|
PHP - Safe Site Search Via Ascii
Hey there,
wondering if anyone knows what this topic will be about okay lets start: I have a search function on my site. Basically I do this: Code: [Select] if $_POST -> redirect ?search=$_POST if $_GET['search'] - > sql_query($search); Of course I am working with functions like mysql_real_escape_string - addslashes - htmlspecialchars , but I have the following problem: when redirecting chars like & % ? ! kill my $_GET var. Which function solves this? My solution: I convert every char in $_POST into an ascii code -> redirect ?search=$ascii_codes convert back into $string and do safe search. Similar TutorialsNot sure if I'm trying to achieve something totally crazy here, or if this is something pretty standard. Didn't have much luck with searching as I'm not fully down with all the terms. (A) I have one site providing an RSS feed. (B) I have one site I want to search, once for each of the items in the feed A. (C) I want the results of the search in (B) to be displayed on page (C). So for example, the feed on (A) says; apples bananas oranges cheese I want site (B) to search for each of those terms (by passing the item in the feed (A) to the ?search= part of the URL of that page) and then show the results from THAT search on page C. Bit of a complex one, let me know if you need me to clarify. Thanks for any help! I have a search bar that searches my databases for information. It works perfectly on my site,. I want to know how to make it modular so that other people can place my search box on their site and get results from my databse without having to give out all my site infomration. Php search engine for my site I have a Romanian based language site: http://www.firmelavedere.com with informations about business companies. I implemented a simple php search engine for my website on pages like this on the top right corner: http://www.firmelave...aj-Zalau-15.php I want to add a new radio box field to select language for displayed text. Is there a possibility to integrate Google Site Search with more languages? How can i do that? I need some code suggestions, to make this script run fast. Thanks all. Hi I have a custom built website with 40 pages or so that I am working on. Its all PHP based. However it is not on a CMS, it was a static HTML site converted into php with a bunch of include files etc now. I am keen to add a search facility, however I have no idea how to go about this. I know there are 3rd party paid offerings from Google, but I was wondering if anyone can advise me if its easy to setup without having to pay a 3rd party? Any advice is greatly appreciated. ive been searching a code for auto complete search and found this code on the net. but when i tried it, it failed. hope u can help me debug it. Code: [Select] <script type="text/javascript"> function lookup(inputString) { if(inputString.length == 0) { // Hide the suggestion box. $('#suggestions').hide(); } else { $.post("rpc.php", {queryString: ""+inputString+""}, function(data){ if(data.length >0) { $('#suggestions').show(); $('#autoSuggestionsList').html(data); } }); } } // lookup function fill(thisValue) { $('#inputString').val(thisValue); setTimeout("$('#suggestions').hide();", 200); } </script> <body> <div> <form> <div> Type your county: <br /> <input type="text" size="30" value="" id="inputString" onkeyup="lookup(this.value);" onblur="fill();" /> </div> <div class="suggestionsBox" id="suggestions" style="display: none;"> <img src="upArrow.png" style="position: relative; top: -12px; left: 30px;" alt="upArrow" /> <div class="suggestionList" id="autoSuggestionsList"> </div> </div> </form> </div> </body> the other code is this -- <?php $db = new mysqli('localhost', 'root' ,'', 'countries'); if(!$db) { echo 'ERROR: Could not connect to the database.'; } else { if(isset($_POST['queryString'])) { $queryString = $db->real_escape_string($_POST['queryString']); if(strlen($queryString) >0) { $query = $db->query("SELECT value FROM countries WHERE value LIKE '$queryString%' LIMIT 10"); if($query) { while ($result = $query ->fetch_object()) { echo '<li onClick="fill(\''.$result->value.'\');">'.$result->value.'</li>'; } } else { echo 'ERROR: There was a problem with the query.'; } } else { } } else { echo 'There should be no direct access to this script!'; } } ?> when i input a letter or phrase on the search bar the other code pops on it. hi guys, i just finished highschool starting to do webdesign at uni, and for one of my major project i want to make a search engine as simple as google that searches for example 10 websites and with the keyword given it brings out the results. im doing a website on jetski sales results so if someone want to buy a jetski they come to this website and just choose the choose one from those 10 website without going to them individually. so it brings out all search resuts in a nice results format, and when you click on each results it take you to the website but i wanna be able to show their photo and price so just like brings their results into your site but combing 10 website results. and i need to have an advance search option where they can search year price age of jetski, and all these variables are also in the 10 websites that im getting the results from. i have been doing some searching and i cant get my head around i need some help LOL i dont wanna fail... cheers guys Hey guys I'm having a bit of a problem trying to convert this string to UTF-8 encoding Quote 組ですが、 中には5- 6本のおす すめ番組の エッセンス が、ぎっし り詰まって います。 