|
PHP - How Can I Accept Front End Code Without Risk Of Injection? Autoparsing Optimization
This is a two parter... mostly a discussion as I am currently not employing the purpose of these "things"
I am creating an autoparsing webapp that has unlimited use... whatever a person can think of
It accesses camera, microphone, gyro/accelerometer, flash etc... mostly it takes in data and does something to it according to the parsing tool
I'm not saying this is new, in fact I spent a while using Touch Develop which is a scripting "thing" by Microsoft, the problem was lag
That is another thing that concerns me, without web access the web-app is useless right? So I'm wondering if it is possible to copy your current setup and either translate it to the mobile languages like Java, C#/XML, Objective C or somehow a platform independent alternative
Anyway...
I'm not sure if I can access front end code, like <div class="whatever"> safely using injection
Well injection you just bind parameters but what if the incoming string is literally malicious ?
Also as far as autoparsing optimization goes, what I mean by that is
I intended to create a character by character comparison, obviously or at least to me, starting with easier stuff first like
for example a link is entered
http://www.something.com
then the autoparser compares each character one at a time from left to right
|1|2|3|4|5|6|7|8|9|10|
|h|t|t|p|:|/|/|w|w|w|...etc...
But I would check for existing formats starting with the shortest first and also checking from right and left, eg. .mp4 is obvious as a file type
I'll have more once I actually know what I need just looking to discuss I suppose... sorry if that is not appropriate feel free to delete this thread
In the future the users who have modified their personal accounts would benefit from an "AI" thing that is specific to their personalities based on what they have enabled
Edited by greenace92, 28 December 2014 - 09:37 AM. Similar TutorialsHi all. I was looking for some tips on code optimization and came across a few resources. However, I know nothing as of yet about code optimization so I'm not sure how legitimate these resources are. Some confirmation would be very helpful along with any personal tips you may have. Thanks in advance! http://www.wmtips.com/php/tips-optimizing-php-code.htm http://www.chazzuka.com/blog/?p=58(some redundancy from the first link is included here) Some Questions I Thought Up (Warning: may be ridiculous questions): 1) Does excess white space (returns, space, tabs, etc.) in files affect performance for a large scale application (For an application that's ~500 files)? 2) Does directory structure affect performance (e.g. 3 directories deep versus 10 directories deep)? Possibly more to come is this select query code safe from injection?
try {
$stmt = $db->prepare("SELECT * FROM posts WHERE key=$key");
$stmt->execute();
$row = $stmt->fetch();
}
notice there is no bind.
$stmt->bindParam(':key', $key);
the reason i am asking is that i have many $key variable in the query and i do not know how to use bind in a query such as this...
SELECT count(*) FROM posts WHERE MATCH (file) AGAINST
('$key' IN BOOLEAN MODE) OR MATCH (user) AGAINST ('$key' IN BOOLEAN MODE)
the $key is not an array and the $key does not change it's value.
Edited by kalster, 04 January 2015 - 05:52 PM. If I check and make sure a variable is numeric with the is_numeric function, and it passes the in_numeric function, can it still be a security risk if I don't escape it with mysql_real_escape_string()?
I am trying to install a script on my OpenSuse Webserver, and I managed to resolve most of the errors except of one: The value for session.save_path (/tmp) is not writable for the web server. Make sure that PHP can actually save session variables.
