PHP - How To Detect The Insertion Of Link In A Textarea Forum ???

I'm trying to learn writing php scripts with html-simple-dom. I am scrapping my website with html-simple-dom and the below code, but I am running into an issue with inserting the scrapped data into my database.

This code scraps the website and grabs the html data I want.

Code: [Select]
$ret =  $html->find('table[class=data] tr');
foreach($ret as $visitor){
$visitor =  $visitor->find('td','1') . "<br>";
$insert="INSERT INTO $dbtable (visitor) VALUES ('$visitor')";
mysql_query($insert) OR die(mysql_error());
}
But this is being inserted into the database "visitor" field.

Code: [Select]
<td colspan="1" rowspan="1" style="text-align: left;"><a style="border-bottom:1px dotted;" onclick="loadTeamSpotlight(jQuery(this));" rel="HEN" href="javascript:void(0);">HENRY</a></td><br>

I only want "HENRY" to be extracted out of the html code above and inserted into the database table.

Any help would be greatly appreciated, as I have been pulling my hair out trying to figure this out. Do I need to use explode or something?

Thanks,

Code: [Select]
//enter into btree ----------------------------------------------
$sql_plevel='select nlevel from btree where uniqueid = '.$formjoinedunder;
$abc = mysql_query($sql_plevel , $db)
$result_plevel = mysql_fetch_assoc($abc) or die(mysql_error());
$plevel = $result_plevel['nlevel'] + 1;
$insert_btree = 'INSERT INTO btree (uniqueid,nlevel,pside) VALUES
('.$reguniqueid.','.$plevel.','.$formposition.')';
mysql_query($insert_btree , $db) or die(mysql_error());
Can any one please tell me what is the problem in the above code it does not insert into the table btree.

Hi Friends !

I need to discuss a problem with you.
When we fill a customer info form, and redirect to other page. but go back by browser's back button and resubmit the form.
In this case duplicate data is inserted. Or when we refresh a page multiple data is inserted, so HOW TO AVOID this terrible problem ?

I am a newbie to php.. Used to do work in Cold Fusion and I cannot figure out what I am doing with a registration page I have created. I am looking to have the page insert into two databases, which it is doing, and then redirect to the main member's page. I have been looking for something and have not found anything here or online that works for me.

I understand that you cannot use header() after any type of html or echo, but I have tried .js and other methods. I am not throwing errors, just no redirect... Also I am interested in hearing how bad my code is... any positive criticism is appreciated, as I am still learning 

Here is my code:

Code: [Select]
<?php include("dbc.php");


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" href="style.css" type="text/css" charset="utf-8">
<link rel="stylesheet" href="styles.css" type="text/css" charset="utf-8">

//Some Javascript...



</script>
</head>
<body>
//Some Styling...
    <!-- content goes here -->
 


<h1>Register</h1>
<?php
ob_start();
error_reporting(0);
$_POST = array_map('secure', $_POST);
 if($_POST['submit'])
{
$user_name = mysql_real_escape_string($_POST['user_name']);
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_name='$user_name'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_name='$user_name'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Username already exists</div>";
}
else
{

$user_password = mysql_real_escape_string($_POST['user_password']);
$user_pass = mysql_real_escape_string($_POST['user_pass']);
$user_email = $_POST['user_email'];
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_email='$user_email'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_email='$user_email'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Email already exists</div>";
}
else
{

$enc_password = md5($user_password);
$enc_password = md5($user_pass);

if($user_name && $user_password && $user_pass && $user_email)
{ 

if (strlen($user_name)>20)
{
echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">Your Name is Too Long</div>";
}

$email = htmlspecialchars($_POST['user_email']);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
    echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">E-mail address not valid</div>";
}
{
require "dbc.php";

mysql_query("INSERT INTO xxxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error());  

mysql_query("INSERT INTO xxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error()); 
}

}
 else echo "<div style="font-size: 9pt; font-weight: bold;color: red;">All Fields Are Required</div>";

}
}
}
ob_end_flush();
 
