|
PHP - Stop Users From Entering Too Many Chars.
How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150?
Code: [Select] <form method="post" action="chat.php"> <p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15"> <input name="message" type="text" id="message" value="your message" size="20" maxlength="150"> <input name="submit" type="submit" id="submit"></p> </form> </body> </html> <?php // when the submit button is clicked if(isset($_POST['submit'])) { // strip any html tags before continuing $name=strip_tags($_POST['name']); $message=strip_tags($_POST['message']); // stop if nothing was entered if($name!='') if($message!='') { // trim any extra whitespace $data=trim($name)."\n"; $data.=trim($message)."\n"; //open the text file and enter the data $file_ar=file("db.txt"); $fp=fopen("db.txt","w"); fputs($fp,$data); if($file_ar!=NULL) { $loop=0; foreach($file_ar as $line) { // do not store more than 20 messages if($loop>=19*3) break; fputs($fp,$line); $loop++; } } fclose($fp); } } // display the messages $fp=fopen("db.txt","r"); while(!feof($fp)) { $name=trim(fgets($fp,999)); $message=trim(fgets($fp,999)); if($name!='') { echo "<p><b>$name: </b>$message</p>"; } } fclose($fp); ?> Similar TutorialsHi, i need to run this past you guy's. I need a way to effectivly check if a user has entered correct "real" details in my registeration form and check if email is already in my database to prevent the user from registering twice? I need this as some unknown person is using the form and entering there details like this: Username: 1 Password: 1 email: 1 It's really annoying as they are doing this several times so i have around 13 rows of just "1" in my table now! grr!! so far ive got: Form: <input name="upassword" type="password" class="style7" id="upassword"> <span class="style7">Email</span> <span class="style7">:</span> <input name="email" type="text" class="style7" id="email"> <span class="style7"></span> <span class="style7"></span> <input name="Submit" type="submit" class="style7" value="Register" /> </form> Script: Code: [Select] <?php if ($db_found) { $SQL = "INSERT INTO users (username, upassword, email) VALUES ('" .$username. "', '" .$upassword. "', '" .$email. "')"; $result = mysql_query($SQL); header( 'Location: http://www.removalspace.com/index.php' ); exit(); } else { print "Database NOT Found "; mysql_close($db_handle); } ?> But i need it to perform the checks aswell as drop the "real" data in to MySQL? Any ideas please? Hi, I'm pretty new to this, so apologies if there's some simple solution/misunderstanding. It seems to me that when the user uploads a file, PHP pulls in the file into the temporary directory and then you can query it using the $_FILES array. Assuming I am correct so far, I have two questions: 1. Is there anyway to prevent the upload to the temporary folder based on file size? Seems to me a good way to overload a server to upload 10GB files, even if they are picked up as "errors" and deleted from the temp folder. 2. How long do files stay in the temporary folder? Does PHP delete them automatically, and if so, when? Thanks. people on my forum (speakwhatsreal.com) submitting blank spaces Code: [Select] like they just copy/paste the blank space in the textarea and how do I check input on that, does strlen work? Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. So after surfing the net I found that the 'best' way to enter ip addresses into a database was by using the INET_ATON function because you can then put it into a unsigned interger column and that will save space. But after looking around I can't find a way of fitting it into php. This is my attempt: $ip = getenv("REMOTE_ADDR"); $query = sprintf("UPDATE INTO user ( name, password) VALUES ('%s','%s','%s')", mysql_real_escape_string($_SESSION['name']), mysql_real_escape_string(md5($_SESSION['values']['password'])) INET_ATON('$ip')); //line 37 $result2 = mysql_query($query, $db) or die(mysql_error($db)); I get a parse error: Parse error: syntax error, unexpected T_STRING in C:\x\xampp\htdocs\pages\login.php on line 37. This worked until I wanted to add the ip into the database. Any help appreciated. What's the best way for putting actual quotations into a database? I was using... $quote = htmlspecialchars(mysqli_real_escape_string($dbc, $_POST['quote'])); Should I be? $name value is coming through from form submission.
