|
PHP - Htmlentities Executed And Shouldn't Be
I have a function with a query and then a while loop and then an if file_exists with an image path. I am getting the image path displayed as text. Would this be because I am running the query through json encoding?
Similar TutorialsSay a script has ignore_user_abort(true); set. If the user aborts the connection and print is called, the buffer doesn't get written anywhere. So shouldn't print() return false in this case? To clarify, I know it doesn't, but shouldn't it? If not, why not? I have a games website called GPStudios.com. In a previous topic (that remains unresolved) I needed help fixing a view counter on a specific page that was sometimes executing a mysql query twice. I've since noticed that it is happening on other pages, maybe all of them. At the top of the php "playgame.php", is the statement: $updatesql = "update games set timesplayed = timesplayed+1, last_played = now() where gameid = $gameid"; mysql_query($updatesql); However, when I reload the page or check on phpMyAdmin, it has sometimes incremented by 2 (possibly 3). I have confirmed that no where else is calling the same query. I created a new table called "FUCK" and editted the code stated above to: $updatesql = "update FUCK set timesplayed = timesplayed+1, last_played = now() where gameid = $gameid"; mysql_query($updatesql); Upon loading the page, it did exactly the same thing. So I confirmed that the PHP must be being run twice. I have tried it on other pages on my website such as I had no luck on my other topic of the same problem, but hopefully someone might be able to tell me why or how this might be happening. Just remember - it is an absolute certainty that the query is NOT being run elsewhere. Thanks. Hello, I create tracking code file named "get_t.php". I call it using javascript: <script language='javascript' type='text/javascript'> var r=document.referrer; var counter = new Object(); counter.src = 'http://MyWebSite.com/get_t.php?aid=55&lid=F29&r='+r; </script><script src=http://MyWebSite.com/get_t.php?aid=55&lid=F29> </script> In this file all I do is to print "Hello World". Now, everything works fine most of the time. but sometimes the file does not executed for some reason, and empty page is displayed without showing message "Hello World". Please advice. Thanks, so a user fills out a form, data gets sent to send.php then if successful redirects back to index.php, how on that index.php can i get it to say, sent successfully? When I try to upload a file larger than the server's max limit, the following code is not executed. How am I supposed to inform the user that their file is too large? NOTE: I've stripped the code down for this post. Code: [Select] <?php if(isset($_POST['submit'])) { echo "test.."; } ?> <html> <head> <title>Upload Test</title> </head> <body> <form action='' enctype='multipart/form-data' method='POST'> <input type='file' name='file_upload' /> <input type='submit' name='submit' value='upload' /> </form> </body> </html> Hi, we are trying to make a marketing wheel. This means we got a database with lots of persons in it each with a individual email adres. The simel example of how the basic database looks is seen in the picture below. This table is called "Clicks" As you might notice the field "Aan" is either a 0 or a 1. This is how it works, when someone fills in a form on the website asking for more information the form with all the personal information of this person is send to a random email adres found in this table. When this happens the field "Aan" changes from 0 to 1 this way we can make sure that the same person does not get a email again until everyone else has been used 1 time. So in other words until that the field "Aan" is value 1 for every person in the table. As you might have guessed this is sadly enough not working ... this is our code : Code: [Select] include_once('connection.php'); $data = array(); $i = 0; $result1 = mysql_query("SELECT * FROM `Clicks` WHERE Aan = 0"); while ($list1 = mysql_fetch_array($result1,MYSQL_ASSOC)) { if (empty($list1) ){ mysql_query("UPDATE `Clicks` SET `Aan`= 0 WHERE `Aan` = 1"); } $result = mysql_query("SELECT * FROM `Clicks` WHERE Aan = 0 ORDER BY RAND() LIMIT 1"); while ($list = mysql_fetch_array($result,MYSQL_ASSOC)) { foreach ($list as $key => $value) { // Met htmlentities() voorkom je dat html wordt uitgevoert. $value = htmlentities($value); $data[$i][$keyl] = $value; } $i++; } } mysql_free_result($result); $data = array_reverse($data); // Zet de nieuwste berichten bovenaan // in plaats van onderaan. $cnt = count($data); for($i = 0; $i < $cnt; ++$i) { $bericht = $data[$i]; echo(nl2br($bericht['bericht'])); // Met nl2br() worden alle enters in het // bericht omgezet naar <br/>. echo('</td></tr></table>'); $naarwie= $bericht['Email']; }mysql_query("UPDATE `Clicks` SET `Aan`= 1 WHERE `Email` = $naarwie"); mysql_close($Verbinding); // Sluit de verbinding. // We hebben hem nu niet meer nodig. So this code in short explained would be. It checks if all the "Aan" fields are on 0 if the list is empty so it means they are all on 1 he will reset all the fields of every user to 0. and then he will take a random person out and send the email to that person. And after the mail is send will change that person his value on "Aan" to value 1. Now if the list is not empty, that means there are still persons with value 0 in the list. Then he will take a random user out of all the persons who have "Aan" with value 0 send the mail to that user and change his "Aan" value to 1. This process will be repeated every time someone asks for information until all values of all users are on 1. And then again he will change them to 0 for everyone. I hope its clear what we are looking for. And I hope someone can help us out. We are clueless... Hi all I have this problem on a server using php5, unix based, safe_mode is On globally, i have turned it off locally through php.ini. Ok, this is testing example script i used: $cmd = ( "php -v" ); $out = shell_exec( $cmd ); print $out; On my own server this returns php version. On this mentioned server i'm using (commercial) this causes complete server breakdown, when logged in with SSH, i can't even issue "ls" command after that, nor find and kill the process. What could be so wrong with it? I don't think calling php-cli would make any difference. Now, I'm trying to figure out some security factors of a website with a login etc. Would I need to add and strip slashes if I'm using htmlentities on anything that the user enters? Wondering about htmlentities() as I have a rich text editor implemented on my website, how would I correctly use htmlentities() as I still want the data which was put into the rich text editor to correctly show, sorry for me being a bit vague, it is late and im tired but hope someone can shine some light on this for me I can't seem to get htmlentities working in the code below... echo "<textarea id=\"question" . $questionNo . " name=\"qaArray[\"answerText\"]\" cols=\"60\" rows=\"2\">" . (isset($questionNo) ? "htmlentities($qaArray[\"answerText\"], ENT_QUOTES" : "") . "</textarea>"; I tried using the default single quotes around answerText but that doesn't, nor do my escaped double quotes. What is wrong? Thanks, Debbie I don't really understand what htmlentities() does and when to use it?! The manual says this... <?php $str = "A 'quote' is <b>bold</b>"; // Outputs: A 'quote' is <b>bold</b> echo htmlentities($str); // Outputs: A &#039;quote&#039; is <b>bold</b> echo htmlentities($str, ENT_QUOTES); ?> 1.) Isn't there a way to print this... Code: [Select] $str = "A 'quote' is <b>bold</b>"; ...as this... Quote A 'quote' is <b>bold</b> That is, WYSIWYG. 2.) When and why would you want this displayed... Quote A 'quote' is <b>bold</b> I am trying to make my code more secure, and I was told to use something like this on all code that comes from the User and needs to be output, but I'm a little lost here... echo ' <div class="userInfo"> <a href="#" class="username"> <strong>' . nl2br(htmlentities($username)) . '</strong> </a>'; Debbie Hi all i was just trying to test out what the effect is of htmlentities() and htmlspecialchars() with an without ENT_QUOTES, but it looks like it's not working as expected. I made a small script to compare the 2 the only thing happends that javascript isn't executed, but i though it would convert special characters into even more special ones I am running on xampp btw if that helps $plain_input = "I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script>"; $plain_input2 = htmlentities($plain_input); $plain_input2_ent = htmlentities($plain_input,ENT_QUOTES); echo '<b>htmlentities: </b>'.$plain_input2.'<br />'; echo '<b>htmlentities + entquotes: </b>'.$plain_input2_ent.'<br />'; echo '<hr /><br />'; $plain_input3 = htmlspecialchars($plain_input); $plain_input3_ent = htmlspecialchars($plain_input,ENT_QUOTES); echo '<b>htmlspecialchars:</b> '.$plain_input3.'<br />'; echo '<b>htmlspecialchars + entquotes:</b> '.$plain_input3_ent.'