That seems to be the problem.
session.save_path: writeable You need set permission for your var directory.
well - i guess that the default ownership may be incorrect on the session folder: Example; php on some Linux-Server defaults to apache user. If using nginx or other need to switch the folder ownership. Also as a note you have to change the user/group setting in www.conf.
chown -R root:nginx /var/lib/php/7.0/ sed -i 's/apache/nginx/g' /etc/php-fpm-7.0.d/www.conf service php-fpm-7.0 restart
But wait: what about the security - is it save to make the session.save_path writeable!? my server-admin says that this is a big big hole and makes the server unsecure. love to hear from you yours dil_bert by the way: years ago i have had this issue on the server. but the question is - is this a securitiy risk!? I need to know this. Look forward to hear from you Edited March 21, 2020 by dil_bert I read ages ago (and checked to see if it's true, it was and given how it works, it must still be) the end user can alter the value of any form field, using Firebug or similar, before submitting it. Two things I've figured out today: 1) a form input doesn't need a value - doesn't even need the attribute - if you're only checking whether the POST var isset and the actual value isn't important 2) Although it appears not to matter in the example I'm working on now, if the script doesn't check what the value is, and potentially sanitise it, the user could submit the form with any value, true, false, malicious, idk... So my question is: is this one of the ways malicious bad things can happen and do I *have to* specify a value, not because the script won't work without it, it does, but because in the real world it opens a security door if I don't check for malicious script by saying "if value not as expected, script has to die". Having formulated the question properly and thought about it I can't imagine simply making a form, without obvious connections to anything important, could be a problem in the way I'm asking about but I asked it now so Edited by appobs, 03 July 2014 - 12:08 PM. i have a random no. of directories and files being created using the mkdir and touch functions and the newly created files are copying a pre-made template.. the links of the pages which were being created had %20 signs between the spaces.. i wanted to change them with "-" soo i used the following code.. but it gives errors.. as invalid arguments in mkdir and touch and as well as copy function can anyone help? here is the code while ($row = mysql_fetch_assoc($result1) ) { $hosting = explode(',', $row['host']); $linking = explode(',', $row['links']); $parts = explode(',', $row['link_no']); $no_host = count($hosting); //miniusing the no of loops to make it accurate $count_host = count($hosting); $count_links = count($parts); $current_k = 0; $sum = 0; $parts_href = ''; $new = null; $updated_part = null; for($i=0; $i<($count_host-1); $i++ ) { $j = $i+1; $hos = str_replace(":","",$hosting[$i]); $path = "$base_folder/{$hos}"; echo "<br />{$hos}"; echo "<br />{$path}"; mkdir($path); for($k=$current_k; $k<($count_links); $k++) { for($f=0; $f<$parts[$current_k]; $f++ ) { $for_touch = "$base_folder/{$hos}/".$linking[$sum].".php"; $for_touch = str_replace(" ","-",$for_touch); touch("$for_touch"); $new_seo = "{$part_href}/{$hos}/".$linking[$sum].".php"; $new_seo = str_replace(" ","-",$new_seo); $new = "$new_seo"; $updated_part = $updated_part.$new; $updated_part = $updated_part.","; //copy function $old_file = "$for_touch"; $new_file = "{$part_page}/part".$sum.".php"; $new_file = str_replace(" ","-",$new_file); $new_file = "$new_file"; copy($new_file,$old_file); $sum++; } $query_href = 'update movies set href_parts = \''.$updated_part.'