PHP - Need Good Ideas Regarding Security On Single Page

Good day everyone!

I know this is possible but I do not know how to do it.

I have a single page, this page has no dynamic content.

I have a set of links. What I need is to have content placed on the page based on the link the user clicks.

Example: I have pictures of animals. When the user click a Zebra, the Zebra info is placed on the page.

So the page does not change, meaning the content on the page changes but not the page it self.

The idea is instead of creating different html pages for each animal profile, the profile is generated to the page from a php include file.

Is is this possible?

Can anyone, some one please point me to how I can get this going.


Thanks everyone!


IC

This is more of an SEO question. 

I have a site with couple hundred categories within each city. I was wondering what the best approach is to do them?

www.mysite.com/browse/apples?city=new-york

www.mysite.com/browse/new-york?category=apples

Which one is the better way to do it for seo purposes? 

If it's the first method, that would mean I would have to create couple hundred pages for those categories yes?

I am creating a user inbox system. I am retrieving all the unread messages. Each message row contains a "reply" form. So say I have 10 messages showing on a single page. That's 10 forms.

What I would like to know is how can I submit any one of the 10 forms and not have it affect the remaining 9 forms?

Here is the basic code.

if(isset($_POST['submit'])) {
  $post_message = trim($_POST['message']);

  $errors      =  array();
  $db->beginTransaction();

  if(empty($post_message)) {
    $errors[] = 'The message field can not be empty!';
  }

  if(empty($errors)) {
    $db->commit();
    
    echo 'success';

  } else {
    $db->rollBack();
  }
}
<form action="" method="post">
  <fieldset>
    <textarea name="message" maxlength="10000" placeholder="What would you like to say?"></textarea>
  </fieldset>
  <fieldset>
    <input type="submit" name="submit" value="Submit" />
  </fieldset>
</form>

 

PHP script return 20 UL LIST values like,

< ul >

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T

< /ul >

How to display UL LIST into row wise 5 columns like

A B C D
E F G H
I J K L
M N O P
Q R S T (20 ITEMS)

Edited December 7, 2019 by aveeva

Hi, I've been scratching my head for a while now about how to do this, I'm relatively new to php and mysql and perhaps foolishly taking on creating a user area for a website.  I have everything else working, all of my register account functions and confirmations and all of the login scripts etc. 

I have created a profile page which returns various information to the user (this bit works fine) and I've got some nice show/hide toggles running with some javascript/css but my intention is to allow the user to change thier information (e-mail address, contact phone number and also whether they are subscribed to the e-mail list), it also displays any support tickets or messages.

So after the long intro, here's what I'm struggling with...  I have a form in a visibility toggled <div> which submits a 'change_email' script, so a user wants to change their e-mail, clicks on change, the <div> appears, they bang in the new e-mail and hit submit.

My php script appears to work (because it doesn't throw up any errors), until you realise that actually it's not updated the record in the db...

I'm using mysql_query("UPDATE users SET email='$new_email' WHERE username='$user'");

Do I need to setup variables for all of the information in the db (name, username, password, email, contno etc etc) and include them in the command to get it to work or should that just pick the correct record and then update it? If that is the case is there a way I can include 'blank' variables so I don't have to set them all up...

e.g.  mysql_query("UPDATE users SET user='',password='',email='$new_email', etc WHERE username='$user'");

Many thanks in anticipation

Hello everyone

I want to know why are these functions discouraged because I have a problem

*****************
http://mx.php.net/manual/en/function.spliti.php
Warning
This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
*****************

I have a long list of standard features of some products (90 features 1800 products) which I am integrating in a CMS. I have to elaborate a CREATE, READ and MODIFY section for the products and I was thinking of using check boxes and if statements with 90 columns in my DB for each feature. (I hope there is an easier way to do this)

Before I typed in all the features in one column and splited it with the previous functions mentioned, but it doesn't work for the modify section of the CMS.

I am trying to learn a method in which I can easily integrate this 90 standard features in the CMS. Does anyone has a good idea?

Hello

Sorry for the lousy title, but was unsure what too call this

I am currently writen a small coupon script, my problem is how I can check what member has already claimed a coupon.
coupons are generated with simple inserting a new row with details ( name and other info ) to it's own table.

I need help on how too setup that member xx has already claimed coupon xxxxxx? All ideas are welcome

Hi, I would like to generate a constant value that change from a website to website but have an identical value for a single website. For example 

$_SERVER['SERVER_ADDR']

doesn't change for a single website, but easy to guess. an other idea is 

realpath(dirname(__FILE__))

but this can change if the web application execute scripts located in sub directories of the main script that use this variable. So what other possibilities to get a constant value that doesn't change ?   Thank you.