I've used $strTem = mb_convert_encoding($strTem, "UTF-8", "auto"); and while that detects the correct current encoding it doesnt change it at all and utf8_encode doesnt work at all, dont know what to use. Thanks I am writing a script to read a mail box and fetch mail body using php function "imap_fetchbody". If mail content encoding is UTF-8 then no problem but mail send from IPAd having ascii encoding and replace the new line with =20 along with many other changes. can anyone help me out with this in converting it to UTF-8 ?? Heres my code: Code: [Select] $string = 'It'; html_entity_decode($string); echo $string; It should be echoing "It", but its just echoing the ASCII codes. Am I using the wrong function? I also tried htmlspecialchars_decode and it changes nothing. I have the following code: Code: [Select] $str = ($stringcontents[$step+38]); $str1 = ord($str); $bgcolor = convertchar($str1); ?> <td bgcolor='<?php echo $bgcolor;?>'> <span title='<?php echo $fieldname;?>' style='color: <?php echo $fgcolor;?>; font-size: 12pt'><font color="<?php echo $fgcolor;?>"><?php echo $stringcontents[$step];?></font></span> the convertchar function takes the ord value of the ASCII chr and sets a variable for bgcolor and fgcolor using HTML color codes. The background sets correctly, but the foreground ASCII chr is always black and does not use the font color code. What do I need to do to get the ASCII chr to change to a color other than black? Added: I am using a default charset: <META http-equiv="Content-Type" content="text/html; charset=IBM437"> Hello everyone, I am trying to see if a term, sent from a form, is in an array that has been pulled from the database. The problem I am having is that while the terms look the same the one from the database is using an Ascii character for a forward slash. & # 047 ; I have tried adding the Ascii to the form value but it just rendered as a forward slash (no surprises there I suppose) So the main reason for asking is that for all the other items in the form I can use in_array. This keeps things really tidy and easy to use. Any ideas how I can still use in_array and get around the Ascii problem? Cheers Ian Code: [Select] $stick_topic = isset($_POST['stick_topic']) ? '1' : '0'; does this need to be escaped while entering the database or no because the values could only be 1 or 0 ? srry it's just i got hacked so i am trying to do my security #1 using this below is it safe against hackers? Code: [Select] $post_id = intval($_GET['report']); if ($post_id < 1) message($lang_common['Bad request']); query: Code: [Select] $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); should i escape my $topic_id ? I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? Hello all. Just wanted to run this past you guys to see if I am missing anything important. I am making a script that I plan to allow a lot of other people around the web to use, so I want to make sure it's as bullet proof as possible. I am passing two values and grabbing them with a _GET, one is a big number, and the other is only letters and 8 characters long. her's my code so far. Code: [Select] <?php $clan = $_GET['clanid']; // make sure its an INT //if(isint($clan)){ if(ereg("[^0-9]", $clan)){ //im an int. echo ("ERROR Invalid CLANID"); die; } // make sure its a 8 letter only word. $style=$_GET['style']; // cut style down to 8 characters long. $style=substr($style, 0, 8); if(ereg("[^a-zA-Z]+", $style)) { // Contains only letters. echo("ERROR Invalid STYLE NAME"); die; } ?> to my noob php eye's it looks pretty solid, I cant think of any way a malicious user could get past it, but like I said, thought I would run it past you guys first , you can never be to careful. Hi guys, I have been using the same code for years now to include my default page and pull content into my layouts.
I found the code online and its a bit confusing so was just wondering if its still safe to use, and is it all needed nowadays?
or is there a simpler way i could be doing this?
Thanks for any help
<?php
if (isset($_GET['nav']))
{
if (strpos($_GET['nav'], "/"))
{
$direc = substr(str_replace('..', '', $_GET['nav']), 0, strpos($_GET['nav'], "/")) . "/";
$file = substr(strrchr($_GET['nav'], "/"), 1);
if (file_exists($direc.$file.".php"))
{
require($direc.$file.".php");
} else {
require("error.php");
}
} else {
if (file_exists(basename($_GET['nav']).".php"))
{
require(basename($_GET['nav']).".php");
} else {
require("error.php");
}
}
} else {
require("links.php");
}
?>
Advice please. I am setting up a new machine here and I can't remember which to download. What information do you need to be aware of to know whether to install 'non thread safe' or 'thread safe'. I did some googling but didn't find anything that was clear. And is 5.3 good to go or should I stick with 5.2. Thanks in advance for your input! |
|||||||