|
PHP - Filtering Sql Values By Url Parameter
Hi all
I am building a page to filter SQL values but I'm not sure how to write the code for the query. My URL looks like this: stone.php?category=Wood&type=4&colour=1&Submit=Submit Firstly, can I remove the submit from the URL? Then I have my code to create the query: $fetchData=mysql_query("SELECT * FROM `products` WHERE category = "'.$_GET'category.'""); Can I combine this for the type and colour? Many thanks Pete Similar TutorialsI am using rawurlencode for my urls, like this: I have the following code just to insert a username and hashed password into the database but somehow I am getting this error and I couldn't find out where I am doing it wrong...can someone please give me a hand?
I tried it in two ways and both errors...
the first few lines are just connecting database which worked fine and a password.php so I can use password_hash() with my php version
$hash = password_hash('xx', PASSWORD_BCRYPT, array('cost' => 10));
$username = 'xx';
$insertQuery = $db->prepare("
INSERT INTO et_todo (username, password)
VALUES (:username, :hash)
");
$insertQuery->execute(array(
'username' => $username,
'password' => $hash
));
also tried
$hash = password_hash('xx', PASSWORD_BCRYPT, array('cost' => 10));
$insertQuery = $db->prepare("
INSERT INTO et_todo (username, password)
VALUES ('xx', :hash)
");
$insertQuery->execute(array(
'username' => 'xx',
'password' => $hash
));
Hello,
I recently posted here about an issue I was having with my database orientated products page.
I have now run into another problem where say if, /db.php was typed or /db.php?p=IDoNotExist was typed, it returns blank.
I have in my code the desired content to be displayed, but it just doesn't seem to want to make a show.
I was also wondering if it is possible to show different content for whatever the URL is, so for no parameter, the content about the products, and a non existent one, maybe "Product not found"?
Here is my code:
<?php
$db=mysql_connect ("localhost", "webwibco_charlie", "Hello123") or die ('I cannot connect to the database because: ' . mysql_error());
$mydb=mysql_select_db("webwibco_products");
include("header.php");
$status = htmlspecialchars( @$_GET ['p'] );
if ($status == "floorpuzzles") {
echo "<h1>Our Floor Puzzles</h1>";
$sql="SELECT ID, Name, Tags, Description, Category FROM products WHERE Category LIKE '%" . FloorPuzzles . "%'";
$result=mysql_query($sql);
while($row=mysql_fetch_array($result)){
$Name =$row['Name'];
$ID =$row['ID'];
$Description =$row['Description'];
echo "<div class=\"box\">";
echo "<h1>$Name</h1>";
echo "<div class=\"floorbox\"><a href=\"?p=$ID\"><img src=\"images/products/catalogue/big/floorpuzzles/$ID.jpg\" class=\"small\"></a></div>";
echo "<h2>$Description</h2>";
echo "</div>";
}
?>
<?
}else{
if ($status == $_GET["p"]) {
$sql="SELECT ID, Name, Tags, Description, Pieces, Size, Barcode, Category FROM products WHERE ID = '" . $_GET['p'] . "'";
$result=mysql_query($sql);
while($row=mysql_fetch_array($result)){
$Name =$row['Name'];
$ID =$row['ID'];
$Description =$row['Description'];
$Pieces =$row['Pieces'];
$Size =$row['Size'];
$Barcode =$row['Barcode'];
echo "<div class=\"1\">";
echo "<h1>$Name</h1>";
echo "<div class=\"bigbox\">";
echo "<div class=\"floorbox\"><img src=\"images/products/catalogue/big/floorpuzzles/$ID.jpg\" class=\"big\"></div>";
echo "</div>";
echo "</div>";
echo "<div class=\"2\">";
echo "<p>Puzzle Pieces: $Pieces</p>
<p>Puzzle Size: $Size</p>
<p>Barcode: $Barcode</p>";
echo "</div>";
}
}else{
?>
<?