Hi all,


I've been trying to improve the speed of my file download script and was wondering if anyone could advise me which of the following is more efficient (Don't worry its not the whole script, just one segment), in terms of speed and server load?

The way I have the segment currently:

//if file exists need to check authorision levels

//set access to no

$access = NULL;

//retrieve current user levels

$cpm = $_SESSION['MM_CPMGroup'];

$cpmh = $_SESSION['MM_CPMHGroup'];

$cm = $_SESSION['MM_CMGroup'];

$cj200 = $_SESSION['MM_CJ200Group'];

$cj = $_SESSION['MM_CJGroup'];

//set file category type & set access if allowed

if ($category == 'cpm') {

if ($cpm == '1') {

$access = 1;

if ($subcategory == 'techdata') {

$path = "files/techdata/cpm/";

}

elseif ($subcategory == 'msds') {

$path = "files/techdata/cpm/msds/";

}

elseif ($subcategory == 'symbols') {

$path = "files/symbols/cpm/";

}

else {

$path = "files/cpm/";

}

}

}

elseif ($category == 'cpmh') {

if ($cpmh == '1') {

$access = 1;

if ($subcategory == 'techdata') {

$path = "files/techdata/cpmh/";

}

elseif ($subcategory == 'msds') {

$path = "files/techdata/cpmh/msds/";

}

elseif ($subcategory == 'symbols') {

$path = "files/symbols/cpmh/";

}

else {

$path = "files/cpmh/";

}

}

}

elseif ($category == 'cm') {

if ($cm == '1') {

$access = 1;

if ($subcategory == 'techdata') {

$path = "files/techdata/cm/";

}

elseif ($subcategory == 'msds') {

$path = "files/techdata/cm/msds/";

}

elseif ($subcategory == 'symbols') {

$path = "files/symbols/cm/";

}

else {

$path = "files/cm/";

}

}

}

elseif ($category == 'cj200') {

if ($cj200 == '1') {

$access = 1;

if ($subcategory == 'techdata') {

$path = "files/techdata/cj200/";

}

elseif ($subcategory == 'msds') {

$path = "files/techdata/cj200/msds/";

}

elseif ($subcategory == 'symbols') {

$path = "files/symbols/cj200/";

}

else {

$path = "files/cj200/";

}

}

}

elseif ($category == 'cj') {

if ($cj == '1') {

$access = 1;

if ($subcategory == 'techdata') {

$path = "files/techdata/cj/";

}

elseif ($subcategory == 'msds') {

$path = "files/techdata/cj/msds/";

}

elseif ($subcategory == 'symbols') {

$path = "files/symbols/cj/";

}

else {

$path = "files/cj/";

}

}

}

if ($access < 1) {

// if user access not granted to file category return message

if($logging > 0){

$status = "Wrong Permissions";

include('logit.php');

}

if (! $_SESSION['PrevUrl']) {

//header("Location: ". $loginpage );

exit;

}

$redirect = $_SESSION['PrevUrl'];

header("Location: ". $redirect );

exit;

}

// if file exists and user access granted continue


Obviously the above is a lot of lines of code... So I have rewritten the above to look like:


//if file exists need to check authorision levels & retrieve current user levels

if ($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') {

$access = 1;

} elseif ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') {

$access = 1;

} elseif ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') {

$access = 1;

} elseif ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') {

$access = 1;

} elseif ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') {

$access = 1;

} else {

$access = NULL;

}

if ($access == NULL) {

// if user access not granted to file category return message

$status = "Unauthorised";

include('logit.php');

header("Location: ".$_SESSION['PrevUrl']);

exit;

}

// if file exists and user access granted continue

switch($subcategory) {

case "techdata":$path="files/techdata/".$category."/".$filename; break;

case "msds":

$path="files/techdata/".$category."/msds/".$filename; break;

case "symbols":

$path="files/symbols/".$category."/".$filename; break;

default:

$path="files/".$category."/".$filename;

}


The second version is a lot shorter, but is it better? And could I shorten the if statement further so its more like:


//if file exists need to check authorision levels & retrieve current user levels

if (($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') || ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') || ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') || ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') || ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') {

$access = 1;

} else {

$access = NULL;

}

if ($access == NULL) {

// if user access not granted to file category return message

$status = "Unauthorised";

include('logit.php');

header("Location: ".$_SESSION['PrevUrl']);

exit;

}

// if file exists and user access granted continue

switch($subcategory) {

case "techdata":$path="files/techdata/".$category."/".$filename; break;

case "msds":

$path="files/techdata/".$category."/msds/".$filename; break;

case "symbols":

$path="files/symbols/".$category."/".$filename; break;

default:

$path="files/".$category."/".$filename;

}


Any advice would be appreciated! Thanks!!

