|
PHP - Are There Any Errors In This Line Of Code?
Hi, can any see is the are mistakes in this for me. Thanks echo'<img src="skinFiles/'.$skin['thumb_name'].'"class="skinImage" onclick="changeSkin(\'skinFiles/'.$skin["css_name"].'\')" />'; Similar TutorialsI keep getting this error and I don't know what's wrong. My mysql class is fine, but then the user class keeps getting the error: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home2/-/public_html/special/classes/users.php on line 1 Any change I make, it's always an error on line 1. user.php: <?php include"mysql.php"; class User extends mysql { var $mysql; function __construct(){//Create a 2nd clean function that automatically cleans sessions, gets and posts $this->mysql = new mysql(); foreach($_POST as $key => $val){//For every post $_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } foreach($_GET as $key => $val){//For every get $_GET[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } /* foreach($_SESSION as $key => $val){//For every session $_SESSION[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } */ foreach($_COOKIE as $key => $val){//For every session $_COOKIE[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } } public static function Clean($string){//Create a clean function if(get_magic_quotes_gpc()){//If magic quotes is enabled $string = stripslashes($string);//Remove slashes from the string }elseif(!get_magic_quotes_gpc()){//If not $string = addslashes(trim($string));//Add slashes to the string then trim is } $string = escapeshellcmd($string);//Remove all SHELL commands $string = mysql_real_escape_string($string);//Stop MOST MySQL injections $string = stripslashes(strip_tags(htmlspecialchars($string, ENT_QUOTES)));//Remove XHTML, remove slashes return $string;//Return the final string } function Encrypt($string){ $string = md5($string); $string = sha1($string); $string = md5($string); return $string; } function LoginForm($page){ $fields = array( 'user' => array( 'type' => 'text',//Type of input 'pre' => 'Username',//Label of input 'value' => ''),//Value of input 'pass' => array( 'type' => 'password',//Type of input 'pre' => 'Password',//Label of input 'value' => ''),//Value of input ); return CreateForm ($page, 'post', $fields, 'login', 'test', 'Sign In!'); } function Login($username, $password){//Create a login function for the user system $this->Connect();//Connect to the database! $username = $this->Clean($username);//Clean the username input to stop hackers $password = $this->Clean($password);//Clean the password input to stop hackers $password = $this->Encrypt($password);//Take the unencrypted password and run it through our encrypt function! $query = @mysql_query($this->GetUserLogin($username, $password)) or die(mysql_error());//create the user table by calling the function CreateUser in the querries class if($query){//If the query has worked if(mysql_num_rows($query) == 1){//If the query has got a result ie the information is correct session_register("USR_USERNAME", $username);//Start the session and set the username setcookie("id", $username,time()+500000); setcookie("pass", $password,time()+500000); return 'You are now logged in'; }else{ return 'Incorrect username or password.'; } }else{ return '<b>Mysql Error</b>'; } } function Logout(){ if(isset($_SESSION['USR_USERNAME'])){ unset($_SESSION['USR_USERNAME']); unset($_COOKIE['id']); unset($_COOKIE['pass']); } } function RegisterForm($page){ $fields = array( 'user' => array( 'type' => 'text',//Type of input 'pre' => 'Username',//Label of input 'value' => ''),//Value of input 'pass' => array( 'type' => 'password',//Type of input 'pre' => 'Password',//Label of input 'value' => ''),//Value of input 'cpass' => array( 'type' => 'password',//Type of input 'pre' => 'Confirm Password',//Label of input 'value' => ''),//Value of input 'email' => array( 'type' => 'text',//Type of input 'pre' => 'Email',//Label of input 'value' => ''),//Value of input ); return CreateForm ($page, 'post', $fields, 'register', 'test', 'Sign Up!'); } function Register($username, $password, $cpass, $email){//Create a new function that needs certain variables to work $this->Connect();//Connect to the database! /*Clean the variables to stop hackers*/ $username = $this->Clean($username); $password = $this->Clean($password); $cpass = $this->Clean($cpass); $email = $this->Clean($email); /*Encrypt the 2 passwords*/ $password = $this->Encrypt($password); $cpass = $this->Encrypt($cpass); $getuser = @mysql_query($this->GetUser($username, $password)) or die(mysql_error()); $r = mysql_fetch_array($getuser); $_name = "/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+"; $_host = "([-0-9A-Z]+\.)