|
PHP - What Is A Safer Way To Include An Internal Webpage To My Site?
I was using Include() with an ereg expression to strip all harmful characters out of the $_GET['id'];. However, a few people have stated to me that no matter what I do this function is not safe to use and is easily exploitable even after removing illegal characters from $_GET['id'];
Now I am looking for a way to include a web page that uses html and php. file() does not work as it includes my php code within the output so anyone can read it. File_get_contents() did not display any of the page whatsoever. Similar TutorialsHi, My first post here is a cry for help I have a Windows 2003 server running IIS6/PHP5, the server hosts multiple web sites. The problem is include files that are for site A are showing on site B (each site having its own includes as part of the site files in its own site folder), though not every time, its very random, sometimes the correct includes show, sometimes ones from another site on the same server. This only occurs where the include files for both sites have the same name, such as 'inc-header.php' for example. I can only assume PHP is caching includes and because they have the same name is showing the wrong one on other sites sometimes, if I rename them to something unique then the problem goes away, but its not a practical solution to rename all include files to unique names so I find myself looking for a 'real' fix. I have a feeling its to do with the include_path in the php.ini, but right now its disabled with a semi-colon, and I don't want to set one as I have no global includes, all includes are site specific. Any help would be very much appreciated! Phil I have a login with a username and password. Which of these is safer?: - Storing the username and password as cookies (the password is hashed and salted before storing it as a cookie) - Storing just a token as a cookie which is checked against users in the database and retrieves the information I have 2 websites, a companies main website written in PHP and a web application they have purchased written in aspx (main site) www.example.com (web app) www.webapp.com/login.aspx?CompanyName=example The client wants people to be able to login from their main website which then redirect to the webapp (which will be styled like their branding) without the customer realising they have left the main site. I thought i may be able to achieve this with a simple include from a page within the main site such as; Code: [Select] <?php // www.example.com/software include"http://www.webapp.com/login.aspx?CompanyName=example"; ?> This pulls in the login page fine, however when you try to login it does not redirect, it gives a 404 error as it trys to open this URL http://www.example.com/software/login.aspx?CompanyName=example Is there a way of pulling in the necessary html from the aspx site to provide a login box in my clients main site but then have it redirect to the correct aspx page (on the aspx site)? I have thought about using an iframe, but that wont redirect to the webapp upon login, but just keep everything withing the iframe thanks for any advice...
try {
echo "<br>";
foreach($dbh->query("SELECT * FROM test_shot WHERE sold=1 ORDER BY year ASC") as $row) {
if($row['picture'] != "" && $row['picture'] != null)
{
echo "<div class='image-holder'><img src ='".$row['picture']."' width=300px /><br>";
}
if($row['year'] != "" && $row['year'] != null)
{
echo $row['year'];
}
if($row['description'] != "" && $row['description'] != null)
{
echo $row['description'];
}
if($row['sold'] == 1) {
echo "<img src='images/sold1.png'><br>";//Add your image code here
}
elseif ($row['sold'] == 0) {
echo "</div><br>";
}
}
}
catch (PDOException $e) {
print $e->getMessage();
}
?>
Hey guys quick question. I have one static ip address that if i put in the broswer it will forward to the internal ip of my server and will display my website which is located on my server. In my house i also have a development pc which is accessibal within my local network and i would like to be able to view it from my website in an iframe or something. My goal is to just go to my website have a page which will load the local internal ip of my dev pc and display my wamp folder. so i can show my clients the progress on their site. I know this is now good practice but this is just and simplified example of what i am trying to achieve. I would like to display te internal ipaddress on my webserver so that when im on the road i can simply click a link on my website and display the content of my dev pc wamp server? Is ther a special link that i need to use? Is this possible with or without PHP? Should i use an iframe? Hi guys! I'm having a problem with my search bar on my company website. I don't know what's going on, I think that everething is ok. But I'm not a master with php. If anyone can help me with this, I'll be very apprceitte it. Here is the code.
<!-- SEARCH --> Hey guys and gals!
I am currently working on implementing the following functionality in one of my pages:
Whenever a person with a specific IP address visits the page, an internal countdown timer of 2 hours should be started. Until that timer is active, the only response from the page ANYONE can get would be a predefined echo value. Once the timer has run out, the normal script execution of the rest of the page should be restored.
