Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
The *proper* way to handle this would be to individually urlencode()
each variable, then use htmlspecialchars() (or htmlentities()) on the
entire URL. (example below). Given that, most people don't bother with
the htmlspecialchars step.
$sURL = $_SERVER['PHP_SELF'].'?familia03=' . urlencode($row['familia']) . 'cat02=' .
urlencode($cat02).'cat03='.urlencode($cat03).'cat04='.urlencode($cuadro04);
$sURL = htmlspecialchars($sURL);
http://www.php.net/urlencode
http://www.php.net/htmlspecialchars
Chris
Ardilla Roja wrote:
Hi,
I'm working in a database of products. Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use example:
(This is the way the data is stored in de DB)
Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12
I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):
- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322
but the first broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.
I'd tried addslashes, but I think isn't what I need. I tried also
replacing the with ' in my PHP code, but it didn't work.
Any advice would be apreciated.
PS- Sorry for my english, but isn't my natural language.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
Another method could be the base64_encode(),base64_decode().
Something like this :
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.base64_encode($row['familia']).cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
Hope it helps,
capi
On Wed, 2005-05-04 at 20:05 -0700, Ardilla Roja wrote:
Hi,
I'm working in a database of products. Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use example:
(This is the way the data is stored in de DB)
Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12
I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):
- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322
but the first broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.
I'd tried addslashes, but I think isn't what I need. I tried also
replacing the with ' in my PHP code, but it didn't work.
Any advice would be apreciated.
PS- Sorry for my english, but isn't my natural language.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Looking for help.
O'Reilly has several good books available as well as about a ton of on-line articles (OnLamp.com) by folks like John Coggeshall that were a big help as I got started. Also Wiley press has one of those '15 hour crash course' books on Apache, MySQL, and PHP. The PHP manual is a pretty good place to get some great info - the on-line version includes user discussions at the end of each method which can be a huge help. PHP is a very popular language so there are a lot of tutorial and script sites available (As Obi Wan used to say Use the Google Luke). Finally, this mailing list is a huge help when you have specific questions (and is kind to noobs like me - many thanks). As an aside, for me the hardest part of getting started was figuring out what question to ask and where to ask it. A problem I ascribed to my understanding of PHP often turns out to be my lack of HTML expertise so the right place to ask is an HTML forum rather than one targeted at PHP or what looks like a MySQL issue is really a php code problem (query doesn't execute because the php code is written wrong). Most often, I find kind people in whatever forum either answering the question or pointing me in the right direction. HTH Doug -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 12:31 PM To: php-db@lists.php.net Subject: Looking for help. I need help. I am building a database for a collaborative non-profit organization. Originally it was scheduled to be done in MS Access, which I know fairly well. but the problem is they want it hosted on a freeDBS server and they do not have the ability to use an access database, nor are they willing to make the changes. So to make a long story short, I am now learning mysql and php. I has been a slow and often aggravating process, but we are starting to make some progress. But I need to learn more. Can anyone suggest a really good book, or possibly some tutorial classes I can on line that I can use to learn more about these programs. Thanks John ___ This e-mail message has been sent by Kollsman, Inc. and is for the use of the intended recipients only. The message may contain privileged or confidential information. If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Transfering post data to a series of pages.
After looking at what I wanted to do I see no good reason I can't do most of what we needed with function calls. The others can be handled with plugging more data into my session array. Somehow I thought this was a poor way of coding (I don't know why). Thank you everyone for your advice! - Matthew -Original Message- From: Brad Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 12:21 PM To: php-db@lists.php.net Subject: Re: [PHP-DB] Transfering post data to a series of pages. You may also consider using sessions to store form data.. this allows for actual user interaction with the data, back/forward etc... as well as tracking and other stuff.. you really should only have Page1.php, and use a logic object to parse the data from there.. IMHO, of course. :) [EMAIL PROTECTED] wrote: Perry, Matthew (Fire Marshal's Office) wrote: Is there a way to transfer post data to a series of PHP pages? For example, lets say I have the following 4 pages: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page does another thing with the post data Page4.php - this page shows the results of everything I have done Right now I am using the header: ?header(Location: page3.php);? The problem is, the following works: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page shows the results of everything I have done But when I try to add the second transfer the data is lost: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page does another thing with the post data Page4.php - Only the results from Page2.php are shown ASP does this with %Server.Transfer (transferpage1.asp)% Is there a counterpart with PHP? - Matthew Martin Norland wrote: include() :P seriously though, Page1.php and Page4.php are the only two pages that should exist, if any. Page2 and Page3 should pretty much guaranteed be turned into function calls or classes and called from Page4.php. You don't need to separate logic and display in separate scripts that you push everything at, just separate your logic out into function calls. What Martin suggests makes a lot of sense. Can you say something about why you have the site design the way that you do? David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Drop Down Menus
hey guys i wrote this code from another code of zend.php
Can anyone tell me how do i update the value of second menu and third one?
can i do that without javascript?