<br />'; echo '<hr /><br />'; this just outputs: Code: [Select] htmlentities: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlentities + entquotes: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlspecialchars: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlspecialchars + entquotes: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> Think i've got my self a little confused here. htmlentities This function is designed to try and keep clients safe. If the comment the user inputs can only ever be seen by him or her, then in theory is there no need to use htmlentities as any dodgy script would only affect them. Is this correct thinking? I have let say Thai language and inserted into database Code: [Select] <b>บริษัท เอส.เค.ฟู้ดส์ (ประเทศไทย) จำกัด (มหาชน) เป็นผู้นำเข้า-ส่งออกปลาทูน่าบรรจุกระป๋อง ต้องการรับสมัครพนักงานเพื่อรองรับการขยายกิจการ</b> and i retrieve it using this nl2br(htmlentities($array['message'])) the result will completely messed up as the thai language will be converted either. if i ignore the htmlentities then i will have that message in bold how can i achieve the result exactly the same like what has been written (message in thai language with that <b> html tag)?? thanks in advance What do most people prefer to use? htmlspecialchars or htmlentities when the page loads it is showing "Registration Successful" under the form, even when nothing has yet to be submitted Code: [Select] <script language='javascript'> function verifyMe(){ var msg=''; if(document.getElementById('username').value==''){ msg+='- User Name\n\n';} if(document.getElementById('password').value==''){ msg+='- Password\n\n';} if(document.getElementById('userid').value==''){ msg+='- Eve User ID\n\n';} if(document.getElementById('api').value==''){ msg+='- Eve API\n\n';} if(msg!=''){ alert('The following fields are empty or invalid:\n\n'+msg); return false }else{ return true } } </script> <form name='Sign Up' action='signup.php' method='POST' onsubmit='return verifyMe();'> <table class='table_form_1' id='table_form_1' cellspacing='0'> <tr> <td class='ftbl_row_1' ><LABEL for='username' ACCESSKEY='none' ><b style='color:red'>*</b>User Name </td> <td class='ftbl_row_1a' ><input type='text' name='username' id='username' size='45' value=''> </td> </tr> <tr> <td class='ftbl_row_2' ><LABEL for='password' ACCESSKEY='none' ><b style='color:red'>*</b>Password </td> <td class='ftbl_row_2a' ><input type='password' name='password' id='password' size='45' value=''> </td> </tr> <tr> <td class='ftbl_row_1' ><LABEL for='userid' ACCESSKEY='none' ><b style='color:red'>*</b>Eve User ID </td> <td class='ftbl_row_1a' ><input type='text' name='userid' id='userid' size='45' value=''> </td> </tr> <tr> <td class='ftbl_row_2' ><LABEL for='api' ACCESSKEY='none' ><b style='color:red'>*</b>Eve API </td> <td class='ftbl_row_2a' ><input type='text' name='api' id='api' size='45' value=''> </td> </tr> <tr> <td class='ftbl_row_1' ><LABEL for='email' ACCESSKEY='none' ><b style='color:red'>*</b>E-mail </td> <td class='ftbl_row_1a' ><input type='text' name='email' id='email' size='45' value=''> </td> </tr> <tr> <td colspan='2' align='right'><input type='submit' name='submit' value='Sign Up'> <input type='reset' name='reset' value='Reset'><br /> </td> </tr> </table> </form> <?php $username = $_POST['username']; $password = $_POST['password']; $userid = $_POST['userid']; $api = $_POST['api']; $email= $_POST['email']; mysql_connect("x", "x", "x"); mysql_select_db ("evepay")or die(mysql_error()); $check = "select username from users where username = '".$_POST['username']."';"; $qry = mysql_query($check) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows != 0) { echo "Sorry, there the username $username is already taken. "; echo "Try again"; exit; } else { $query="insert into users (username, password, userid, api, email) values ('$username', '$password', '$userid', '$api', '$email)"; mysql_query($query); if($query) { echo "Registration Successful"; } else { echo "error in registration".mysql_error(); } } ?> How do I make it only show the successful message after the user fills out the form? The below scenario works fine but why shouldnt you do this? Why can I not just run the mysql_connect and mysql_select_db at the top of each page and then run my queries under all of this. What I have read is that the mysql_connection will die after the script finishes (at the end of the page) any way so why do people create mysql_connection objects as php is stateless so it doesnt save this any way. Code: [Select] <?php mysql_connect('localhost', 'user', 'pass'); mysql_select_db('test'); ?