+"; $_tlds = "([0-9A-Z]){2,4}$/i"; if($password !== $cpass){ die("The passwords you entered don't match!"); }elseif($username == NULL || $password == NULL || $email == NULL){ die("Please enter data into the specified boxes!"); }elseif(!preg_match($_name."@".$_host .$_tlds, $email)){ die("Please enter a valid email address"); }elseif(mysql_num_rows($getuser) > 0){ die("The username you entered already exists!"); }elseif($username == "Guest"){ die("Name cannot be used"); }else{ $ip = $_SERVER['REMOTE_ADDR'];//Set the ip variable as the users ip address $actcode = $this->GetCode(); $query = @mysql_query($this->RegisterUser($username, $password, $email, $ip, $actcode)) or die(mysql_error());//Send the query to the query page if($query){//If the query has worked $this->SendEmail($username,$email,$actcode); return "Thanks for registering, but before you can use your account, you need to activate it, an email will be sent to you within 10 minutes (Usually Instantly)!";//Return a success message }else{ die("<b>MySQL error!</b>n"); } } } function GetUserInfo(){ $this->Connect(); if(isset($_SESSION[USR_USERNAME])){ $query = @mysql_query($this->GetUser($_COOKIE['id'], $_COOKIE['pass'])) or die(mysql_error());//Get their info from the DB if($query){//If the query worked $logged = mysql_fetch_array($query);//Get the user information $logged['type'] = 1;//Set the type of user to 1 - they arent a guest } }else{ $logged = array( 'username' => 'Guest', 'type' => 0, 'ip' => $_SERVER['REMOTE_ADDR'] ); } return $logged; } function GetCode(){//Create a new function that creates a random string for the activation code $alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; //String of A-Z and 0-9 $actcode = substr(str_shuffle($alphanum), 0, 10); //shuffle the string, cut it so we have 10 characters return $actcode; //Return our 10 character code } function SendEmail($user,$email,$code){//Create a new function to send the email, we have the users username, email and actcode with us. $link = '/activate.php?code='.$code; $re = 'Activate Account'; $headers = 'From: auto@domain.com'; $msg = 'Hello '.$user.', You are receiving this email because you have recently registered at, you will first need to activate your account before you can access it though. Click the link below to activate your account.'.$link; mail($email,$re,$msg,$headers); } function FindCode($actcode){//A new function to find the code in the table. Our $actcode here is passed from the activate.php file. $this->connect();//Connect to MySQL if($actcode){//If $actcode is NOT empty $query = @mysql_query($this->SearchCode($actcode)) or die(mysql_error());//search code sql if(mysql_num_rows($query) == 1){ //If we have one row $query = @mysql_query($this->EditCode($actcode)) or die(mysql_error()); //Edit table if($query){ //If query above succeeded return "You account has been activated and you can now log in!n"; //Confirm message }else{ //Otherwise an error die("<b>MySQL error!</b>n"); } //Otherwise invalid activation code }else{ die("<b>Invalid Activation Code</b>n"); } }else{ //Otherwise $actcode is empty. die("Actcode is empty."); } } } ?> I want my application will send a email after 10 minutes of sending another email. In my application A user completes registration with payment Application sends the user a payment confirmation emailNow I want to send another email 10 minutes After payment confirmation email with welcome tipsBelow is the function where for user setup .
