PHP - Prevent Default

Hi
is there any way we can prevent suppose <textarea></textarea> when page reload it refresh and set default text
i wanted to know is there any way to prevent certain things not to get refreshed  is there any method in php which prevent to reload  this !


<?php
echo  "<textarea > Enter your favorite quote!</textarea> \n" ;
Code: [Select]
if (isset($_GET['edit']) && $_GET['edit'] == 'textupdate'){
}
<a href= \"{$_SERVER['PHP_SELF']}?page=1&edit=textupdate \" >Click</a>?>

Hi. I have drop down boxes for date and time that work. The year is a problem because I am using variables instead of fixed values.

Code: [Select]
<select name="Year" style="width:60px">
<option value="2010" >Test
<option value="<?=$ThisYear?>" <? if ($Year == "<?=$ThisYear?>"){?> SELECTED <?}?> ><?=$ThisYear?>
<option value="<?=$NextYear?>" <? if ($Year == "<?=$NextYear?>"){?> SELECTED <?}?> ><?=$NextYear?>
</select>

<select name="Hour" style="width:50px">
<option value="10" <? if ($_SESSION["Hour"] == "10"){?> SELECTED <?}?> >10
<option value="11" <? if ($_SESSION["Hour"] == "11"){?> SELECTED <?}?> >11
<option value="12" <? if ($_SESSION["Hour"] == "12"){?> SELECTED <?}?> >12
<option value="13" <? if ($_SESSION["Hour"] == "13"){?> SELECTED <?}?> >13
<option value="14" <? if ($_SESSION["Hour"] == "14"){?> SELECTED <?}?> >14
<option value="15" <? if ($_SESSION["Hour"] == "15"){?> SELECTED <?}?> >15
<option value="16" <? if ($_SESSION["Hour"] == "16"){?> SELECTED <?}?> >16
<option value="17" <? if ($_SESSION["Hour"] == "17"){?> SELECTED <?}?> >17
<option value="18" <? if ($_SESSION["Hour"] == "18"){?> SELECTED <?}?> >18
<option value="19" <? if ($_SESSION["Hour"] == "19"){?> SELECTED <?}?> >19
<option value="20" <? if ($_SESSION["Hour"] == "20"){?> SELECTED <?}?> >20
</select>

however this works

Code: [Select]
<select name="Year" style="width:60px">
<option value="2010" >Test
<option value="<?=$ThisYear?>" <? if ($Year == "2011"){?> SELECTED <?}?> ><?=$ThisYear?>
<option value="<?=$NextYear?>" <? if ($Year == "2012"){?> SELECTED <?}?> ><?=$NextYear?>
</select>

Can anyone help with this please
TIA

Desmond.
   

How to define default folder. For example I have folder images and in that folder specific image. In the root directory I have index.php with
Code: [Select]
<?php require_once("public/includes/header.php"); ?>and in index.php there are links which goes to different folder:
  Code: [Select]
<a href="public/sajt/kategorija.php?id=<?php echo $id;  ?>">which also have header.php, but there is no image. How to make default folder for image, or some similar solution?

I am using this php code <?php echo $_GET['CiFrame']; ?> to check the url for the variable CiFrame, this allows me to link to a page through my page containing the iframe.

Here is my iframe code.
<iframe name="CiFrame" width="727" height="805" src="<?php echo $_GET['CiFrame']; ?>" scrolling="auto" frameborder="0"></iframe>

The problem is that if the url does not contain a variable the iframe will not open a page. How can i set a default variable if one is not provided?

Thank You

I have this code, for an Upload Form, that works successfully renaming and moving an uploaded file to the upload/ folder. 

How do I set the date format so that it's always going by the UTC date?

I've used:
Code: [Select]
date_default_timezone_set('UTC');
but, when I change my date on my computer, the date changes on the website.

This is really confusing me, googled different ways for like 10/20 minutes and can't find anything.

