Jump to content
Forums are read-only ×
Larry Ullman's Book Forums

bahaa

Members
 View Profile  See their activity

  • Posts

    147

  • Joined

  • Last visited

 Content Type 

Everything posted by bahaa

  1. bahaa
    What exactly I want to do is like this http://www.larryullman.com/forums/index.php?/topic/294-any-one-knows-how-to-use-the-name-anchor-with-dynamic-url/page__view__findpost__p__1587 when you click on the link, the page loads and then it takes you directly to the post you want.
  2. bahaa
    Hello every one, I have a page with subjects and each subject has comments, but the page shows only few comments for each subjects and there is a link says how many comments there are for the subject and when you click on it, the page reload and shows all the comments for that subject, but it doesn't take me to that subject. Thanks in advance
  3. bahaa
    Thanks Jonathon. You are very helpful. Do you know if one of Larry's books cover one of these topics: 1- Creating a search engine. 2- Poll system. 3- Mailing list. If not, I hope that Larry would consider these topics in coming edition, specially the search engine since it is a basic thing in any website. I already bought his book PHP 5 Advanced, but I did not read it yet, so I don't know if he covers any of the above topics in the book.
  4. bahaa
    Thank you. It works 100%. I have seen the substr before, but this one is something new to me . Not sure which one is better from performance prospective.
  5. bahaa
    Thanks a lot, and good luck with the champions.
  6. bahaa
    I hear what you saying. I have a question and it got nothing to do with this topic, but I don't wanna open another thread. 2 threads today are enough. My question is how to display certain amount of text from a row. for example: you have a row with very long text, and you only want to display some of this text and then add a link to the full details. Do you know how to display the desired amount of text ?
  7. bahaa
    Hello, As Larry explained in the book, an attacker could use the session fixation technique to get control over a user's session ID, and one of the measures taking to prevent this or at least minimize it is by using the user's agent. I am not familiar with javascript at all, so I was wondering if it is possible to get the user's screen resolution and the user's pc name with javascript and use it with php. I think it would be more secure to check for user agent session, the screen resolution and the pc name.
  8. bahaa
    Thanks Antonio, I am still learning and was searching for tips on how to secure files upload and found the link above and thought it might be useful for the member of this forum since most of us new to the php.
  9. bahaa
    another link http://www.acunetix.com/websitesecurity/upload-forms-threat.htm
  10. bahaa
    http://www.scanit.be/uploads/php-file-upload.pdf
  11. bahaa
    These numbers are built in constants, and each number has it is own definition. hopefully I answered your question. have a look at this: http://php.net/manual/en/features.file-upload.errors.php
  12. bahaa
    Even if you use mysql_real_escape_string, you have to check if the magic_quotes_gpc() is on or not. I have a hosting with godaddy and they have magic_quotes_gpc() set to on, so if I want to use mysql_real_escape_string then I would have to remove any slashes that were added by magic_quotes If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice. http://php.net/manual/en/function.mysql-real-escape-string.php
  13. bahaa
    Is this better ?
  14. bahaa
    Well, I think it is better to take all possibilities when you develop even if you know what PHP version will be using. you might move your site from one server to another, or you are developing for some one else and he or she could move the site to another server too.
  15. bahaa
    I know that there are other steps to validate data, but this one to be used instead of only using the mysqli_real_escape_string because older version of php does not have this function and if there is a new php that has it ,then we should test to see if the magic quotes function on, and if it is on the we have to remove the slashes, so we don't have double slashes. (magic_quotes_gpc(), add_slashes, mysqli_real_escape_string are almost do the same jobe) so basically this function first check check if there is a new version of php that have the mysqli_real_escape_string and also check for the magic quotes function. if there is new php version then we make sure we remove slashes that were applied by magic quotes function. if no new php installed on the server, then we test to see if the magic quotes function is on. if it is not one then we add slashes.
