[PHP] expression engine
hi i am from auckland new zealand, has anyone worked on expression engine cms please advice thanks
[PHP] mod rewrite
hi i am using a cms which requires mod_rewrite to be enabled for seo urls in the wamp that i use in my local machine in the httpd.conf file i have this line and removed the comment LoadModule rewrite_module modules/mod_rewrite.so when i view the phpinfo i can see that mod_rewrite is on in the Loaded Modules i am guessing that my hosting might not allow to edit the httpd.conf file so i tried adding the following to the .htaccess which is in the root directory Options +FollowSymLinks RewriteEngine On RewriteBase / and uploaded the .htaccess file and when i viewed the phpinfo i do not see mod_rewrite for my webserver also on my server i would be installing the cms in a separate folder after the root directory, so i guess the .htaccess file should be Options +FollowSymLinks RewriteEngine On RewriteBase /foldername how do i go about enabling mod_rewrite in the .htaccess file as i might not be able to edit httpd.conf please advice. thanks
[PHP] not able to use mysql server
hi i am using windows vista and installed wamp server, initially i installed wamp and accessed phpmyadmin and while setting a password for the root i did a mistake and could not access phpmyadmin and also renamed some php files so i uninstalled wamp server and re installed now the problem i am facing is when i click on mysql.exe located at D:\wamp\bin\mysql\mysql5.1.36\bin i am getting the following error error 2003 cant connect to Mysql server on localhost 10061 in config.inc.php located at d:\wamp\apps\phpmyadmin3.2.0.1 i have the following $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['port'] = '3306'; $cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'root'; $cfg['Servers'][$i]['AllowNoPassword'] = true; along with others. when i type http://localhost i am able to see the welcome screen of wamp and can click on phpinfo but when i click on phpmyadmin it takes a while to load and a blank screen appears also i have stopped all services and restarted all services from the wampserver icon in the system tray, normally the colors change from red to yellow to white, the color is at yellow and does not change to white how do i solve the error error 2003 cant connect to Mysql server on localhost 10061 so that i can use phpmyadmin please advice. thanks.
[PHP] 404 page
hi 1. i have a .htaccess file in my root directory on unix hosting following is the code in .htaccess file ErrorDocument 404 /filenotfound.html the file filenotfound.html is also in the root directory as the htaccess file when i intentionally type a wrong url either if a misspell a file ex= http://domainname.com/filenam.html or a folder ex = http://domainname.com/100 to test if this is working filenotfound.html is not being called any reason why this is happening also the same thing with wamp on my local computer, i have a htaccess and also the filenotfound in d:/wamp/www however when i misspell the ulr of my localhost, i have noticed in the status bar that the page is being redirected to http://linkhelp.clients.google.com and i get a 404 from this website, how can i change this redirection 2. how do i access the php.ini and httpd.conf file from my cpanel, do i need to ask my hosting provider to make any changes or can i make these changes myself 3. after downloading putty and if i have wamp in d:/wamp/www how do i access mysql from the command prompt using putty on my local machine please advice thanks.
[PHP] uninstalling wamp
hi after installing wamp when i accessed phpmyadmin i got an error about root having no password, i have tried various steps but could not get to use phpmyadmin, so i uninstalled and reinstalled wamp, i deleted the old wamp folder when i access phpmyadmin i get the same error message i read that there are some files of wamp that need to be deleted from the registery of windows, i am not very sure about regsitry as it is a bit risky thing can anyone advice how i can remove any unwanted wamp files and install wamp so that i can access phpmyadmin page thanks
[PHP] sending email with php
?php
$headers = Content-type: text/html; charset=iso-8859-1;
$to=myemailaddress;
$subject=Email Newsletter;
$message = '!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
titleEmail Newsletter/title
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
meta name=robots content=noindex, nofollow /
link rel=stylesheet type=text/css href=style.css /
/head
body
div id=wrapper
div id=topmenu
/div
div id=content
div class=leftcolumn
/div
div class=rightcolumn
/div
/div
div id=footer
/div
/div
/body
/html';
if(! mail($to, $subject, $message, $headers)){
echo There was an error is sending the email;
}
else{
echo The email has been sent;
}
?
hi
my question is about send an email with php like a newsletter, when we read
a newsletter email its similar to a webpage which contains content, images,
css and other elements
i created a static webpage initially with html css and images folder after
creating the page i wanted to test to see how it would look if i were to
send this as an email like a newsletter.
so i have created a php file with
$headers = Content-type: text/html; charset=iso-8859-1;
$to=myemailaddress;
$subject=Email Newsletter;
and
$message as mentioned above has the entire html code as i used it in my
static html page
i also copied the style.css in the server and created images folder and
copied all the images i used in my static page to the server.
