|
PHP - Simple Duplicate Protection
I have a contact form, and I want to make sure it doesn't send a bunch of duplicates if the page is refreshed after being submitted.
Simple way is to make sure this record isn't identical to the one before it: select * from `contacts` where `Name`='$name' and `Phone`='$phone' and `Message`='$message' and `Subject`='$subject' and `Email`='$email' But, that checks against all records. While not likely, this could cause problems, if the same customer came back a month later and put in the same exact contact. Any way I can check it only against the very last record in the database? Something like: and `id`=XX , where XX is one less than the current auto inc id? Similar TutorialsI have a table called "colors". It has 2 columns, id and color. All I'm trying to do is pull the data into the form, then edit the colors (for example - misspelled, etc.) Then submit it back to the table. Here is the code that pulls the data into a form so I can edit it: Code: [Select] <form action="adminupdatecolors.php" method="post"> <table width="500" border="1" cellpadding="10"> <tr> <td>Color Options:</td> <td> <? $result = mysql_query("SELECT * FROM colors"); while ($row = mysql_fetch_assoc($result)) { echo '<input type="text" name="color[]" value="' . $row['color'] . '"/>' . $row['id'] . '<br />'; } ?> </td> </tr> <tr> <td> </td> <td><input type="Submit" value="Update Colors"></td> </tr> </form> </table> Here is my update script: Code: [Select] <?php include("config.php"); include("db.php"); $id=$_POST['id']; $color=$_POST['color']; $result = mysql_query("SELECT id FROM colors ORDER BY id DESC LIMIT 0,1"); if ($row = mysql_fetch_assoc($result)) { $id = $row['id']; } $sql = "DELETE FROM colors WHERE id='$id'"; mysql_query($sql) or die("Error: ".mysql_error()); foreach ($color as $colorvalue) { $sql2 = "INSERT INTO colors (id,color) VALUES ($id,'$color')"; mysql_query($sql2) or die("Error: ".mysql_error()); } header("Location: " . $config_basedir . "adminhome.php"); ?> how would this code work? Code: [Select] if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety I need to know, what i need to care about while im coding, how someone can hack my php code. Some tricks for protection pls? I want to password protect my entire website. How would I go on to doing this. There is a website that has this already (www.printerdev.co.uk). I want to do the exact same thing but not sure how to. Can someone please help me hello.
im trying to password protect my pages in a simple way like this:
http://www.scottconn...ord_protection/
but for some reason it doesnt chek the login file, so it doesnt work:
<?php require_once 'login.php'; ?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 table tr td label {
}
#form1 table {
text-align: left;
}
#wrapper {
margin: 20px auto;
text-align: center;
font-size: 20px;
}
#wrapper2 {
margin: 20px auto;
text-align: center;
font-size: 20px;
}
</style>
</head>
<body>
<div id="wrapper">
--<a href="tilfojer.html">Tilføj Aktivitet</a>--<br>
--<a href="tilfojtilvalg.html">Tilføj Tilvalg</a>--<br>
--<a href="tilfojrestaurant.html">Tilføj Restaurant</a>--<br>
--<a href="tilfojmenu.html">Tilføj Menu</a>--
</div>
<div id="wrapper2">
--<a href="seaktivitet.php">Se Aktiviteter</a>--<br>
--<a href="setilvalg.php">Se Tilvalg</a>--<br>
--<a href="serestaurant.php">Se Restauranter</a>--<br>
--<a href="semenu.php">Se Menuer</a>--
</div>
</body>
<a href="?logout=1">Logout</a>
</html>
that is how i implemented it. made the file an php file
can somone tell me why it doesnt work. and maybe how to make it work, and why that works
many thanks
