PHP - Prevent Double Post
Hi All,
I was wondering if someone maybe knows a nice way to prevent double posting or posting within a certain time without using javascript. Or maybe even echoing an error if someone posts the exact same ase the previous post. I found this little snippet: Code: [Select] onClick="disabled=true;this.form.submit();return true;" Which prevents double clicking. But its javascript and I rather have something besides that to cover all situations. Would love to hear what you guys use or reccomend. Thanks! Similar TutorialsI have a problem which is why I am here. What I am trying to achieve I am creating a very very basic timetabling system online, using php and sql. I am still in the process of completing it and changing bits from here to there. Although I am fully aware that the current design / implementation needs several changes and amendments, but however it performs most of the basic functionalities from a login system to the ability to add data delete data and also reset the database and recreate. The problem I have a table called tCourse althouogh a full ERD implementation has not taken place, it is still trial and error period. The table consists of the following: - Course - Unit - Course_Code - Year (i.e. Yr1, Yr2, Yr3) - Credits (Value of the unit) - Day - Semester - Start_Time - End_Time - Room - Tutor At the moment the primary keys for the table a - Day - Start_Time - Room_ - Semester This basically prevents a particular day, a semester, a room having been booked at the same time. Which for a very basic one is ok. The only problem is though, if someone books for example: Monday >> 13:00:00 To 14:00:00 >> 205 >> Sem1 (ok) Monday >> 13:00:00 To 14:00:00 >> 205 >> Sem1 (Not ok, which is good, as it is a repeat and prevents double booking) However the problem comes he Monday >> 12:00:00 To 14:00:00 >> 205 >> Sem1 (ok) So this is allowing a booking even though that room will be busy i.e. booked between 13:00 to 14:00 So is there a way I can limit it, so if there is a room booked for that particular period it will not do it. I have done a bit of research and friend's have suggested doind several for loops and quering the database beforehand. I came here, mainly because there are a lot of experienced individuals here whom may have a simpler solution, although I can understand it won't be a one liner . I would appreciate any help, if not, it is still ok. Hi Friends, I am suffering with very serious problem, We have a deal selling website--Problem is that when someone buy a deal , they are getting 2 vouchers on bahalf of one while they are getting charged ones only [I am using authorized.net payment gateway]. for some reason Entry is inserting TWICE in MYSQL but it is not happening on every purchase, it happens once in 20 purchase (for example).... I have tried every possible effort but it still happens, anybody can show me helping hand please ? this is my partial code where I am inserting the voucher info : for($i=0; $i<$_SESSION['quHidden']; $i++): if($_SESSION['RecName'][$i]!=''):$IsGist="t";$GRName=$_SESSION['RecName'][$i];else:$IsGist="f";$GRName="";endif; $coupon_code=str_makerand("12", "12", "false", "false", "false"); $NCCod="#".$coupon_code; $download_path="dealcoupon.php?id=".$sql_coupon['deal_id']."&CRANCode=".$coupon_code; $DLContent[]="<a href=\"".$download_path."\" target=\"_blank\" style=\"font-family: Helvetica,Arial,sans-serif; color: rgb(9, 129, 190);font-size: 14px;\">Download Voucher: ".$NCCod."</a>"; mysql_query("INSERT INTO `tbl_purchase` ( `fld_buyerid` , `fld_dealid` , `fld_amount` , `fld_purchaseid`, `fld_subdate`, `fld_expdate`, `fld_quantity`, `fld_cardno`, `isGift`, `fld_RecName`) VALUES ( '".$_SESSION['usr_id']."', '".$sql_coupon['deal_id']."', '".$sql_coupon['deal_price']."', '$NCCod', '".time()."', '".$sql_coupon[deal_edate]."', '1', '".$_SESSION['x_card_num']."','".$IsGist."','".$GRName."')"); $CoupanArr[]=$NCCod; endfor; //--------------------------------------------------------------------- mysql_query("insert into tbl_vouemails set fld_did='".$sql_coupon['deal_id']."', fld_uid='".$_SESSION['usr_id']."', fld_voucher='".implode(",",$CoupanArr)."', fld_etime='".getPATime($sql_coupon[deal_edate])."', fld_subdate='".time()."', fld_VReceiver='".implode(",",$_SESSION['RecName'])."'"); sorry, I posted twice. Let's say I have an HTML page with a form that submits data via POST. A user can click on "View source" and see the variables used. What's to stop them from making their own page that POSTs to the same destination using the same variables? Any way to prevent this? Hey Guys. I am working with a form that shows the grand total on the checkout page. The value of the grand total is inside a hidden field. When click on submit, the _POST array doesn't get back the last value of the grand total. I need to hit the button twice to get the last value. The weird thing is when I echo the value of the grand total it display the latest value, but not with the POST array
For example. If the grand total is $10.00 and I click on submit. It will show the POST['grand_total'] as empty. If I click on submit again it will show the grand total of $10.00.