i created a separate folder in my webserver called newsletter and copied the
php file, css file and images folder with the images i used
when i accessed the index.php as http://website.com/emailnewsletter i am
getting a message that The email has been sent and i am getting the email
however my question is when i open this email the styles and images are not
being applied and i see only the text in the static page i created.
can someone let me know how i can fix this so that when i open the email it
would look like the static page i created with all the styles applies and
images displayed
is this only possible by using specialized email softwares or can it be done
by php as well with the logic used.
any help will be appreciated.
thanks
[PHP] question about smarty
i am using smarty template engine at work place, following is the situation
i already have 1 template that has already been created example =
http://localhost/sites/template1.com this works fine
following is the folder structure i have for smarty on xampp
1. C:\xampp\htdocs\sites\template1.com where i have .htaccess index.php and
siteconf.php
2. C:\xampp\htdocs\sites\_templates\templates\template1
in the siteconf.php file there are all the major variables defined which are
accessed in other tpl file of the templates example in aboutus page,
contactus page etc of this template1
now i have created another template called template2 and this also has the
same structure
1. C:\xampp\htdocs\sites\template2.com where i have .htaccess index.php and
siteconf.php
2. C:\xampp\htdocs\sites\_templates\templates\template2
my question is the look and feel when i access
http://localhost/sites/template1.com and
http://localhost/sites/template2.com
is the same the only thing that needs to be done is for template2 when i
access http://localhost/sites/template2.com ONLY the header image should be
different compared to the header i have for
http://localhost/sites/template1.com this is the only change i need
i am not aware as to the php code i need to write so that when i access
http://localhost/sites/template2.com the header image changes and this new
header image remains for the entire pages of
http://localhost/sites/template2.com
presently in header.tpl of template1 is written as follows
{if strpos($Data.KEYWORD,rv rental) === false}
div class=header
style=background:url(images/header_{$siteData.COUNTRY3}.gif) no-repeat top
left;
{else}
div class=header
style=background:url(images/header_{$siteData.COUNTRY3}_rv.gif) no-repeat
top left;
{/if}
/div
so i need to chane the {if} {else} where i need to mention that if i am
accessing http://localhost/sites/template2.com then the header image should
be different.
any help will be greatly appreciated.
please advice.
thanks.
[PHP] unsubscring from the list
hi i would like to unsubscribe from this php list as i keep getting too many emails. how do i unsubscribe. also later on if i would like to ask a question about php if i unsubscribe will i be able to send a message and only receive replies to my question. please advice. thanks.
[PHP] question about google maps
hi how do i go about displaying an address which appears on google maps for a business on a web page. what are the steps. if some one knows about this please let me know. thanks
[PHP] question about using sql server with php
i have a question about how to use sql database with php instead of using my
sql database
when i use my sql database the php code to connect to the my sql database is
=
$conn = mysql_connect($hostname, $user, $password);
if(!$conn)
{
echo Unable to connect to Database;
}
else
{
mysql_select_db($database, $conn);
$query = mysql_query($selectquery);
mysql_close($conn);
}
if i have to connect to a sql databse instead of my sql database as some
companies use sql database, how can i change the php code to connect, run a
query and close connection to the sql database.
apart from changing the code to connect to sql database is there something
else i need to do.
please advice.
thanks
[PHP] questions about using include() in php
i am doing seo for a website and this website uses a lot of php for which i need suggestions. this is how the website is set up. in the index.php file there is a flash banner at the top of the page and the center part is another file which is called using include(links.php) and the bottom part using include(footer.php) the footer has links such as = webdevelopment software development ... each of this has a query string= http://website.com/index.php?page=webdevelopmentand http://website.com/index.php?page=software ... etc this way every link in the website is calling index.php and a query string is being passed and the index.php looks for the name ex=webdevelopment and loads that particular page in the center section of the website. the main purpose of doing this was to load the flash file only 1 time and the rest of the time when the links from the footer are clicked only the center part changes and the flash file does not have to reload. due to this the entire website is having only 1 page index.php therefore using 1 title tag 1 meta description and 1 meta keywords tag as the values of title and meta tags are being displayed from index.php however from a seo and sem perspective ideally there should be different file name which means i can optimize the title and meta tags for individual files. please advice a best solution to get around this as i would like to have different title and meta tag for individual pages like webdevelopment.php software.php etc which i am presently not able to due to include() any help will be greatly appreciated. thanks.
