i got it tnx Balint
The problem is that if you set the post directly to the query it's available
to be an attach code in the field... (eg. DROP DATABASE;) it's called to
"SQL injection"...
what I mean on filtering:
always check the values in query eg.: $id = $_POST['id'];
if(is_numeric($id)){...}else{bad post}
and at
Tnx to all:D
Paul you are absolutly right:D
it was a bad mistake from me
there was no need 2 convert it
Balint helped me n with mysql_error i found that
my code hasn't any mistake
i just forgot the BIG thing!
selecting db:D
i totally forgot it because i had array keys with if statement n in there i
Hello Negin,
$query1="select * from patient where id=".$_POST['txt'];
$result1=mysql_query($query1);
$rows=mysql_num_rows($result1);
Note: you *didn't* execute the query by calling mysql_query on it.
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mo
"Vitalii Demianets" wrote:
>On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
>> my code is this:
>> $query1="select * from patient where id=".$_POST['txt'];
>> it works but
>
>Holy Jesus!
>Can't wait to send to your server POST request with txt="1;DROP
>DATABASE; --"
>
>Of course, if you'
Of course have to use filters and etc...
Bálint Horváth
On 25 May 2011 09:53, "Vitalii Demianets" wrote:
> On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
>> my code is this:
>> $query1="select * from patient where id=".$_POST['txt'];
>> it works but
>
> Holy Jesus!
> Can't wait to send
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
> my code is this:
> $query1="select * from patient where id=".$_POST['txt'];
> it works but
Holy Jesus!
Can't wait to send to your server POST request with txt="1;DROP DATABASE; --"
Of course, if you'll switch to prepare statement instead
Problem solved succesfully after changed the query integer apostrofyless..
and printed the mysql_errno() and mysql_error()...
Remember:
-In the script languages as php the apostrofy ' or " or sg. like these means
the string marker...
-While ure developing show all error codes and messages...
-If u
On Wed, May 25, 2011 at 08:57:18AM +0430, Negin Nickparsa wrote:
> $id=(int)$_POST['txt'];
> $query1="select * from patient where id=".$id."";
You're not *thinking* about what you're doing. The above is silly. Think
about it: you're sending a string to MySQL. If $_POST['txt'] returns a
string whi
i recieve nothing not a resource id and nore false
If the query is incorrect u get boolean: false, if its correct u get a
resource id...
Bálint Horváth
On 25 May 2011 06:28, "Negin Nickparsa" wrote:
$result1=mysql_query($query1);
echo $result1;
it can't echo $result1
i don't know why?
Bálint Horváth,
the second post of me is using your idea
your idea is working but why i have error still?
$id=(int)$_POST['txt'];
$query1="select * from patient where id=".$id."";
echo $query1;
$result1=mysql_query($query1);
echo $result1;
$num2=Mysql_num_rows($result1);
$num3=Mysql_num_fields($result1);
still it has previous error
Here is my output:select * from patient where id=1
*Warning*: mysql_
Hi,
I've a simply idea...
If you have integer in your mysql, don't use " at that field in the query...
Try this:
$query="select * from patient where id=".$id."";
There isn't apostrofy in the mysql query...
Bálint Horváth
On 25 May 2011 06:06, "Negin Nickparsa" wrote:
> my code is this:
> $query1=
there is this:
http://php.net/manual/en/function.simplexml-element-addChild.php
which will allow adding of string data (so you won't be needing to
create the new SimpleXMLElement object as per your example below).
obviously you will have to first load tghe complete xml document
into simplexml us
Karl Fry wrote:
Hello all,
I'm sure this is very rudimentary, sorry if this sounds ignorant.
I've only dabbled a bit in other languages and I'm working with a
small knowledge of php since I only use it on-and-off at my job. I
scribbled up this script today at work off the top of my head for a
cus
On Mon, 2005-01-31 at 20:41, Pagongski wrote:
> I have this function:
>
> function supscript($texto)
> {
>print("".$texto."");
> }
>
> But when i do:
>
> print "2".supscript("3");
>
> I get the "3" before the "2", how is that posible?
>
> And:
>
> print(supscript("3")."2
Pagongski wrote:
I have this function:
function supscript($texto)
{
print("".$texto."");
}
But when i do:
print "2".supscript("3");
I get the "3" before the "2", how is that posible?
Your function should return the value, not print it. The way you have it
now, the function must be ran
Thank you so much, it was really stupid of me, basic mistake. I solved
it differently, although your solution is miles away better than mine.
Heres what i did:
function supscript($texto)
{
global $supa;
$supa = "".$texto."";
}
supscript("3");
print ("2".$supa);
On Tuesday 01 February 2005 09:41, Pagongski wrote:
Please use a *descriptive* subject.
