|
PHP - Checking For Illegal Characters In An Input
Hi Guys,
This should be a simple one. I am looking for the best way to ensure that any illegal characters are removed from an input. I have a user registration form and login page. What I want to do is prevent against sql injection and therefore should be limiting the characters that can be entered. For example I want a username to include only letters and numbers so I ideally want to strip out any white space, illegal characters such as " ' ( ) etc... My issue with this is with the password, I would ideally like the user to be able to put as complex a password as they would like, so how would i prevent against illegal characters in this instance?? Cheers Similar TutorialsHi all, I'm working on this site which I'll soon ask the guys in the testing forum to have a peek at. It's essentially an online community that was a uni project that has spiraled and grown exponetially. I've spent many many hours in front of books and tutorals etc to put it together and as far as scripting goes, it seems to be fine. The problem i'm having...The tut's that I read / watched were using eregi_replace to protect text fields and this is now unsuported. I want my site to be as secure as it can be, within reason. I've tried using preg_replace instead and have searched for the syntax but i keep getting strang results. I'm working on the "bio" field at the moment and then when that works I can move on and a-ply the same idea to the other fields. This si what I have and what I've changed. if ($_POST['parse_var'] == "bio"){ $bio_body = $_POST['bio_body']; //$bio_body = str_replace("'", "'", $bio_body); (WAS TESTING THIS BUT NO JOY) //$bio_body = str_replace("`", "'", $bio_body); $bio_body = mysql_real_escape_string($bio_body); $bio_body = nl2br(htmlspecialchars($bio_body)); $bio = $_POST['bio']; $bio = eregi_replace("'", "'", $bio); (This works but is not as secure) $bio = eregi_replace("`", "'", $bio); $bio = mysql_real_escape_string($bio); $bio = nl2br(htmlspecialchars($_POST['bio'])); $sqlUpdate = mysql_query("UPDATE members SET bio='$bio' WHERE id='$id'"); and so on....} When I change it to str_replace if I type in don't the whole word is deleted. when I type in preg I get an error. Can someone please give me the correct code / syntax for getting the result I want. I just want to make sure that every single field that has a user input is protected against any malicious attacks. Thanks. Hey I wasn't able to add/edit some text to the mysql database because of some character how can i bypass them should i use the mysql_real_escape_string() ? if yes how do i make it work with the code i got? thaks <?php include "../configdb.php"; $id = $_GET['id']; if(isset($_POST['submit'])) { //global variables $name = $_POST['name']; $footer = $_POST['footer']; //run the query which adds the data gathered from the form into the database $result = mysql_query("UPDATE pages SET name='$name', footer='$footer' WHERE id='$id' ",$connect); echo "<b>Your Page have been edited successfully"; // echo "<meta http-equiv=Refresh content=2;url=index.php>"; } elseif($id) { $result = mysql_query("SELECT * FROM pages WHERE id='$id' ",$connect); while($row = mysql_fetch_assoc($result)) { ?> <h3>::Edit Page</h3> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>?id=<?php echo $row['id']?>"> <input type="hidden" name="id" value="<?php echo $row['id']?>"> <textarea name="name"><?php echo $row['name']?></textarea> <input name="footer" size="40" maxlength="255" value="<?php echo $row['footer']?>"> <input type="submit" name="submit" value="Submit"> <?php } } ?> So basically I have a site, and on that site, I have a page that submits a form and updates a database. I have it set up so that someone can enter in Multiple values into a textarea, one on each line, and it will submit each of those values as a new row in the database, but for the life of me, I cannot figure out how to check those values against the actual users. It is basically a point system, where the staff can award points users of the site. But at the moment, a Staff member could enter in Jibberish, and it would insert that into the database, but I want it to check my users table to make sure the user exists before it inserts it into the database. here is my code: <?php include 'global.php'; echo $headersidebar; if ($_COOKIE['access'] == $accessstaff) { if(count($_POST)) { $array = preg_split('/(\r?\n)+/', $_POST['studentname']); foreach($array as $students) { $statusmsg = '<center><span style="background: #A6FF9E;">You have successfully submitted points to the database.