[PHP] accessing variable value
i need help with accessing the value of a variable from a different page.
i have an index.php file which has 2 files included to display header and
footer and the center portion changes based on the link clicked on the
footer.
header.php
?php
echo h2 Text from header.php file /h2;
?
footer.php
?php
$title=Title of Footer Page;
?
a href=index.php?page=webWeb Development/a | a
href=index.php?page=softwareSoftware /a
index.php
?php
$pagename=$_GET[page];
$title=Index page of Company name;
?
html
head
title?php echo $title; ? /title
meta name=keywords content=?php echo $keyword; ?
meta name=description content=?php echo $pagedescription; ?
/head
body
?php include(header.php); ? p /p
centerThis is the text in the center/center p /p
?php
if($pagename==web)
{
include(web.php);
}
if($pagename==software)
{
include(software.php);
}
?
?php include(footer.php); ?
/body
/html
whenever i click the links for Web Development or Software which appears
from the footer a query string is passed to index.php I am able to display
the content of web.php and software.php using the if() condition and
include()
what i need to display is a different title for web.php and software.php
when a user clicks Web Development along with the content i want the title
of the page to change for SEO purpose. i have defined $title differently in
web.php and software.php however presently the title being displayed for
index.php when a user clicks web.php and software.php the title is the same
Index page of Company name as this is defined in index.php and my title
tag is written as
title?php echo $title; ? /title however the title tag remains the same
whether i click web development or software link. how change i change the
code to display different titles.
i am doing this for SEO purpose so that different pages have different
titles and meta tags.
actually there can be indivdual files with links to individual pages however
the people i am dealing with who developed the website want the header and
footer to remain so that a flash file does not have to load each time an
indivdual link is clicked.
please advice.
thanks
[PHP] implementing a website search feature using php
i want to implement a feature where a user searches with a keyword and search results are displayed according to the keyword or phrase entered by the user. following are the steps i want to follow. please advice if i am missing out any steps or i can add any step. 1. read the keyword entered by user using $search = $_POST[searchkeyword]; 2. read all the files from the root directory into a variable (as all files will be saved in the root directory) 3. from step 2 filter and read only files with html and php extensions into a variable 4. read the entire contents of all html and php files into a variable 5. compare $search with all the individual html and php file contents from step 4 6. if a match is found with either html or php file then display a brief title and brief description which will be a link to the actual file which has the keyword. 7. display search results in a serial order as 1. Brief Title of the page 2. Brief Title of the page ... 8. at the bottom of the page based on the total number of results found from step 6 i would like to provide a link to page 1 page 2 page3 ... (i can decide to display only 10 results per page) please advice. any help will be greatly appreciated. thanks.
[PHP] string comparison
hi i am writing a small application where a user enters a phrase in the textfield and i would like to display all the files present in the root directory which consists of the keyword or keywords entered by the user. i have used a few comparison functions but i am not getting the expected result. $my_file = file_get_contents(filename.html); what ever the user enters whether it is a single word or few words i would like to compare with $my_file in a case insensitive manner. can anyone suggest the best method and how to go about. thanks.
[PHP] question about session variables
i have a registration page called register.php if the data entered is
validated correctly i call a file called thankyou.php or else validate.php
presently a user after seeing the url website.com/thankyou.php if they enter
the url directly in the browser as website.com/thankyou.php they can access
the file, if a user accesses the file this way i would like to redirect to a
page saying Direct acess to this file is not allowed
previously i used sessions in register.php and also in thakyou.php and
validate.php and it worked fine for some reason now it is not working the
way it is supposed to i might have made some changes which i do not know
previously my code in register.php was, the first few lines of register.php
file
=
?php
ob_start();
session_start();
if(!session_is_registered(directaccess))
{
session_register(directaccess);
}
// rest of the html and php code
ob_end_flush();
?
=
code in thankyou.php, the first few lines of register.php file
=
?php
session_start();
if(!session_is_registered(directaccess))
{
header(Location: http://website.com/directaccess.html;);
exit;
}
// rest of the html and php code
ob_end_flush();
?
=
NOTE = in thankyou.php i display a thank you message by retrieving the first
name from register page and displaying in thankyou.php using session
variables in the following way
in register.php, the first few lines of register.php file
=
if(!session_is_registered(firstname))
{
session_register(firstname );
}
$_SESSION[firstname] = $ firstname;
=
in thankyou.php, the first few lines of register.php file
=
if(session_is_registered(firstname ))
{
echo $_SESSION[firstname];
session_unregister(firstname );
}
=
please advice how i should rewrite the php code in both the
files(register.php and thankyou.php) so that if a user enters the url
directly in the browser i can redirect to directaccess.html file
thanks.
