PHP - Coding Help: Prevent...

Hi
is there any way we can prevent suppose <textarea></textarea> when page reload it refresh and set default text
i wanted to know is there any way to prevent certain things not to get refreshed  is there any method in php which prevent to reload  this !


<?php
echo  "<textarea > Enter your favorite quote!</textarea> \n" ;
Code: [Select]
if (isset($_GET['edit']) && $_GET['edit'] == 'textupdate'){
}
<a href= \"{$_SERVER['PHP_SELF']}?page=1&edit=textupdate \" >Click</a>?>

I am loading a link with ajax. When the link pops on the screen and I click it, I get redirected to my 404 page and my lightbox doesn't load.

If the link pops in and I refresh my browser, then I click the link my lightbox will show up.

How can I do a prevent default on the <a href> in pure JS? No frameworks please.

Our admin panel for a gaming community was recently hit by a successful MySQL injection attack.
Here are the parameters they entered into forms to gain access.

Code: [Select]
${99319+100354}
Code: [Select]
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE acunetix [
  <!ENTITY acunetixent SYSTEM "http://testphp.vulnweb.com/dot.gif">
]>
<xxx>&acunetixent;</xxx>
Not sure which one worked, or how they even managed to POST to that page. But how do these two strings work? What do they do?

I have my template files and some functions in my server which are available for direct reach.
like ;
my "index.php" file includes "loginpage.php" form which is ok when I enter www.site.com/index.php

but also when I enter to www.site.com/loginpage.php it works and shows me just login page. So  this is what I dont want. How can I prevent to reach the files directly like this, I want them to work just for other pages of my website, not for directly seeing.

By the way can this problem also be solved by hosting settings or mod_rewrite ?

I was asked to make new thread for this, so how do I use a session or something to restrict access to a page.....like if accounttype=Admin, stay here, all others go away......do you need to see code, or can you just give me an example.......

I have a problem which is why I am here. 

What I am trying to achieve

I am creating a very very basic timetabling system online, using php and sql. I am still in the process of completing it and changing bits from here to there. Although I am fully aware that the current design / implementation needs several changes and amendments, but however it performs most of the basic functionalities from a login system to the ability to add data delete data and also reset the database and recreate.


The problem

I have a table called tCourse althouogh a full ERD implementation has not taken place, it is still trial and error period.

The table consists of the following:

- Course
- Unit
- Course_Code
- Year (i.e. Yr1, Yr2, Yr3)
- Credits (Value of the unit)
- Day
- Semester
- Start_Time
- End_Time
- Room
- Tutor

At the moment the primary keys for the table a  

- Day
- Start_Time
- Room_   
- Semester

This basically prevents a particular day, a semester, a room having been booked at the same time. Which for a very basic one is ok. The only problem is though,

if someone books for example:

Monday >> 13:00:00 To 14:00:00 >> 205 >> Sem1 (ok)
Monday >> 13:00:00 To 14:00:00 >> 205 >> Sem1 (Not ok, which is good, as it is a repeat and prevents double booking)

However the problem comes he


Monday >> 12:00:00 To 14:00:00 >> 205 >> Sem1 (ok)
So this is allowing a booking even though that room will be busy i.e. booked between 13:00 to 14:00

So is there a way I can limit it, so if there is a room booked for that particular period it will not do it.

I have done a bit of research and friend's have suggested doind several for loops and quering the database beforehand. I came here, mainly because there are a lot of experienced individuals here whom may have a simpler solution, although I can understand it won't be a one liner .

I would appreciate any help, if not, it is still ok.

Hi all,

I am trying to make a emailscript with PEAR to send quite some people a personalized messaged. But i thought this could very well cause the script to time out. Now i read http://php.net/manual/en/function.set-time-limit.php, but i thought does maybe someone knows a way to prevent a time out instead of setting the time-limit to a larger amount.
Some terms i saw floating around we ob_start, flush, sleep and a few others but i really never worked with these.
If someone could point me in the right direction of thinking or maybe knows a tutorial or guide i really would love to hear it. Thank you! 

This topic has been moved to Other.

http://www.phpfreaks.com/forums/index.php?topic=345836.0

How can I prevent the less than and greater than signs in the username field, and message on the post?    As well as slashes. / \.