</span></center>'; mysql_query("INSERT INTO points (giver, receiver, points, category, reason, date, status) VALUES ('{$_COOKIE['username']}', '{$students}', '{$_POST['pointamt']}', '{$_POST['pointcat']}', '{$_POST['pointreason']}', '{$date}', 'Validating')"); } } $addpointspage = $statusmsg . ' <form action="submit_points.php" method="post"> <table class="table" > <tr> <td colspan="10"> <h1><strong><center>Submit Points</center></strong></h1> </td> </tr> <tr> <td colspan="10" rowspan="100"> <center>Please remember to follow the house point limits when submitting house points.</center> </td> </tr> </table> <table class="table"> <tr> <td style="width: 15%;" valign="top"> Student Name:<br> <span style="font-size: 60%;">(List as many as you want; One per Line)</span> </td> <td colspan="10"> <center><textarea name="studentname" cols="60" rows="10"></textarea></center> </td> </tr> <tr> <td style="width: 15%;" valign="top"> Amount of Points: </td> <td> <input style="position: relative; left: 16px;" type="text" size="15" name="pointamt" /> </td> <td> Do not put anything that is not a number into this box. </td> </tr> <tr> <td style="width: 15%;" valign="top"> Point Category: </td> <td colspan="10"> <select name="pointcat" style="position: relative; left: 16px;"> <option SELECTED value="">-------</option> <option>Class Work</option> <option>Class Exam</option> <option>Extra Work</option> <option>Contests</option> <option>Teacher\'s Assistant</option> <option>Negative Points</option> </select> </td> </tr> <tr> <td style="width: 15%;" valign="top"> Reason: </td> <td colspan="10"> <input style="position: relative; left: 16px;" name="pointreason" type="text" size="80" /> </td> </tr> <tr> <td> </td> <td colspan="10"> <input style="position: relative; left: 16px;" type="submit" value="Submit Points" /> </td> </tr> </table </form> '; } elseif (1==1) { $addpointspage = $accessdenied; } echo ' <!-- start content --> <div id="content"> <div class="post"> <div class="entry"> <p><strong>' . $addpointspage . '</p> <p class="links">' . $addpointslink . '</p> </div> </div> </div> <!-- end content --> <div style="clear: both;"> </div> </div> <!-- end page --> </div>'; echo $footer; ?> I am fairly new to PHP, so I would appreciate any help someone could give me; I am not too good with arrays and such, so this one has got me stumped. Hey guys and gals! This is my first post here and needing a bit of help with my php code! So here is the deal, i have 3 tables in ms sql 2000 which i will be using on this project. i have an employee table that has the regular information such as: TABLE employee( uniqueid, employee_number, lastname, firstname, dob, address, city, state, zip ) TABLE employee_docs( uniqueid, employee_number, doc_type int, date_received, date_issued, date_expired ) TABLE doc_type(uniqueid, description, valid_month) so basically from the employee_doc table, the doc_type column is an int and will have the description of the document as well as valid month column which will tell you how long the document type is valid until. the Description gives a brief description of what the product is. The uniqueid is used as what ever number is chose from the employee_docs table will represent the document type from table doc_type. ok so now that i gave a brief explanation of the tables i am working with, I can tell you what i need. i need a php page that will display: employee number, lastname, firstname, doc_type, date_received, date_issued, date_expired. Code: [Select] select pn.empnum as employeeid, (pn.lastname + ', ' + pn.firstname)as [Full Name], dt.description as doc_type, formatDate(pd.received) as [Date Received], formatDate(pd.expired)as [Date Expired], formatDate(pd.issued) as [Date In Service] from personnel_document pd left join document_types dt on (dt.uniqueid = pd.doc_type) left join personnel pn on (pd.empnum = pn.empnum) where pd.empnum = '$EmpNum' now, I went ahead and did this for the html part: Code: [Select] <table border=0> <tr> <td height=20px weight=1px valign=bottom><span class=underline>DESCRIPTION</span></td> <td height=20px weight=1px valign=bottom><span class=underline>DATE RECEIVED</span></td> <td height=20px weight=1px valign=bottom><span class=underline>LICENSE NUMBER</span></td> <td height=20px weight=1px valign=bottom><span class=underline>DATE IN SERVICE</span></td> <td height=20px weight=1px valign=bottom><span class=underline>DATE EXPIRED</span></td> </tr> <tr> </tr> <tr> <td height=20px valign=bottom><span class=label_text>PHYSICAL EXAM</span></td> <td valign=top><input class=demog_box type=text size=10 name= phexam_dr id=phexam_dr onBlur= 'formatDate(this)' value='<?php echo $phexam_dr; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= phexam_ln id=phexam_ln onBlur='formatDate(this)' value='<?php echo $phexam_ln; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= phexam_is id=phexam_is onBlur= 'formatDate(this)' value='<?php echo $phexam_is; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= phexam_ex id=phexam_ex onBlur='formatDate(this)' value='<?php echo $phexam_ex; ?