public function finishUserSetup($Sub){
if($Sub == 0){
$subscription = SubscriptionPlans::where('identifier', '=', "Monthly")->first();
$expiry = date('Y-m-d', strtotime('+' . $subscription->months . ' months'));
$sub_period = "monthly";
} else{
$subscription = SubscriptionPlans::where('identifier', '=', "Annually")->first();
$expiry = date('Y-m-d', strtotime('+' . $subscription->months . ' months'));
$sub_period = "annually";
}
$this->expiry_date = $expiry;
$this->user_type = "SUB";
$this->subscription_period = $sub_period;
$this->update();
$replaceArray = array(
'fullname' => $this->forename . " " . $this->surname,
'subscriptionName' => $subscription->name,
);
EmailTemplate::findAndSendTemplate("paymentconfirm", $this->email, $this->forename . " " . $this->surname, $replaceArray);
}
In the above function the last line of code is the one which sends a payment confirmation email to the user which is
EmailTemplate::findAndSendTemplate("paymentconfirm", $this->email, $this->forename . " " . $this->surname, $replaceArray);
I want to execute the following line of code 10 minutes after the above one
EmailTemplate::findAndSendTemplate("WelcomeTips", $this->email, $this->forename . " " . $this->surname, $replaceArray);
How to do that. that is running the last line of code 10 minutes after I wrote the code below as a way of deleting books from a database. The variables sent to this piece of code come from the page before it, through checkboxes with names corresponding to books, for example the page may have 3 checkboxes with the names 3, 4 and 5. If the user was to select checkbox 4, the variable 4 would be sent through post to this piece of code. The code below selects all of the books from the database in the users school, and then cycles through it, checking whether a book should be deleted by checking whether the post value for that book has been set, eg. if book three has been sent, isset($_POST[$temp]) should return a true, and thus the book is deleted from the database via the mysql_query. The code however will not run, currently I am getting Parse error: syntax error, unexpected T_STRING in /home/textexch/public_html/home/exchange/deletebooks.php on line 81, but i fear there are other problems. Does anyone have any advice as to how to do this better? Code: [Select] $result = mysql_query("SELECT * FROM `books` WHERE School ='".$_COOKIE['School']."'"); while($row = mysql_fetch_array($result)){ $temp = $row['BookID']; if(isset($_POST[$temp])){ mysql_query("DELETE FROM books WHERE BookID = '$Delete'); } } if (mysql_affected_rows() == 0) { echo "sorry didn't work"; } else { echo "Books successfully deleted. Return home <a href='../'>here</a>"; } I have a form that is passing the User to following code. The code below is just ported from another site that I created, which works extremely well. I've had to change the datatable, database connection and some of the variables for this site, but it's otherwise the same. I've triple checked the variables. The datatable is accurate. It doesn't appear to be passing variable from the Form with the exception of "content", and I'm getting the following error: Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'year='', position='', content='Test', ppg='', rp' at line 6 Query: INSERT INTO players SET playerFirst='', playerLast='', feet='', inches='' year='', position='', content='Test', ppg='', rpg='', apg='', spg='', bpg='', fgp='', ftp='', status='' What am I missing? Code: [Select] <?php include('db.php'); $playerFirst = $_POST['playerFirst']; $playerLast = $_POST['playerLast']; $feet = $_POST['feet']; $inches = $_POST['inches']; $year = $_POST['year']; $position = $_POST['position']; $content = $_POST['content']; $ppg = $_POST['ppg']; $rpg = $_POST['rpg']; $apg = $_POST['apg']; $spg = $_POST['spg']; $bpg = $_POST['bpg']; $fgp = $_POST['fgp']; $ftp = $_POST['ftp']; $status = $_POST['status']; //if(isSet($_POST['playerFirst']['playerLast']['feet']['inches']['year']['status'])) //{ /* search for existing row */ $sql = "SELECT msg_id FROM players WHERE playerFirst='".mysql_real_escape_string($playerFirst)."' AND playerLast='".mysql_real_escape_string($playerLast)."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); /* update existing row */ $sql = "UPDATE players SET feet='".mysql_real_escape_string($feet)."', inches='".mysql_real_escape_string($inches)."' year='".mysql_real_escape_string($year)."', position='".mysql_real_escape_string($position)."', content='".$content."', ppg='".$ppg."', rpg='".$rpg."', apg='".$apg."', spg='".$spg."', bpg='".$bpg."', fgp='".$fgp."', ftp='".$ftp."', status='".$status."', WHERE msg_id='".$row['msg_id']."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } } else { /* insert new row */ $sql = "INSERT INTO players SET playerFirst='".mysql_real_escape_string($playerFirst)."', playerLast='".mysql_real_escape_string($playerLast)."', feet='".mysql_real_escape_string($feet)."', inches='".mysql_real_escape_string($inches)."' year='".mysql_real_escape_string($year)."', position='".mysql_real_escape_string($position)."', content='".$content."', ppg='".$ppg."', rpg='".$rpg."', apg='".$apg."', spg='".$spg."', bpg='".$bpg."', fgp='".$fgp."', ftp='".$ftp."', status='".$status."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } } Hi all ! I just passed my code through an analyzer and it showed that a lot of it was not following best practices. Some examples are below: 1.Direct use of $_SERVER Superglobal detected.
if($_SERVER['REQUEST_METHOD']==="POST"){
if(!isset($_SESSION)) sess_start();
if(isset($_SESSION['timeout'])){
$_SESSION['user']=$user; 2. Direct use of $_POST Superglobal detected.