\''; mysql_query($query_href) or die('COULD NOT EXECUTE THE QUERY FOR PARTS HREF'); echo "<br />{$updated_part}"; $sum = $sum; $current_k = $current_k+1; break; } } PLEASE HELP ME! I am trying to optimize my website for speed as much as possible. However it is heavily database driven. Are there any ways to speed up each page request? Also I am closing each MySql connection after every page load. Here is my database class, is that a good idea? <?php //For changes, see: http://www.php.net/manual/en/mysqli.connect.php class Database{ var $mysqli, $result, $q, $affectedRows; function __construct($host, $user, $pass, $db){ $this->connect($host, $user, $pass, $db); } function connect($host, $user, $pass, $db){ $this->mysqli = new MySQLi($host, $user, $pass, $db); if(mysqli_connect_error()){ //Add Line to error handling system here... echo "Internal Site Error - Cannot Continue!"; exit; } } function clean(){ $str = $this->q; $str = @trim($str); if(get_magic_quotes_gpc()){ $str = stripslashes($str); } $this->q = mysqli_real_escape_string($this->mysqli, $str); } function execute($query, $mode = MYSQLI_STORE_RESULT){ $this->q = $query; $this->clean(); $result = $this->mysqli->query($query, $mode); if(is_object($result) && $result instanceof MySQLi_Result){//if result is a object and is part of the mysqli class? $this->result = $result; $this->affectedRows = $this->result->num_rows; }else $this->affectedRows = $this->mysqli->affected_rows; return $this; } function fetchRow(){ return $this->result->fetch_assoc(); } function fetchAll(){ /*$row = $this->result->fetch_all($mode); See manual for the mode under mysqli_result::fetch_all //return !empty($row) ? $row : array();//if not empty return row, else return an array? */ $row = array(); while($f = $this->fetchRow()){ $row[] = $f; } return !empty($row) ? $row : array(); } function numRows(){ return $this->affectedRows; } function delete($table, $where){ return $this->execute("DELETE FROM ".$table." WHERE ".$where); } function deleteAll($table){ return $this->execute("TRUNCATE ".$table); } function update($table, $set, $where){ return $this->execute("UPDATE ".$table." SET ".$set." WHERE ".$where); } function select($table, $select = "*", $where = NULL, $cap = ""){ if(is_null($where) || empty($where)) return $this->execute("SELECT ".$select." FROM ".$table." ".$cap); else return $this->execute("SELECT ".$select." FROM ".$table." WHERE ".$where." ".$cap); } function lastId(){ return $this->mysqli->insert_id; } function resetInc($table, $inc){ $this->execute("ALTER TABLE ".$table." AUTO_INCREMENT = ".$inc); } function error(){ return @mysqli_error($this->mysqli). " <strong><font color=\"red\">QUERY</font>: ".$this->q."</strong>"; } function close(){ @mysqli_close($this->mysqli); } function __destruct(){ $this->close(); } } $db = new Database(DB_HOST, DB_USER, DB_PASS, DB_DB); ?> I am using a PHP include file for my site, which includes validation functions used throughout out the site. Like string type, alphanumeric values, etc. Its completely customized for the types of user inputs the site takes. The problem is, each page uses only about 2-3 functions from the whole list of 16. One of the pages gives a memory_get_usage() of 748KB. If I remove the Inluded file, it goes down by 200KB. While the include file is of 4KB and the test page is 2KB. I am looking for a method to optimize the memory allocation. I dont want to write the code separately for each file.Is there a method to optimize for uncalled functions? Thanks in Advance. This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=346599.0 Thank you for looking into this! I need to use result from mysql query twice or more on a page Should I do this: $sql = mysql_query("SQL"); while ($row = mysql_fetch_assoc($sql)) CODE ... while ($row = mysql_fetch_assoc($sql)) CODE2 OR should I keep result of a query in an array and use FOREACH instead? My concern is performance. Hello everyone, When someone starts an OC (Organised Crime) On my game, they invite 3 people. I was just testing it and found that everything is fine up until 1 point, the actual Inbox mail that the invited user gets. I can't click Accept or Reject? Here's the bit of code i have... Code: [Select] if (strip_tags($_POST['inv']) == "inv_we"){ $inv_username=strip_tags($_POST['inv_username']); $check = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='$inv_username'")); if ($check == "0"){ echo "No such user."; }elseif ($check != "0"){ if ($oc->we != "0"){ echo "You need to kick the Weapons expert before you invite someone else."; }elseif ($oc->we == "0"){ $invite_text=" <div align=center>You have been invited