Below is my code that I am working with. Any help would be really appreciated.
if(isset($_POST['submit'])) { /* Doesn't show if i put it after if($_POST['submit'] */ if(isset($_POST['grand_total'])) { echo $_POST['grand_total']; } } //A bunch of other html/php code. Another class calculates the subtotal assigns it the variable $subtotal $cart_totals = new cartTotals($subtotal, $discounted_amount,$post_values->tip); // Cart class is shown below /* Doesn't show if i put it before if($_POST['submit'] */ if(isset($_POST['grand_total'])) { echo $_POST['grand_total']; } echo "<input name='grand_total' type='hidden' value='$cart_totals->grand_total' />"; // Shows the grand total after second from submission echo "$cart_totals->grand_total"; // Shows grand total after the first submissionCart Totals Class class cartTotals { public $subtotal; public $sales_tax; public $tip; public $grand_total; public $discount_amount; public $href_page; public $invalidCouponMessage; const TEST_ENVIORMENT = FALSE; /** * [ Function gets constructed in the order summary where the [$discount_amount= ""] arg does need to be passed. * But does get passed in when called on the checkout.php page. Therefore we set the default value to an empty string.] * @param [float] $subtotal [subtotal get passed in from the parent class coreCartFunction] * @param string $discount_amount [The class checkCouponCode calculates this discount amount based on the * subtotal and the discount amount. It gets instantiated on the clients side and passed is this construction function. * This is all done on the checkout page.] */ /*The way the construct function works is by invoking all the methods the passed arguments When the methods get invoked the do all the work and set the properties its values. The properties then get echoed out on the client side. */ function __construct($subtotal="", $discount_amount= "", $tip=""){ $this->subTotal($subtotal, $discount_amount);//SubTotal method takes the discount amount and subtracts it from the subtotal. $this->salesTax($subtotal, $discount_amount); $this->tip = $tip; $this->grandTotal(); } private function subTotal($subtotal,$discount_amount) { $rounded_subtotal = round($subtotal-$discount_amount,2); $money_format_subtotal = money_format('%i',$rounded_subtotal); $this->subtotal = $money_format_subtotal; } private function salesTax($subtotal, $discount_amount =""){ $sales_tax = (STORE_SALES_TAX)?(float)STORE_SALES_TAX:8.875; $sales_tax =(($this->subtotal)*$sales_tax)/100; $sales_tax = round($sales_tax,2); $this->sales_tax = $sales_tax; } public function Tip() { //global $post_values; //$last_tip_selected = $post_values->tip > 0 ? $post_values->tip : "" ; $tip_output = "<select id='tip' name='tip'>"; for($tip=0.00; $tip<=11.75; $tip+=0.25){ if( $tip == "2") {$selected = " selected";} else {$selected ="";} $formatted_tip = money_format('%i',$tip); $tip_output .= "<option {$selected} id='selected_tip' value='$formatted_tip'>"."$".$formatted_tip ."</option>".PHP_EOL; } $tip_output .= "</select>"; return $tip_output; } private function grandTotal(){ $grand_total = round($this->sales_tax+$this->subtotal+$this->tip,2); $grand_total_formatted = money_format('%i',$grand_total); $this->grand_total = $grand_total_formatted; } $post='{"cart_items":[{"configuration":{"price":100,"recharge_number":"9999999999"},"product_id":"999","qty":1}]}';i try this n reslut was :There are no valid items in cart: help me plz Edited by ShivaGupta, 30 November 2014 - 01:11 AM. I'm learning PHP, and in the course of this, I'm writing a little app which posts to the same php file. HOWEVER, when I run the app again, the POST values remain. I can use unset() but, is there another way to clear POST data? RON ok i want to be able to delete the post only if there the one who posted aka blabbed here is the script , please help. if im not clear please tell me! Code: [Select] <?php // Start_session, check if user is logged in or not, and connect to the database all in one included file include_once("scripts/checkuserlog.php"); if (!$_SESSION['idx']) { $msgToUser = '<br /><br /><font color="#FF0000">Sorry but you must be logged in to view this page!</font><p><br><div align="right"><a href="register.php">Join Here</a></div><form id="signinform" action="login.php" method="post" enctype="multipart/form-data" name="signinform"> <fieldset> <legend>Log in</legend> <label for="login">Email</label> <input type="text" id="email" name="email" /> <div class="clear"></div> <label for="password">Password</label> <input type="password" id="password" name="pass" /> <div class="clear"></div> <label for="remember_me" style="padding: 0;">Remember me?