|
PHP - Strange Link !
i have a form here that redirect to : "proc/edit.php?edit=<?php echo urlencode($function_name);?>"
Code: [Select] <?php require_once("includes/functions.php");?> <?php session_start(); if (isset($_SESSION["user_name"])) { require_once("includes/connection.php"); if(isset($_GET['functions'])){ $function_name=$_GET['functions']; $function_type=$_GET['type']; $query = "SELECT * FROM functions WHERE function_name = '{$function_name}' "; $result = mysql_query($query,$connection); if($result){ $row = mysql_fetch_array($result, MYSQL_ASSOC); $function_description=$row['function_description']; ?> <html> <head> <title>Edit Your function</title> </head> <body> <form name="edit_function_n" action="proc/edit.php?edit=<?php echo urlencode($function_name);?>" method="get"> Edit Your function name : <input type="text" name="new_function_name"/><br/><br/> Edit Your description here :<br/><br/> <textarea name="new_function_description" rows="10" cols="30"></textarea><br/><br/> <input type="submit" value="Change" /><br/><br/> </form> </body> </html> <?php } elseif(!$result){ redirect("errors/error_db.html");} } } else { redirect("main.php?error=log"); } //close connection! mysql_close($connection); ?> AND i have a proc php file that UPDATE the database with the new form variables and then redirect to show.php Code: [Select] <?php require_once("../includes/functions.php");?> <?php session_start(); if (isset($_SESSION["user_name"])) { require_once("../includes/connection.php"); //ignore this , this is for deleting! if(isset($_GET['delete'])){ //warning : using urldecode here is wrong cuz $_GET[var]; is already decoded! $function_to_delete=$_GET['delete']; $function_type=$_GET['functions']; $query="DELETE FROM functions WHERE function_name='{$function_to_delete}' "; $result = mysql_query($query, $connection); if(!$result){redirect("../errors/error_db.html");} elseif($result){ redirect("../show.php?functions={$function_type}&delete=suc"); }} //the place for edit ! elseif(isset($_GET['edit'])){ $old_function_name=$_GET['edit']; $new_function_name=$_POST['new_function_name']; $new_function_description=$_POST['new_function_description']; $query="UPDATE functions SET function_name='{$new_function_name}', function_description='{$new_function_description}' WHERE function_name='{$old_function_name}' "; $result = mysql_query($query, $connection); if(!$result){redirect("../errors/error_db.html");} elseif($result){redirect("../show.php?functions='{$function_type}'&edit=suc");} } } else { redirect("../main.php?error=log"); } ?> <?php //close connection! mysql_close($connection); ?> The problem is i get redirect to a strange link that never existed and i never pointed to : /proc/edit.php?new_function_name=($new_function_name)&new_function_description=($new_function_description) with the variables replaces with their values and with no database update whatsoever! I tried a lot with it with no result could someone help me out here! Similar Tutorials<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <?php session_start(); ini_set('display_errors', 'On'); error_reporting(-1); //Connect to Database and Check cookies for logged in user $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS); mysql_select_db(MYSQL_DB_NAME); if (!isset($_GET['act'])) { if (!isset($_POST['act'])) { $act = 'idx'; } if (isset($_POST['act'])) { $act = mysql_real_escape_string($_POST['act']); } } if (isset($_GET['act'])) { $act = mysql_real_escape_string($_GET['act']); } If ($act == 'login' && $_GET['CODE']=='1') { $usernameUsed = mysql_real_escape_string($_POST['Username']); $passwordUsed = mysql_real_escape_string($_POST['Password']); $SaltPassword = MEMBER_PASS_SALT_1.