[PHP] form validation
i need to validate a field in a form where a user enters a reference number
this can be letters, numbers and special characters also so i have not
written any special preg match as the username is a combination. the only
check i am doing is if there are any white spaces and if a user simple
presses the space bar and does not enter value i display a message to enter
the reference number and even if there are white spaces followed by the
reference number i have used trim method. i have checked in the database
even if there are white spaces followed by reference number due to trim()
method the data in the table is being inserted whithout those white spaces.
following is the code i am presently using
$referencenumber = trim($_POST[referencenumber]);
if(strlen($referencenumber) == 0)
{
$error.=liReference number cannot be blank /li br /;
}
this code works perfectly fine and does what it is supposed to, however i am
using techniques to avoid sql injection. following is the technique i have
used
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST[username]);
}
else
{
$username = $_POST[username];
}
due to this even if i use
if(get_magic_quotes_gpc())
{
$lodgementnumber = stripslashes($_POST[lodgementnumber]);
}
else
{
$lodgementnumber = trim($_POST[lodgementnumber]);
}
if(strlen($lodgementnumber) == 0)
{
$error.=reference number cannot be blank;
}
the validation is not doing what it does in the code i mentioned at the
begining.
i need to use techniques to avoid sql injection and i also need the
validation to work.
how can i fix this.
please advice.
thanks.
[PHP] sql injection
i have implemented a way to avoid sql injection from the php website from
this url
http://in.php.net/mysql_real_escape_string from the Example #3 A Best
Practice query section of this page
following are the steps i have followed after the form values are submitted
to a php file.
step 1.
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST[username]);
.
}
else
{
$username = $_POST[username];
.
}
step 2.
$conn = mysql_connect($hostname, $user, $password);
step 3.
$insertquery = sprintf(INSERT INTO table (`username`, ...) VALUES ('%s',
...), mysql_real_escape_string($username, $conn), ...);
step 4.
if(!$conn)
{
header(Location: http://website/dberror.html;);
exit;
}
else
{
mysql_select_db($database, $conn);
$insertqueryresult = mysql_query($insertquery);
if(!$insertqueryresult) {
header(Location: http://website/error.html;);
exit; }
}
with the above method i am able to insert values into the table even with if
i enter the ' special character which can cause problems.
i have also used a simple sql insert query like
$insertquery = INSERT INTO table(username, ...) VALUES ('$username', ...);
when i used this simple insert query and if i entered ' in the form and
submitted the form the php file is unable to process the information entered
because of the ' character and as per the code error.html file is being
displayed where as if i use
$insertquery = sprintf(INSERT INTO table (`username`, ...) VALUES ('%s',
...), mysql_real_escape_string($username, $conn), ...);
even if i enter any number of ' characters in more than 1 form field data is
being inserted into the table
a)
so i am thinking that the steps i have taken from the php site is correct
and the right way to avoid sql injection though there are several ways to
avoid sql injection.
b)
for example if i enter data in the form as = abc'''def for name, the data in
the table for the name field is being written as abc'''def
based on how i have written the steps to avoid sql injection is this the
right way for the data to be stored with ' characters along with the data
example as i mentioned = abc'''def
please answer the questions a) and b) if there is something else i need to
do please suggest what needs to be done exactly and at which step.
any help will be greatly appreciated.
thanks.
[PHP] validating # sign in php
my question is about validation using php. i am validating a username which
a user would enter and clicks on a image to find
if that username is available. example if a user enters abc#123 php file is
reading this value as abc ONLY which i do not
want instead the php file should read as abc#123. following is the sequence
of pages. please advice the solution.
first page = register.php here a user enters a username and clicks on an
image to find out if the username is available or
not. using a javascript function of onclick i am reading the value entered
in the form in javascript as
=
var useri = document.registrationform.username
var valueofuseri = document.registrationform.username.value
var recui = /^\s{1,}$/g;
if ((useri.value==null) || (useri.value==) || (useri.length==) ||
(useri.value.search(recui)) -1)
{
alert(Please Enter a User Name)
return false
}
window.open(checkusernamei.php?theusernameis=+valueofuseri,
titleforavailabilityi, width=680, height=275, status=1,
scrollbars=1, resizeable=yes);
i have used a alert message in javascript to display the value, javascript
is able to capture all the characters entered
which is abc#123
second page = checkusernamei.php = this file uses GET to read what was
entered in the form.
$username = $_GET[theusernameis];
if( $username == || !preg_match(/^[a-z0-9]+(?:_[a-z0-9]+)?$/i,
$username) )
{
echo username is blank or has special characters;
}
the # sign is being ignored only if the image is clicked in order to check
the username, if the user enters abc#123 and
clicks the submit button without clicking on the checkuser image button then
my php validation for username shows an error
message.