> I have this function:
>
> function supscript($texto)
> {
>print("".$texto."");
> }
>
> But when i do:
>
> print "2".supscript("3");
>
> I get the "3" before the "2", how is that posible?
>
> And:
>
>
On Tue, 2005-02-01 at 01:41 +, Pagongski wrote:
> I have this function:
>
> function supscript($texto)
> {
>print("".$texto."");
> }
>
> But when i do:
>
> print "2".supscript("3");
>
> I get the "3" before the "2", how is that posible?
>
> And:
>
> print(supscript("
Stuart Felenstein wrote:
> When using $_POST vars is it required that a form is
> used ?
>
> In other words I can create an href link and echo
> variable and pick them up using $_GET in the following
> page.
>
> No so with $_POST ?
Google for "PostToHost and Rasmus Lerdorf" if you want to use PHP
On Fri, 2005-01-14 at 07:48, Stuart Felenstein wrote:
> When using $_POST vars is it required that a form is
> used ?
>
> In other words I can create an href link and echo
> variable and pick them up using $_GET in the following
> page.
>
> No so with $_POST ?
You could probably create hidden v
--- "Ford, Mike" <[EMAIL PROTECTED]> wrote:
> To view the terms under which this email is
> distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>
>
>
> > -Original Message-
> > From: Stuart Felenstein
> > Sent: 14/01/05 13:48
> >
> > When using $_POST vars is it req
Jochem Maas wrote:
Stuart Felenstein wrote:
When using $_POST vars is it required that a form is
used ?
In other words I can create an href link and echo
variable and pick them up using $_GET in the following
page.
No so with $_POST ?
in order to create POST vars the proper request headers need to
On Friday 14 January 2005 21:48, Stuart Felenstein wrote:
> When using $_POST vars is it required that a form is
> used ?
Better worded as "if you want to pass values from one page to another and you
want said values to be available in $_POST then yes, you *have* to use a
form".
--
Jason Wong
В сообщении от Пятница 14 Январь 2005 16:48 Stuart Felenstein написал(a):
> When using $_POST vars is it required that a form is
> used ?
exactly
Stuart Felenstein wrote:
When using $_POST vars is it required that a form is
used ?
In other words I can create an href link and echo
variable and pick them up using $_GET in the following
page.
No so with $_POST ?
in order to create POST vars the proper request headers need to sent to
the brow
Hello,
Saturday, March 20, 2004, 6:08:36 AM, you wrote:
w> Im sure this question seems primitive to most of you, im new to
w> using foreach with forms my question is how is the best way to keep
w> from getting the submit button from comming through with the
w> variables below is my code.
Two way
webmaster wrote:
how is the best way to keep from getting the
> submit button from comming through with the variables
Don't name it?
Just remember that users can send _any_ variable they want through a
form... blindly looping through and accepting $_POST as a whole is
probably a bad idea.
--
That worked.
Thanks Robert.
"Robert Cummings" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Tue, 2003-12-16 at 15:02, Christopher J. Crane wrote:
> > I am using Pdf-Php to create pdf docs. I have a long text line that
wraps
> > automatically when outputted in the pdf. That is wh
On Tue, 2003-12-16 at 15:02, Christopher J. Crane wrote:
> I am using Pdf-Php to create pdf docs. I have a long text line that wraps
> automatically when outputted in the pdf. That is what it is suppose to do,
> however, it also outputs the new lines of the text in the source of the php
> file. Tha
> Dear all
> Can anyone pls tell me how i can turn number : 10 to Oct?
> i counting on the month, that's why i won't to convert the result to
> month!
$months = array(1=>'January',2=>'February',3=>'March',...);
echo $months[$your_month_number];
You could also use a combo of date() and mktime().
http://www.boutell.com/gd/
-Original Message-
From: Jean-François Marseaut [mailto:[EMAIL PROTECTED]]
Sent: 14 October 2002 13:51
To: [EMAIL PROTECTED]
Subject: [PHP] simple question
Where can I found last version of the GD library ?
--
PHP General Mailing List (http://www.php.net/)
http://www.boutell.com/gd/http/ is a good start!!
Jean-François Marseaut wrote:
> Where can I found last version of the GD library ?
>
--
Timothy Hitchens
Technologist / Entrepreneur
e-mail: [EMAIL PROTECTED]
mobile: 0419 521 440
-
HiTCHO Grou
Hi,
> Where can I found last version of the GD library ?
http://www.boutell.com/gd/
HTH
Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Okay im not sure i understand you- you want to create a page where it will
suck an item out of a database, and use it to choose which item in a drop
down menu should be selected?
If so, you can try something like
>Action
>Comedy
>Etc.