Any pointers and tips on how to approach that would be greatly appreciated.
Hello, I am using the Pear Mail and Mail_Mime packages to send SMTP authenticated HTML formatted emails. I was successfully sending emails when I started getting the following error: sendmail: 451 Internal Error I check out the sendmail logs at /var/log/mail.log but that only says the same thing. I am running Linux-Ubuntu and sending emails from an address on a remote server (godaddy hosted). The interesting thing is that this exact same code will run to completion and fail. Any thoughts? Anyone with Pear Mail experience, is there any way to end the SMTP session, maybe that is the problem. I also think an issue might be that the server thinks my IP is sending too many emails, any way to provision against that? Thanks for any insight and please let me know if other information might be helpful to debug this. hi, sorry if is a very noob question in this site http://thevalley.org.au/index.php I have changed the info in the link contact us, I know is there changed, cause if I hit the open in new tab contact us, or go to http://thevalley.org.au/contact.php it opens the link in the actual content, but, when it opens the contact us in the side menu, I see the old info how to refresh it, as F5 doesnt seem to work?? thank you! i tried to access website from a shared network but i keep getting this error. Before this I can access the website through my local host. But since we have started using the shared server.. i cant access most of the websites.. i searched on google they mentioned about php.ini settings. No idea why did my superior changed to iis server.. definitely works on apache before. I look at my phpinfo() output, and it has ISO-8859-1 and ISO-8859-15 all over it. UTF is not listed once.
Furthermore, mb_internal_encoding() displays it as ISO-8859-1.
For the most part, I stick to the default settings unless I have a specific reason to change.
Should I be changing php.ini to use UTF-8? If so, any specific advice how to do so? This whole encoding issue has been causing me major grief today
Dear all,
try{
$excelContent = chr(255).chr(254).@mb_convert_encoding($excelContent, 'UTF-16LE', 'UTF-8');
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
Do you have any idea about this code? I try to catch the error but it's not work Edited June 28 by nitiphone2021So I have some php code within an html page (using Apache v2.2, PHP v5.2) that uses MySQLI to connect to a database and fetch some rows from a database. Everything works fine so long as I limit the number of rows fetched, if I try to fetch all the rows, I get a 500 Internal Server Error in my browser. I am using GoDaddy Hosting -- has anyone encountered this problem/know what the hell is going on? Only thing I really miss from PHP is "internal" access modifier. Before I was making libraries and extensions in C# (like game frameworks, Tiled implementations, GUI loaders). Now, when I am working on my own PHP framework, I really miss internal, I was using it a lot in C#. Is internal planned to be added in PHP 7 or is it already in PHP 5.6 or it will never be added?
test.php: <?php class Forall{ public $var_a=100; function process(){ echo 'This is for testing'.'<br>'; echo '$var_a: '.$this->var_a.'<br>'; } } $obj=new Forall(); $obj->process(); <form action='post' method='insvideo.php'> videotitle: <input type='text' name='nm_videotitle'/><br> description: <input type='text' name='nm_description' /><br> createddate: <input type='text' name='nm_createddate' /><br> image: <input type='text' name='nm_image' /><br> <input type='submit' /> </form> ?> error: Quote Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, admin@example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. How can i know the line number for error? Hi Still a new comer when it comes to PHP. I have a situation where I want to use an include within an include and I am having trouble with my file paths. My main header include, includes everything for each page of my site, beyond the opening of the body to incorporate my navigation etc conditionally loading in css, and loading in titles and meta data etc depending on the page in question. This header needs to reference another include called the-pod.php which is required for every page, the only trouble is I want to use / to reference the root of the server and this is breaking my code. I can't use ../../ etc as its a different path depending on where the master file is located. So my question is how do I get around this? Can the root of the server or path to the root be stored in a variable? and if so how would I write this. Any tips / advice will be greatly appreciated. CanI put one INCLUDE statement INSIDE of another INCLUDE statement? Hi Guys.. Merry Christmas Im kinda new to this fantastic world of PHP and i have a little problem i hope you can help me with. Im trying to build a website where I use include() to genereate my content. On my index.php i have a menu which includes content in a content div from external .php pages, my structure kinda goes like this.. (simplified) site/ index.php content/ fronpage.php products.php contact.php The HTML looks like this. <div id="menu"> <ul> <li><a href="index.php?page=frontpage">frontpage</a></li> <li><a href="index.php?page=products">frontpage</a></li> <li><a href="index.php?page=contact">frontpage</a></li> </ul> </div <div id="main"> <?php include('/content/'.