activate.php is not in your root directory - hence the 404 from the link you provided. If activate.php is in your user_reg_lu folder then you need to move it into the root OR alter the url you're directing people to from your activation email to reflect this. e.g. http s://venture-wilderness.com/user_reg_lu/activate.php?x=naught%2540bitbyteshop.net&y=201ced4781acaccf2618fe587284f93a.
-
1
-
-
Hi zabberwan,
Quickly scanning through the PHP code you posted I can't see anything wrong with it. Aside from that I'm going to have to hand over to someone else here - I haven't got a clue what these lines mean:
<user_reg_lu>
$url = BASE_URL . 'user:red_lu/';
Are you using some kind of framework? They remind me of Basic Authentication but they're obviously not that. Either way I've never seen anything like that before so afraid I can't help you. I'm still confused you posted:
Which returns a 404 which means the page doesn't exist in the root directory. Do you have activate.php in your root domain?
-
1
-
-
Still unsure as to what dates you want to output (how many? how far in the future?) but the code below is the basic principal:
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ for ($i = 1; $i < 11; $i++){ $timestamp = time() + ($i * 24 * 60 * 60); echo '<p>' . date('Y-m-d', $timestamp) . '</p>'; } } ?> <form method="post"> <input type="submit" name="submit" value="Update" /> </form>-
1
-
-
Hi DeeDee,
With regards the second part - what exactly are you trying to achieve?
The code as it stands:
<html> <head> </head> <body> <?php $submit = $_POST['submit']; if($submit){ for ($i = 40; $i < 100; $i++) { $i = time() + ($i * 24 * 60 * 60); } } echo 'Next Week: ' . date('Y-m-d', $i) . "\n"; ?> <form> <input type="submit" name="submit" value="update"/> </form> </body> </html>- You have no method set in your form tag meaning it will default to GET rather than POST
- The echo statement is outside of the loop meaning it will only echo the next week line once
- 100 * 24 * 60 * 60 will be 100 days away not next week
- You can't redefine $i inside the loop else when it executes a second time it wont have the correct value
-
1
- You have no method set in your form tag meaning it will default to GET rather than POST
-
That simply means venture-wilderness.com/activate.php doesn't exist.
- Have you actually created that page?
- Is it actually called activate.php? Not activation.php etc...
- Is it located in the root domain?
-
1
- Have you actually created that page?
-
What would be ideal would be to post a link to a live demo - so we can see the HTML, JS and Ajax calls being made - I can't imagine the backend PHP is contributing to this problem. I think for anyone to answer this will need more info re how you're setting the hash property, the HTML structure it is acting on etc... Is a live demo possible?
-
1
-
-
Hi Shivani,
Like I said in the previous post you can't substitute JavaScript for the PHP coding as you open yourself up to arbitrary input which poses the risk of security issues. When adding the JS validation to the page the underlying PHP logic should remove completely untouched. Think of it as a layer of gloss on top of your web page.
It looks like you've removed the PHP validation from your script meaning that if I turn off JS in my browser I can submit any details I want. Specifically the reason your PHP doesn't work is because you have declared all variables to FALSE on this line:
$fn = $ln = $e = $p = FALSE; $fn = FALSE; $ln = FALSE; $e = FALSE; $p = FALSE;
Not sure why you've made the same declarations twice? But then you check these to ensure they are TRUE (which they won't be) on this line:
if ($fn && $ln && $e && $p) {Just to re-iterate the key point - any client side validation should be in addition to server side validation NOT a substitute for it. Adding JS validation is there to improve the user experience and increase conversion rates - not to eliminate server side validation. Your underlying PHP logic should remain completely unchanged from the non-JS version. Hope that makes everything clear?
Just incase my comment in my previous post about reducing processing has confused you - I'll explain. If a normal user submits the page but it has an ill-formed email address the PHP form processes that form, finds errors and presents the same page back to the user - but with a JS version the page will only be submitted and processed once - hence placing less demand on your server.
-
1
-
How To Handle 2 Forms For One Action?
in PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
Posted
Semantically I suppose it really should use <fieldset> rather than <div> tags as (depending on your HTML declaration) won't validate. A fieldset works the same as a div except it's designed to group elements within a form.
Also if I were you I'd just customise the Wordpress admin pages rather than trying to re-create them.