>'> </td> </tr> <tr> </tr> <tr> <td height=20px valign=bottom><span class=label_text>PROFESSIONAL LICENSE</span></td> <td valign=top><input class=demog_box type=text size=10 name= prolic_dr id=prolic_dr onBlur='formatDate(this)' value='<?php echo $prolic_dr; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= prolic_ln id=prolic_ln onBlur='formatDate(this)' value='<?php echo $prolic_ln; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= prolic_is id=prolic_is onBlur='formatDate(this)' value='<?php echo $prolic_is; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= prolic_ex id=prolic_ex onBlur='formatDate(this)' value='<?php echo $prolic_ex; ?>'> </td> </tr> <tr> </tr> <tr> <td height=20px valign=bottom><span class=label_text>PROFESSIONAL INSURANCE</span></td> <td valign=top><input class=demog_box type=text size=10 name= proins_dr id=proins_dr onBlur='formatDate(this)' value='<?php echo $proins_dr; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= proins_ln id=proins_ln onBlur='formatDate(this)' value='<?php echo $proins_ln; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= proins_is id=proins_is onBlur='formatDate(this)' value='<?php echo $proins_is; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name= proins_ex id=proins_ex onBlur='formatDate(this)' value='<?php echo $proins_ex; ?>'> </td> </tr> <tr> </tr> <tr> <td height=20px valign=bottom><span class=label_text>DRIVER'S LICENSE</span></td> <td valign=top><input class=demog_box type=text size=10 name=dl_dr id=dl_dr onBlur='formatDate(this)' value='<?php echo $dl_dr; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name=dl_ln id=dl_ln onBlur='formatDate(this)' value='<?php echo $dl_ln; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name=dl_is id=dl_is onBlur='formatDate(this)' value='<?php echo $dl_is; ?>'> </td> <td valign=top><input class=demog_box type=text size=10 name=dl_ex id=dl_ex onBlur='formatDate(this)' value='<?php echo $dl_ex; ?>'> </td> </tr> <tr> </tr> <tr> </table> I am now doing the the sql statement to insert into my db but i am stuck. i basically want to get the information that the user enters for each field and save it on the employees profile. $querydoc = "update personnel_document set empnum = '$EmpNum' , doc_type = ???, date_received = ????, date_expired = ????, date issued = ??? where empnum = '$EmpNum' "; The problem is that since each description has a different variable im not sure how to update it.... would I have to create a new update for each description? also I hard coded the name of each description but i believe it is better if i echo the description name from the db as i cant use taht as the doc_type... i am pretty confused, if anyone has a better way of doing this i would really appreciate it! eventually i also want to make sure that the description is expired to to with the fields I have there and promp the user of something that is expired. Once again, any help given is much appreciated!!! Set up: * XAMPP 1.7.3 * Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l * MySQL 5.1.41 + PBXT engine * PHP 5.3.1 * phpMyAdmin 3.2.4 * Perl 5.10.1 * FileZilla FTP Server 0.9.33 * Mercury Mail Transport System 4.72 I'm trying to set up a multipage registration script. It's tuff! I've set up some basic scripts to distribute variables into the correct tables from previous forms using a session. But I want the script to check the input from form one is valid before it moves on to form 2. Here are my scripts: form 1: <html> <head> <title>Register</title> <style type="text/css"> td { vertical-align: top; } </style> </head> <body> <form action="form2.php" method="post"> <table> <tr> <td><label for="name">Username:</label></td> <td><input type="text" name="name" id="name" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="password">Password:</label></td> <td><input type="password" name="password" id="password" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="first_name">First name:</label></td> <td><input type="text" name="first_name" id="first_name" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="last_name">Last name:</label></td> <td><input