> <html> <body> <?php $query = mysql_query("Select * from data"); while($row = mysql_fetch_array($query)) { echo $row['name']."<br />"; } ?> -------------- OTHER HTML HERE --------------- <?php $query = mysql_query("Select * from addresses"); while($row = mysql_fetch_array($query)) { echo $row['postcode']."<br />"; } ?> </body> </html> Ok all I need some help with this. I have been stuck for two days. Basically I have a form that asks a registrant their gender and age, then my script spits out a list of race categories they qualify for. The situation calls for the registrant to be able to register for any category YOUNGER than them, but not older. Screen Shot #1 shows my database setup (this can be changed if you have any better ideas...) that holds the race category information. Here is the sql statement I am using to pull a female racer information, where $race_age is their submitted age. "SELECT * from counts where female=1 and $race_age < age_end and $race_age > age_start" This works, but doesn't pull any categories YOUNGER Than their age. I'm stumpped Thanks for any help in advance. Hello there, I have a problem where the following code is running the query before it should. private function isAccountRegistered($AccountUsername, $AccountEmail) { global $Class; if($Class['MySQL']->currentRows("SELECT * FROM xhost_accounts WHERE account_username = '".$Class['MySQL']->parseClientInput($AccountUsername)."'") == 1) { return USERNAME_REGISTERED; } else if($Class['MySQL']->currentRows("SELECT * FROM xhost_accounts WHERE account_email = '".$Class['MySQL']->parseClientInput($AccountEmail)."'") == 1) { return EMAIL_REGISTERED; } } public function createClientAccount($AccountUsername, $AccountPassword, $AccountEmail, $AccountRealname) { global $Class; if($this->isAccountRegistered($AccountUsername, $AccountEmail) == USERNAME_REGISTERED) { echo("<div class=\"warning\">Unfortunately this username is in use by another member!, please select another!.</div>"); } else if($this->isAccountRegistered($AccountUsername, $AccountEmail) == EMAIL_REGISTERED) { echo("<div class=\"warning\">Unfortunately this email address is in use by another member!, please select another!.</div>"); } else { if($Class['MySQL']->Query("INSERT INTO xhost_accounts (account_username, account_password, account_email, account_realname, account_regdate, account_regtime, account_level, account_balance, account_notifications) VALUES('".$Class['MySQL']->parseClientInput($AccountUsername)."', '".md5($Class['MySQL']->parseClientInput($AccountPassword))."', '".$Class['MySQL']->parseClientInput($AccountEmail)."', '".$Class['MySQL']->parseClientInput($AccountRealname)."', '".date("d/m/y")."', '".time()."', '0', '0.00', 'Enabled')")) { $Class['Core']->refresh('index.php'); } else { echo("<div class=\"warning\">Unfortunately something went wrong there, please try again!.</div>"); } } } For some reason when the code above is run it executes if($Class['MySQL']->Query("INSERT INTO xhost_accounts (account_username, account_password, account_email, account_realname, account_regdate, account_regtime, account_level, account_balance, account_notifications) VALUES('".$Class['MySQL']->parseClientInput($AccountUsername)."', '".md5($Class['MySQL']->parseClientInput($AccountPassword))."', '".$Class['MySQL']->parseClientInput($AccountEmail)."', '".$Class['MySQL']->parseClientInput($AccountRealname)."', '".date("d/m/y")."', '".time()."', '0', '0.00', 'Enabled')")) Before it runs: if($this->isAccountRegistered($AccountUsername, $AccountEmail) == USERNAME_REGISTERED) { echo("<div class=\"warning\">Unfortunately this username is in use by another member!, please select another!.</div>"); } Causing it to say that the username is registered every time yet still inserting the account into the database, its returning that its registered because it inserts it before doing the check, does anybody have any idea why, this really has confused me, thanks for your time. Hello all
I'm new to this forum. I've been struggling on this problem for a few days now.
I’m writing a script to automatically push code to a git server.
exec(‘git config user.name "’ . $userName . ‘"’);
exec(‘git config user.email "’ . $userEmail . ‘"’);
exec('git checkout -b ’ . $branch);
exec(‘git add --all’);
exec(‘git commit -m "’ . $message . ‘"’);
exec('git push origin ’ . $branch);
When running the last command, the script stops and asks for a user name, then a password. I tried other forums, searching the net. I'm frustrated...
Thanks in advance. |
|||||||