echo"<h1>Our Products</h1>
<p>Our jigsaw puzzles are hand cut by skilled craftsmen and therefore each one is unique with self-correcting pieces. There is a strict quality control process at all stages by our highly experienced staff. The puzzles are durable and provide fun and excitement, enhancing learning and a child’s development.<p>
<p>All of our jigsaws are made using materials from sustainable resources grown in managed forests. Where possible we support companies in the UK and source our components locally, most of our suppliers are in the East Midlands, many in Derbyshire and Nottinghamshire. We keep packaging to a minimum and take our environmental and ethical responsibilities very seriously.</p>
<p>Reducing waste and recycling was a way of life for us before it became fashionable. We are constantly searching for new ideas and consult teachers when developing our jigsaws, which are often used within the national curriculum.</p>
<p>As well as making our own range, we manufacture for leading suppliers to the education market. Check for \"Made in Britain\" and it is probably made by us.</p>
<p>We have a wide variety of products available for viewing, from classic floor puzzles to innovative inset trays. You can take a look at all our products on this page, simply use the navigation buttons to your left.</p>";
}}
include("footer.php");
?>
The final echo is what I wish to be displayed on the URL without or with an invalid parameter.
Here is my site URL: http://www.webwib.co...saws/search.php (note that only the "Floor Puzzles" category has content within it).
Thank you in advance for assistance.
I have a form and script that is used to collect information from users. There is one field that is url. There is one field that is email. I want to filter out scripts. I also only want to allow url in the url field and email in the email field. Is there an easy way to filter? I have tried several pieces of code to no avail. Code: [Select] <?php $root = $_SERVER['DOCUMENT_ROOT']; include('/home/arts/public_html/shows/includes/config.db.php'); if ($link) { foreach ($_POST as $k => $v) { if (($k == "start_date") || ($k == "end_date") || ($k == "application_dead")) { $varray = explode("/",$v); $v = $varray[2] . "-" . $varray[0] . "-" . $varray[1]; } $v = "'" . addslashes($v) . "'"; if($k != "captcha_code") { $keys[] = $k; $vals[] = $v; } } $fields = implode(",", $keys); $values = implode(",", $vals); //$fields = "id," . $fields; //$values = "null," . $values; $sql = "INSERT into craft_shows ($fields) VALUES ($values)"; $result = mysql_query($sql,$link); if (!$result) { die('There was a problem with your submission. Refresh the page to try again'); } else { echo "Thank you for your submission.<br>"; echo "<a href=\"http://www.artsandcraftsnetwork.com/shows/\">Back to shows</a><br>"; echo "<a href=\"http://www.artsandcraftsnetwork.com/shows/shows_submit.php\">Submit another show</a>"; } } ?> hi, i am trying to filter my gps history points. i would like to ignore points if they are too close to the previous position. i can do this like so. $old_lat = $old_long = "0"; foreach($history['data'] as $record) { //calculate distance in meters $distance = distance($record['latitude'], $record['longitude'], $old_lat, $old_long, "V"); if($distance >= 300) { echo 'add(jQuery(this), number += 1, "' . date("d-m-Y @ h:i:s",$record['timestamp']) . '", "map_post.php?n=' . $name . 'u=' . $history['user'] . '", "' . $history['user'] . '", "' . $record['latitude'] . '", "' . $record['longitude'] . '");'; $old_lat = $record['latitude']; $old_long = $record['longitude']; } the problem with the above is that if i arrive home at 6pm on friday and stay outside my house for 24hours, it will show the latest position as at 6pm on fri. i would like it to show the 6pm friday position but with a date 'from and to' time like (28/10/11 18:00 - 29/10/11 18:00) rarther than just (28/10/11 18:00) which looks inacurate. Possible? Hi all, I am working on a tool to pull data remotely and the data is set to xml format. I want to post items that meet a certain criteria only, essentially there are several layers/tags on the data being brought over. The sStatus is the primary item I am looking for, not only