type="text" name="last_name" id="last_name" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="email">Email:</label></td> <td><input type="text" name="email" id="email" size="20" maxlength="50" value=""/></td> </tr><tr> <td><label for="address">Address:</label></td> <td><input type="text" name="address" id="address" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="city">City/Town:</label></td> <td><input type="text" name="city" id="city" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="county">County:</label></td> <td><input type="text" name="county" id="county" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="post">Postcode:</label></td> <td><input type="text" name="post" id="post" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="home">Home Number:</label></td> <td><input type="text" name="home" id="home" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="mobile">Mobile:</label></td> <td><input type="text" name="mobile" id="mobile" size="20" maxlength="20" value=""/></td> </tr><tr> <td> </td> <td><input type="submit" name="submit" value="Sumbit"/></td> </tr> </table> </form> </body> </html> Form 2: <?php //let's start the session session_start(); //now, let's register our session variables session_register('name'); session_register('password'); session_register('first_name'); session_register('last_name'); session_register('email'); session_register('address'); session_register('city'); session_register('county'); session_register('post'); session_register('home'); session_register('mobile'); //finally, let's store our posted values in the session variables $_SESSION['name'] = $_POST['name']; $_SESSION['password'] = $_POST['password']; $_SESSION['first_name'] = $_POST['first_name']; $_SESSION['last_name'] = $_POST['last_name']; $_SESSION['email'] = $_POST['email']; $_SESSION['address'] = $_POST['address']; $_SESSION['city'] = $_POST['city']; $_SESSION['county'] = $_POST['county']; $_SESSION['post'] = $_POST['post']; $_SESSION['home'] = $_POST['home']; $_SESSION['mobile'] = $_POST['mobile']; ?> <html> <head> <title>Register</title> <style type="text/css"> td { vertical-align: top; } </style> </head> <body> <form action="form3.php" method="post"> <table> <tr> <td><label for="bio">Biography:</label></td> <td><input type="text" name="bio" id="bio" size="400" maxlength="500" value=""/></td> </tr><tr> <td> </td> <td><input type="submit" name="submit" value="Sumbit"/></td> </tr> </table> </form> </body> </html> I've also got form3.php and process_forms.php(that's where I mysql_real_escape_string and input the data) but that's probably not relevant. How would I get this to work? Are there any sites I should look at that you'd recommend? Any help appreciated. Hiya peeps, I am using preg_match to validate URLS; preg_match("/(((https?|ftp|gopher):\/\/|(mailto|file|news):)[^' <>\"]+|(www|web|w3).[-a-z0-9.]+)[^' .,;<>\":]/i", $this->_searchString) I works great, the only issue I have is I am using it in an if statment, and what I need to do is something like this. if(preg_match("/(((https?|ftp|gopher):\/\/|(mailto|file|news):)[^' <>\"]+|(www|web|w3).[-a-z0-9.]+)[^' .,;<>\":]/i", $this->_searchString)) { CHECK IF $this->_searchString has http:// at the start of it or if it has a / at the end and remove them if it does. I need $this->_searchString to end up with only www.SITE.co.uk before I can input it into the relevant function. } else { } Many thanks, James. Yeah I know one of those questions
Like you guys are lawyers on standby or something.
I just wanted to discuss the idea of creating a website mock up for a business that exists but you researched and they don't have a website yet.
I guess how, is the next question in terms of getting their prices of products... but mainly what I was going to do was following along Google Map's street view and screenshot their business logos which are visible to the public eye.
Then create a mock up of a website to show them on a tablet.
What do you guys think?
I am writing a script that downloads stock data and graphs the prices using libchart charting library. After downloading data to array $prices, I use the following line to add a new data point to my chart:
$serie1->addPoint(new Point($prices[$i]['date'], $prices[$i]['price']);
$prices contains both date and price keys. However, this throws off illegal string offset error for both keys. I have checked with isset, both variables contain values. I have also tried typecasting, date with (string) and price with (float), but these threw off new errors.
What could be causing the illegal string offset error? Is there a way to silence it?