to join $username's Organised crime as the Weapons Expert, please choose one of the following options:<br> <input name=Decline type=submit id=Decline class=button value=Decline> | <input name=inv_button type=submit class=button id=inv_button value=Accept> </div><input type=hidden name=place value=we><input type=hidden name=oc_id value=$oc->id> "; mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` ) VALUES ( '', '$inv_username', '$inv_username', '$invite_text', '$date', '0' )"); echo "Weapons expert invited"; mysql_query("UPDATE oc SET we_inv='$inv_username' WHERE id='$oc->id'"); Hi I am presently writing a code which does the following steps given a site 1) get some keywords (written a function for it) 2) search google for these keywords (I have used curl and getURL functions for these) 3) perform keyword search in the first page of googles results. Presently I have used curl and curl_multi_getcontent but when i run the code it consumes 100% of my server. My server will not respond in this case if someone else pings. I have been trying to do pcntl_fork, but could you let me know how to optimize this code by threading and forking. I am a newbe in PHP please let me know the structure of how to invoke multiple threads and process the same. If you have someother suggestions please let me know that too. Can someone please double check my search query to make sure it is the minimum and most efficient coding. My goal is an exact match search of field1 from my database table and list field1, field2, field3, field4 and field5 if the part number is in the database or no results if it is not. The query works as is but I have a feeling it could be done more efficiently or professionally and minimum work for my poor little server. Thanks in advance. Code: [Select] <?php //connect to the database include("./databaseconnect.php"); //get query $q=$_GET['q']; //convert query to uppercase & remove all spaces and special charactars $q=strtoupper(preg_replace("/[^A-Za-z0-9]/","",$q)); //if blank query if ($q == "") { echo "You did not enter a search term"; } else { //exact match only query $query = "SELECT * FROM ".$dbtable." WHERE field1 like \"$q\""; $result = mysql_query($query); //if query returns no results if(mysql_num_rows($result)==0) { echo "<span class=\"noresults\">There were no results for your search</span>"; //display database results } else { while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "<span class=\'results\'>SEARCH RESULTS</span><br /> <span class=\'list\'>Part Number: ".$row['field1']."<br /> Manufacturer: ".$row['field2']."<br /> Cost per unit: ".$row['field3']."<br /> Warehouse Location: ".$row['field4']."<br /> Quantity Available: ".$row['field5']."<br /> Notes: ".$row['field6']."<br /> </span>"; } } } ?> Hy ya'll! I've been trying to programatically read a string, but with no success. Code: [Select] function get_between($input, $start, $end) { $substr = substr($input, strlen($start)+strpos($input, $start), (strlen($input) - strpos($input, $end))*(-1)); return $substr; } $string = 'open -greetings hello -bye seeya'; echo get_between($string, '-greetings ', ' -bye'); // Output: hello echo get_between($string, '-greetings ', ' -'); // Outputs nothing echo get_between($string, '-greetings ', ' '); // Outputs nothing } It turns out that I don't know if "-bye" will always follow the value of "-greetings", so I can't call everything in between like the first way even tough it works fine in this example. Given that those values will always be a single word, I can use a whitespace as a delimiter to the right, but for some reason it won't return anything whatsoever, not even an error code. Any ideas how to get it done? Txs a bunch! I have a question,
I have a fully working PHP mail form, but I can't seem to find one problem.
I thought it had something to do with the data cleansing like trim, htmlspecialcharacters and stripslashes, but unfortunately that wasn't.
My form has to be able to process characters like é è á ó etc.
Just that now when you fill those characters in it shows some weird code in the mail.
(é becomes é in the mail) and this is highly inconvenient.
Could any1 tell me how I can fix this?
