bahaa
-
Posts
147 -
Joined
-
Last visited
Posts posted by bahaa
-
-
Hello every one,
I have a page with subjects and each subject has comments, but the page shows only few comments for each subjects and there is a link says how many comments there are for the subject and when you click on it, the page reload and shows all the comments for that subject, but it doesn't take me to that subject.
Thanks in advance
-
Performance wise I would suggest that letting MySQL do all the work would be better. Rather than letting MySQL retrieve the text and then making php act on it.
Thanks Jonathon.
You are very helpful.
Do you know if one of Larry's books cover one of these topics:
1- Creating a search engine.
2- Poll system.
3- Mailing list.
If not, I hope that Larry would consider these topics in coming edition, specially the search engine since it is a basic thing in any website.
I already bought his book PHP 5 Advanced, but I did not read it yet, so I don't know if he covers any of the above topics in the book.
-
I haven't read the links, as I too and watching the champions league final. But you can use MYSQL to pull the first x number of characters from the text. It's something like LEFT(body, 200). That might not be totally correct, but it's along those lines. Where LEFT is start of the text and body is the column and 200 is the number of characters. Hope that helps, apologies if it's been answered, I haven't had the time to read all the threads and links
Thank you.
It works 100%.
I have seen the substr before, but this one is something new to me
.Not sure which one is better from performance prospective.
-
http://www.php.net/manual/en/function.substr.php
Sorry. Got to go to the pub. Uefa Champions League Final today.
Thanks a lot, and good luck with the champions.
-
I read both your links, but some addition information about what it is, and possible some matter to discuss, would be even better.
That's all I'm saying.
I hear what you saying.
I have a question and it got nothing to do with this topic, but I don't wanna open another thread. 2 threads today are enough.
My question is how to display certain amount of text from a row.
for example: you have a row with very long text, and you only want to display some of this text and then add a link to the full details.
Do you know how to display the desired amount of text ?
-
Hello,
As Larry explained in the book, an attacker could use the session fixation technique to get control over a user's session ID, and one of the measures taking to prevent this or at least minimize it is by using the user's agent.
I am not familiar with javascript at all, so I was wondering if it is possible to get the user's screen resolution and the user's pc name with javascript and use it with php.
I think it would be more secure to check for user agent session, the screen resolution and the pc name.
-
Thanks, bahaa.
Just one thing. I don't mean to play moderator wannabe here, but as I manage a forum of my own, I recommend you to give some additional info. You should make this possible to discuss too.
Thanks Antonio,
I am still learning and was searching for tips on how to secure files upload and found the link above and thought it might be useful for the member of this forum since most of us new to the php.
-
-
-
These numbers are built in constants, and each number has it is own definition.
hopefully I answered your question.
have a look at this:
-
1
-
-
As Larry point out, why code for such an old version of PHP? It just don't make any sense.
I would check for mysqli-extension. If it does exsist, use prepared statement, otherwise, use mysql_real_escape_string and other checks.
Even if you use mysql_real_escape_string, you have to check if the magic_quotes_gpc() is on or not.
I have a hosting with godaddy and they have magic_quotes_gpc() set to on, so if I want to use mysql_real_escape_string then I would have to remove any slashes that were added by magic_quotes
If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice.
http://php.net/manual/en/function.mysql-real-escape-string.php
-
1
-
-
Is this better ?
function sanitize_values($value) {// Check of the Mysqli_real_escape_string function is available
if(function_exists("mysqli_real_escape_string")){
// If it is available, then we check if the magic quotes function is on
if(get_magic_quotes_gpc()){$value = stripslashes($value);}
// If magic quotes function is on, we remove any slashes applied by magic quotes
$value = mysqli_real_escape_string($value);
} else {
if(!get_magic_quotes_gpc()){$value = addslashes($value);}
}
return $value;
}
-
You may have already seen this page, but I found the following:
http://www.tech-evangelist.com/2007/11/05/preventing-sql-injection-attack/
Also, I find it hard to imagine a situation in which you don't know (or can't quickly determine) what version of PHP you're using, and you're concerned that the version might be so old that it does not support mysqli_real_escape_string.
Is that a legimate concern? Well, all the same, I think you're on the right track.
Edit: And one more good (and detailed) link for good measure:
http://php.net/manual/en/security.database.sql-injection.php
Well, I think it is better to take all possibilities when you develop even if you know what PHP version will be using. you might move your site from one server to another, or you are developing for some one else and he or she could move the site to another server too.
-
Well, I think Larry is the best one to answer this question, but if I recall correctly, there are three main steps to testing input data:
1) Test whether a value is even set.
2) Use regexes to ensure that the value is of the form you expect.
3) Use mysqli_real_escape_string.
Anyway, I would definitely like to hear Larry's input on this one, too.
I know that there are other steps to validate data, but this one to be used instead of only using the mysqli_real_escape_string because older version of php does not have this function and if there is a new php that has it ,then we should test to see if the magic quotes function on, and if it is on the we have to remove the slashes, so we don't have double slashes. (magic_quotes_gpc(), add_slashes, mysqli_real_escape_string are almost do the same jobe)
so basically this function first check check if there is a new version of php that have the mysqli_real_escape_string and also check for the magic quotes function.
if there is new php version then we make sure we remove slashes that were applied by magic quotes function.
if no new php installed on the server, then we test to see if the magic quotes function is on. if it is not one then we add slashes.