Edited by codingcasually, 01 November 2014 - 03:55 AM. Hi guys, why am i getting this error: Illegal string offset 'user_id' but when echo $value it brings the correct output. Thanks
$user_id = 5;
$user_name = "obodo";
$_SESSION['test'] = array('user_id' => $user_id, 'user_name' => $user_name);
foreach( $_SESSION['test'] as $value )
{
echo $value['user_id']; //give error
/* echo $value //works */
}
I hope I can explain what is happening. I have created two forms in PHP. The first 'almost' works, i.e. it shows the data. But I have two problems - 1) the second pulldown menu is always empty and 2) $value from the first pulldown menu ALWAYS equals the last entry thus the last 'if' in the function subdomains ($domains) is always called (but still empty). The code may explain this better than me:
<!DOCTYPE html>
<html>
<body>
<!-- processDomains.php is this file - it calls itself (for testing purposes so I can see what is happening) -->
<form action="processDomains.php" method="post">
<?php
// create the domains array (there are actually several entries in the array but I cut it down for testing)
$domains = array (1 => 'Decommission', 'Migration');
echo "Select Domain:";
echo "<br>";
// Make the domain pull-down menu - this displays correctly
echo '<select name="domain">';
foreach ($domains as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
// input doesn't matter what is 'submitted', always goes to last $value
echo '<input type="submit" name="submit" value="Submit">';
// call function subdomains
subdomains ($value);
function subdomains ($domains) {
// define values for each array - each array contains available choices for the subdomain pulldown menu
$migration = array (1 => 'Application Migration', 'Application Patch', 'Application Upgrade');
$decommission = array (1 => 'Applications', 'Servers', 'Storage');
if ($domains === 'Migration') {
echo "Select subdomain:";
echo "<br>";
// Make the Migration pull-down menu
echo '<select name="migration">';
foreach ($migration as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
} else if ($domains === 'Decommission') {
/* ===
* since 'Decommission' is the last entry in the 'Domains' pulldown list, $value ALWAYS equals
* 'Decommission' and $domains equals $value. So this menu SHOULD work but is always
* empty. Thus, two problems - the pulldown menu is always empty and $value isn't based
* upon user input.
*/
echo "Select subdomain:"; // this prints so I know I'm in 'Decommission (I eliminated the echo "$domain" to show I'm always coming here)'
echo "<br>";
// Make the 'Decommission' pull-down menu
echo '<select name="decommission">';
foreach ($decommission as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
echo '<input type="submit" name="submit" value="Submit">'
) // end of 'if-else'
} // end of function 'subdomain'
?>
</form>
</body>
</html>
Let me say thank you in advance and I appreciate the help! I know I'm doing something (or more than one thing) wrong and I hope someone can tell me what it is.
Best Regards!
Edited by mac_gyver, 19 January 2015 - 09:37 PM. code tags around posted code please I am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.
So, I have a simple file upload. I'm never saving the files, just get contents and dump the file and work with the string version.
I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input. Problem is, the user input is supposed to be valid PHP code. I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct. What kinds of things do I need to look out for? Is it possible to inject when working with strings?
My initial thought is to regex the entire file and replace key portions with known replacements. So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?) But that may be completely unnecessary processing time if I'm not in any danger, here. Thanks ahead of time for any help.
PS - as a side question -- what's the best way to verify a file is a php file? I know of getimagesize for images, but should I just check for <? to verify it's php? That seems like it would be too easy to fool -- then again, it might not matter much.