$passwordUsed.MEMBER_PASS_SALT_2; $HashPassword = md5($SaltPassword); $QueryLogin = "SELECT * FROM ".MEMBER_LOGIN_TABLE." WHERE username='{$usernameUsed}' AND password='{$HashPassword}'"; $LoginResult = mysql_query($QueryLogin); if (mysql_num_rows($LoginResult) > 0) { $UserID = mysql_result($LoginResult, 0, 'user_id'); $Id = uniqid(); $IdQry = "UPDATE ".MEMBER_LOGIN_TABLE." SET `unique_id`='{$Id}' WHERE user_id='{$UserID}'"; $IdRes = mysql_query($IdQry, $db); setcookie('RAYTH_MEMBER_ID', $Id, time()+2592000); } } If ($act == 'logout' && $_GET['CODE'] == '1') { setcookie('RAYTH_MEMBER_ID', "", time()-3600); } if (isset($_COOKIE['RAYTH_SKIN'])) { $Skin = $_COOKIE['RAYTH_SKIN']; } Else { $Skin = 'redskin'; } if (isset($_COOKIE['RAYTH_MEMBER_ID'])) { $Id = mysql_real_escape_string($_COOKIE['RAYTH_MEMBER_ID']); $MemIdQry = "SELECT user_id FROM ".MEMBER_LOGIN_TABLE." WHERE `unique_id`='{$Id}'"; $memidres = mysql_query($MemIdQry, $db); $memidnum = mysql_num_rows($memidres); If ($memidnum < 1) { setcookie('RAYTH_MEMBER_ID', '', time()-3600); } Else { $memid = intval(mysql_result($memidres, 0, 'user_id')); } } if (isset($memid)) { $query_meminfo = "SELECT * FROM ".MEMBER_PROFILE_TABLE." WHERE `user_id`='{$memid}'"; $query_result = mysql_query($query_meminfo, $db); $MemName = mysql_result($query_result, 0, 'display_name'); $MemGroup = mysql_result($query_result, 0, 'Group'); $AdsEnabled = mysql_result($query_result, 0, 'ads_enabled'); $UserLevel = intval(mysql_result($query_result, 0, 'user_level')); $LevelQuery = "SELECT group_level FROM ".MEMBER_GROUPS." WHERE group_id='{$MemGroup}'"; $LevelResult = intval(mysql_result(mysql_query($LevelQuery, $db), 0, 'group_level')); If ($UserLevel < $LevelResult) { $MemLevel = $LevelResult; } Else { $MemLevel = $UserLevel; } } else { $MemLevel = 0; $AdsEnabled = 'yes'; } ?> <html> <HEAD> <title>Rayth.Info ..::Home::..</title> <?php $File = './skins/'.$Skin.'/'.$Skin.'.php'; If (file_exists($File)) { include("./skins/{$Skin}/{$Skin}.php"); } Else { include("../skins/{$Skin}/{$Skin}.php"); } ?> Ok this code is the Headers code which checks if user is logged in, what skin to load etc. It is also used in the forum (so used in home and forum) via php include. Now somethin strange happens. If I use the home page to login (Rayth.Info) it logs me in for both home page and forum (rayth.info/forum) Now, if I then logout, and goto the forum, relogin, it doesn't log me in on the home page. Both pages use the same login/logout/register forms by php include and the same headers.php by include so I cant see any reason why this is happening. The cookie is obviously being set when user logs in since it sees them logged in on one page. Hi I've got this database I created with fields ProductId ProductName Image I've managed to get it to list the ID,productname, and Image urls in a list. My next step is to have the image field actually display an image and make it clickable: heres what I've done so far: Code: [Select] <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("productfeed", $con); $result = mysql_query("SELECT * FROM productfeeds"); echo "<table border='0'> <tr> <th>Firstname</th> <th>Lastname</th> <th>Image</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['ProductID'] . "</td>"; echo "<td>" . $row['ProductName'] . "</td>"; echo "<td>" . $row['ImageURL'] . "</td>"; echo "</tr>"; } echo "</table>"; mysql_close($con); ?> Heres what I want to do: Code: [Select] while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['ProductID'] . "</td>"; echo "<td>" . $row['ProductName'] . "</td>"; // my changes beneath echo "<td>" . <a href="<?php echo $row['ImageURL'];?>"> <img src="<?php echo $row['LinkURL']; ?>"> </a>. "</td>"; echo "</tr>"; } echo "</table>"; mysql_close($con); ?> Can you guys point me in the right direction? Many thanks Hello.
I have a bit of a problem. When I fetch the link field from the database.i don't see an actual link on the page.
One more thing, what type of field should I use to store the link in the database? Probably there is where I went wrong.
All help is
Ok, not sure what the problem is....hard to explain. I am trying to setup a login script but I get the normal: Warning: session_start() [function.session-start]: Cannot send session cache limiter error code. I have no white space above to cause problem. I have used this same code written by Jpmaster77 on a number of sites. What the strange thing is it also messed up a couple of my css text boxes. See the difference: http://www.monstersgonewild.ca/index.php - Problem http://www.monstersgonewild.ca/index1.php - Without session() I would post the code of the original page but it is 600+lines and growing. Anybody have any ideas? I'm returning a table row that contains information about a file, but it seems in IE versions older than 10, it is cutting off some of the returned json when being used.