  16. bahaa
    Hello, Is this function good to use to prevent SQL injection ? function sanitize_values($value) { $new_php = function_exists("mysql_real_escape_string"); $magic_quotes_active = get_magic_quotes_gpc(); if($new_php){ if($magic_quotes_active){$value = stripslashes($value);} $value = mysql_real_escape_string($value); }else { if(!$magic_quotes_active){$value = addslashes($value);} } return $value; }
  17. bahaa
    Thanks Larry and Hartley San It worked fine with this '=?UTF-8?B?'.base64_encode($subject).'?='
  18. bahaa
    sorry It is my fault that I did not read the guideline.
  19. bahaa
    any help?
  20. bahaa
    This is what i get when i view the header of the received message of it helps Subject: <D8><AA><D8><AC><D8><B1><D8><A8><D8><A9> <D8><A7><D8><B3><D8><B1><D8><A7><D9> <D8><A7><D9><D9><D9><D9>
  21. bahaa
    Thanks Antonia and Larry, but the problem still the same. This is what I did <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Contact Us</title> </head> <body> <h1>Contact me</h1> <?php if(isset($_POST['submit'])){ function spam_scrubber($value){ $very_bady = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mix:','content-transfer-encoding:'); foreach($very_bady as $v) { if(stripos($value, $v) !==false) return ''; }// end of foreach $value = str_replace(array("\r", "\b", "%0a", "%0d"), '', $value); return trim($value); }// end of spam_scubber //$scrubbed = array_map('spam_scrubber', $_POST); $name = spam_scrubber($_POST['name']); $email = spam_scrubber($_POST['email']); $to = "myemail@live.ca"; $comment = spam_scrubber($_POST['comments']); $subject = " تجربة اسرال ايميل"; $header = "From:{$email}\r\n"; $header .= "Reply-to: {$email}\r\n"; $header .= "X-Mailer: PHP/". phpversion(); $header .= "Content-type: text/plain; charset=\"UTF-8\"\n"; if(!empty($email) && !empty($name) && !empty($comment) ) { $body = "Name: {$name }\n\nComments: {$comment}"; $body= wordwrap($body, 70); // send the email mail($to, $subject, $body, $header); // print a message echo '<p><em>Thank you for contacting me. i will reply some day.</em></p>'; // clear $_POST[ $_POST = array(); }else { echo '<p style="font-weight:bold; color: #c00;">Please fill out the form completely. </p>'; } }// enf of if isset $_POST['submit ?> <form action="contact.php?id=<?php echo base64_encode(14); ?>" method="post"> <p>Name:<input type="text" name="name"/></p> <p>Email address: <input type="email" name="email"/></p> <p>Comments: <textarea name="comments" rows="5" cols="30"></textarea></p> <p><input type="submit" name="submit" value="Send"/></p> </form> </body> </html> Any suggestions?
  22. bahaa
    Hello, First, I would like to thank you for this useful book. I have a problem reading the email subject in Arabic language when using the mail(). The content of the body is readable, it is only the subject. here is what i get ุชุฌุฑุจุฉ ุงุณุฑุงู ุงูููู. this is my code <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Contact Us</title> </head> <body> <h1>Contact me</h1> <?php if(isset($_POST['submit'])){ function spam_scrubber($value){ $very_bady = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mix:','content-transfer-encoding:'); foreach($very_bady as $v) { if(stripos($value, $v) !==false) return ''; }// end of foreach $value = str_replace(array("\r", "\b", "%0a", "%0d"), '', $value); return trim($value); }// end of spam_scubber //$scrubbed = array_map('spam_scrubber', $_POST); $name = spam_scrubber($_POST['name']); $email = spam_scrubber($_POST['email']); $comment = spam_scrubber($_POST['comments']); $subject = "ارسال إيميل"; if(!empty($email) && !empty($name) && !empty($comment) ) { $body = "Name: {$name }\n\nComments: {$comment}"; $body= wordwrap($body, 70); // send the email mail('exmample@yahoo.com', $subject, $body, "from: {$email}"); // print a message echo '<p><em>Thank you for contacting me. i will reply some day.</em></p>'; // clear $_POST[ $_POST = array(); }else { echo '<p style="font-weight:bold; color: #c00;">Please fill out the form completely. </p>'; } }// enf of if isset $_POST['submit ?> <form action="contact.php" method="post"> <p>Name:<input type="text" name="name"/></p> <p>Email address: <input type="email" name="email"/></p> <p>Comments: <textarea name="comments" rows="5" cols="30"></textarea></p> <p><input type="submit" name="submit" value="Send"/></p> </form> </body> </html>
×
×
  • Create New...