that but only if it has or equals to "Waiting". Any thoughts or suggestions greatly appreciated. Below is the basic code I have in place currently and am working on. <code> <?php $soapclient = new SoapClient("https://secure.logmeinrescue.com/api/api.asmx?wsdl"); $sEmail = "dummy@dum.com"; $sPassword = "dum123"; $iNodeID = "123456"; $eNodeRef = "NODE"; $sAuthCode = ""; $loginparams = array ( 'sEmail' => $sEmail, 'sPassword' => $sPassword); $loginResult = $soapclient->login($loginparams); $output = array( 'eOutput' => "XML" ); $outputResponse = $soapclient->setOutput($output); $sessionparams = array( 'iNodeID' => $iNodeID, 'eNodeRef' => $eNodeRef, 'sAuthCode' => $sAuthCode ); //get session(s) $sessionresult = $soapclient->getSession($sessionparams); $session = $sessionresult->aSessions; $sessionnodes = $session->SESSION; $session_status = $sessionnodes[$isessionNodes]->sStatus; print_r($sessionresult); ?> </code> Hi there I have the following array . Code: [Select] $products = array( array( Code => "CF1", Items => "Sand Tray", Cat => 'Tray', ), array( Code => "CF2", Items => "Mobile Computer Table", Cat => 'Table', ), array( Code => "CF3", Items => "General Service Trolley", Cat => 'Trolley', ), array( Code => "CF4", Items => "TV Trolley", Cat => 'Trolley', ), array( Code => "CF5", Items => "Overhead Projector Trolley", Cat => 'Trolley', ), array( Code => "CF6", Items => "Book Trolley", Cat => 'Tolley', ), array( Code => "CF7", Items => "Stacking Chairs", Cat => 'Chairs', ), ); What I want to do is select each by 'Cat'. For example I simply want to display all the trolleys. I was wondering how I do this? What functions would I use in PHP? Thanks a million Hi, I have an issue, I cant filter my data from DB. Whats wrong in my code? <?php /* Include Files *********************/ //include("banners/database.php"); mysql_connect("host", "user", "pwd") or die("Connection Failed"); mysql_select_db("DB")or die("Connection Failed"); ?> <?php $memberIndustries =['memberIndustries']; if (isset($_POST["memberIndustries"])) { $memberIndustries = mysql_real_escape_string ($_POST["memberIndustries"]); $sql="SELECT * FROM Members WHERE Industries_Industry_ID='$memberIndustries'"; $result = mysql_query($sql) or die (mysql_error()); while ($myrowe = mysql_fetch_array($result)) {?> <? // if new member, label it //$todays_date = date("Y-m-d"); //$dateCompare = $myrowe[Creation_Date]+30; //$dateCompare = strtotime(date("Y-m-d", strtotime($myrowe[Creation_Date])) . " +30 days"); //if(strtotime($todays_date)<=$dateCompare){ ?> <table width="100%"> <tr> <td align="right"> <img src="/members/new.gif"> </td> </tr> </table> <? //}?> <? if($myrowe[LOGO_lnk]!='') {?> <img src="<? echo $myrowe[LOGO_lnk]; ?>"> <? } ?> <br /> <br /> <font style="font-family: Arial; font-size: 10.5pt; font-weight:bold;color:#C1121F"> <? echo $myrowe[Company_Title];?> </font> <? if($myrowe[Person_Name_1]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Name_1];?></font> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Title_1];?></font> <? } if($myrowe[Person_Name_2]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Name_2];?></font> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Title_2];?></font> <? } if($myrowe[Person_Name_2]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Name_3];?></font> <font style="font-family: Arial; font-size: 8.5pt; font-weight:bold;color:#000000"><? echo $myrowe[Person_Title_3];?></font> <? } if($myrowe[Address_row1]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[Address_row1];?></font> <? } if($myrowe[Address_row_2]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[Address_row_2];?></font> <? } if($myrowe[Address_row_3]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[Address_row_3];?></font> <? } if($myrowe[Phone]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000">Tel:<? echo $myrowe[Phone];?></font> <? } if($myrowe[Fax]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000">Fax:<? echo $myrowe[Fax];?></font> <? } if($myrowe[email]!='') {?> <br /> <a href="mailto:<? echo $myrowe[email];?>"> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[email];?></font> </a> <? } if($myrowe[web]!='') {?> <br /> <a href="<? echo $myrowe[web];?