if(isset($_POST['submit']) && $_POST['submit'] ==='Logoff'){
$_POST = array(); $usertype = fcheckRecruiter($_POST['usertype']); and many more like these concerning the use of SUPERGLOBALS. 3. Discouraged functions : header(), session_unset(), mysqli_close(), session destroy() & require_once to name a few besides a lot of other common php functions.
header ("Location: donepage.php");
session_unset(); mysqli_close($link); session_destroy(); Well the question is obviously how to tackle these. The surprising part though is that prior to checking the code by an analyzer, I had no clue, like many other coders on this forum perhaps, especially the newbies, that my code was flawed or at least not following the best practices. I never found a single piece of code on the net, in examples, even in examples in the PHP manual that showed the correct usage of these as per best practices. The most surprising of these were of course the SUPERGLOBALS since they are used everywhere and by almost everybody. Googling the internet shows that hardly anyone is clear about these. People are debating on the direct usage of suberglobals where they are used for checking the existence of the variable. So it's all very moot and very grey it seems. Then there are common functions some of which i mentioned above. For example how would I reset the super global $_POST if not by setting it to a blank array? $_POST = array(); Why are these functions, enlisted above, being discouraged from use and what and how should the alternate functions be used ? How to achieve the same functionality in an alternate way? For the use of superglobals I found that it's proposed to use the filters or filter functions to sanatise or validate the input. If i recall correct, Guru Jacques strongly advised against sanitizing any user input. While I can understand validation of user input, sanitization of it seems to be wrong ?? I would be very grateful if someone can shed some light on these very basic and important questions and provide, if possible, some examples of the correct method of using these in code. Thanks all ! Hey everyone, So here is my problem. I have some code to display the amount of views that page has got. In this case it is the thread in my forums section. I have used the same code to show how many people have views a certain persons profile page and that works fine but when I use it on my forum thread page I get this error. Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='20' LIMIT 1' at line 1 Here is the section of code: Code: [Select] <?php $thread_id = preg_replace('#[^0-9]#i', '', $_GET['id']); $getThreadViews = mysql_query("SELECT view_count FROM forum_posts WHERE id='$thread_id' LIMIT 1") or die (mysql_error()); $row = mysql_fetch_assoc($getThreadViews); $counter = $row['view_count']; if($counter == 0){ $counter = 1; $startCounter = mysql_query("INSERT INTO forum_posts (view_count) VALUES ('$counter') WHERE id='$thread_id' LIMIT 1") or die (mysql_error()); } $threadViews = $counter+1; $appendCounter = mysql_query("UPDATE forum_posts SET view_count='$view_count' WHERE id='$thread_id'") or die (mysql_error()); ?> I have checked that there are no spelling errors so just wanted to show it to a fresh pair of eyes because its really starting to annoy me. Thanks in advance for any help. good day PHP-test on OpenSuse Linux 11.3 - ugliest errors (garbage code wherever i look) - i get seasick - this is too much to me. I am willing to throw the computer out of the windows... Well to begin with the beginning: i am brandnew to PHP on OpenSuse 11.3 i just start with PHP while running a first test - this here <?php echo date("Y/m/d") . "<br />"; echo date("Y.m.d") . "<br />"; echo date("Y-m-d") ?> i get ugly Effekts see the output suse-linux:/usr/perl # php learnmecha.php PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 2 2010/11/15<br />PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 3 2010.11.15<br />PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 4 suse-linux:/usr/perl # well - can i say that php runs - but not safe or what is this -- do you have another test - i want to test if the PHP runs well !? I looked up 'how to get all POST variables' and I ended up putting this bit of code together. Im not experienced at all with OOP programming, but I think that when '=>' is used its to do with OOP? Anyway. I dont get this code. I understand Foreach $_POST, as $someVar, (BTW im looking for checkboxes from a form), However, If I leave out the '=> $val' I simply get a lot of 'on' values, indicating the checkboxes I checked. However, WITH the '=> $val' I end up with the checkbox name. Now i've changed the name of '$val' so i know its not a keyword. But i dont get it. Is there a way to access the value of the checkbox? Can someone explain to me whats going on here? I know that I can get the value of the checkbox by $_POST['$checkRows'] But, I have a feeling It can be done in the foreach line. foreach($_POST as $checkRows => $hip) { echo "POSTED: $checkRows<br>\n"; } Please help! ok, this is a much shorter version, but i have: Code: [Select] $val = "1"; then i have a function Code: [Select] function include_function_name{ echo' <ul><li> <a href="index.php?pageID="{$val}"">page name</a> <li/><ul/>'; } i have tried all sorts of variations but i can get it to make pageID=1 plaease help thanks ricky How do I remove the captcha check on this line and keep it valid? if ($author && $message && ($capatcha == 6 || controlPosts::isAdmin())) I tried if ($author && $message && (controlPosts::isAdmin())) but the script wont post like this? Can you suggest a better way to write this code (I didn't create it):
<body onload="getParameterByName('url')">
<a href="" id="urllink" >Click Here</a>
</body>
so, I don't have to change the <body> tag?