this is the PHP code for my form:
<?php
if(isset($_POST['submit']))
{
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$error = "";
//Keep Values
$Papillon_checked = (isset($_POST['ras']) && $_POST['ras'] == 'Papillon') ? 'checked' : '';
$Phalene_checked = (isset($_POST['ras']) && $_POST['ras'] == 'Phalene') ? 'checked' : '';
$Babyklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Babyklasse') ? 'checked' : '';
$Puppyklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Puppyklasse') ? 'checked' : '';
$Jeugdklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Jeugdklasse') ? 'checked' : '';
$Tussenklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Tussenklasse') ? 'checked' : '';
$Openklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Openklasse') ? 'checked' : '';
$Kampioensklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Kampioensklasse') ? 'checked' : '';
$Fokkersklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Fokkersklasse') ? 'checked' : '';
$Veteranenklasse_checked = (isset($_POST['klasse']) && $_POST['klasse'] == 'Veteranenklasse') ? 'checked' : '';
//Validate form fields
if (!empty($_POST['ras'])) {
$ras = $_POST['ras'];
} else {
$error .= "- Klik het ras van uw hond aan. <br />";}
if (!empty($_POST['kleur'])) {
$kleur = test_input($_POST['kleur']);
} else {
$error .= "- Vul de kleur van uw hond in. <br />";}
if (!empty($_POST['geslacht'])) {
$geslacht = test_input($_POST['geslacht']);
} else {
$error .= "- Vul het geslacht van uw hond in. <br />";}
if (!empty($_POST['naamhond'])) {
$naamhond = test_input($_POST['naamhond']);
} else {
$error .= "- Vul de naam van uw hond in. <br />";}
if (!empty($_POST['stamboom'])) {
$stamboom = test_input($_POST['stamboom']);
} else {
$error .= "- Vul het stamboomnummer van uw hond in. <br />";}
if (!empty($_POST['geboorte'])) {
$geboorte = test_input($_POST['geboorte']);
} else {
$error .= "- Vul de geboortedatum van uw hond in. <br />";}
if (!empty($_POST['klasse'])) {
$klasse = $_POST['klasse'];
} else {
$error .= "- Klik de gewenste klasse aan. <br />";
}
if (!empty($_POST['fokker'])) {
$fokker = test_input($_POST['fokker']);
} else {
$error .= "- Vul de naam van de fokker in. <br />";}
if (!empty($_POST['vader'])) {
$vader = test_input($_POST['vader']);
} else {
$error .= "- Vul de naam van de vaderhond in. <br />";}
if (!empty($_POST['moeder'])) {
$moeder = test_input($_POST['moeder']);
} else {
$error .= "- Vul de naam van de moederhond in. <br />";}
if (!empty($_POST['initialen'])) {
$initialen = test_input($_POST['initialen']);
} else {
$error .= "- Vul uw initialen in. <br />";}
if (!empty($_POST['eigachternaam'])) {
$eigachternaam = test_input($_POST['eigachternaam']);
} else {
$error .= "- Vul uw achternaam in. <br />";}
if (!empty($_POST['minitialen'])) {
$minitialen = test_input($_POST['minitialen']);}
if (!empty($_POST['meigachternaam'])) {
$meigachternaam = test_input($_POST['meigachternaam']);}
if (!empty($_POST['straat'])) {
$straat = test_input($_POST['straat']);
} else {
$error .= "- Vul uw straatnaam in. <br />";}
if (!empty($_POST['huisnr'])) {
$huisnr = test_input($_POST['huisnr']);
} else {
$error .= "- Vul uw huisnummer in. <br />";}
if (!empty($_POST['postcode'])) {
$postcode = test_input($_POST['postcode']);
} else {
$error .= "- Vul uw postcode in. <br />";}
if (!empty($_POST['plaats'])) {
$plaats = test_input($_POST['plaats']);
} else {
$error .= "- Vul uw woonplaats in. <br />";}
if (!empty($_POST['land'])) {
$land = test_input($_POST['land']);}
if (!empty($_POST['email'])) {