The data is being returned properly as seen in the following json:
{"file_name":"<i class='video'><\/i> <a href=\"\/Development\/test(4).mp4\" class=\"is_file\" target=\"_blank\">test(4).mp4<\/a>"}
But when you use it, it cuts off the html. A simple alert will return
</i> test(4).mp4</a>and same when appending it and the sort. It is also happening for another part of HTML that is being returned properly in the json. It is working for everything else that is returned. I have been searching around for a very long time trying to find why this is happening. Has anyone other than me encountered this? Im installing and testing a web application, and im having a strange bug that annoyes me because it dint have any sense and also it dont affects really to the web functionality: if($_POST["eliminar"]==""){ $consulta='SELECT * FROM impressora where Activa=0'; $result=mysql_query($consulta,$conexion); echo"<table align=CENTER class='sample'>"; echo"<p align=center>LLISTA D'IMPRESSORES INACTIVES.</p>"; printf("<th>MODEL</th><th>MARCA </th>"); while($fila=mysql_fetch_array($result,MYSQL_ASSOC)){ echo"<tr>"; echo "<td>" . $fila["Model"] . "</td>"; echo "<td>" . $fila["Marca"] . "</td>"; echo"</td>"; if($_SESSION["admin"]!=0){ ?> <form method= "post" ACTION="impressores_inactives.php?idr=<?php echo($fila["Id_impressora"])?>"> <td colspan="2"><INPUT TYPE ="SUBMIT" NAME="eliminar" VALUE="Eliminar"></td> </form></td> <?php } echo "</tr>"; } echo"</table>"; }else{ echo 'eliminado'; echo $_POST["eliminar"]; //BORRAMOS DE LA BBDD LA IMPRESSORA $consulta="delete from impressora where Id_impressora='".$_GET["idr"] ."'"; $result=mysql_query($consulta); echo "<meta http-equiv=Refresh content=\" ; url=../Impressores/impressores_inactives.php\">"; } The problem is that php say that eliminar is undefinded, and if i test $_POST it says its empty. See that eliminar is the name of the submit post and its checked for a function that deletes a item. The problem is that script is actually working. I can delete the printer but with that error... and if i test the value of eliminar is always empty. Ask for any other explanation without a problem , the code is in spanish. So i am currently coding database connection class and i have encountered very strange behavior from my script. base.class.php: Code: [Select] <?php class base{ private $settings; function get_settings(){ $settings["dbhost"] = 'localhost'; $settings["dbuser"] = '*****'; $settings["dbpass"] = '*****'; $settings["dbname"] = 'core'; return $settings; } } ?> database.class.php Code: [Select] <?php require_once 'base.class.php'; class database extends base{ private $query_now; private $link; public function __construct(){ $settings = base::get_settings(); $dbhost = $settings["dbhost"]; $dbuser = $settings["dbuser"]; $dbpass = $settings["dbpass"]; $dbname = $settings["dbname"]; $this->link = mysql_connect($dbhost, $dbname, $dbpass) or die ("Could not connect to the mysql database"); mysql_select_db($dbname, $this->link) or die ("Could not select the database"); } function query($query){ $this->query_now = $query; return mysql_query($query, $this->link); } function getArray($result){ return mysql_fetch_array($result); } } ?> When i try to create an instance of database class, i get mysql_connect error. I have tried to echo my array and it seems that correct information is being passed over. Now the strange thing is if i remove my password from the base class i don't get a mysql_connect error but this time instead i get "Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'core'@'localhost' (using password: YES) " In case you are wondering, does my mysql database user has a password, the answer is: yes for sure... (Also i have tried to setup a simple script for connecting to my database and everything worked fine) So any ideas? HI every one I have uploaded a web site 2 month ago and It worked well . Since 1 week ago , it shows me this error and I don't know what is the problem . I have completely uploaded my web site again but it hasn't make different . This is the address birjand-niazmandi.com . I have uploaded class.phpmailer.php again but I can't understand what is the problem ? How can I solve it ? thanks I recently noticed some odd HTML appear in some of the websites I host. Not all of them are run on a CMS but the majority (but not all) are running through the same FTP account. I've searched everywhere for documentation, forums, notes on this particular exploit but haven't been able to find anything. Essentially, there is a small HTML snippet (see below) that appears right before the </html> tag. It's really odd and the characters inside the <b1> are all different strings. Here's the code that's appearing: Code: [Select] <b1><!--6FY8rhRLeNoNyVsOwiAQBdAdca0PXE5DYVKngSkZrsG4ej2/B80UJt+FlytuMcbnHbmqHEcoMnS3r9aaRshnw5QN+TT+F7NMUFqviTLgXCnuyei6vU3WY3lArcgn9Ff/AVyxJcZ=--></b1> It's evident that the code is some type of exploit but I'm not sure how deep this goes. Anyone heard of anything like this, or have any idea of what the potential issues that could occur? Thanks for your help! -suess0r So I have a client that wants me to add a function to her site that when she clicks a mailto href on a page to spawn an email child, some canned data chunk gets inserted into a form's textarea field.. something like: "Email sent to blah@blah.com on 8/14/14".