Code: [Select]
<form method="post" action="" id="reply">
<script type="text/javascript">
function hi(id){
var val = id.options[id.selectedIndex].value;
var text = id.options[id.selectedIndex].text;
if (val.length != 0){document.getElementById('user').value = text;hide('passrow');}
else {
document.getElementById('user').value = '';
document.getElementById('passrow').style.cssText = '';
}
}
</script>

<div id="userpass" style="background: #000;">
<table style="border: 2px solid #252564; background: #1F1F5D;" width="100%" cellpadding="0" class="quick_userpass">
<tr>
<td background="/images/bg3.jpg" height="26px"><font face=arial size=2 color="white">&nbsp;&nbsp;&nbsp;<b>Your Name or Nickname</b></td>
</tr>
<tr>
<td><input size=50 name="user" id="user" value="" style="margin-left: 10px;"></td>
</tr>
<tr><td background="/images/bg3.jpg" height=26px></td></tr>
</table>

<div id="passrow" style="">
<p>
<table width=100% cellpadding=0 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;">
<tr><td background="/images/bg3.jpg" height=26px style=""><font face=arial size=2 color="white">&nbsp;&nbsp;&nbsp;<b>Password (optional)</b></td></tr>
<tr><td style=""><input size=50 name="pass" id="pass" type="password" style="margin-left: 10px;"  value=""></td></tr>
<tr><td background="/images/bg3.jpg" height=26px></td></tr>
</table>
</p>
</div>

<p>
<table width=100% cellspacing=0 cellpadding=4 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;">
<tr bgcolor="#121236"><td><font face=arial size=2 color="white"><b>Enter your message here</b></font></td></tr>
<tr><td><center><textarea id="quickreply" name="message" rows=10 cols=50 wrap="VIRTUAL" ></textarea></center></td></tr>
</table>
<div id="preview" style="display: none;"></div>
</p>
<br />
<center>
<font face=arial size=2>When you're happy with your message, click:</font>
<div id="javano"><input type="submit" value=" Post Message "></div>
</center>
<input type="hidden" name="tid" value="<?php echo $_GET["tid"];?>" />
</div>
</form>

That is the code I'm using for User/Pass/message fields.

Hello all,

A simple question:

I have a HTML application from which a php script is executed. 'GET' method is used and no form is submitted.
I was wondering if there is a way to prevent users from run this php script directly in the browser.

Thank you all for your suggestions,
Mamer

I have my script protected against all types of sql injection, XSS injection, cookies and bots.
But now i want to know whats the best way of preventing session hijacking?
I know nothing can be 100% secured but i want to know how to prevent it
And u know it:
prevention is better than cure!

I'm building a website that uses session variables.  My understanding of session variables is that they only exist as long as the browser is open -- meaning that once the browser closes, the session variables are lost.  

Hello everyone,

I am trying to use only cookies so that session fixation is not possible. Unfortunately I can still log in when I disable cookies in Internet Explorer.

Am I doing something wrong? Or do I misunderstand the concept?

This is my code:

Code: [Select]
<?php

class Session{

private $username;

public function createSession($username){
$this->username = $username;

ini_set("session.use_only_cookies", 1);

session_start();
$_SESSION['username'] = $this->username;
return $this->username;
}

}

?>

Hi All,

I was wondering if someone maybe knows a nice way to prevent double posting or posting within a certain time without using javascript. Or maybe even echoing an error if someone posts the exact same ase the previous post.

I found this little snippet:
Code: [Select]
onClick="disabled=true;this.form.submit();return true;" Which prevents double clicking.
But its javascript and I rather have something besides that to cover all situations. Would love to hear what you guys use or reccomend.

Thanks!

I am having problems with a search feature I am using for a website I am building. Everything was working fine when I was testing on my local machine using EasyPHP 3.0. The issue I am having is that once I uploaded the site to a "live" server and tested it, my search function wouldn't work. The issue resides in the two lines with the magic quotes and the real escape string, for some reason those lines worked fine while testing using EasyPHP 3.0, but now I must delete those lines in order for my search function to work. The problem is that deleting those lines makes me vulnerable to an SQL injection. I have tried deleting just the magic quotes line and everything works properly, but then I am not seeing any kind of strip slashing/sanitizing when I enter in a statement like this into my search: a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't.

Any help on this issue would be greatly appreciated!

 
//get data
$button = $_GET['submit'];
if (get_magic_quotes_gpc() == 0){  
$search = mysql_real_escape_string($_GET['search']); // clean up the search string
}
else
{
$search = $_GET['search'];
 
$limit = 9;
 
$page = $_GET['page'];
 
if($page) 
$start = ($page - 1) * $limit;
 
I also tried using the mysql_real_escape_string on my construct, but I get syntax errors because of the | being used before and after the $search_each. That | character must remain in place in order for my search to work the way I want it to.

    
$x++;
if ($x==1)
$construct .= "keywords LIKE '%".mysql_real_escape_string(|$search_each|)."%'";
else 
$construct .= "AND keywords LIKE '%|$search_each|%'";        
}