If anyone can help it'd be great,

Thanks,
Andy.

Hi, I am trying to get the date and time that a particular table was last updated, which the code below does, but it doesn't seem to be putting it in the correct timezone, it is 5 hours behind, anyone know why this is? or how i can fix it? Thanks

Code: [Select]
<?php
date_default_timezone_set('Europe/London');
        $query = "SELECT UPDATE_TIME FROM information_schema.tables WHERE TABLE_SCHEMA = 'tffdb' AND TABLE_NAME = 'test_team_points'";
        $result = mysql_query($query) or die(mysql_error());
        
        $row = mysql_fetch_assoc($result);
echo $row['UPDATE_TIME'];

?>

In a Switch statement, can you give the Default: a specific name, maybe like this...


switch ($resultsCode){
// Missing Primary Key.
case 'COMMENT_MISSING_KEYS_2050':
echo '<h1>System Error</h1>';
echo '<p>A Fatal Error has occurred.  Please contact the System Administrator. (2050)</p>';
break;

default 'DEFAULT_CATCHALL_ERROR_CODE_9999':
echo '<p>You have reached the catch-all error code... (9999)</p>';
break;



Debbie

Hi guys and gals ,

got a minor problem.  I have a table in which i want the "photo" column to have a default value of "noimage.jpg".

I set the default value to "noimage.jpg" and put "as defined" too.

but when i fill the form in and leave the upload field blank it doesnt show the noimage.jpg as it should and in the mysql table it leaves it blank and not with default value.

Here is the inserts.php which adds the data to the mysql table.   

Can you help please.

<CENTER><B>Vehicle Added</B></CENTER>
<BR>

<?php

mysql_connect("localhost", "wormste1_barry", "barry") or die(mysql_error());
mysql_select_db("wormste1_barry") or die(mysql_error());

$CarName = mysql_real_escape_string(trim($_POST['CarName']));
$CarTitle = mysql_real_escape_string(trim($_POST['CarTitle']));
$CarPrice = mysql_real_escape_string(trim($_POST['CarPrice']));
$CarMiles = mysql_real_escape_string(trim($_POST['CarMiles']));
$CarDescription = mysql_real_escape_string(trim($_POST['CarDescription']));
$pic = mysql_real_escape_string(trim($_FILES['uploadedfile']['name'])); 


$target_path = "images/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
    echo "<br />";
} else{
    echo "There was an error uploading the file, please try again!";
}



mysql_query("INSERT INTO cars 
(CarName, CarTitle, CarPrice, CarMiles, CarDescription, photo) VALUES('$CarName', '$CarTitle', '$CarPrice', '$CarMiles', '$CarDescription', '$pic' ) ") 
or die(mysql_error());  


echo "The vehicle data has been added!";

?>

I have a few dropdown forums and would like it to select the current values that are requested.

Code: [Select]
global $filename,$fileid,$filetype,$filedir,$fileby;
  global $months,$pg;


echo "<h2>Search Files</h2>";
echo "<p>";
  echo "<form name = 'File_Search' action = '#' method = 'POST'>";
echo "<table border=\"0\" width=\"100%\"><tr>";
echo "<td>File Name<br><input type = 'text' name = 'name'></td><td>File Type<br><select name = 'type'>
<option value = '0'>All Types</option>
  <option value = 'o'>Official Files</option>
<option value = '1'>Quests</option>
  <option value = '2'>Graphic/Spritesheets</option>
  <option value = '3'>Entity/Scripts</option>
  <option value = '4'>Sound/Music</option>
  <option value = '5'>QuestPack/Programs</option>
  <option value = '6'>Miscellaneous</option>
  </select></td>";
  echo "<td>Order By<br><select name = 'order'>
  <option value = '0'>Last Updated</option>
  <option value = '1'>ID</option>
  <option value = '2'>Name</option>
  <option value = '3'>Downloads</option>
  <option value = '4'>Rating</option>
<option value = '5'>Points</option>
  <option value = '6'>Random</option>
  </select></td>";
  echo "<td>Acending?<br><select name = 'dir'><option value = '0'>False</option><option selected value = '1'>True</option></select></td>";
echo "</tr><tr><td rowspan = '4'><input type = 'submit' name = 'search' value = 'search'></td></tr></table></form>";
echo "</p>";