<?php } If statement is not working properly. Whether $name is empty or not, it adds the where clause. ?>
<?php I have a text firld to enter amount af a book,But i need to check whether the data entering is numeric only eg:70.98 etc. how can i achieve this. my code is echo"<table><tr><td></td><td>Amount in USD</td><td></td><td><input type='text' name='amnt' id='amnt' /> </td><td></td></tr></table>"; I have written code in php to connect and insert rows into a MSSQL database. i used odbc to connect database.user can enter his details through the form. after submitting the form the details are getting stored into a database. while inserting rows into a database am not trying to insert duplicate values . for this i have given if conditions.these conditions are able to notice the user cname and name exist in the database if the same name exist. but the else part after these conditions are not working i.e rows are not getting inserted. i put everything inside the while loop. how can i correct it? This is my php code. $connect = odbc_connect('ServerDB','sa', 'pwd'); //connects database $query2="select count(*) from company";//this is needer for loop through $result2=odbc_exec($connect,$query2); while(odbc_fetch_row($result2)); { $count=odbc_result($result2,1); echo "</br>","$count"; } $query1="select * from company"; $result1 = odbc_exec($connect, $query1); # fetch the data from the database while(odbc_fetch_row($result1)) { $compar[$count] = odbc_result($result1, 1); $namearray[$count] = odbc_result($result1, 2); if($compar[$count]==$_POST['cname']) { echo "<script> alert(\"cname Exists\") </script>"; } else if($namearray[$count]==$_POST['name']) { echo "<script> alert(\"Name Exists\") </script>"; } else { $query=("INSERT INTO company(cname,name) VALUES ('$_POST[cname]','$_POST[name]') "); $result = odbc_exec($connect, $query); echo "<script> alert(\"Row Inserted\") </script>"; } } The dreadful apostrophie problem... This search form returns an error whenever searching with an apostrophie (') Here's the code on the form (html) <td align="center" width="135"><form method="post" action="srch_advert.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_details.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_artist.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_track.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> and heres the code on srch_advert.php if ($search) // perform search only if a string was entered. { mysql_connect($host, $user, $pass) or die ("Problem connecting to Database"); $srch="%".$search."%"; $query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30"; $result = mysql_db_query("cookuk_pn", $query); if(mysql_num_rows($result)==0) { print "<h2>Your search returned 0 Results</h2>"; } else if ($result) { I know this problem comes up a lot but it can be for various reasons so after reading up I can't decide what might be wrong. I'm still learning! I have a simple php registration form (first name, second name, email address) and every time a user submits an entry a second blank record is created in the MYSQL database after it. Any help would be great. (php code in red) Code: [Select] [color=red]<? $firstname=$_POST['firstname']; $surname=$_POST['surname']; $email=$_POST['email']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO register VALUES ('','$firstname','$surname','$email')"; mysql_query($query); mysql_close(); ?>[/color] Here is the section on the html HTML page that submits the form Code: [Select] <form action="register.php" method="post" class="BagTitle"> <table width="700" border="0" cellpadding="0" cellspacing="2"> <tr> <td width="100">First Name: </td> <td width="594"><input name="firstname" type="text" size="50" /></td> </tr> <tr> <td>Last Name: </td> <td><input name="surname" type="text" size="50" /></td> </tr> <tr> <td>E-mail:</td> <td><input name="email" type="text" size="50" /></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><input type="Submit" value="Send" /> <input name="Reset" type="reset" value="Reset Form" /></td> </tr> </table> </form></p> Also I have no idea about securing this information. Are there any basic steps I can take? Code: [Select] <?php $fspec = base64_decode($_GET['q']); if (isset($_POST['content'])) { if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true); file_put_contents($fspec,stripslashes($_POST['content'])); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit template</title> <style type="text/css"> body { background-color:#fff; font-family:arial,verdana; font-size:10pt; } </style> </head> <body> <div style="background-color:#fff;"> <form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> <div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div> <div> <input type="submit" value="Save" /> <a href="javascript:window.close();">Close window</a> </div> </form> </div> </body> </html> This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to Code: [Select] <a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a> The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above. Am I missing something obvious? Thanks in advance. Hi i've recently moved hosting servers as I had severe lag issues with my shared hosting. Since i've brought a dedicated linux server with apache and php. Since the move i get extra chars with the following code Code: [Select] <?PHP define( "MESSAGE", "Testing Testing 123" ); if(isset($_GET['message'])) { die(MESSAGE); } ?> My application SHOULD receive back "Testing Testing 123" like it used to with my old shared hosting. Instead now it receives the following: Code: [Select] 2f Testing Testing 123 0 And i cannot figure this out for the life of me. I'm expecting something silly to be the cause but would appreciate some guidance on this. Thanks Best method to for the following? Code: [Select] // The following $str1 and $str2 should say they are identical $str1 = "abcDEF"; $str2 = "EcFabD"; // The following $str1 and $str2 should say they are NOT identical because of the "a" "A" case difference. $str1 = "abcDEF"; $str2 = "EcFAbD"; I'm comparing bitvector strings. "ABC" is different than "abc". "abc" is the same as "cba". What's the best php function or method I should use? Thank you. Hello everyone, how i can insert to the db string that include "$_GET['id']", and i need this as is. in the table i need to see the string $_GET['id'] and not the value. any ideas ? I let my users to post what they would like as a text, today I noticed that I forgot disabling htlm chars, so they can even post textbox's htlm code and create a textbox in the posting section, Is there any way/function to prevent this ? |
|||||||