==
if( $username == || !preg_match(/^[a-z0-9]+(?:_[a-z0-9]+)?$/i,
$username) )
{ echo display error message for username; }
==
now the problem is with clicking the image only and passing the value to
checkusernamei.php using GET method
i have also used an echo statement in checkusernamei.php as
echo value of username is . $username; = this displays abc and not abc#123
how can i fix this problem wherein checkusernamei.php will be able to read
abc#123. also in this checkusernamei.php file i
have a select query which will read if the username already exists in the
table. presently as checkusernamei.php is reading
abc ONLY the select query is also passing abc and not abc#123
$select = Select username from table where username = '$username';
please advice.
thanks.
[PHP] validating username
my question is about validation using php. i am validating a username
which a user would enter and clicks on a image to find
if that username is available. example if a user enters abc#123 php
file is reading this value as abc ONLY which i do not
want instead the php file should read as abc#123. follow is the
sequence of pages. please advice the solution.
first page = register.php here a user enters a username and clicks on
an image to find out if the username is available or
not. using a javascript function of onclick i am reading the value
entered in the form in javascript as
=
var useri = document.registrationform.username
var valueofuseri = document.registrationform.username.value
var recui = /^\s{1,}$/g;
if ((useri.value==null) || (useri.value==) || (useri.length==) ||
(useri.value.search(recui)) -1)
{
alert(Please Enter a User Name)
return false
}
window.open(checkusernamei.php?theusernameis=+valueofuseri,
titleforavailabilityi, width=680, height=275, status=1,
scrollbars=1, resizeable=yes);
second page = checkusernamei.php = this file uses GET to read what was
entered in the form.
$username = $_GET[theusernameis];
if( $username == || !preg_match(/^[a-z0-9]+(?:_[a-z0-9]+)?$/i,
$username) )
{
echo username is blank or has special characters;
}
the # sign is being ignored only if the image is clicked in order to
check the username, if the user enters abc#123 and
clicks the submit button without clicking on the checkuser image
button then my php validation for username shows an error
message.
==
if( $username == || !preg_match(/^[a-z0-9]+(?:_[a-z0-9]+)?$/i,
$username) )
{ echo display error message for username; }
==
now the problem is with clicking the image only and passing using GET
method how can i fix this problem.
please advice.
thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] syntax of sprintf
until i started using the techniques for avoiding sql injection, i
have been using a normal insert and select sql query which worked
fine.
i have a registration page where a user enters their username and if
this already exists i display a message by executing a select query
and if the username does not exist then i run an insert query.
after adopting the technique to avoid sql injection
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST[username]);
$email =stripslashes($_POST[email]);
}
else
{
$username = $_POST[username];
$email =$_POST[email];
}
previously my select and insert query were
INSERT INTO individuals(username, email) values('$username', '$email')
Select username from individuals where username = '$username'
presently the insert query is
$insertquery = sprintf(INSERT INTO individuals (username, email) VALUES
('%s', '%s'),
mysql_real_escape_string($username), mysql_real_escape_string($email));
This insert query is working however the select query is not doing its task
as before of checking if the username already exists or not, even if i
register with the same username again it does not alert that the username
exists.
the select query is
$selectqueryusername = sprintf(Select username from individuals where
username='%s', mysql_real_escape_string($username));
should i change the syntax of the above select query or is there something
else in need to do to fix the select query.
also for insert query if i have a numeric value i should be writting %d
correct, i have a numeric value however before inserting that
numeric value i am appending a character - to combine area code and phone
number example 09-123 4567 so i am considering this as %s as there is a
character. is this correct.
please advice.
thanks.
[PHP] sql syntax using sprintf
until i started using the techniques for avoiding sql injection, i have been
using a normal insert and select sql query which worked fine.
i have a registration page where a user enters their username and if this
already exists i display a message by executing a select query and if the
username does not exist then i run an insert query.
after adopting the technique to avoid sql injection
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST[username]);
$email =stripslashes($_POST[email]);
}
else
{
$username = $_POST[username];
$email =$_POST[email];
}
previously my select and insert query were
INSERT INTO individuals(username, email) values('$username', '$email')
Select username from individuals where username = '$username'
presently the insert query is
$insertquery = sprintf(INSERT INTO individuals (username, email) VALUES
('%s', '%s'),
mysql_real_escape_string($username), mysql_real_escape_string($email));
This insert query is working however the select query is not doing its task
as before of checking if the username already exists or not, even if i
register with the same username again it does not alert that the username
exists.
the select query is
$selectqueryusername = sprintf(Select username from individuals where
username='%s', mysql_real_escape_string($username));
should i change the syntax of the above select query or is there something
else in need to do to fix the select query.
please advice.
thanks.