I'm drawing a blank on how this might be handled.. any ideas out there??
Hey guys, First of all thanks in advance for all the help you can give me. I'm using a php shopping script called plaincart to create a webstore. All is fine but the admin part is not working properly. When i go to http://localhost/admin it redirects to http://localhost/admin/admin/login.php The index.php is in the root of the server and the admin files are in a folder called admin... What is wrong? Please tell me if you need any code. Thank you Hi Support, I have a form, where it collects user description input. I can collect the inputs and store it with newline. The issue is - how to collect the http link to actual hyperlink ref during display. The following is my code: <textarea name="description" cols="50" rows="10" id="description"><?php echo str_replace("<br>", "\n", $description);?></textarea></td> For example, User input: Hi, Check it out - http://www.google.com/ I would like to display google link as href so that Viewers can click the link and go to the page. Right now, it is not href and user need to copy the link to new tabs or pages and then it can come. Thanks for your help. Regards, Ahsan I am having an issue with this code. Im trying to find the problem listed as the error but i might need someone from the outside to look at it for me. Code: [Select] <?php if (empty($_GET['email']) || empty($_GET['email_confirm']) || empty($_GET['password']) || empty($_GET['password_confirm'])) exit("<p>You must enter values in all fields of the Frequent Flyer Registration form! Click your browser's Back button to return to the previous page.</p>"); else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_GET['email'])) exit("<p>You must enter a valid e-mail address! Click your browser's Back button to return to the previous page.</p>"); else if ($_GET['email'] != $_GET['email_confirm']) exit("<p>You did not enter the same e-mail address! Click your browser's Back button to return to the previous page.</p>"); else if ($_GET['password'] != $_GET['password_confirm']) exit("<p>You did not enter the same password! Click your browser's Back button to return to the previous page.</p>"); else if (strlen($_GET['password']) < 5 || strlen($_GET['password']) > 10) exit("<p>Your password must be between 5 and 10 characters! Click your browser's Back button to return to the previous page.</p>"); $DBConnect = @mysqli_connect("localhost", "********", "********") Or die("<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysqli_connect_errno() . ": " . mysqli_connect_error()) . "</p>"; $DBName = "skyward_aviation"; @mysqli_select_db($DBConnect, $DBName) Or die("<p>Unable to select the database.</p>" . "<p>Error code " . mysqli_errno($DBConnect) . ": " . mysqli_error($DBConnect)) . "</p>"; $TableName = "frequent_flyer"; $Email = addslashes($_GET['email']); $Password = addslashes($_GET['password']); $SQLstring = "SELECT * FROM $TableName"; $QueryResult = @mysqli_query($DBConnect, $SQLstring); if (mysqli_num_rows($QueryResult) > 0) { $Row = mysqli_fetch_row($QueryResult); do { if (in_array($Email, $Row)) exit("<p>The e-mail address you entered is already registered! Click your browser's Back button to return to the previous page.</p>"); $Row = mysqli_fetch_row($QueryResult); } while ($Row); mysqli_free_result($QueryResult); $SQLstring = "INSERT INTO $TableName VALUES(NULL, '$Email', '$Password', NULL, NULL, NULL, NULL, NULL, NULL, NULL)"; $QueryResult = @mysqli_query($DBConnect, $SQLstring) Or die("<p>Unable to execute the query.</p>" . "<p>Error code " . mysqli_errno($DBConnect) . ": " . mysqli_error($DBConnect)) . "</p>"; $FlyerID = mysqli_insert_id($DBConnect); mysqli_close($DBConnect); ?> <p>Your new frequent flyer ID is <strong> <?= $FlyerID ?></strong>.</p> here is the error on the page Parse error: syntax error, unexpected $end in C:\xampp\htdocs\PHP_Projects\Chapter.10\RegisterFlyer.php on line 73 Thanks for any help on this issue, ive been going crazy Current time when testing was: 1291064453 I run the following: echo date('m/d/y', strtotime('first day', 1291064453)); Expecting: 11/1/10 What I actually get: 11/30/10 Can anyone explain this? Can anyone help? the date is pulling through without a value shown in bold below. `Timesheet_start_date` >= '2011-02-10 00:00:00' AND `Timesheet_end_date` <= '1970-01-01 00:00:00' ORDER BY id DESC here is my code: Code: [Select] $smalldate = $_POST['small']; $largedate = $_POST['large']; $types[] = (isset($_POST['small']) && strlen(trim($_POST['small'])) > 0) ? "`Timesheet_start_date` >= '".date('Y-m-d',strtotime($smalldate))." 