$_GET['page'].'.php'); ?> </div> This all works very fine, but my problem is, can I have a include inside an already included page? I would like to have a menu on my products.php site, but that page is already included from above, and i would like the menu on the products.php site to stay as the content from the nested include changes with input from the /products folder. my idea was something like this. site/ index.php content/ frontpage.php products.php contact.php products/ product1.php product2.php the HTML on the index.php is the same as above and then i would add the include() on the products.php page, so its kinda the same thing, but one inside the other. HTML inside the products.php folder <div id="sub_menu"> <ul> <li><a href="#">frontpage</a></li> <li><a href="#">frontpage</a></li> <li><a href="#">frontpage</a></li> </ul> </div <div id="sub_main"> <?php include('/content/products'.$_GET['#'].'.php'); ?> </div> I dont know how to link to the new files so they will be included while the first include still stays on the page. Any of you know how and if this can be done? Or maybe at better way to do it? Hope this made sense, my first PHP question Thanks Hi, I am building a website created from a database and I would like to mask the domain, can anyone advise how to do this and the best method. I have also heard that Google disliks PHP query links. This is an link, can I choose what appears in the link? Code: [Select] <a href="product.php?price=<?php echo $row['price']; ?>&discount=<?php echo $row['discount']; ?>&description=<?php echo $row['description']; ?>&awImage=<?php echo $row['awImage']; ?>&link=<?php echo $row['link']; ?>&fulldescription=<?php echo $row['fulldescription']; ?>" class='productlink' rel="nofollow" ><?php echo $row['description']; ?></a> Hey guys,
So I making a basic website form to do CRUD operations on a database, and all of my components work, but I keep getting 500 - Internal server error on my index.php
Heres my code:
<?php
require_once('config.php');
require_once('menu.php');
echo '<h1>View All Alien Interactions</h1>';
/* Start the table with the fields we want to display
Remember $fields is now in config.php */
echo '<table>
<tr>';
foreach($fields AS $label){
// th is a table header; the column's title or label.
echo "<th>{$label}</th>";
}
//Add the edit and delete columns at the end of the table
echo '<th>Edit</th><th>Delete</th>';
echo '</tr>';
/*
Select the fields we want, from all the rows
The first line takes the array keys from our $fields array
and implodes them, using backticks and commas. The end result
will look like `first_name`, `last_name`, `phone_number`...
The next line creates a SELECT query using that string.
*/
$fields_str = '`contact_id`, `'.implode(array_keys($fields), '`, `').'`';
$sql = "SELECT {$fields_str} FROM `aliens_abduction`";
foreach($dbh->query($sql) as $row) {
echo '<tr>';
// Loop through the fields again to display them for this row.
// Note: The tutorial originally contained an error here, this has been updated.
foreach($fields AS $field=>$value){
// if the field is blank, we want to empty a blank space, otherwise the HTML won't work properly
echo '<td>'.(isset($row[$field]) && strlen($row[$field]) ? $row[$field] : ' '.'</td>');
}
echo '</tr>';
echo '<td><a href="edit.php?contact_id='.$row['contact_id'].'">Edit</a></td>';
echo '<td><a href="delete.php?contact_id='.$row['contact_id'].'">Delete</a></td>';
echo '</tr>';
echo '</table>';
?>
and heres my config.php code (idk if this is the root of the problem, i dummied out my credentials):
<?php
//Connect to the database
$dbh = new PDO('mysql:host=xxxxxxxxx;dbname=db_demo', 'xxxxx', 'xxxxx');
//Set the default fetch mode to be an associative array.
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
//Define the fields for our CRUD application
$fields = array(
'first_name' => 'First Name',
'last_name' => 'Last Name',
'when_it_happened' => 'When it happened',
'how_many' => 'How many',
'alien_description' => 'Alien description',
'what_they_did' => 'What they did',
'fang_spotted' => 'Fang spotted',
'email' => 'Email'
);
?>
Edited by tekkenfan2, 30 June 2014 - 11:56 AM. |
|||||||