[PHP] syntax of sprintf
until i started using the techniques for avoiding sql injection, i have been
using a normal insert and select sql query which worked fine.
i have a registration page where a user enters their username and if this
already exists i display a message by executing a select query and if the
username does not exist then i run an insert query.
after adopting the technique to avoid sql injection
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST[username]);
$email =stripslashes($_POST[email]);
}
else
{
$username = $_POST[username];
$email =$_POST[email];
}
previously my select and insert query were
INSERT INTO individuals(username, email) values('$username', '$email')
Select username from individuals where username = '$username'
presently the insert query is
$insertquery = sprintf(INSERT INTO individuals (username, email) VALUES
('%s', '%s'),
mysql_real_escape_string($username), mysql_real_escape_string($email));
This insert query is working however the select query is not doing its task
as before of checking if the username already exists or not, even if i
register with the same username again it does not alert that the username
exists.
the select query is
$selectqueryusername = sprintf(Select username from individuals where
username='%s', mysql_real_escape_string($username));
should i change the syntax of the above select query or is there something
else in need to do to fix the select query.
please advice.
thanks.
[PHP] php training institutes
hi can anyone suggest a best training institute to learn advanced php in INDIA and the city name is HYDERABAD. please advice. thanks.
[PHP] question about validation and sql injection
A) validating username in php
as part of a registration form a user fills there desired username and this
is stored in a mysql. there are certain conditions for the username.
a) the username should only begin either letters or numbers, and Underscore
character
example = user123, 123user, u_ser123, user_123 = completely case insensitive
b) a user may choose not to have an underscore or numbers sometimes. example
= username
presently my validation for username is
$username = $_POST[username];
if( $username == || !eregi(^[a-zA-Z0-9_]+$, $username) )
{
$error.=User name cannot be blank or has special characters;
}
Question = how can i rewrite this php validation for username to meet the
above criteria or is my validation correct
B) preventing sql injection
till now i have been capturing the form values and directly inserting into
the table without considering sql injection however for this project as it
is for a forum i would like to implement prevention of sql injection. from
what i have read about preventing sql injection there are several steps that
need to be followed,
htmlentities
addslashes
trim
mysql-real-escape-string
magic_quotes_gpc is ON
magic_quotes_runtime is OFF
magic_quotes_sybase is OFF
as i have not done preventing sql injection i am not sure what is the
correct process.
Question =
a) please advice a step by step process of how to go about avoiding the sql
injection before the insert sql query is executed starting from
$username = $_POST[username]; till the
insert into tablename(field1, field2) values($value1, $value2) SQL query is
executed which will prevent sql injection even if the user enters any
special characters while filling the form.
b) should i consider the setting of magic quotes as in should it be ON or
OFF or should i ignore it if so should it be
ON or OFF
c) also with the prevention methods if a user types a special character in
the data will that character be written in the table as a escaped character
or how does it store those special characters
d) a very important point here, i have a feature where a user can check if a
username is available or not. so while storing a username if the username is
stored as john\smith in mysql and if the user is searching for johnsmith
this would not match, so even in the table the username should be stored
without slashes as i have to read the username and compare with what the
user has typed to see if they both are same or different.
please advice if i have missed any other steps to prevent sql injection.
thanks a lot for your help.
[PHP] form validation using php
hi
i need to validate a field in a form where a user enters their lodgement
number as part of a registration form. this lodgement number can have
letters, numbers, spaces and special characters. i do not know exactly what
those special characters are, so do i have to define the type of special
characters and validate accordingly.
presently my php code for validating the lodgement number is
$lodgementtf = $_POST[lodgementtf];
if($lodgementtf == || !preg_match(/^[a-zA-Z0-9_ ]+$/, $lodgementtf) )
{
echo display error message:
}
i also have another way of validating
if($lodgementnumber == || !preg_match(/^[a-zA-Z0-9_ [EMAIL
PROTECTED]*()]+$/,
$lodgementnumber) )
does this mean that the special characters can only be = a space AND
[EMAIL PROTECTED]*() and no other special characters.
please advice.
thanks.
[PHP] validating textarea using php
hi
i need to validate textarea of a html form using php
textarea name=comments cols=26 rows=3 id=comments?php
echo($comments);?/textarea
presently my php code to validate the text area is
if($comments == )
{
$error.=brPlease enter your comments;
}
with this code if a user hits the space bar once or couple of times as a
matter of fact there are no characters entered by the user i do not want
this to happen, if a user simply hits the spacebar and does not type
anything i should be able to display an alert message.
please advice how i can change the above php code.
thanks.