for timthumb in my wordpress i use this code to function first_image() { global $post, $posts; $first_img = ''; ob_start(); ob_end_clean(); $output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post->post_content, $matches); $first_img = $matches [1] [0]; if(empty($first_img)){ //Defines a default image $first_img = "images/default.gif"; } return $first_img; } it works really well, then i thought why not to make it show random images if timthumb dont find any image? so the 1st googling i did came up with this function: <?php function getRandomFromArray($ar) { mt_srand( (double)microtime() * 1000000 ); $num = array_rand($ar); return $ar[$num]; } function getImagesFromDir($path) { $images = array(); if ( $img_dir = @opendir($path) ) { while ( false !== ($img_file = readdir($img_dir)) ) { // checks for gif, jpg, png if ( preg_match("/(\.gif|\.jpg|\.png)$/", $img_file) ) { $images[] = $img_file; } } closedir($img_dir); } return $images; } $root = ''; // If images not in sub directory of current directory specify root //$root = $_SERVER['DOCUMENT_ROOT']; $path = 'images/'; // Obtain list of images from directory $imgList = getImagesFromDir($root . $path); $img = getRandomFromArray($imgList); ?> and to show random image i Place the following where i wish the random image to appear: Code: [Select] <img src="<?php echo $path . $img ?>" alt="" /> my question is how to place this code in my function first_image?? i need to do something like this, but it doesnt make any sense: if(empty($first_img)){ //Defines a default image $first_img = " <img src="<?php echo $path . $img ?>" alt="" /> this was my thought, if i can mix those 2 normally it should work, right? or maybe there is another way to show random image in the Code: [Select] [i] if(empty($first_img)){ //Defines a default image[/i] [b] $first_img = ? $tab is a variable for my table's name <?php while($row=mysqli_fetch_assoc($result)){ ?> <?php echo $row['{$tab}_name']?> I'm using a templated PHP script and have successfully added a link (to an image) can anyone help me with an overwhelming problem ? I want to use this command in the php curl code. curl -v --data "WSCommunityStringRW?2=1200ve50set&Submit=Submit" http://10.2.3.111/Forms/SnmpCommunityString -u "admin:a1s2d3" --anyauth I've made up some new code but I have an issue with trying to figure out why it won't work. Do you see any issues with it? $rss = fetch_feed('<?php echo get_post_meta($post->ID, "linktosource", true);?>'); Thanks in advance I want to offer my site visitors the opportunity to use some of my content on their sites. For example, a Quote of the Day or This Date in History snippet that they can place on their site. I want to host and manage the content on my site and allow the visitors to syndicate it on their sites easily. The key word here is "easily". I don't want to do this through RSS, which can be tricky for entry-level webmasters and bloggers. I want to be able to offer a line of code, say in Javascript, that the visitor can copy and paste into their site (Wordpress widget etc.) and have my content appear there. Does anyone have any starting points for how to do this? I have several years of experience with PHPP, MySQL, CSS, HTML, etc., but I don't want to re-invent the wheel. I've done something similar in JSP, but not using PHP. I hav a php page which takes data from the db.But the problem i am facing is for a particular fild in database ,i have long data,which i need to b displayed in a wordwrap way eg my data is " Description need a site for school gave order on 12-10-2010 work started on 12-10-2010 " this shuld be displayed as "Description need a site for school gave order on 12-10-2010 work started on 12-10-2010" Description is the field in the database and rest of them are the datas in it Hello -- I'm trying to work through a very simple CMS that I found on the web (just for learning purposes). I need some help understanding this line: <table> <form method="POST" action="account.php?mode=save<?=( isset($_REQUEST['id']) ? "&id={$_REQUEST['id']}" : null )?> <? I understand the Method = "POST", but not the "action = " line. Thanks for any help. |
|||||||