</label> <input type="checkbox" id="remember" style="position: relative; top: 3px; margin: 0; " name="remember"/ value="yes" checked="checked"> <div class="clear"></div> <br /> <input type="submit" style="margin: -20px 0 0 287px;" class="button" name="commit" value="Sign In"/> </fieldset> </form></p>'; include_once 'msgToUser.php'; exit(); } else if ($logOptions_id != $_SESSION['id']) { $msgToUser = '<br /><br /><font color="#FF0000">Only site members can do that</font><p><a href="register.php">Join Here</a></p>'; include_once 'msgToUser.php'; exit(); } // Include the class files for auto making links out of full URLs and for Time Ago date formatting include_once("wi_class_files/autoMakeLinks.php"); include_once ("wi_class_files/agoTimeFormat.php"); // Create the two new objects before we can use them below in this script $activeLinkObject = new autoActiveLink; $myObject = new convertToAgo; ?> <?php // ------- INITIALIZE SOME VARIABLES --------- // they must be initialized in some server environments or else errors will get thrown $id = ""; $username = ""; $firstname = ""; $lastname = ""; $mainNameLine = ""; $country = ""; $state = ""; $city = ""; $zip = ""; $bio_body = ""; $website = ""; $youtube = ""; $facebook = ""; $twitter = ""; $twitterWidget = ""; $locationInfo = ""; $user_pic = ""; $blabberDisplayList = ""; $interactionBox = ""; $cacheBuster = rand(999999999,9999999999999); // Put on an image URL will help always show new when changed // ------- END INITIALIZE SOME VARIABLES --------- // ------- ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS --------- if (isset($_GET['id'])) { $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers } else if (isset($_SESSION['idx'])) { $id = $logOptions_id; } else { header("location: index.php"); exit(); } // ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS --------- // ------- FILTER THE ID AND QUERY THE DATABASE -------- $id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case $sql = mysql_query("SELECT * FROM myMembers WHERE id='$id' LIMIT 1"); // query the member // ------- FILTER THE ID AND QUERY THE DATABASE -------- // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count header("location: index.php?msg=user_does_not_exist"); exit(); } // ------- END MAKE SURE PERSON EXISTS IN DATABASE --------- // ------- WHILE LOOP FOR GETTING THE MEMBER DATA --------- while($row = mysql_fetch_array($sql)){ $username = $row["username"]; $firstname = $row["firstname"]; $lastname = $row["lastname"]; $country = $row["country"]; $state = $row["state"]; $city = $row["city"]; $sign_up_date = $row["sign_up_date"]; $sign_up_date = strftime("%b %d, %Y", strtotime($sign_up_date)); $last_log_date = $row["last_log_date"]; $last_log_date = strftime("%b %d, %Y", strtotime($last_log_date)); $bio_body = $row["bio_body"]; $bio_body = str_replace("'", "'", $bio_body); $bio_body = stripslashes($bio_body); $website = $row["website"]; $youtube = $row["youtube"]; $facebook = $row["facebook"]; $twitter = $row["twitter"]; $friend_array = $row["friend_array"]; /////// Mechanism to Display Pic. See if they have uploaded a pic or not ////////////////////////// $check_pic = "members/$id/image01.jpg"; $default_pic = "members/0/image01.jpg"; if (file_exists($check_pic)) { $user_pic = "<img src=\"$check_pic?$cacheBuster\" width=\"218px\" />"; } else { $user_pic = "<img src=\"$default_pic\" width=\"218px\" />"; } /////// Mechanism to Display Real Name Next to Username - real name(username) ////////////////////////// if ($firstname != "") { $mainNameLine = "$firstname $lastname ($username)"; $username = $firstname; } else { $mainNameLine = $username; } /////// Mechanism to Display Youtube channel link or not ////////////////////////// if ($youtube == "") { $youtube = ""; } else { $youtube = '<br /><br /><img src="images/youtubeIcon.jpg" width="18" height="12" alt="Youtube Channel for ' . $username . '" /> <strong>YouTube Channel:</strong><br /><a href="http://www.youtube.com/user/' . $youtube . '" target="_blank">youtube.com/' . $youtube . '</a>'; } /////// Mechanism to Display Facebook Profile link or not ////////////////////////// if ($facebook == "") { $facebook = ""; } else { $facebook = '<br /><br /><img src="images/facebookIcon.jpg" width="18" height="12" alt="Facebook Profile for ' . $username . '" /> <strong>Facebook Profile:</strong><br /><a href="http://www.facebook.com/profile.php?id=' . $facebook . '" target="_blank">profile.php?id=' . $facebook . '</a>'; } /////// Mechanism to Display Twitter Tweet Widget or not ////////////////////////// if ($twitter == "") { $twitterWidget = ""; } else { $twitterWidget = "<script src=\"http://widgets.twimg.com/j/2/widget.js\"></script> <script> new TWTR.Widget({ version: 2, type: 'profile', rpp: 5, interval: 6000, width: 218, height: 160, theme: { shell: { background: '#BDF', color: '#000000' }, tweets: { background: '#ffffff', color: '#000000', links: '#0066FF', } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: true, avatars: false, behavior: 'all' } }).render().setUser('$twitter').start(); </script>"; } /////// Mechanism to Display Website URL or not ////////////////////////// if ($website == "") { $website = ""; } else { $website = '<br /><br /><img src="images/websiteIcon.jpg" width="18" height="12" alt="Website URL for ' . $username . '" /> <strong>Website:</strong><br /><a href="http://' . $website . '" target="_blank">' . $website . '</a>'; } /////// Mechanism to Display About me text or not ////////////////////////// if ($bio_body == "") { $bio_body = ""; } else { $bio_body = '<div class="infoBody">' . $bio_body . '</div>'; } /////// Mechanism to Display Location Info or not ////////////////////////// if ($country == "" && $state == "" && $city == "") { $locationInfo = ""; } else { $locationInfo = "$city · $state<br />$country ".'