[PHP] validating using php
thanks to everyone for providing the solution for validating textarea using
php i have used the following and it worked
$add = trim($_POST[add]);
if(strlen(trim($add)) == 0 )
{
$error.=brPlease enter your address ;
}
as part of the form the user has to fill in their name, assuming if the user
simply presses the space bar i would like to display a message like the text
area. presently my validation for name is
$name = trim($_POST[name]);
if( strlen(trim($name) == 0 ) || !preg_match('/^[a-zA-Z ]+$/x', $name) )
{
$error.=Name is blank or has special characters ;
}
with the above code for validating the name if a user types only spaces then
the error message is displayed however if there is a gap in the name example
john smith the error message is appearing which should not be happening as i
have given
preg_match('/^[a-zA-Z ]+$/x', $name) which means the user can type small,
upper case letters and also there can be a space in the name
how can i change the php code = if( strlen(trim($name) == 0 ) ||
!preg_match('/^[a-zA-Z ]+$/x', $name) )
so that i can validate both a) blank spaces and also accept spaces between
the name, i can validate individually for spaces and uses preg_match as 2
separate lines, instead i would like to validate in a single line of php
please advice.
thanks.
[PHP] question about select tag in php
i have two select tags as part of a registration form, city1 city2 where
city1 has a list of regions and similar for city2
there are different regions for city1 and city2 so instead of all the
regions appearing one after the other i would like to create a blank option
followed by the next set of regions for formatting purpose only.
ex=
select name=city1
option ?php if ($city1==region1){echo SELECTED;}?
value=region1Select region1/option
option ?php if ($city1==nameofregion1){echo SELECTED;}?
value=nameofregion1nameofregion1/option
option ?php if ($northisland==0){echo SELECTED;}? value=0/option
option ?php if ($city1==nameofregion2){echo SELECTED;}?
value=nameofregion2nameofregion2/option
option ?php if ($northisland==1){echo SELECTED;}? value=1/option
/select
select name=city2
option ?php if ($city2==region2){echo SELECTED;}?
value=region2Select region2/option
option ?php if ($city2==nameofregion1){echo SELECTED;}?
value=nameofregion1nameofregion1/option
option ?php if ($northisland==2){echo SELECTED;}? value=2/option
option ?php if ($city2==nameofregion2){echo SELECTED;}?
value=nameofregion2nameofregion2/option
option ?php if ($northisland==3){echo SELECTED;}? value=3/option
/select
from a php validation perspective if a user does not select any of the
regions or both the regions i am displaying an error message asking them to
either select 1 region from either city1 or city2
as of now there is a blank option being displayed which is working fine, i
am having an issue with the php validation.
until i introduced value=0 my rules for validating the select tag were:
1. user cannot leave both the select tags with the default option which is
Select region1 Select region2
2. user cannot select both the regions from city1 city2 select tags
the code of 2. is
if(!($city1 == region1) !($city2 == region2))
{
$error.=Please select only 1 Regionbr /;
}
now by introducing option ?php if ($northisland==0){echo SELECTED;}?
value=0/option there is a conflict with the above php validation code
used in point 2.
1.
is it correct to use 1,2,3 as part of the following option tag or should i
only use 0 everywhere
option ?php if ($northisland==0){echo SELECTED;}? value=0/option
option ?php if ($northisland==1){echo SELECTED;}? value=1/option
2.
how can i get around the conflict that is being created by introducing this
value=0 with
if(!($city1 == region1) !($city2 == region2))
{
$error.=Please select only 1 Regionbr /;
}
as i need the above php code and i also need the blank space for formatting
purpose
please advice.
thanks.
[PHP] restricting access to folders on server
i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a forum website using php and mysql. in the root directory i have created a .htaccess file and whenever someone access a file which is not on the server i have created a user friendly message that the file does not exist instead of a 404 error message displayed by the browser. similar to this how can i go about restricting users to browse all my folders in the toot directory. if anyone accesses for ex = www.website.com/phpscripts an alert should appear asking them to enter a username and password. 1. how can i do this using apache. 2. where do i write the username and password information and will this apply to all the folders in the root directory or specific directories. please advice. thanks.
[PHP] question about linux editor
i need to connect to the linux server using an editor. can anyone suggest which would be an ideal linux editor to connect to the server. apart from the ip address, username and password are there any other details i would need to connect to the server. please advice. thanks.