I have been getting a lot more client requests to protect files. What is the easiest way to do this. So, basically I have tried doing it outside the public directory. There are too many things that cause issues with this. I haven't been able to get a successfull implementation of this since I started working with this. So I was thinking instead about password protecting a directory that is inside public view, but still get files via PHP. Is there a way to setup a password protected directory, then retreive stuff from that directory using PHP. Or, a good way to put them outside the public folder. Everything I have tried to do to get a file to save outside of public view, has not worked. It always says uploaded but the file is never there. Also, I have verified correct permission for this as well. How can you protect mysql injection? (from inserting different statements into the input field) Thanks im having some robots injecting gibberish i wnat to deny amy links in the requesttext of the form for some reason i tested it and it accepted a http link Code: [Select] if (preg_match("/http/i","$RequestText")){ exit();} thanks <?php include ("database.php"); // show comments $result = mysql_query("SELECT * FROM gamecomments"); while($row = mysql_fetch_array($result)) { echo $row['username'] . ": <Br> " . $row['comment']; echo "<p>"; } ini_set ("display_errors", "1"); error_reporting(E_ALL); if (isset($_POST['submit'])) { // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } } Hey, Wondering if this would work, it is based on the idea that everyone who is a real visitor will be using a browser, is that correct? Do robots use browsers too? if so, it wont work! haha. <? $browser = mb_substr($_SERVER['HTTP_USER_AGENT'], 0, 31); if (!empty($browser)){echo '<form action="send.php" method="post">';} ?> Just thought it was nice and simple, and couldnt see anywhere if it would work or not... I have never looked into sanitizing before, Is using htmlentities() good enough to protect against sql injection ? Thanks. I haven't had a problem with sql injection yet, but I'm scarred to death. I didn't do any form data validation as I was building my site. I'm just now starting to learn how. Magic_quotes is turned on at my host. I know about htmlspecialchars and mysql_real_escape_string and stripslashes and htmlentities. In testing each of these, it seems they all miss one thing or another. so, I created an array of words and characters that I can't for the life of me imagine anyone would ever need on any form in my site, that I THINK addresses most if not all of the really bad things. But hey... I'm new to this. So here is my array and using print_r() it looks pretty good. Code: [Select] $badstuff = array('select','delete','update','insert','drop','=',';','"','\'','<','>','/'); Code: [Select] Array ( [0] => select [1] => delete [2] => update [3] => insert [4] => drop [5] => select [6] => delete [7] => update [8] => insert [9] => drop [10] => = [11] => ; [12] => " [13] => ' [14] => < [15] => > [16] => / ) My str_ireplace() function works fine within the code, but I'd like to create a function using str_ireplace(). I am failing miserably. Here is my function that doesn't work... Code: [Select] function strip($string){ return str_ireplace($badstuff,"",$string); } Here below..... the first line, that uses the function does NOT work. The second line that just uses str_replace() function works fine. Code: [Select] echo strip($string).'<br>'; echo str_ireplace($badstuff,"",$string) Can anyone tell me why my function does not work? I've read and watched 20 tutorials and just can't see the problem. Thanks for any input. '[$username]' is using a variable from a cookie varifying that you are logged in, this code works except i need to put real escape strings and protection from mysql injection and dont really know where to put them. Code: [Select] if (isset($_POST['submit'])) { // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } } [CODE] I have a comment section that is secure against everything except spam.. Is there anyway to do like a 10second minimum wait time between posts? I am inserting the two records below simultaneously (one after the other), but what I want to do write the second ONLY if the first isn't a duplicate. Help? Code: [Select] //FIRST INSERT mysql_query("INSERT INTO spam (id, scm_mem_id) VALUES('', '$social_mem_id' ) ON DUPLICATE KEY UPDATE scm_mem_id=$social_mem_id") or die(mysql_error()); //SECOND INSERT mysql_query("INSERT INTO sc_messages (smg_from, smg_to, smg_subject, smg_body, smg_sent_del, smg_postdate) VALUES ('$social_mem_id','1','$subject','$body','1','$time')") or die(mysql_error()); Hi there, I know I'm doing something stupid, but i've tried for hours to try and figure this out and I just cant seem to figure out why tutorials i've seen seem to work yet my own code doesnt. basically i've got two functions: getAll() and get($id) inside a class, calling getAll, returns an array with one of the same record as opposed to all the records (which is my intended result). Can anyone help? thanks. Code: [Select] class Test{ protected $_db; protected $_table = "table"; protected $_friends = array(); public function __construct($db) { $this->_db = $db; } public function getAll() { $db = $this->_db; $sql = "SELECT * FROM $this->_table"; $db->query($sql); while($data = $db->fetch_array()) { $this->_friends[$data['id']] = $this->get($data['id']); } return $this->_friends; } public function get($id) { $db = $this->_db; $sql = "SELECT * FROM $this->_table WHERE id='$id'"; $db->query($sql); $data = $db->fetch_array(); return (object)$data; } } $test = new Test(new mysqlConnClass()); $arrayOfAllAsObjects = $test->getAll(); hi, i have some code that i need to update existing columns in a table, but i just cant seem to get it to work if anyone caan please help it would be appreciated. Quote // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); $insert = mysql_query("insert into $table values ('NULL', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['name']."', '".$_POST['Gender']."', '".$_POST['Age']."', '".$_POST['Race']."', '".$_POST['SpecialtyOne']."', '".$_POST['Feet']."', '".$_POST['Weight']."', '".$_POST['Eyes']."', '".$_POST['Hair']."', '".$_POST['Strength']."', '".$_POST['Stamina']."', '".$_POST['Perception']."', '".$_POST['Agility']."', '".$_POST['Intelligence']."', '".$_POST['Tech']."', '".$_POST['Luck']."', '".$_POST['Appearance']."', '".$_POST['Background']."', '".$_POST['Weapons']."', '".$_POST['Armour']."', '".$_POST['Items']."', '".$_POST['Enhancements']."', '".$_POST['Skills']."')") or die("Could not insert data because ".mysql_error()); ?> <?php Code: [Select] foreach ($items as $product ) { echo $product; ?><input type="text" size="2" value="<?php \\display quantity here ?>" name="quantity" /><?php } $items is an array. It has multiple values, some duplicate. How do i count the duplicate values in the array and display in this foreach loop? i know array_count_values($product) but putting that in the foreach loop won't accomplish what i want. another thing. i can get the foreach loop to not display duplicates by doing this Code: [Select] foreach (array_unique($items) as $product ) { echo $product; ?><input type="text" size="2" value="<?php \\display quantity here ?>" name="quantity" /><?php } how would i accomplish both. basically i want it to display the quantity without displaying duplicate rows. aka shopping cart. Hi, I have a multidimentional array which looks like this : Code: [Select] array(2) { ["HOKIT100E-041"]=> array(3) { [0]=> string(26) "Honda Cr 125-250 2000-2001" [1]=> string(5) "89.99" [2]=> string(1) "1" } ["WAFAXS"]=> array(3) { [0]=> string(27) "Wulf Flite-x Helmet - Green" [1]=> string(5) "65.94" [2]=> string(1) "1" } } howver when I do a foreach on it, the 1st array is being duplicated and I have no idea why this is the code I have : Code: [Select] foreach($basketArray as $key => $value) { echo$nvpstr = $nvpstr ."<br/><br/>&L_PAYMENTREQUEST_0_NUMBER$q=".$key." <br/>&L_PAYMENTREQUEST_0_NAME$q=".$value[0]." <br/>&L_PAYMENTREQUEST_0_AMT$q=".$value[1]." <br/>&L_PAYMENTREQUEST_0_QTY$q=".$value[2]; $q++; } this is what is output : Quote &L_PAYMENTREQUEST_0_NUMBER0=HOKIT100E-041 &L_PAYMENTREQUEST_0_NAME0=Honda Cr 125-250 2000-2001 &L_PAYMENTREQUEST_0_AMT0=89.99 &L_PAYMENTREQUEST_0_QTY0=1 &L_PAYMENTREQUEST_0_NUMBER0=HOKIT100E-041 &L_PAYMENTREQUEST_0_NAME0=Honda Cr 125-250 2000-2001 &L_PAYMENTREQUEST_0_AMT0=89.99 &L_PAYMENTREQUEST_0_QTY0=1 &L_PAYMENTREQUEST_0_NUMBER1=WAFAXS &L_PAYMENTREQUEST_0_NAME1=Wulf Flite-x Helmet - Green &L_PAYMENTREQUEST_0_AMT1=65.94 &L_PAYMENTREQUEST_0_QTY1=1 Have I made a schoolboy error? Thanks. |
|||||||