<a href="#" onclick="return false" onmousedown="javascript:toggleViewMap(\'google_map\');">view map</a>'; } } // close while loop // ------- END WHILE LOOP FOR GETTING THE MEMBER DATA --------- // ------- POST NEW BLAB TO DATABASE --------- $blab_outout_msg = ""; if (isset($_POST['blab_field']) && $_POST['blab_field'] != "" && $_POST['blab_field'] != " "){ $blabWipit = $_POST['blabWipit']; $sessWipit = base64_decode($_SESSION['wipit']); if (!isset($_SESSION['wipit'])) { } else if ($blabWipit == $sessWipit) { // Delete any blabs over 50 for this member $sqlDeleteBlabs = mysql_query("SELECT * FROM blabbing WHERE mem_id='$id' ORDER BY blab_date DESC LIMIT 50"); $bi = 1; while ($row = mysql_fetch_array($sqlDeleteBlabs)) { $blad_id = $row["id"]; if ($bi > 20) { $deleteBlabs = mysql_query("DELETE FROM blabbing WHERE id='$blad_id'"); } $bi++; } // End Delete any blabs over 20 for this member $blab_field = $_POST['blab_field']; $blab_field = stripslashes($blab_field); $blab_field = strip_tags($blab_field); $blab_field = mysql_real_escape_string($blab_field); $blab_field = str_replace("'", "'", $blab_field); $sql = mysql_query("INSERT INTO blabbing (mem_id, the_blab, blab_date) VALUES('$id','$blab_field', now())") or die (mysql_error()); $blab_outout_msg = ""; } } // ------- END POST NEW BLAB TO DATABASE --------- // ------- MEMBER BLABS OUTPUT CONSTRUCTION --------- /////// Mechanism to Display Pic if (file_exists($check_pic)) { $blab_pic = '<div style="overflow:hidden; height:40px;"><a href="profile.php?id=' . $id . '"><img src="' . $check_pic . '" width="40px" border="0" /></a></div>'; } else { $blab_pic = '<div style="overflow:hidden; height:40px;"><a href="profile.php?id=' . $id . '"><img src="' . $default_pic . '" width="40px" border="0" /></a></div>'; } /////// END Mechanism to Display Pic $sql_blabs = mysql_query("SELECT id, mem_id, the_blab, blab_date FROM blabbing WHERE mem_id='$id' ORDER BY blab_date DESC LIMIT 20"); while($row = mysql_fetch_array($sql_blabs)){ $blabid = $row["id"]; $uid = $row["mem_id"]; $the_blab = $row["the_blab"]; $the_blab = ($activeLinkObject -> makeActiveLink($the_blab)); $blab_date = $row["blab_date"]; $convertedTime = ($myObject -> convert_datetime($blab_date)); $whenBlab = ($myObject -> makeAgo($convertedTime)); $blabberDisplayList .= ' <table style="background-color:#FFF; border:#999 1px solid; border-top:none;" cellpadding="5" width="100%"> <tr> <td width="10%" valign="top">' . $blab_pic . '</td> <td width="90%" valign="top" style="line-height:1.5em;"><span class="greenColor textsize10">' . $whenBlab . ' <a href="profile.php?id=' . $uid . '">' . $username . '</a> said:</span><br /> ' . $the_blab . '</td> </tr></table>'; } // ------- END MEMBER BLABS OUTPUT CONSTRUCTION --------- // ------- ESTABLISH THE PROFILE INTERACTION TOKEN --------- $thisRandNum = rand(9999999999999,999999999999999999); $_SESSION['wipit'] = base64_encode($thisRandNum); // Will always overwrite itself each time this script runs // ------- END ESTABLISH THE PROFILE INTERACTION TOKEN --------- // ------- EVALUATE WHAT CONTENT TO PLACE IN THE MEMBER INTERACTION BOX ------------------- // initialize some output variables $friendLink = ""; $the_blab_form = ""; if (isset($_SESSION['idx']) && $logOptions_id != $id) { // If SESSION idx is set, AND it does not equal the profile owner's ID // SQL Query the friend array for the logged in viewer of this profile if not the owner $sqlArray = mysql_query("SELECT friend_array FROM myMembers WHERE id='" . $logOptions_id ."' LIMIT 1"); while($row=mysql_fetch_array($sqlArray)) { $iFriend_array = $row["friend_array"]; } $iFriend_array = explode(",", $iFriend_array); if (in_array($id, $iFriend_array)) { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'remove_friend\');">Remove Friend</a>'; } else { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'add_friend\');">Add as Friend</a>'; } ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $interactionBox = '<br /><br /><div class="interactionLinksDiv"> ' . $friendLink . ' <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'private_message\');">Private Message</a> </div><br />'; $the_blab_form = '<div style="background-color:#BDF; border:#999 1px solid; padding:8px;"> <textarea name="blab_field" rows="3" style="width:99%;"></textarea> <strong>Write on ' . $username . '\'s Board (coming soon)</strong> </div>'; } else if (isset($_SESSION['idx']) && $logOptions_id == $id) { // If SESSION idx is set, AND it does equal the profile owner's ID $interactionBox = '<br /><br /><div class="interactionLinksDiv"> <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'friend_requests\');">Friend Requests</a> </div><br />'; $the_blab_form = ' ' . $blab_outout_msg . ' <div style="background-color:#BDF; border:#999 1px solid; padding:8px;"> <form action="profile.php" method="post" enctype="multipart/form-data" name="blab_from"> <textarea name="blab_field" rows="3" style="width:99%;"></textarea> <input name="blabWipit" type="hidden" value="' . $thisRandNum . '" /> <strong>Blab away ' . $username . '</strong> (220 char max) <input name="submit" type="submit" value="Blab" /> <div align="right"> </form></div>'; } else { // If no SESSION id is set, which means we have a person who is not logged in $interactionBox = '<div style="border:#CCC 1px solid; padding:5px; background-color:#E4E4E4; color:#999; font-size:11px;"> <a href="register.php">Sign Up</a> or <a href="login.php">Log In</a> to interact with ' . $username . ' </div>'; $the_blab_form = '<div style="background-color:#BDF; border:#999 1px solid; padding:8px;"> <textarea name="blab_field" rows="3" style="width:99%;"></textarea> <a href="register.php">Sign Up</a> or <a href="login.php">Log In</a> to write on ' . $username . '\'s Board </div>'; } // ------- END EVALUATE WHAT CONTENT TO PLACE IN THE MEMBER INTERACTION BOX ------------------- // ------- POPULATE FRIEND DISPLAY LISTS IF THEY HAVE AT LEAST ONE FRIEND ------------------- $friendList = ""; $friendPopBoxList = ""; if ($friend_array != "") { // ASSEMBLE FRIEND LIST AND LINKS TO VIEW UP TO 6 ON PROFILE $friendArray = explode(",", $friend_array); $friendCount = count($friendArray); $friendArray6 = array_slice($friendArray, 0, 6); $friendList .= '<div class="infoHeader">' . $username . '\'s Friends (<a href="#" onclick="return false" onmousedown="javascript:toggleViewAllFriends(\'view_all_friends\');">' . $friendCount . '</a>)</div>'; $i = 0; // create a varible that will tell us how many items we looped over $friendList .= '<div class="infoBody" style="border-bottom:#666 1px solid;"><table id="friendTable" align="center" cellspacing="4"></tr>'; foreach ($friendArray6 as $key => $value) { $i++; // increment $i by one each loop pass $check_pic = 'members/' . $value . '/image01.jpg'; if (file_exists($check_pic)) { $frnd_pic = '<a href="profile.php?id=' . $value . '"><img src="' . $check_pic . '" width="54px" border="1"/></a>'; } else { $frnd_pic = '<a href="profile.php?id=' . $value . '"><img src="members/0/image01.jpg" width="54px" border="1"/></a> '; } $sqlName = mysql_query("SELECT username, firstname FROM myMembers WHERE id='$value' LIMIT 1") or die ("Sorry we had a mysql error!"); while ($row = mysql_fetch_array($sqlName)) { $friendUserName = substr($row["username"],0,12); $friendFirstName = substr($row["firstname"],0,12);} if (!$friendUserName) {$friendUserName = $friendFirstName;} // If username is blank use the firstname... programming changes in v1.32 call for this if ($i % 6 == 4){ $friendList .= '<tr><td><div style="width:56px; height:68px; overflow:hidden;" title="' . $friendUserName . '"> <a href="profile.php?id=' . $value . '">' . $friendUserName . '</a><br />' . $frnd_pic . ' </div></td>'; } else { $friendList .= '<td><div style="width:56px; height:68px; overflow:hidden;" title="' . $friendUserName . '"> <a href="profile.php?id=' . $value . '">' . $friendUserName . '</a><br />' . $frnd_pic . ' </div></td>'; } } $friendList .= '</tr></table> <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleViewAllFriends(\'view_all_friends\');">view all</a></div> </div>'; // END ASSEMBLE FRIEND LIST... TO VIEW UP TO 6 ON PROFILE // ASSEMBLE FRIEND LIST AND LINKS TO VIEW ALL(50 for now until we paginate the array) $i = 0; $friendArray50 = array_slice($friendArray, 0, 50); $friendPopBoxList = '<table id="friendPopBoxTable" width="100%" align="center" cellpadding="6" cellspacing="0">'; foreach ($friendArray50 as $key => $value) { $i++; // increment $i by one each loop pass $check_pic = 'members/' . $value . '/image01.jpg'; if (file_exists($check_pic)) { $frnd_pic = '<a href="profile.php?id=' . $value . '"><img src="' . $check_pic . '" width="54px" border="1"/></a>'; } else { $frnd_pic = '<a href="profile.php?id=' . $value . '"><img src="members/0/image01.jpg" width="54px" border="1"/></a> '; } $sqlName = mysql_query("SELECT username, firstname, country, state, city FROM myMembers WHERE id='$value' LIMIT 1") or die ("Sorry we had a mysql error!"); while ($row = mysql_fetch_array($sqlName)) { $funame = $row["username"]; $ffname = $row["firstname"]; $fcountry = $row["country"]; $fstate = $row["state"]; $fcity = $row["city"]; } if (!$funame) {$funame = $ffname;} // If username is blank use the firstname... programming changes in v1.32 call for this if ($i % 2) { $friendPopBoxList .