On Monday 22 July 2002 16:07 pm, Raymon
> I have a site with all my movies and stuff stored in a database. And I
> have
> made a admin page where I can add, delete and update records. When I
add
> new
> records, I have made a listbox for the category (ex. action, comedy
etc.)
> so
> I dont have to write it every time I add a new record.
stripslashes()
-Original Message-
From: Tom Ray [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 13, 2001 2:47 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Simple Question
I have a quick question that I haven't been able to find the answer to
yet. I've made a couple of guest books via PH
* Andrew Forgue <[EMAIL PROTECTED]> [Dec 05. 2001 17:35]:
> Is there a way to "post" to a script without any user interventions... e.g The user
>posts to a script, and the script posts back to the original one.
(Please set your mail client to wrap at 72 chars)
cURL can do this, among other thi
if you want the browser to do it (as opposed to getting php to do it), then
you could use a "hidden" form, like:
... etc (all hidden fields) ...
-Original Message-
From: Andrew Forgue [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 06, 2001 9:32 AM
To: [EMAIL PROTECTED]
Subject:
On Wed, 5 Dec 2001 09:01, [EMAIL PROTECTED] wrote:
> I have added a new column in an existing MYSQL table called
> "event_date" - type: DATE, NULL default.
>
> This database field will be filled if and when the field in the HTML
> form is complete. When I added the new field to MySQL, it
> aut
I would suggest you implement this at the web server level. If using Apache,
use virtual hosting or perhaps a rewrite condition if needed.
If you must do this in PHP, and you want to do is redirect the user to a
particular directory depending on the URL they type, then something like
this should
ottobre 2001 10.03
To: Ratfish; [EMAIL PROTECTED]
Subject: RE: [PHP] Simple Question, I think
I would suggest you implement this at the web server level. If using
Apache, use virtual hosting or perhaps a rewrite condition if needed. If
you must do this in PHP, and you want to do is redirect the user to
I would suggest you implement this at the web server level. If using Apache,
use virtual hosting or perhaps a rewrite condition if needed.
If you must do this in PHP, and you want to do is redirect the user to a
particular directory depending on the URL they type, then something like
this should
Thanks guys, that's just what I wanted to hear.and so quick too!
> From: [EMAIL PROTECTED] (Lawrence Sheed)
> Newsgroups: php.general
> Date: Mon, 1 Oct 2001 22:40:29 -0400
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: RE: [PHP] Simple Question, I think
>
&
Simple to do it in php, but i would think its better done in apache using
virtual host configuration.
do a google search for virtual host apache
-Original Message-
From: Ratfish [mailto:[EMAIL PROTECTED]]
Sent: October 2, 2001 10:25 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Simple Quest
Perhaps check the URL and direct as such using header();. Use phpinfo(); to
find what var holds the current URL.
- k
- Original Message -
From: "Ratfish" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 01, 2001 10:25 PM
Subject: [PHP] Simple Question, I think
> All
Well,
Here is a function that may be helpful. The bad part is that I never
finished it, so it only accepts dates in the MDY format...
http://www.deltacron.com/source/check_date.php
BTW... If you already have a connection to MySQL, you could send simple
queries to it to take advantage of its
Well,
Here is a function that may be helpful. The bad part is that I never
finished it, so it only accepts dates in the MDY format...
http://www.deltacron.com/source/check_date.php
-Jason Garber
www.deltacron.com
At 08:56 PM 9/20/2001 -0700, you wrote:
>ey guys.. how do i check if the pos
From: Ker Ruben Ramos <[EMAIL PROTECTED]>
Date: Thu, Sep 20, 2001 at 10:16:01PM -0700
Message-ID: <016101c1425c$819cdcd0$bb05aacb@weblinqproxy>
Subject: Re: [PHP] simple question...
> again.. one more thing How do I know how many days date differ? let's
> say '
mos" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:46 AM
Subject: Re: [PHP] simple question...
> > You should date() do the work here. So just take the month and then
> > +1. Date() will take care the result is a valid date.
> > Below
> You should date() do the work here. So just take the month and then
> +1. Date() will take care the result is a valid date.
> Below is some example...
Well... I meant: let mktime() do the work... not date(). Date() only
shows the result of mktime() in a proper format. Mktime() makes sure
it's a
From: Ker Ruben Ramos <[EMAIL PROTECTED]>
Date: Thu, Sep 20, 2001 at 09:36:55PM -0700
Message-ID: <012b01c14257$0afb3db0$bb05aacb@weblinqproxy>
Subject: Re: [PHP] simple question...
> One more thing... If I got '2001-09-01'
> Is there a fast way of incrementing
> One more thing... If I got '2001-09-01'
> Is there a fast way of incrementing the month of it?