I'm just looking for some tips here. I am developing and selling an eccommerce shopping cart software package, and it has been received very well from the early adopters. There's just one small problem that prevents the software from being a truly out-of-the-box solution: the include path. Not all users have access to their php.ini file, and it's not always a php.ini file anyway. So this is something the installation is unable to set for the customer.

I'm using object-oriented PHP5 stuff, so I have a folder named "classes" with all the relevant stuff in there. I am unable to search for paths to the folder and hard-code those into source files (there are ajax calls and other fun stuff; hard to know the exact relation to the path).

I guess I could use set_include_path on the top of a bunch of files, but that is a small performance hit (and totally inelegant code). I could put the folder path in the database somewhere and query for it (and cache it so it's not a performance hit). None of this stuff seems good. The path seems like the best solution.

Unless you have better ideas....

I would like to be able to use this 

<img src="user/<?=$log_username. '/' . $main_image;?>" width="130" height="150" id="pic5"/>

to work within php and i am having a had time doing so  . Any ideas?  $log_username refers to the users specific username folder within the main users folder         html source code looks like this  ,but i need to reference this within  a PHP  code block not html

<img src="user/lexi/pic.png" width="130" height="150" id="pic5">

any ideas? thanks guys

So this is a bit of a puzzler for me? I have a code that takes a form submit and chucks it to a DB that all works fine but the second part is it also takes the submit and sends it to a email. now this is the crazy part it works fine 80% of the time but some times it sends back a blank email or one that is only hafe there, but still all shows fine in the DB and I have been trying to work this out for 5 days now and ..... nothing worked and I am lost for any ideas on what it could be 

<?php
error_reporting(E_ALL^E_NOTICE);
     $connect = mysqli_connect("");//removed
    $doc = $_GET["doctor"];
    $username = $_GET["username"];
    $sql = "SELECT fname, lname from newpatient where username = '$username'";
     $result = mysqli_query($connect, $sql);
     $value = mysqli_fetch_row($result);   
     $fname = $value[0];
    $lname = $value[1];
    $totalcost = $_GET["totalcost"];
    $reason1 = $_GET["reason1"];
    $reason2 = $_GET["reason2"];
    $reason3 = $_GET["reason3"];
    $reason4 = $_GET["reason4"];
    $reason5 = $_GET["reason5"];
    $reason6 = $_GET["reason6"];
    $reason7 = $_GET["reason7"];
    $reason8 = $_GET["reason8"];
    $date = $_GET["date"];
   
    $reasons = array($reason1,$reason2,$reason3,$reason4,$reason5,$reason6,$reason7,$reason8);
    rsort($reasons);
    $reason1 = $reasons[0];
    $reason2 = $reasons[1];
    $reason3 = $reasons[2];
    $reason4 = $reasons[3];
   
    if(isset($_REQUEST["yes"]))
     {
        $sql1 = "SELECT * FROM appointments where doctor_name = '$doc' and time = '$time'";
        $result1 = mysqli_query($connect, $sql1);
        $num_rows = mysqli_num_rows($result1);
        if($num_rows > 0)
        {
           echo "Appointment Time already chosen. Select another time.";
            echo "<script language = 'javascript'>document.location.href='make_appointment.php?doc=$doc&username=$username'</script>";         
        }
        else
        {             
             $sql2 = "INSERT INTO appointments (username, time, doctor_name, cost, reason1_for_visit, reason2_for_visit,reason3_for_visit,reason4_for_visit, fname, lname) values ('$username','$date','$doc',$totalcost,'$reason1','$reason2','$reason3','$reason4','$fname','$lname')";
           $result2 = mysqli_query($connect, $sql2);
          if($result2)
              echo "This worked.";
          else
              echo "Insert did not work.";
             //echo "<script language = 'javascript'>document.location.href='registered_login_page.php?username=$username'</script>";
      }      
    }
    mysqli_close($connect);
?>

ok so for the second issue of the night, has anyone used lightbox with images that are fetched from a database (mysql)??

i have the following but it opens at the bottom of the page and not in a lightbox...

echo '<a href="' . $row['image'] . '" rel="lightbox[roadtrip]"><img src="' . $row['image'] . '" width="100" alt=""></a>';

full code on attachment

I'm in the process of making a PHP/MYSQL game and I'm trying to figure out the best way to set the database up specifically to deal with items.

All day I have been wrestling with how to do this. How do I link items to players?  How do I keep track of who has what items?

I know this question isn't at all specific sorry for that, it's hard to explain exactly what I mean thought text.

Thanks