= '<tr bgcolor="#F4F4F4"><td width="14%" valign="top"> <div style="width:56px; height:56px; overflow:hidden;" title="' . $funame . '">' . $frnd_pic . '</div></td> <td width="86%" valign="top"><a href="profile.php?id=' . $value . '">' . $funame . '</a><br /><font size="-2"><em>' . $fcity . '<br />' . $fstate . '<br />' . $fcountry . '</em></font></td> </tr>'; } else { $friendPopBoxList .= '<tr bgcolor="#E0E0E0"><td width="14%" valign="top"> <div style="width:56px; height:56px; overflow:hidden;" title="' . $funame . '">' . $frnd_pic . '</div></td> <td width="86%" valign="top"><a href="profile.php?id=' . $value . '">' . $funame . '</a><br /><font size="-2"><em>' . $fcity . '<br />' . $fstate . '<br />' . $fcountry . '</em></font></td> </tr>'; } } $friendPopBoxList .= '</table>'; // END ASSEMBLE FRIEND LIST AND LINKS TO VIEW ALL(50 for now until we paginate the array) } // ------- END POPULATE FRIEND DISPLAY LISTS IF THEY HAVE AT LEAST ONE FRIEND ------------------- ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="Description" content="Profile for <?php echo "$username"; ?>" /> <meta name="Keywords" content="<?php echo "$username, $city, $state, $country"; ?>" /> <meta name="rating" content="General" /> <meta name="ROBOTS" content="All" /> <title>Site Profile for <?php echo "$username"; ?></title> <link href="style/main.css" rel="stylesheet" type="text/css" /> <link rel="icon" href="favicon.png" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.png" type="image/x-icon" /> <script src="js/jquery-1.4.2.js" type="text/javascript"></script> <style type="text/css"> <!-- .infoHeader { background-color: #BDF; font-size:11px; font-weight:bold; padding:8px; border: #999 1px solid; border-bottom:none; width:200px; } .infoBody{ background-color: #FFF; font-size:11px; padding:8px; border: #999 1px solid; border-bottom:none; width:200px; } /* ------- Interaction Links Class -------- */ .interactionLinksDiv a { border:#B9B9B9 1px solid; padding:5px; color:#060; font-size:11px; background-image:url(style/headerBtnsBG.jpg); text-decoration:none; } .interactionLinksDiv a:hover { border:#090 1px solid; padding:5px; color:#060; font-size:11px; background-image:url(style/headerBtnsBGover.jpg); } /* ------- Interaction Containers Class -------- */ .interactContainers { padding:8px; background-color:#BDF; border:#999 1px solid; display:none; } #add_friend_loader { display:none; } #remove_friend_loader { display:none; } #interactionResults { display:none; font-size:16px; padding:8px; } #friendTable td{ font-size:9px; } #friendTable td a{ color:#03C; text-decoration:none; } #view_all_friends { background-image:url(style/opaqueDark.png); width:270px; padding:20px; position:fixed; top:150px; display:none; z-index:100; margin-left:50px; } #google_map { background-image:url(style/opaqueDark.png); padding:20px; position:fixed; top:150px; display:none; z-index:100; margin-left:50px; } --> </style> <script language="javascript" type="text/javascript"> // jQuery functionality for toggling member interaction containers function toggleInteractContainers(x) { if ($('#'+x).is(":hidden")) { $('#'+x).slideDown(200); } else { $('#'+x).hide(); } $('.interactContainers').hide(); } function toggleViewAllFriends(x) { if ($('#'+x).is(":hidden")) { $('#'+x).fadeIn(200); } else { $('#'+x).fadeOut(200); } } function toggleViewMap(x) { if ($('#'+x).is(":hidden")) { $('#'+x).fadeIn(200); } else { $('#'+x).fadeOut(200); } } // Friend adding and accepting stuff var thisRandNum = "<?php echo $thisRandNum; ?>"; var friendRequestURL = "scripts_for_profile/request_as_friend.php"; function addAsFriend(a,b) { $("#add_friend_loader").show(); $.post(friendRequestURL,{ request: "requestFriendship", mem1: a, mem2: b, thisWipit: thisRandNum } ,function(data) { $("#add_friend").html(data).show().fadeOut(12000); }); } function acceptFriendRequest (x) { $.post(friendRequestURL,{ request: "acceptFriend", reqID: x, thisWipit: thisRandNum } ,function(data) { $("#req"+x).html(data).show(); }); } function denyFriendRequest (x) { $.post(friendRequestURL,{ request: "denyFriend", reqID: x, thisWipit: thisRandNum } ,function(data) { $("#req"+x).html(data).show(); }); } // End Friend adding and accepting stuff // Friend removal stuff function removeAsFriend(a,b) { $("#remove_friend_loader").show(); $.post(friendRequestURL,{ request: "removeFriendship", mem1: a, mem2: b, thisWipit: thisRandNum } ,function(data) { $("#remove_friend").html(data).show().fadeOut(12000); }); } // End Friend removal stuff // Start Private Messaging stuff $('#pmForm').submit(function(){$('input[type=submit]', this).attr('disabled', 'disabled');}); function sendPM ( ) { var pmSubject = $("#pmSubject"); var pmTextArea = $("#pmTextArea"); var sendername = $("#pm_sender_name"); var senderid = $("#pm_sender_id"); var recName = $("#pm_rec_name"); var recID = $("#pm_rec_id"); var pm_wipit = $("#pmWipit"); var url = "scripts_for_profile/private_msg_parse.php"; if (pmSubject.val() == "") { $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> Please type