>"target="_blank"> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[web];?></font> </a> <? } if($myrowe[Industries_Industry_ID]!=0) { $queryInd = "SELECT Industry_Title FROM Industries WHERE Industry_ID=$myrowe[Industries_Industry_ID]"; $resultInd = mysql_query($queryInd) or die (mysql_error()); $myroweIND = mysql_fetch_array($resultInd) ?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myroweIND[Industry_Title];?></font> <? } if($myrowe[Description]!='') {?> <br /> <font style="font-family: Arial; font-size: 8.5pt; color:#000000"><? echo $myrowe[Description];?></font><p></p> <? } ?> <br /><br /> <? } <? }} ?> I'm pretty sure the problem is starring me in the face, but I can't seem to locate it. function filter($string) { //swear words pulled from bannedwordlist.com $f = fopen('../badwords.txt', 'r'); $bad_words = fread($f, filesize('../badwords.txt')); $bad_words = explode('\n', $bad_words); $input = strtolower($string); foreach($bad_words as $value) { $string = str_replace($value, '****', $input); } return $string; } UPDATED CODE function filter($string) { //swear words pulled from bannedwordlist.com $f = fopen('../badwords.txt', 'r'); $bad_words = fread($f, filesize('../badwords.txt')); $bad_words = explode('\n', $bad_words); $input = strtolower($string); $string = str_replace($bad_words, '****', $input); return $string; } I've already echoed out $value in the foreeach loop, and it does correctly retrieve the bad words and put them into an array. My only problem is, the returned string is still in strtolower() form, and the words aren't censored. :/ I have a SQL statement which is difficult to use PDO on, it might not even be possible to do.
So I'm filtering it like this:
$search = $_GET['search'];
$search = preg_replace("/[^A-Za-z0-9]/", " ", $search);
$search = $mysqli->real_escape_string($search);
Will this result in an acceptable level of security?
Edited by anderson_catchme, 16 September 2014 - 12:28 PM. Hi all, I was wondering if i can filter certain log files like using 2 keywords and get all the info inbetween? The log files are like <1 MB. The other problem i encounter is howto since i looked all over the net but cant seem to find usefull info about it. Can you help me out here? This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=334433.0 First off, i have made a validation class using array_diff() to check if there are invalid characters submitted by a user. Some extracts: Code: [Select] $this->chr_alpha_lower=array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'); $this->chr_alpha_upper=array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'); $this->chr_numeric=array('0','1','2','3','4','5','6','7','8','9'); $this->chr_symbol=array(' ','!','@','#','$','%','&','(',')','[',']','.',',',':',';','\'','"','/','=','\\','-','_','?'); ... // lets say only alpha and numeric characters are allowed $allowed_characters=array(); $allowed_characters=array_merge($allowed_characters,$this->chr_alpha_lower,$this->chr_alpha_upper); $allowed_characters=array_merge($allowed_characters,$this->chr_numeric); $input_split=str_split($this->input); $invalid=array_diff($input_split,$allowed_characters); if(empty($invalid)){ return true; } return false; I have two questions. First, for acsii characters is this method 'full proof' or is there a way for someone to get around this validation script? Second, a new site im developing is going to be built with UTF-8 in mind so people can use the site in their own language. How do i validate UTF-8 user input? I know about mb_strings and sanitizing UTF-8 input using this: Code: [Select] preg_match_all('/([\x09\x0a\x0d\x20-\x7e]'. // ASCII characters '|[\xc2-\xdf][\x80-\xbf]'. // 2-byte (except overly longs) '|\xe0[\xa0-\xbf][\x80-\xbf]'. // 3 byte (except overly longs) '|[\xe1-\xec\xee\xef][\x80-\xbf]{2}'. // 3 byte (except overly longs) '|\xed[\x80-\x9f][\x80-\xbf])+/', // 3 byte (except UTF-16 surrogates) $input, $clean_pieces ); $clean_output = join('?', $clean_pieces[0] ); But how do i know what to filter? Example: a field for the user to input first name English: only alpha characters Other language: ????? Help much appreciated. Hello,
Is it possible to allow '@' and '.' while maintaining the rest of this regex?