[PHP] best method for relative linking in php
i have a registration page where a user fills a form and i display an error
message if a validation message needs to be displayed which i have written
in php. everything works fine. the way the form is made presently is there
is a huge amount of information relating to general information about the
form and its terms and conditions which is compulsory. so if i have to
display any validation message the user has to scroll the page from the top
again all the way till they see the validation message.
i have used relative linking as it is done in html, so that the user does
not have to scroll from the top of the page, rather the page stops where i
want it to so the user see the message and does not have to scroll the page.
following are the 2 methods i have used and both of them work fine. however
in method 2 as it is based on javascript and if
javascript is turned off the relative linking will not work and the user
will have to scroll from the top of the page again and i have tested this
myself.
method 1
form action=?php echo $_SERVER[PHP_SELF]; ?#indrel method=POST
id=test2 name=registrationform
a name=indrel/a
if($error)
{
echo $error;
}
method 2
form action=?php echo $_SERVER[PHP_SELF]; ? method=POST id=test2
name=registrationform
a name=indrel/a
if($error)
{
echo (
script language='javascript' type='text/javascript'
window.location.href='http://website.com/filename.php#indrel'
/script
);
echo $error;
}
please comment if method 1 is correct in terms of the syntax of the form tag
if it is correct or not though i know this method is working the way i want
it to, i wanted to confirm before i implement it for my website.
please advice.
thanks.
[PHP] relative linking in php
i am using a self submitting for using php form action=?php echo $_SERVER[PHP_SELF]; ? method=POST id=test2 name=registrationform the registration page starts with a lot of terms and other details about the registration and then the form fields for the user to fill the registration page. i have used php to validate the form, presently when a user clicks the submit button and if there are any validateions that need to be displayed to the user, then the user has to scroll from the top of the page all the way till they see the form elements with the validation message ex= Please enter your phone number. my question is, as in html with relative linking ex a href=#link1 click here/a a name=link1 /a Text here the page can be moved to an exact location, can this be done more or less close to this relative linking using php so that the user need not scroll from the top of the page to see the validation message. NOTE = since i am using a self submitting form just before the first form element i have created a blank table row and in this table row the php validation message would appear if the user missed out some information. due to this the user has to scroll from the top of the page to see the php generated validation message. if i use the same php validation at the very top of the page the error message will be at the top and the form fields at the bottom and the user will have to scroll up and down to read the validation message. please advice. thanks.
[PHP] question about customized error
if a user by mistake types the wrong url directly in the address bar ex= www.website.com/abou.php instead of typing www.website.com/aboutus.php instead of the browser displaying File not found or a 404 error message i would like to display a customized page which will still have the same look and feel of my website in terms of the layout and i would like to a) display a message such as = Page could not be found and b) the url that the user originally typed should remain in the browser = I guess this would be the case anyway but i was wondering if something needs to be done in order to reatin the original address the user typed. Does this have to be done from apache perspective or can it be done using php. please suggest the procedure in either case apache OR php. please advice. thanks.
[PHP] passing variables values using POST
i am presently passing the value of a variable to a php file using GET
after data has been inserted to the database.
ex=
$firstname = $_POST[firstname];
if(!$sqlconnection)
{
echo error message;
}
else
{
header(Location: thankyou.php?firstnameis=$firstname);
}
how can i send the value of $firstname using POST instead of GET as
the value is presently appearing in the address bar. ideally i would
like using POST.
NOTE = please suggest techniques that does NOT involve javascript in
order to pass $firstname using POST method, as i have done the entire
validations using php and i have assumed that user has javascript
turned off.
please advice.
thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] question about direct access to url
hi my question is about displaying a friendly message when someone directly types a url in the browser. example i have one file called form.php which processes the information entered in the form and lets say the next page is thankyou.php?firstname=david by seeing the url if someone types thankyou.php?firstname=smith in the address bar the browser will display smith. 1. so if a user enters a url in the browser directly to a specific page(thankyou.php) i would like to display a message like = Direct access to this file is not allowed 2. with the above method assuming even if i type thankyou.php in the browser directly, though i own the file i will also get the message Direct access to this file is not allowed. so i would not like to see this message, i guess for this i need to specify my IP address i suppose. please provide answers for 1 and 2 points above. thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] question about php with sql database
instead of using mysql database which is conventionally used as database with php, if sql server database is used with php are there any major differences to keep in mind. 1. are the connection statements ex = $conn = mysql_connect($hostname, $user, $dbpassword); etc does these remain the same or are they different. 2. unlike in mysql with phpmyadmin which is browser based to access databases and tables how to access sql server for the same functionality 3. can anyone provide a link about a manual for using sql database with php thanks.