-Adam
Hey everyone.. I cleared the earlier doubt i have a new doubt in the same system.. <code> public function login($uname, $pass,$remember=false) { $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname || $resl[0]['password']!=$pass) { return $this->error("User not Found"); } else { $userID=$resl[0]['userid']; $_SESSION['userid']=$userID; $uname=$resl[0]['username']; $_SESSION['uname']=$uname; if(isset($_SESSION['userid'])) { header("location:dash.php"); } else { header("location:login.php"); } } </code> No this is my system actually i wanted to do session checking..Rite now when i am logging in the system i am able to log in but the same URL if i copy and paste in another browser i dont have to log in i am already logged in that's not rite Na?? I mean in another browser i should b logging in and then able to access in rite????What am i doing wrong???? PLease guide me through..Thank you.. Hi, I'm creating an upload section that limits users to upload the following file types: .zip .rar .doc .jpeg .gif When getting the type for .pdf files, it comes up as: application/force-download and for .rar files it comes up as: application/x-download If I do a check that says: if ($type=="application/force-download" || $type=="application/x-download") then will users only be able to upload .PDF and .RAR files? I'm assuming these two types will allow other formats as well. If this is the case, how can I check the extension of the file before the user is able to upload it. I was thinking of somehow capturing the last 3 letters of the filename, and then doing the check that way, except I'm not sure how to go about this. Any insight appreciated! Can someone help me to get this code working... Code: [Select] public function getBowlContents(){ if is_null($this->contents) { return "The bowl is empty!"; } else { return "The bowl contains " . $this->contents . " soup!"; } TomTees I have written the code for email check, but how and where can I put the code to check if a username has been used twice? Thanks in advance. Code: [Select] <?php $servername = "localhost"; $username = ""; $password = ""; //validate fields if(!$_POST["username"] || !$_POST["email"] || !$_POST["password1"] || !$_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please fill the required fields, <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate password }else if($_POST["password1"] != $_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please go back, PASSWORDS do not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate email }else if(!(eregi("^.+@.+\\..+$", $_POST['email']))){ echo "<p> </p><p> </p><p> </p><br />Please enter a valid EMAIL! <a href='register.php'><p> </p><p> </p>Go to register page</a>"; //validate captcha }else if(($_SESSION['security_code'] != $_POST['security_code']) || (empty($_SESSION['security_code'])) ){ echo "<p> </p><p> </p><p> </p><br />CAPTCHA CODE does not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ $conn= mysql_connect($servername,$username,$password)or die(mysql_error()); mysql_select_db("genesis_members",$conn); // check if already registered $sql_check = "SELECT * FROM users WHERE email = '".$_POST[email]."'"; $result_check = mysql_query($sql_check,$conn) or die(mysql_error()); $row = mysql_fetch_assoc($result_check); if($row['id']){ echo "<p> </p><p> </p><p> </p><br />EMAIL already registered! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ // insert in db $sql = "INSERT INTO users (username, email, password, company, phone, services) VALUES ('".$_POST[username]."', '".$_POST[email]."', '".$_POST[password1]."', '".$_POST[company]."', '".$_POST[phone]."', '".$_POST[services]."')"; $result = mysql_query($sql,$conn) or die(mysql_error()); echo "<p> </p><p> </p><p> </p><br /><h1>You Have Successfully Registered</h1>"; echo "<p> </p><p> </p><br /><a href='main_login.php'>go to login page</a>"; } } ?> I have textfield for signature in my form, I m checking if the signature was sent ( if(!empty($_POST['signature'])) and if it's not empty I m putting it into the db. The problem is that, I have noticed a greek user has entered something in greek letters, and function could not deal with it and saved it as it is.( DB field supports greek charset ) I just want to allow english and german chars with special chars ( ",',< etc. ) , no other charset like greek. How can I do that? any function for this purpose ? $characterIDs = explode(',', $_POST['characterIDList']); After the explode I want to take all those values and do a select statement in a database table for any of the values that match any of the values inside that variable variable. Not sure how to do this since there is no limit to how may there could be. I don't know precisely how to put it so i will give an example: suppose you have a search form with input fields for: -an age range, -a data range, -for the sex, -postal code as soon as the user would fill in one of these input fields, a query should be generated including a condition doing something with the inputted value. For example, the user fills in maxAge, the the query should say: SELECT * FROM table WHERE age >= maxAge; Filling more than one criterion then would do .= " AND criteria (condition) inputvalue " etc... My question comes to the part about: how to check if there is already a WHERE in the clause and how to put WHERE or AND for every criterion. Since doing like above, i won't be able to search for another criterion if i don't select maxAge first because then there would be no WHERE in the sql clause. Hopefully i've put it clear thanks in advance I need to query a database for a starting time for a meeting, and if the start time is at 7pm, I need to allow access to a page from 6pm til 11pm. Not a problem. The problem lies when the ending time (4 hours after the start time) crosses over to a new day. Here's what I have: Code: [Select] <?php elseif ($row['meeting'] == "7:00pm") { $starthour = 18; $endhour = 23; } elseif ($row['meeting'] == "8:00pm") { $starthour = 19; $endhour = 0; } if ($thishour <= $endhour && $thishour >= $starthour) { include "meeting_ok.php"; } else { echo "Meeting room is unavailable at this time...."; } ?> The "0" for endhour is throwing things off. How should I best account for a new day? Thanks! |
|||||||