$email = $_POST['email'];
if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$error .= "- U heeft een ongeldig e-Mail adres ingevuld. <br/>";}
} else {
$error .= "- Vul uw e-Mail adres in. <br />";}
if (!empty($_POST['telefoon'])) {
$telefoon = test_input($_POST['telefoon']);}
if (!empty($_POST['peradres'])) {
$peradres = test_input($_POST['peradres']);}
if (!empty($_POST['eerstehond'])) {
$eerstehond = test_input($_POST['eerstehond']);}
if (!empty($_POST['verderehond'])) {
$verderehond = test_input($_POST['verderehond']);}
if (!empty($_POST['babypup'])) {
$babypup = test_input($_POST['babypup']);}
if (!empty($_POST['koppelklas'])) {
$koppelklas = test_input($_POST['koppelklas']);}
if (!empty($_POST['koppelhond1'])) {
$koppelhond1 = test_input($_POST['koppelhond1']);}
if (!empty($_POST['koppelhond2'])) {
$koppelhond2 = test_input($_POST['koppelhond2']);}
if (!empty($_POST['totaal'])) {
$totaal = test_input($_POST['totaal']);}
if (!empty($_POST['naamjh'])) {
$naamjh = test_input($_POST['naamjh']);}
if (!empty($_POST['leeftijdjh'])) {
$leeftijdjh = test_input($_POST['leeftijdjh']);}
if (!empty($_POST['akkoord'])) {
$akkoord = $_POST['akkoord'];
} else {
$error .= "- U moet akkoord gaan met de voorwaarden voordat u het bericht kunt versturen. <br />";}
//no errors were set
if(empty($error))
{
//code to send the email
//The form has been submitted, prep a nice thank you message
$output = '<center><b>Het Inschrijfformulier is verzonden <br />We zullen de gegevens verwerken <br/><u>Papillon & Phalène Vereniging Nederland</u></b></center>';
//Set the form flag to no display (cheap way!)
$flags = 'style="display:none;"';
//Deal with the email
$to = 'joke@pp-vn.nl';
$from = $_POST['email'];
$subject = 'Inschrijfformulier';
$message = 'From: ' .$initialen .' ' .$eigachternaam . ' <' . $email . '>' ."\n\n";
$message .= 'Ras: ' .$ras ."\n";
$message .= 'Kleur: ' .$kleur ."\n";
$message .= 'Geslacht: ' .$geslacht ."\n";
$message .= 'Naam v/d hond: ' .$naamhond ."\n";
$message .= 'Stamboomnummer: ' .$stamboom ."\n";
$message .= 'Geboortedatum: ' .$geboorte ."\n";
$message .= 'Klasse: ' .$klasse ."\n";
$message .= 'Naam Fokker: ' .$fokker ."\n";
$message .= 'Naam Vaderhond: ' .$vader ."\n";
$message .= 'Naam Moederhond: ' .$moeder ."\n";
$message .= 'Eigenaar: ' .$initialen .' ' . $eigachternaam ."\n";
$message .= 'Mede-eigenaar: ' .$minitialen .' ' .$machternaam ."\n";
$message .= 'Adres: ' .$straat .' ' .$huisnr .' ' .$postcode .' ' .$plaats .' ' .$land ."\n";
$message .= 'Telefoon: ' .$telefoon ."\n";
$message .= 'e-Mail: ' .$email ."\n";
$message .= 'Per Adres: ' .$peradres ."\n";
$message .= 'Inschrijving eerste hond: ' .$eerstehond . "\n";
$message .= 'Andere honden ingeschreven: ' .$verderehond . "\n";
$message .= 'Baby- Puppyklasse: ' .$babypup . "\n";
$message .= 'Koppelklasse: ' .$koppelklas . "\n";
$message .= 'Koppelklasse Hond 1: ' .$koppelhond1 . "\n";
$message .= 'Koppelklasse Hond 2: ' .$koppelhond2 . "\n";
$message .= 'Totaalbedrag: ' .$totaal . "\n";
$message .= 'Naam Juniorhandler: ' .$naamjh . "\n";
$message .= 'Leeftijd Juniorhandler: ' .$leeftijdjh . "\n";
$message .= 'Akkoord: ' .$akkoord ."\n";
$attachment = chunk_split(base64_encode(file_get_contents($_FILES['file']['tmp_name'])));
$filename = $_FILES['file']['name'];
$boundary =md5(date('r', time()));
$headers = "From: fransien@pp-vn.nl";
$headers .= "\r\nMIME-Version: 1.0\r\nContent-Type: multipart/mixed; boundary=\"_1_$boundary\"";
$message="This is a multi-part message in MIME format.