a subject.').show().fadeOut(6000); } else if (pmTextArea.val() == "") { $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> Please type in your message.').show().fadeOut(6000); } else { $("#pmFormProcessGif").show(); $.post(url,{ subject: pmSubject.val(), message: pmTextArea.val(), senderName: sendername.val(), senderID: senderid.val(), rcpntName: recName.val(), rcpntID: recID.val(), thisWipit: pm_wipit.val() } , function(data) { $('#private_message').slideUp("fast"); $("#interactionResults").html(data).show().fadeOut(10000); document.pmForm.pmTextArea.value=''; document.pmForm.pmSubject.value=''; $("#pmFormProcessGif").hide(); }); } } // End Private Messaging stuff </script> </head> <body> <?php include_once "header_template.php"; ?> <table class="mainBodyTable" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="738" valign="top"><br /> <table width="98%" border="0" align="center" cellpadding="6"> <tr> <td width="33%" valign="top"> <?php echo $user_pic; ?> <?php echo $bio_body; ?> <div class="infoHeader"><?php echo $username; ?>'s Information</div> <div class="infoBody"> <?php echo $locationInfo; ?> <?php echo $website; ?> <?php echo $youtube; ?> <?php echo $facebook; ?> </div> <?php echo $friendList; ?> <div id="view_all_friends"> <div align="right" style="padding:6px; background-color:#FFF; border-bottom:#666 1px solid;"> <div style="display:inline; font-size:14px; font-weight:bold; margin-right:150px;">All Friends</div> <a href="#" onclick="return false" onmousedown="javascript:toggleViewAllFriends('view_all_friends');">close </a> </div> <div style="background-color:#FFF; height:240px; overflow:auto;"> <?php echo $friendPopBoxList; ?> </div> <div style="padding:6px; background-color:#000; border-top:#666 1px solid; font-size:10px; color: #0F0;"> Temporary programming shows 50 maximum. Navigating through the full list is coming soon. </div> </div> <?php echo $twitterWidget; ?> <div class="infoBody" style="border-bottom:#999 1px solid;"><?php include_once("ad_200_square.php"); ?></div> </td> <td width="67%" valign="top"> <span style="font-size:16px; font-weight:800;"><?php echo $mainNameLine; ?></span> <?php echo $interactionBox; ?> <div class="interactContainers" id="add_friend"> <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('add_friend');">cancel</a> </div> Add <?php echo "$username"; ?> as a friend? <a href="#" onclick="return false" onmousedown="javascript:addAsFriend(<?php echo $logOptions_id; ?>, <?php echo $id; ?>);">Yes</a> <span id="add_friend_loader"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span> </div> <div class="interactContainers" id="remove_friend"> <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('remove_friend');">cancel</a> </div> Remove <?php echo "$username"; ?> from your friend list? <a href="#" onclick="return false" onmousedown="javascript:removeAsFriend(<?php echo $logOptions_id; ?>, <?php echo $id; ?>);">Yes</a> <span id="remove_friend_loader"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span> </div> <!-- START DIV that serves as an interaction status and results container that only appears when we instruct it to --> <div id="interactionResults" style="font-size:15px; padding:10px;"></div> <!-- END DIV that serves as an interaction status and results container that only appears when we instruct it to --> <!-- START DIV that contains the Private Message form --> <div class="interactContainers" id="private_message"> <form action="javascript:sendPM();" name="pmForm" id="pmForm" method="post"> <font size="+1">Sending Private Message to <strong><em><?php echo "$username"; ?></em></strong></font><br /><br /> Subject: <input name="pmSubject" id="pmSubject" type="text" maxlength="64" style="width:98%;" /> Message: <textarea name="pmTextArea" id="pmTextArea" rows="8" style="width:98%;"></textarea> <input name="pm_sender_id" id="pm_sender_id" type="hidden" value="<?php echo $_SESSION['id']; ?>" /> <input name="pm_sender_name" id="pm_sender_name" type="hidden" value="<?php echo $_SESSION['username']; ?>" /> <input name="pm_rec_id" id="pm_rec_id" type="hidden" value="<?php echo $id; ?>" /> <input name="pm_rec_name" id="pm_rec_name" type="hidden" value="<?php echo $username; ?>" /> <input name="pmWipit" id="pmWipit" type="hidden" value="<?php echo $thisRandNum; ?>" /> <span id="PMStatus" style="color:#F00;"></span> <br /><input name="pmSubmit" type="submit" value="Submit" /> or <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Close</a> <span id="pmFormProcessGif" style="display:none;"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span></form> </div> <!-- END DIV that contains the Private Message form --> &n Hi,
I have a series of post to post connections. In one function, the output is a list of the linked post to posts. Here is an example: function countryJob(){ global $post;
$echo = f_print(array( echo '<div class="country-job-text">'.$echo.'</div>';
job, location and city are all post types that can be connected.