?php
session_start();
header(Cache-control: private);
$link = mysql_connect(localhost, chintan,hellomysql)
or die(Could not connect);
mysql_select_db(chintan) or die(Could not select database);
$XX = No data availabe!;
echo form name=HingeType action=$PHP_SELF method=POST;
$_SESSION['ItemType'] = $_REQUEST['ItemType'];
echo select name=ItemType tabindex=1;
$aku = mysql_query(SELECT ItemType FROM Products WHERE
ItemName='Hinges' group by ItemType);
while ($row = mysql_fetch_array($aku))
{
$colom_name=$row[ItemType];
echo option value=$colom_name$colom_name/option;
}
if ($colom_name=)
{
print ($XX);
}
echo /select;?
input type=Submit value=Update onclick=Call Test_Click()br
?php
echo $_SESSION['ItemType'];
$_SESSION['Thickness'] = $_REQUEST['Thickness'];
echo select name=Thickness tabindex=2\n;
$ak = mysql_query(SELECT Thickness FROM Products WHERE
ItemName='Hinges' and ItemType='$_SESSION[ItemType]'
group by Thickness);
while ($row = mysql_fetch_array($ak))
{
$colom_name2=$row[Thickness];
echo option value=$colom_name2$colom_name2/option\n;
}
if ($colom_name2=)
{
print ($XX);
}
echo /select;
echo input type=submit value='Update'br;
echo $_SESSION['Thickness'];
$_SESSION['SizeinMM'] = $_REQUEST['SizeinMM'];
echo select name=SizeinMM tabindex=3\n;
$ak = mysql_query(SELECT SizeinMM FROM Products WHERE ItemName='Hinges'
and ItemType='$_SESSION[ItemType]'
and Thickness='$_SESSION[Thickness]');
while ($row = mysql_fetch_array($ak))
{
$colom_name3=$row[SizeinMM];
echo option value=$colom_name3$colom_name3/option\n;
}
if ($colom_name3=)
{
print ($XX);
}
echo /select\n;
echo input type=submit value='Update'br\n;
echo $_SESSION['SizeinMM'];
echo /form;
$ak = mysql_query(SELECT Rates,Ratesforsspin FROM Products WHERE
ItemName='Hinges'
and ItemType='$_SESSION[ItemType]' and Thickness='$_SESSION[Thickness]'
and SizeinMM='$_SESSION[SizeinMM]');
while ($row = mysql_fetch_array($ak))
{
$colom_name4=$row[Rates];
$colom_name5=$row[Ratesforsspin];
}
echo brbRates for M.S.Pin:/b\t$colom_name4br;
echo bRates for S.S.Pin:/b\t$colom_name5br;
?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
convert them to ascii characters, then you don't have the issue
bastien
From: Ardilla Roja [EMAIL PROTECTED]
Reply-To: Ardilla Roja [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
Date: Wed, 4 May 2005 20:05:51 -0700
Hi,
I'm working in a database of products. Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use example:
(This is the way the data is stored in de DB)
Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12
I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):
- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322
but the first broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.
I'd tried addslashes, but I think isn't what I need. I tried also
replacing the with ' in my PHP code, but it didn't work.
Any advice would be apreciated.
PS- Sorry for my english, but isn't my natural language.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Transfering post data to a series of pages.
depending on what you want to do, here is an example of using functions in one page to make things happen http://www.weberdev.com/get_example-4085.html bastien From: Perry, Matthew (Fire Marshal's Office) [EMAIL PROTECTED] To: php-db@lists.php.net Subject: RE: [PHP-DB] Transfering post data to a series of pages. Date: Thu, 5 May 2005 07:07:06 -0500 After looking at what I wanted to do I see no good reason I can't do most of what we needed with function calls. The others can be handled with plugging more data into my session array. Somehow I thought this was a poor way of coding (I don't know why). Thank you everyone for your advice! - Matthew -Original Message- From: Brad Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 12:21 PM To: php-db@lists.php.net Subject: Re: [PHP-DB] Transfering post data to a series of pages. You may also consider using sessions to store form data.. this allows for actual user interaction with the data, back/forward etc... as well as tracking and other stuff.. you really should only have Page1.php, and use a logic object to parse the data from there.. IMHO, of course. :) [EMAIL PROTECTED] wrote: Perry, Matthew (Fire Marshal's Office) wrote: Is there a way to transfer post data to a series of PHP pages? For example, lets say I have the following 4 pages: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page does another thing with the post data Page4.php - this page shows the results of everything I have done Right now I am using the header: ?header(Location: page3.php);? The problem is, the following works: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page shows the results of everything I have done But when I try to add the second transfer the data is lost: Page1.php - this page has my original post form Page2.php - this page does one thing with the post data Page3.php - this page does another thing with the post data Page4.php - Only the results from Page2.php are shown ASP does this with %Server.Transfer (transferpage1.asp)% Is there a counterpart with PHP? - Matthew Martin Norland wrote: include() :P seriously though, Page1.php and Page4.php are the only two pages that should exist, if any. Page2 and Page3 should pretty much guaranteed be turned into function calls or classes and called from Page4.php. You don't need to separate logic and display in separate scripts that you push everything at, just separate your logic out into function calls. What Martin suggests makes a lot of sense. Can you say something about why you have the site design the way that you do? David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem Using Sessions. .. .
