On Tue, April 24, 2007 3:40 pm, H.T wrote:
> I wrote this piece of code to use for Google searching using daterange
> directive. it works ok on local host running IIS and PHP 5.1.2 but
> when i
> test it on my host running php 4.4.4 on linux, $julian_days_from and
> $julian_days_to variables don't get assigned any values and therefor
> they
> remain empty!
Wild Guess:
You don't have the JD/Gregorian functions installed, and your
error_reporting is such that you don't even see the error message
about the functions not existing.
> What is wrong with this code?
>
> Here is the code:
>
> <?php
>
> if ($_POST){
This seems like an odd test to me...
$_POST is an array.
When will an array return "true"?
I dunno...
Hopefully it's a documented feature that hasn't changed, and even if
the very first element of $_POST is:
$_POST[0] = 0;
this test will do what you expect...
I just wouldn't bet the bank on it, personally...
> if (empty($_POST['from'])){
> $error[]='Please enter From date.';
> }
> else{
> $from=explode('-',$_POST['from']);
Okay, you're ASSUMING that POST is valid date format, and not some
whack XSS thingie.
First Big Mistake.
It's particularly egregious, since you almost for sure have a very
specific date format here of YYYY-MM-DD or whatever.
Test for that format, and kick out an "invalid From date" with
$error[] if it's not kosher input.
> $julian_days_from = gregoriantojd($from[1],$from[0],$from[2]);
> }
> if (empty($_POST['to'])){
> $error[]='Please enter To date.';
> }
>
> else {
> $to=explode('-',$_POST['to']);
> $julian_days_to = gregoriantojd($to[1],$to[0],$to[2]);
> }
> if ($julian_days_from>$julian_days_to){
> $error[]='From date can not be greater than To date!';
> }
> if (empty($_POST['search'])){
> $error[]='Please enter your search term.';
> }
> if (!isset($error)){
> $search_ready=explode(' ',$_POST['search']);
> foreach($search_ready as $search_ready_val){
> $search_term=$search_term.'+'.$search_ready_val;
> }
> switch($_POST['search_in']){
> case ('web'):
The parens here are kinda silly, at best...
case 'web':
>
> $query='http://www.google.com/search?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case
> ('images'):
Here you are pretty much allowing a XSS attack on not only your own
computer, but also blindly shoving potentially ikcy stuff Google's
way...
Not the best way to make friends with Google folks.
$_POST['language'] is probably supposed to be one of < 100 possible
inputs. Check that it *IS* one of those inputs.
$query='http://images.google.com/images?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case
> ('video'):
> $query='http://video.google.com/videosearch?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case
> ('book'):
> $query='http://books.google.com/books?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;default:}
> //header("Location:".$query);}}?><html><head><meta
Hopefully this HTML came from a nicer-formatted source and is
automatically crammed in here like this...
If not, it's pretty icky, imho, to just have it that badly-formatted...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