So if the $filetype equals 2 I want the dropdown box to show "Graphic/Spritesheets" by default. BTW Official Files is not actually a type so that's why I chose to give it a small letter o and will work the same way as All Types but run a different function.

$fileby is used for the OrderBy field.
$filedir is for the Acending field.
The other data is for the other parts of the script.

If you like you can give advice on the name's default because you may have a better method then what I have in my head.

I am having problems with a search feature I am using for a website I am building. Everything was working fine when I was testing on my local machine using EasyPHP 3.0. The issue I am having is that once I uploaded the site to a "live" server and tested it, my search function wouldn't work. The issue resides in the two lines with the magic quotes and the real escape string, for some reason those lines worked fine while testing using EasyPHP 3.0, but now I must delete those lines in order for my search function to work. The problem is that deleting those lines makes me vulnerable to an SQL injection. I have tried deleting just the magic quotes line and everything works properly, but then I am not seeing any kind of strip slashing/sanitizing when I enter in a statement like this into my search: a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't.

Any help on this issue would be greatly appreciated!

 
//get data
$button = $_GET['submit'];
if (get_magic_quotes_gpc() == 0){  
$search = mysql_real_escape_string($_GET['search']); // clean up the search string
}
else
{
$search = $_GET['search'];
 
$limit = 9;
 
$page = $_GET['page'];
 
if($page) 
$start = ($page - 1) * $limit;
 
I also tried using the mysql_real_escape_string on my construct, but I get syntax errors because of the | being used before and after the $search_each. That | character must remain in place in order for my search to work the way I want it to.

    
$x++;
if ($x==1)
$construct .= "keywords LIKE '%".mysql_real_escape_string(|$search_each|)."%'";
else 
$construct .= "AND keywords LIKE '%|$search_each|%'";        
}

I have my template files and some functions in my server which are available for direct reach.
like ;
my "index.php" file includes "loginpage.php" form which is ok when I enter www.site.com/index.php

but also when I enter to www.site.com/loginpage.php it works and shows me just login page. So  this is what I dont want. How can I prevent to reach the files directly like this, I want them to work just for other pages of my website, not for directly seeing.

By the way can this problem also be solved by hosting settings or mod_rewrite ?

$_POST['user_name'] = "CLUEL3SS";
$_POST['user_pass'] = "test123";
$_POST['confirm_pass'] = "test123";
$_POST['user_email'] = "user@email.com";
$_POST['confirm_pass'] = 'user@email.com';

function testFunc($inputVars){
foreach($inputVars as $key=>$value){
$escapeData[$key] = mysql_real_escape_string($value);
}
return $escapeData;
}

var_dump(testFunc($_POST));



I'm trying to make a user system for my site and I want to make sure its secure enough to void off injection attackers. Any useful advice and and suggestions would be greatly appreciated!

Thanks!

Hello all,

A simple question:

I have a HTML application from which a php script is executed. 'GET' method is used and no form is submitted.
I was wondering if there is a way to prevent users from run this php script directly in the browser.

Thank you all for your suggestions,
Mamer

Hi All,

I was wondering if someone maybe knows a nice way to prevent double posting or posting within a certain time without using javascript. Or maybe even echoing an error if someone posts the exact same ase the previous post.

I found this little snippet:
Code: [Select]
onClick="disabled=true;this.form.submit();return true;" Which prevents double clicking.
But its javascript and I rather have something besides that to cover all situations. Would love to hear what you guys use or reccomend.

Thanks!