Shawn Singh wrote:
that was very helpful...Thank you. One question I have is that I want
to ensure that my admin page cannot get accessed unless a variable
that was registered upon a successful login has been passed into the
session...what can I do to ensure this?
There are several ways to do this. The simplest way is to authenticate
once and store a authentication flag in the session. You can set this
authentication flag to true if the log-in was sucesfull.
On the administration page, you an just access the flag to see if the
user is permitted (i.e. logged on). You can do this using the $_SESSION
super global, something like this:
(pseudo php code)
login.php
...
if ( authentication sucessfull ) /* username/password matched*/
{
$_SESSION['auth'] = true;
// redirect to admin page
}
else
{
Display login page with error.
}
...
admin.php
...
if ( $_SESSION['auth'] )
{
Show administration page.
}
else
{
Display login page with error.
}
...
-
NB: Make sure you use Header() redirects BEFORE your scripts prints
anything. Otherwise you'll keep getting the warning/error Warning:
Cannot modify header information ...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Drop Down Menus
to do it without js, you'll need to roundtrip it to the server, check for
the values that you have and run a query to generate the next set of items
for the drop down. And do this for each time that you need a menu generated.
Bastien
From: chintan [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] Drop Down Menus
Date: Thu, 05 May 2005 18:05:32 +0530
hey guys i wrote this code from another code of zend.php
Can anyone tell me how do i update the value of second menu and third one?
can i do that without javascript?
?php
session_start();
header(Cache-control: private);
$link = mysql_connect(localhost, chintan,hellomysql)
or die(Could not connect);
mysql_select_db(chintan) or die(Could not select database);
$XX = No data availabe!;
echo form name=HingeType action=$PHP_SELF method=POST;
$_SESSION['ItemType'] = $_REQUEST['ItemType'];
echo select name=ItemType tabindex=1;
$aku = mysql_query(SELECT ItemType FROM Products WHERE ItemName='Hinges'
group by ItemType);
while ($row = mysql_fetch_array($aku))
{
$colom_name=$row[ItemType];
echo option value=$colom_name$colom_name/option;
}
if ($colom_name=)
{
print ($XX);
}
echo /select;?
input type=Submit value=Update onclick=Call Test_Click()br
?php
echo $_SESSION['ItemType'];
$_SESSION['Thickness'] = $_REQUEST['Thickness'];
echo select name=Thickness tabindex=2\n;
$ak = mysql_query(SELECT Thickness FROM Products WHERE ItemName='Hinges'
and ItemType='$_SESSION[ItemType]'
group by Thickness);
while ($row = mysql_fetch_array($ak))
{
$colom_name2=$row[Thickness];
echo option value=$colom_name2$colom_name2/option\n;
}
if ($colom_name2=)
{
print ($XX);
}
echo /select;
echo input type=submit value='Update'br;
echo $_SESSION['Thickness'];
$_SESSION['SizeinMM'] = $_REQUEST['SizeinMM'];
echo select name=SizeinMM tabindex=3\n;
$ak = mysql_query(SELECT SizeinMM FROM Products WHERE ItemName='Hinges'
and ItemType='$_SESSION[ItemType]'
and Thickness='$_SESSION[Thickness]');
while ($row = mysql_fetch_array($ak))
{
$colom_name3=$row[SizeinMM];
echo option value=$colom_name3$colom_name3/option\n;
}
if ($colom_name3=)
{
print ($XX);
}
echo /select\n;
echo input type=submit value='Update'br\n;
echo $_SESSION['SizeinMM'];
echo /form;
$ak = mysql_query(SELECT Rates,Ratesforsspin FROM Products WHERE
ItemName='Hinges'
and ItemType='$_SESSION[ItemType]' and Thickness='$_SESSION[Thickness]' and
SizeinMM='$_SESSION[SizeinMM]');
while ($row = mysql_fetch_array($ak))
{
$colom_name4=$row[Rates];
$colom_name5=$row[Ratesforsspin];
}
echo brbRates for M.S.Pin:/b\t$colom_name4br;
echo bRates for S.S.Pin:/b\t$colom_name5br;
?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