I want to create the same as above to create a list of the cites connected to a location (locations are the name for posts which are countries)
How do I discover the connection type and post type needed to create this output? Hello Guys, Iam making a new ad serving script. In that site every publisher can register & they will get a url to serve ads. When a user click on that url the publisher will get earnings. But my problem is someone using something like this <iframe src="http://my-site.com/adserve.php" width = "100" height = "100"></iframe> & it will helps to get earnings without clicking on that url. I want to prevent this type of cheating & how it can be possible ?? I hope a expert will replay for me. Can someone please tell me what i have got wrong here? I am trying to return value C if conditions a AND B are met or return value D. Not sure if its parenthesis or something else? <?php if (($row_Recordset4['multidirection']=="yes") && ($_POST["widthcheck"] < $row_Recordset4['drop'])) echo $row_Recordset4['width'];else echo $row_Recordset4['drop'] ?> Thanks This is strange.. I have the following code that checks if there is currently a cap set on requests. Code: [Select] $result = mysql_query("SELECT cap FROM requests"); while($data = mysql_fetch_array($result)) { if ($data['cap'] == '1') { echo"<h1>Requests are currently disabled at this time.</h1>"; }else{ echo'<h1><a href="requestlivery.php">Request Livery</a> | <a href="requestlogo.php">Request Logo</a></h1>'; } } For some reason, this: <h1><a href="requestlivery.php">Request Livery</a> | <a href="requestlogo.php">Request Logo</a></h1> is printed out twice on the webpage. Like: Request Livery | Request LogoRequest Livery | Request Logo I even put that code on a brand new blank page, and it does the same thing. Any ideas as to why would it do that? Unk please help me with this.since i started posting this form to its self it has been inserting values twice into the database when the user clicks submit button and i also noticed that i have to refresh the page before inserted comments can be showed.this is my code: Code: [Select] <?php include"header.php"; $sql="SELECT post_content,post_by FROM post WHERE topicsID='$tpid'"; $result=mysql_query($sql)or die(mysql_error()); while($row=mysql_fetch_array($result)) { echo"<strong>{$row['post_by']}</strong>: {$row['post_content']}"."</br>"; } ?></td> </tr> </table> <?php include"header.php"; if(isset($_POST['submit'])) { $comment=mysql_real_escape_string(trim($_POST['comment'])); $name=mysql_real_escape_string(trim($_POST['name'])); $hidden=$_POST['id']; if($comment!=='' && $name!=='') { $topicid=$_GET['id']; $ins="INSERT INTO post(post_content,post_by,post_id)VALUES('$comment','$name','$topicid')"; mysql_query($ins) or die(mysql_error()); } else { echo"you cannot post an empty field"; } } ?> <h3>Post your comments here</h3> <form action=''method='post'> <textarea name="comment" id="content" style="width:400px;height:50px;background-color:#D0F18F;color:#000000;font:15px/20px cursive;scrollbar-base-color:#638E0D;"></textarea> <br /> Name:<input type="text"name="name"/> <input class="button" type="submit"name="submit"value="submit" /> </p> </form> Hey guys i need to generate a table for a multilevel marketing simulation of 10.000 members. It's a bi-level. All i need is a table with id, parrent I am lost with the double loop ... if u use this for one condition if ($nr > 5) how would u check if the nr is between 5 and 50 thanks ! Why is double spacing the results I know it's stupid simple but I can't see it. I removed $host ip so if you test put one in there. <!doctype html> <html lang="en"> <html> <body> <?php ini_set('max_execution_time', 0); ini_set('memory_limit', -1); $host = "insert IP"; $ports = array(21 ,22 ,23 ,25, 80, 81, 110, 143, 443, 587, 2525, 3306); foreach ($ports as $port) { $connection = @fsockopen($host, $port, $errno, $errstr, 2); if (is_resource($connection)) { echo '<p>' . $host . ':' . $port . ' ' . '(' . getservbyport($port, 'tcp') . ') is open.</p>'; fclose($connection); } else { echo '<p>' . $host . ':' . $port . ' is not Open.</p>'; } } ?> </body> </html>
Based on the comments on my previous question, took some tutorials on how to avoid injections on query. Does the code below prevents against it in any way.? Secondly, can you recommend a good article that writes well in how to secure input data by users. Please be kind with your comments.😉😉. Thankks in advance.
The code works fine. <?php include 'db.php'; error_reporting(E_ALL | E_WARNING | E_NOTICE); ini_set('display_errors', TRUE); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = ($_POST['password']); $sql = "SELECT * FROM customer WHERE username = ?"; $stmt = $connection->prepare($sql); $stmt->bind_param('s', $username); $stmt->execute(); $result = $stmt->get_result(); $count = $result->num_rows; if($count == 1) { while ($row = $result->fetch_assoc()) { if ($row['status'] == 'blocked') { echo'your account is suspended' session_destroy(); exit(); } else if($row['status'] == 'active') { if($username !== $row['username']) { echo '<script>swal.fire("ERROR!!", " Username is not correct. Check Again", "error");</script>'; } if($password !== $row['password']) { echo'<script>swal.fire("ERROR!!!", "Your Password is Incorrect. Check Again.", "error");</script>'; } if($username == $row['username'] && $password == $row['password']) { header('Location:cpanel/'); else { } }//if count }//while loop }//submit ?>
Will this prevent a SQL injection? I am guessing the answer is no because it is too simple. // retrieve form data ========================================== $ama = $_POST['ama']; // Check for alphanumeric characters ===================================== $string = "$ama"; $new_string = preg_replace("/[^a-zA-Z0-9\s]/", "", $string); // echo $new_string; // Send query =========================================================== $query = "SELECT * FROM members WHERE ama='$new_string'"; if (!mysql_query($query)){ die('Error :' .mysql_error()); } |