00:00:00'" : ''; $types[] = (isset($_POST['large']) && strlen(trim($_POST['large'])) > 0) ? "`Timesheet_end_date` <= '".date('Y-m-d',strtotime($largedate))." 00:00:00'" : ''; i've echo the $largedate and there is a value in there? Using phpMyAdmin I loaded 6 test records with the id set to auto_increment and it loaded all the data correctly with id # 1-6. Then from somewhere it got the number 333353 and auto_increments it as the value for the id. So now I have id's 1-6 and 333353, 333354, ect. For every record I add it increments it. I deleted all but records 1-6 and tried again but it has the last value of 3333xx stored somewhere and increments it. Deleted them again, closed the program, came back and it still does it. Hi all! Firstly, I'd like to say a big hello to everyone Right, so I have a bit of a strange problem. I get no error, but my page stalls. So here's what I've got, a simple alphabet (A-Z) in capitals at the top of the page, created by: $alphabet = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'); // then further down the page I have it looped as so: <?php foreach($alphabet as $link): ?> <a href="suppliers.php?filter=<?php echo $link; ?>"> <?php echo $link; ?> </a> | <?php endforeach; ?> So that's all cool. I then have this at the top of the page: $the_suppliers = (isset($_GET['filter']) && preg_match("/[^A-Z]*/",$_GET['filter'])) ? $suppliers -> get_all($_GET['filter']) : $suppliers -> get_all('all'); Now I have preg_match() in there as I was using ctype_alpha() to check for only alphabetical chars, and thought that might be my problem, but still get it with preg_match(); Anyway, my class method (get_all()) is: public function get_all($filter){ global $database; if($filter == 'all'){ $sql = "SELECT * FROM " . self::$table . " WHERE on_web = 1 ORDER BY RAND() LIMIT 10"; }else{ $sql = "SELECT * FROM " . self::$table . " WHERE on_web = 1 AND LEFT(name,1) = '" . $database -> sql_prep($filter) . "'"; } return self::find_by_sql($sql); } Now this works fine for b-z, but for some reason when the filter=A it just hangs..... I have ran the sql in phpmyamin and it returns the result straight away, so I know it's not the sql. Does anyone here know where I might be going wrong here? It's very odd and I've never come across this before, and not getting an error doesn't really help much. Any suggestions or pointers will be gratefuly received I have something strange going on with sessions set after a user logs in. After posting the form, the following code (only part of the log in script) correctly assigns the users ID to $_SESSION['id'] but after a while it starts showing up as the users level ($_SESSION['level']). I have rechecked all of my code to see if something mistakenly assigns the level to $_SESSION['id'] but everything seems fine. I am going to rewrite the log in script today, as I am sure that I can streamline it but wondered if anyone can give any advice on what it happening here to make sure I do not fall into the same trap! Thanks Steve $username = mysql_escape_string($_POST['Lname']); $password = mysql_escape_string(md5($_POST['Lpassword'])); $search = mysql_query("SELECT userid, username, password, active, level FROM users WHERE username like binary '".$username."' AND password='".$password."' AND active='1'") or die(mysql_error()); $match = mysql_num_rows($search); $level = mysql_fetch_assoc($search); if($match > 0) //The username and password is correct {//START MANUAL LOGIN & SET SESSION VARIABLES $_SESSION['user'] = $username; $_SESSION['level'] = $level['level']; $_SESSION['loggedin'] = '1'; $_SESSION['id'] = $level['userid']; I have done a simple insert query on a comment system but it works once and when i go back and try add another record it just doesnt work at all. Code: [Select] <?php include ("class.database.connection.php"); // the database connection class include ("settings.config.php"); // hostname, password ect $name = $_POST["UserName"]; $email = $_POST["UserEmail"]; $comment = $_POST["UserComment"]; $sql="INSERT INTO comments (name, email, comment)VALUES('$name', '$email', '$comment')"; $result=mysql_query($sql); ?> if anyone can help me with this i would be a happy chappy! |
|||||||