?>
<form action="register.php" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Username:</td>
<td><input type="text" name="user_name" maxlength="30" value="<?php echo "$user_name"; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="user_password" maxlength="30" value=""></td>
</tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="user_pass" maxlength="30" value=""></td>
</tr>
<tr>
<td>Email address:</td>
<td><input type="text" name="user_email" maxlength="50" value=""<?php echo "$user_email"; ?>""></td
</tr>

<tr><td colspan="2" align="right">
<input type="submit" value="Register!" id="submit" name="submit"></td></tr>
<tr><td colspan="2" align="left"><a href="index.php">Back to Home Page</a></td></tr>
</table>
</form>

Guys,
I'm not at all able to insert characters like " ' ` and all sorts into my database or it will always return an error. I just created a textarea field in my site of which I just want to istore all those collected datas into my database for later retrieval  and all sorts. Please help!

Hi, I have a lovely wordpress theme on my website. Unfortunately I can not get text or the home page itself into the landing page, is there any way to do this at all?  I want to the home page text to sit under the    I have contacted the theme author with no help. I want the text to sit underneath the four image buttons (below banner slider)   This is the website  http://www.cloudchasing.co.uk/   Hope this makes sense, many thanks for help in advance.   Karl

Hi everyone,

I'm trying to create a site where teachers can upload educational animations (swfs) and source files (.fla's) to a site as a shared resource for others to use in their classrooms.

I've concatinated a random number to both the source file and animation file to circumvent the problem of files with same names being uploaded.

However,  I have one small problem. The source file is not a mandatory upload, so sometimes the $source_file is null. However, with the random number concatinated, $source_fileX is not null.

I tried to write some code saying that if $source_file is null, then $source_fileX should be null, else $source_fileX should be random_number concatinated with $source_file , but it doesn't seem to be working.

The animation files are uploading fine. It's just the source files that are not. Nor is $source_fileX being inserted into the source_file field in the database.

Code below. Thanks in advance.

Code: [Select]

<?php

$keywords = $_POST["keywords"];
$subject = $_POST["subject"];
$description = $_POST["description"];
$website = $_POST["website"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$school = $_POST["school"];
$animation_file = $_POST["animation_file"];
$source_file = $_POST["source_file"];
$random_digit=rand(00000, 9999);

$animation_fileX=$random_digit . $_FILES['animation_file']['name'];
if($animation_fileX!="")
{
if (!copy($_FILES['animation_file']['tmp_name'], "uploads/$animation_fileX"))
{
echo "failed to copy \n";
}
}

if   ($source_file!="")
{ 
$source_fileX=$random_digit . $_FILES['source_file']['name'];
}
else
{
$source_fileX="";
}

if($source_fileX!="")
{
if (!copy($_FILES['source_file']['tmp_name'], "source_file_uploads/$source_fileX"))
{
echo "failed to copy \n";
}
}


//**********************SEND TO DATABASE****************************

 include 'mysql_connect.php'; 

$query = "INSERT INTO animation_uploads (date, animation_file, source_file, keywords, subject, description, firstname, lastname, school, website)" . "VALUES (NOW(), '$animation_fileX', '$source_fileX',  '$keywords', '$subject' , '$description', '$firstname', '$lastname', '$school' , '$website')";
//if($query){echo 'data has been placed'}
mysql_query($query) or die(mysql_error());

//***********************END OF DATABASE CODE***********************

Hi All,

I am using the PHP Simple HTML DOM parser to connect to a financials website, parse out a companies financial information (Income statement in this case) and then insert the scrapped data into a mysql database that I can then later use to run automated calculations.

Here is the code I have so far:

Code: [Select]
<?php
include_once 'simple_html_dom.php';

//Connect to financial Website and Create DOM from URL
$income_statement = file_get_html('http://www.WEBSITE.com/finance?etc..etc...etc...etc...');

//PULL FINANCIAL DATA
foreach($income_statement->find('td[class]' ) as $lines=>$data) {

echo $data->plaintext . "<br/>";

}

// clean up memory
    $html->clear();
    unset($html);
?>

So far I am able to get output that looks like this:

Code: [Select]
Revenue
336.57
331.52
324.32
319.29
320.40
Other Revenue, Total
-
-
-
-
-
Total Revenue
336.57
331.52
324.32
319.29
320.40
etc.............................
But being a newb I do not understand how I can break each $ value and each - into their own variables and then insert them to their corresponding mysql table fields. During the database insert I would like to ignore field headings from insertion (i.e Revenue, Total Revenue, etc....