--_1_$boundary
Content-Type: multipart/alternative; boundary=\"_2_$boundary\"
--_2_$boundary
Content-Type: text/plain; charset=\"iso-8859-1\"
Content-Transfer-Encoding: 7bit
$message
--_2_$boundary--
--_1_$boundary
Content-Type: application/octet-stream; name=\"$filename\"
Content-Transfer-Encoding: base64
Content-Disposition: attachment
$attachment
--_1_$boundary--";
mail($to, $subject, $message, $headers);
mail($from, $subject, $message, $headers);
}
else
{
//display errors
echo '<center><span class="error"><strong>Uw bericht is niet verstuurd<br/> De volgende fout(en) zijn opgetreden:</strong><br/>' . $error . '<br /><strong><u>Pas op: Bij een foutmelding indien nodig Kampioenstitel opnieuw toevoegen!!</u></strong></span></center>';
}
}
?>
Is there any way to have a PHP script automate the acceptance of a SSL certificate? I have a php script running on a windows machine in lighttpd. Hi I just implementet a PHP Guestbook in my Flash site, and it works almost perfectly. But i have one problem. Every time i try to write on the guestbook, and include a Colon : <---- , it wont work. How do i make it work? You can see the guestbook he http://www.meny-graphics.dk/blog by pressing "Mere" under the first entry, and scrolling down. The PHP file can be found he http://www.meny-graphics.dk/blog/GuestBook.php Thanks in advance! I have created a lightbox where you can accept of deny friends. Each friend that is displayed has approved or deny buttons next to them. The approve button has a name like... approverequest[2] The delete button has a name like... denyrequest[2] where 2 is the users id My problem is that I can't get the data to update in mysql. Am I going about this the wrong way? Code: [Select] if (isset($_POST['acceptrequest'])) { if (is_array($_POST['acceptrequest'])) { $keys = array_keys($_POST['acceptrequest']); $id = $keys[0]; $sql = "UPDATE `partners` SET `approved` = 1, `approved_date` = NOW() WHERE `user_id` = '$id'"; header("Location: " . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] ); } } else if (isset($_POST['denyrequest'])) { if (is_array($_POST['denyrequest'])) { $keys = array_keys($_POST['denyrequest']); $id = $keys[0]; $sql = "UPDATE `partners` SET `approved` = -1, `approved_date` = NOW() WHERE `user_id` = '$id'"; header("Location: " . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] ); } } if (isset($sql) && !empty($sql)) { mysql_query($sql); } This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=359622.0 Ahoy Sailor! So I've just started making a Server Client based application in PHP, First time I've dabble in PHP for about a year so forgive me if I'm slightly rusty. But I get the "Could not accept incoming connection" error when my client try's to connect to my server. How cometh? <?php $host = "127.0.0.1"; $port = 405; set_time_limit(0); // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socket\n"); $result = socket_bind($socket, $host, $port) or die("Could not bind to socket\n"); $result = socket_listen($socket, 3) or die("Could not set up socket listener\n"); // Networking area, Creating, Binding & finally listing $spawn = socket_accept($socket) or die("Could not accept incoming connection\n"); $out = "0;text\n"; socket_write($spawn, $out, strlen ($out)) or die("Could not write output\n"); ?> ^ Client<?php $addr="127.0.0.1"; $port=405; $timeout=0; $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socket\n"); $res = socket_connect($socket, $addr, $port); $spawn = socket_accept($socket) or die("Could not accept incoming connection\n"); $dat= socket_read($spawn, 1024) or die("Could not read input\n"); echo $dat; ?> Server^ _____________________ Anyone know? See Ya! |
|||||||