$email= 'adsfsa@asdf.edu';
$email= preg_replace("/[^A-Za-z0-9]/", " ", $email);
echo $email;
hey guys i was generally wondering...is it good practice to add_slashes and use mysqli_real_escape_string when entering data into the database?
then to strip slashes when extracting rows?
is this the right way to go around things...thanks
I want to create a feature as you see nn this image, where it says 'filter your results' if a user clicks 'Detached Houses' then only detached houses will be displayed. if a user clicks 'Semi-detached' then only semi detached houses will be shown. Any help is really appreciated, thank you. Code: [Select] <table border="0" cellpadding="0" cellspacing="0"> <tr> <td><div id="filter"><p class="houses" style="font-family:helvetica;color:#0155a1;font-size:14px;background:url(cutouts/forsale/filter.jpg) no-repeat;"><b><u>Houses</u></b> <br /> <span class="dh"><b><u>Detached Houses</u></b></span><?php // Make a MySQL Connection mysql_connect("localhost", "admin", "1admin") or die(mysql_error()); mysql_select_db("test") or die(mysql_error()); // Get a specific result from the "example" table $result = mysql_query("SELECT * FROM example WHERE name='Sandy Smith'") or die(mysql_error()); // get the first (and hopefully only) entry from the result $row = mysql_fetch_array( $result ); // Print out the contents of each row into a table echo $row['name']." - ".$row['age']; ?> <br /> <span class="dh"><b><u>Semi-detached houses</u></b></span> <br /> <span class="dh"><b><u>Terraced houses</u></b></span> <br /> <br /> <b><u>Flats / Apartments</u></b> </p></div></td> Hi guys I was wondering if anyone could point me in the right direction with this. I am using JSON to return the contents of a directory and then using a foreach loop to print each one to a new row in a table. Is there anyway to filter the results? Basically I just want to show the files that end in a .jar extension? Currently all sub directories and files are shown, however all the files I need to pull will be in the main directory. This is what I am using: Code: [Select] <?php foreach ($installedplugins1['success'] as $v) { echo "<tr><td>".$v."</td>"; echo "<td><a href='index.php?dp=".$v."'>Disable Plugin</a></td>"; } ?> Any hints or reading material? Cheers Im struggling with how to filter items that have multiple categorises say if i wanted to search for a shoe that is good for walking and hiking in my database? Shoe_id Shoe name color_id type_id colors color_id color type type_id type My problem is what do i do in a situations like this? say a shoe is good for walking and running? aka type 1 and 2 shoe id 1 shoe name nike color id 1 type id 1 and 2 Hey guys, we have a website where people are able to post things, and we don't want to allow anyone to be able to post their street address, for obvious reasons. I'm really stuck on this one, I've looked for some regular expressions to no avail...one idea we did have was to check a text for an address then check to see if it was a valid address with the google maps API but then again...it goes back to having a regular expression for capturing the street address. I was wanting to know, is there any way I will be able to catch whether a user has posted an address? I was going to post this in the regex section but I'm not sure if I should use any regex's or if there might be another way. Put basically I need to be able to strip a street address from the text if a user posts one. I'm pretty sure it's probably not possible, but I figured I'd ask first. Thanks for any help anyone can provide! |
|||||||