-
Hello,
Is this function good to use to prevent SQL injection ?
function sanitize_values($value) {
$new_php = function_exists("mysql_real_escape_string");
$magic_quotes_active = get_magic_quotes_gpc();
if($new_php){
if($magic_quotes_active){$value = stripslashes($value);}
$value = mysql_real_escape_string($value);
}else {
if(!$magic_quotes_active){$value = addslashes($value);}
}
return $value;
}
-
Thanks Larry and Hartley San
It worked fine with this '=?UTF-8?B?'.base64_encode($subject).'?='
-
Well...you can start by reading the forum guidelines. In it, I say:
PLEASE DO NOT:
- ...post messages that add nothing to the description of the problem (like just posting "Help please?" or "Anyone?").
Obviously if someone could help, they would, right? So you don't need to post a message like this. This is one of my days to answer questions and I'm hoping to find the time to do some research to find you an answer, because I don't know it offhand. In the meantime, please be patient.
sorry
It is my fault that I did not read the guideline.
-
-
This is what i get when i view the header of the received message of it helps
Subject: <D8><AA><D8><AC><D8><B1><D8><A8><D8><A9> <D8><A7><D8><B3><D8><B1><D8><A7><D9> <D8><A7><D9><D9><D9><D9>
-
Thanks Antonia and Larry, but the problem still the same.
This is what I did
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Contact Us</title>
</head>
<body>
<h1>Contact me</h1>
<?php
if(isset($_POST['submit'])){
function spam_scrubber($value){
$very_bady = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:',
'multipart-mix:','content-transfer-encoding:');
foreach($very_bady as $v) {
if(stripos($value, $v) !==false)
return '';
}// end of foreach
$value = str_replace(array("\r", "\b", "%0a", "%0d"), '', $value);
return trim($value);
}// end of spam_scubber
//$scrubbed = array_map('spam_scrubber', $_POST);
$name = spam_scrubber($_POST['name']);
$email = spam_scrubber($_POST['email']);
$to = "myemail@live.ca";
$comment = spam_scrubber($_POST['comments']);
$subject = " تجربة اسرال ايميل";
$header = "From:{$email}\r\n";
$header .= "Reply-to: {$email}\r\n";
$header .= "X-Mailer: PHP/". phpversion();
$header .= "Content-type: text/plain; charset=\"UTF-8\"\n";
if(!empty($email) && !empty($name) && !empty($comment) ) {
$body = "Name: {$name }\n\nComments: {$comment}";
$body= wordwrap($body, 70);
// send the email
mail($to, $subject, $body, $header);
// print a message
echo '<p><em>Thank you for contacting me. i will reply some day.</em></p>';
// clear $_POST[
$_POST = array();
}else {
echo '<p style="font-weight:bold; color: #c00;">Please fill out the form completely. </p>';
}
}// enf of if isset $_POST['submit
?>
<form action="contact.php?id=<?php echo base64_encode(14); ?>" method="post">
<p>Name:<input type="text" name="name"/></p>
<p>Email address: <input type="email" name="email"/></p>
<p>Comments: <textarea name="comments" rows="5" cols="30"></textarea></p>
<p><input type="submit" name="submit" value="Send"/></p>
</form>
</body>
</html>
Any suggestions?
-
Hello,
First, I would like to thank you for this useful book.
I have a problem reading the email subject in Arabic language when using the mail(). The content of the body is readable, it is only the subject.
here is what i get ุชุฌุฑุจุฉ ุงุณุฑุงู ุงูููู.
this is my code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Contact Us</title>
</head>
<body>
<h1>Contact me</h1>
<?php
if(isset($_POST['submit'])){
function spam_scrubber($value){
$very_bady = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:',
'multipart-mix:','content-transfer-encoding:');
foreach($very_bady as $v) {
if(stripos($value, $v) !==false)
return '';
}// end of foreach
$value = str_replace(array("\r", "\b", "%0a", "%0d"), '', $value);
return trim($value);
}// end of spam_scubber
//$scrubbed = array_map('spam_scrubber', $_POST);
$name = spam_scrubber($_POST['name']);
$email = spam_scrubber($_POST['email']);
$comment = spam_scrubber($_POST['comments']);
$subject = "ارسال إيميل";
if(!empty($email) && !empty($name) && !empty($comment) ) {
$body = "Name: {$name }\n\nComments: {$comment}";
$body= wordwrap($body, 70);
// send the email
mail('exmample@yahoo.com', $subject, $body, "from: {$email}");
// print a message
echo '<p><em>Thank you for contacting me. i will reply some day.</em></p>';
// clear $_POST[
$_POST = array();
}else {
echo '<p style="font-weight:bold; color: #c00;">Please fill out the form completely. </p>';
}
}// enf of if isset $_POST['submit
?>
<form action="contact.php" method="post">
<p>Name:<input type="text" name="name"/></p>
<p>Email address: <input type="email" name="email"/></p>
<p>Comments: <textarea name="comments" rows="5" cols="30"></textarea></p>
<p><input type="submit" name="submit" value="Send"/></p>
</form>
</body>
</html>
Any One Knows How To Use The Name Anchor With Dynamic Url?
in PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
Posted
What exactly I want to do is like this
http://www.larryullman.com/forums/index.php?/topic/294-any-one-knows-how-to-use-the-name-anchor-with-dynamic-url/page__view__findpost__p__1587
when you click on the link, the page loads and then it takes you directly to the post you want.