Any help would be absolutely amazing, as I have been reading, scripting and searching for information like crazy, but just can't seem to figure it out.

Hi,
This escape function will only block quotes

How would you stop java script insertion?
 

function escape($string) {
    return htmlentities($string, ENT_QUOTES, 'UTF-8');
}

Thanks  

Hi guys.I am making a Query Analyzer in php which takes the query string inside a form and out puts the result table in that particular page.How do i output the notification by MySQL when you do a successful insertion of data into mysql.i want to know if there are any methods in php which gives you that such as "1 row affected","Query took 0.00sec".Thanks

<?php

if(isset($_POST['submit'])){

$uname = $_POST['username'];
$pword = $_POST['password'];

/*** mysql hostname ***/
$hostname = 'localhost';

/*** mysql username ***/
$username = 'root';

/*** mysql password ***/
$password = 'anty90';

try {
    $link = new PDO("mysql:host=$hostname;dbname=gambling", $username, $password);
    /*** echo a message saying we have connected ***/
    echo 'Connected to database<br />';

    /*** INSERT data ***/
    $stmt = $link->prepare("INSERT INTO gamb(username, password) VALUES (?, ?)");
	
	try{
	$stmt->execute(array("$uname", "$pword"));
	} catch(PDOException $e){
	
		echo "Exception caught: $e";
	
	}

    /*** echo the number of affected rows ***/
    //echo $count;

    /*** close the database connection ***/
    $link = null;
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
  
}
?>

<html>

<form action='home.php' method='post'>

<input type="text" name="username" >
<input type="password" name="password" >
<input type="submit" name="submit" value="submit">

</form>

</html>

I'm new to databse programming so I was just wondering if this was vulnerable to sql injection or not.

I have a form that generates html code, and displays it in a textarea with submit button.

I want to submit button to take the data entered in that textarea1 on page 1, and upload to textarea2 on page 2
How can I do this? I have no idea where to start.

Hi,

Would time() produce the timestamp based on your time environment or the servers?, if it produces the timestamp based on the server; how would I generate a timestamp (which I can later use within date()); so it displays to the users timezone?

Code: [Select]
if ($showigiteidimage) {
                    $igitwid_divlnk = "onclick=location.href='" . get_permalink($igitwid_result->ID) . "'; style=cursor:pointer;";
                    $igitwid_output .= '<li id="igit_wid_rpwt_li" style="height:' . $igitwid_height . 'px;    padding-bottom: 10px;" ' . $igitwid_divlnk . '>';
                    $igitwid_output .= '<div id="igit_wid_rpwt_main_image"  style="float:left;">



<a href="' . get_permalink($igitwid_result->ID) . '" target="_top"><img src="<?php $values = get_post_custom_values("tj_video_img_url"); echo $values[0]; ?>" id="igit_rpwt_thumb" ></a></div>';

the prb is image src cant read the php code , what to do ? please helpppppppppp   

I am making a demo page that I want to add a form to.

The way I want this for to work is.

Say you are at demo.com

Now you are a client I am working with so I have given you a number.

This form will as for that number and on submit it will take you to

demo.com/"client number"
Here is what I have done.


What is in my index.php
  <form>
  <form action="search.php">
    <input id="button" name="button" type="text" />
    <input type="button" value="SEARCH" >
  </form>

What is in my search.php
<?php
$newurl = "http://demo.mysite.com/";
$newurl .=$_GET['button'];

echo "$newurl";

/*header("Location: $newurl"); */
?>


--------------------------------------------------
I have also tried taking out the search.php  and having everything in index.php


  <form>
  <form>
    <input id="button" name="button" type="text" />
    <input type="button" value="SEARCH" >
  </form>

<?php
$newurl = "http://demo.mysite.com/";
$newurl .=$_GET['button'];

echo "$newurl";

/*header("Location: $newurl"); */
?>