> making it '2001-10-01' ?
list($year, $month, $day) = explode("-", $date);
$month++;
if ($month == 13)
$month = 1;
$date = "$year-$month-$day";
Eric O'Connel
--
PHP General Mailing List (http:
TECTED]>
Sent: Thursday, September 20, 2001 6:04 AM
Subject: Re: [PHP] simple question...
>
> From: Ker Ruben Ramos <[EMAIL PROTECTED]>
> Date: Thu, Sep 20, 2001 at 08:56:03PM -0700
> Message-ID: <00f801c14251$5aa288b0$bb05aacb@weblinqproxy>
> Subject: [PHP]
From: Ker Ruben Ramos <[EMAIL PROTECTED]>
Date: Thu, Sep 20, 2001 at 08:56:03PM -0700
Message-ID: <00f801c14251$5aa288b0$bb05aacb@weblinqproxy>
Subject: [PHP] simple question...
> ey guys.. how do i check if the postdata is a valid time format? something
> like '2001-09-15'
> I hate it when they
On Monday 13 August 2001 08:46, Tribun wrote:
> Hi folks.
>
> Can someone tell me what ISAPI is?
It's microsoft's API for running software in IIS.
> I've requested how I could run PHP faster, if 20 USER's access my files at
> the same time.
Using ISAPI means that php stays alive while the serve
- www.whitecrown.net
*/
- Original Message -
From: ReDucTor <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 08, 2001 1:28 PM
Subject: Re: [PHP] simple question
this is wierd, i have the following...
$buffer = eregi_replace("[^A-Z0-9]", "(\\x".
but this is what comes out
(\x5c)(\x5c)(\x5c)(\x5c)m192(\x5c)168(\x5c)0(\x5c)2(\x5c)27015
and \x5c is \
ne1 know why?
- Original Message -
From: Chris Lambert <[EMAIL PROTECTED]>
To: ReDucTor <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, July 09, 2001 2:47 A
-
From: ReDucTor <[EMAIL PROTECTED]>
To: Chris Lambert - WhiteCrown Networks <[EMAIL PROTECTED]>
Sent: Sunday, July 08, 2001 11:45 AM
Subject: Re: [PHP] simple question
| nice, but i might change it to have lower case and numbers...hehehe
|
| btw thx
| - Original Message -
| F
eval("\$string=\"".eregi_replace("([^A-Z])",
"\\x\".dechex(ord(\"\\1\")).\"", $string)."\";");
;-)
/* Chris Lambert, CTO - [EMAIL PROTECTED]
WhiteCrown Networks - More Than White Hats
Web Application Security - www.whitecrown.net
*/
- Original Message -
From: ReDucTor <[EMAIL PROTECTED]
Hi ReDucTor!
On Mon, 09 Jul 2001, ReDucTor wrote:
> is there a function to turn all chars that are not alphanumric to show
> \xhh but hh being the hex version of it :)?
you mean bin2hex() under String Function section? :)
-- teodor
--
PHP General Mailing List (http://www.php.net/)
To unsubscr
< on IIS it is much better solution for more than few mails is to put them
< simply in pickup directory of smtp server, I am also sure that there is a
< similar possibility on linux
How can I identify the location of the pickup directory for the smtp server (on NT)?
Euan Greig
Technical Consulta
on IIS it is much better solution for more than few mails is to put them
simply in pickup directory of smtp server, I am also sure that there is a
similar possibility on linux
-almir
""SED"" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Before I
Hi,
CC wrote:
>(...)Another option would be to echo the closing tags from within the conditional,
>prior
>to calling the die().
I already thought that, but if I want to use the die function inside another
function that can be called anywhere in the script (inside a table or form) I've
possibly
I'm sure there are more officially correct ways of doing it, but I've always
echoed /body /html before the die happens.
Sue
- Original Message -
From: Ricardo D'Aguiar <[EMAIL PROTECTED]>
> Imagine the following script:
>
>
> Some Title
>
> $var = 1;
> if ($var == 1) {
>
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Ricardo D'Aguiar) wrote:
> Imagine the following script:
>
>
> Some Title
>
> $var = 1;
> if ($var == 1) {
> die ("I'm dead");
> }
> echo "I'm alive";
> ?>
>
>
>
> If I try to execute via Internet Explorer ("5.x")
Don't use die (die just stops everything, nothing else gets send).
>
> Some Title
>
> $var = 1;
> if ($var == 1) {
> echo ("I'm dead");
> } else {
> echo "I'm alive";
> }
> ?>
>
>
- Original Message -
From: "Ricardo D'Aguiar" <[EMAIL PROTECTED]>
To:
70 matches
Mail list logo