|
PHP - Filter_var() Won't Work Anymore
I wrote
<?php
Similar TutorialsCode: [Select] <?php require "global.php"; if ($_POST) { $name = $_POST['name']; $data = sprintf("INSERT INTO forums VALUES (DEFAULT,'$name')"); mysql_query($data); $fid = mysql_insert_id(); header( 'Location: viewforum.php?fid='.$fid); exit; } echo ' <form action="" method="POST"> <table> <tr><td>Forum Name: </td><td><input name="name" /></td></tr> </table> <input type="submit" value=" Add Forum " /> </form>'; ?> This added forums whenever I made one to my MySQL database in the table "forums" For whatever reason, whenever I make a forum, it makes it end in ".php?fid=0" and does not create the forum on the database. Any ideas? Thanks! Ok so a few days ago I was alerted that my site was vulnerable to XSS injections in my search form. I modified the php script to prevent any malicious activity by adding this to it: Code: [Select] "/\<(script).*\>.*\<\/(script)\>/isU", " ", But now anytime I put anything into the search form nothing is returned. Please advice. Here is the script in it's entirety. Code: [Select] <?php mysql_connect ("localhost", "","") or die (mysql_error()); mysql_select_db (""); $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', "/\<(script).*\>.*\<\/(script)\>/isU", " ", $_POST['search'])); $sql = mysql_query("SELECT * FROM sales WHERE contact LIKE '%$search%' OR phone LIKE '%$search%' OR office LIKE '%$search%' OR town LIKE '%$search%' OR cross_streets LIKE '%$search%' OR description LIKE '%$search%' OR email LIKE '%$search%' OR price LIKE '%$search%' order by `date_created`"); echo "<strong>Click Headers to Sort</strong>"; echo "<br/><strong>Your Results for: </strong>"; echo $_POST['search']; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Price </th> <th> Bed </th> <th> Bath </th> <th> Contact </th> <th> Office </th> <th> Phone </th> </tr>"; while ($row = mysql_fetch_array($sql)){ echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/sales/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>$" . $row['price'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['contact'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['office'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> </tr>"; } echo "</table>"; print_r($apts) ?> Thanks What version of PHP does the function filter_var() come with?? How do I know if I have it installed on my web server? Thanks, Debbie Hello Guys ... i am new here and i am also new in php i selfstudy html css and js and bootstrap for front-end and for back-back php & mysql & PDO & OOP and i will soon start mvc then laravel and i am trying to secure my input field and i do not want any attacks or sql injects and i see people user filter_var and htmlentities and htmlspecialchars and each one has diffrent opinion can some one help me and tell me what is the best for securing input which all values will store in database thanks <3
function Clean_String($string) { return strtolower(trim(filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW))); } Ive tracked my issue back to filter_var here. For some reason it is adding stuff to the beginning and end of the string im looking for. It did this on 1 string that I noticed and doesnt do it on any others, which was strange because that string was typical like all others. Just a few sentences and numbers and line breaks. I cant find a reason why this is happening Hi,
Is there any way to use the inbuilt filter functions in PHP to filter for integer values greater than 256? All examples that I saw had a max_range of 256. Kindly suggest. Thanks.
I tried parsing through first https://www.jadaliyya.com/Details/28167/The-Empire-of-Sexuality-An-Interview-with-Joseph-Massad then even tried www.google.com and on both I get the following returned
post_url equals: www.google.compost_title equals: testpost_Threadybody equals: Enter your posts... URL equals: www.google.com www.google.com is not a valid URL Web page redirects after 2 seconds. And here is the if statement that handles my filter for URLs
if(isset($_POST["submit"]) && !empty($_POST["url"]) && !empty($_POST["Title"])){
$URL = $conn -> real_escape_string($_POST["url"]) ;
$BodyText = $conn -> real_escape_string(nl2br($_POST["ThreadBody"])) ;
echo "<P>URL equals: " ;
echo $URL ;
echo "<P>" ;
//Change to embed for youtube.
if (filter_var($URL, FILTER_VALIDATE_URL)) {
echo("$URL is a valid URL");
//Check if url is a youtube url
if (strpos($URL,'youtube') !== false) {
echo 'Youtube exists.';
$URL = preg_replace("/\s*[a-zA-Z\/\/:\.]*youtube.com\/watch\?v=([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i","<iframe width=\"420\" height=\"315\" src=\"//www.youtube.com/embed/$1\" frameborder=\"0\" allowfullscreen></iframe>",$URL);
} else {
echo 'Youtube is not included .';
$URL = "<ahref ='" . $URL . "</a>" ;
}
$Title = $conn -> real_escape_string($_POST["Title"]) ;
$User = $_SESSION['username'];
$sql = "INSERT INTO Threads (Title, Users, ThreadBody, url)
VALUES ('$Title', '$User','$BodyText','$URL')";
if (mysqli_query($conn, $sql)) {
echo "New record has been added successfully !";
} else {
echo "Error: " . $sql . ":-" . mysqli_error($conn);
}
}
else {
echo("$URL is not a valid URL");
}
I'm having a lot of trouble validating things using custom regex. I'm trying to validate usernames without spaces using numbers and/or letters with optional underscores. This is my code but it isn't validating anything, nothing is ever validated. Whatever I write it says the username isn't valid. if(isset($_POST['submit'])){ if(filter_var($_POST['value1'], FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[\w.-]{{3},{28}}$/")))){ echo "Value is a valid username."; } else { echo "Value is NOT a valid username."; } } ?> Any help regarding this issue will be greatly appreciated. Thanks! Hi, somehow I can't log-in on my testsite anymore... (username: user / pw: pass) I receive the following error message... Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/web1244/public_html/functions.php on line the code is as follows... <?php function get_fund($ISIN) { $ISIN = mysql_real_escape_string($ISIN); $qr = mysql_query("SELECT * FROM fund WHERE ISIN='".$ISIN."' "); if ( mysql_error() ) echo mysql_error(); if ( mysql_num_rows($qr) == 0 ) return NULL; return mysql_fetch_object($qr); } function show($var) { if(trim($_POST[$var])) return 'value="'.trim($_POST[$var]).'"'; return '';; } function checkForError($text, $result, $output) { if (in_array(($text), $result)) echo "<span style='color:#FF0000'>$output</span>"; else echo "$output"; } function exist($var) { if(isset($var)) if(trim($var) !== '') return TRUE; return FALSE; } function logged() { if(exist($_SESSION['login'])) return TRUE; return FALSE; } function loggedAdmin() { if(exist($_SESSION['admin'])) if($_SESSION['admin'] == aPass) return TRUE; return FALSE; } function loginAdmin() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(trim($_POST['username']) == aLogin) if(trim($_POST['password']) == aPass) $_SESSION['admin'] = aPass; } function login() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(mysql_ping()) { $query = "SELECT * FROM user WHERE login ='".mysql_real_escape_string($_POST['username'])."' AND password='".mysql_real_escape_string($_POST['password'])."'"; $res = mysql_query($query); if(mysql_num_rows($res)) { $resx=mysql_fetch_assoc($res); $_SESSION['login'] = $resx['id']; } } } function getAccounts($id = false) { $accounts= array(); $query = $id? " SELECT id, name FROM custody_ac WHERE id_client = '$id'" :"SELECT id, name FROM custody_ac WHERE id_client = '".$_SESSION['login']."'"; $qres=mysql_query($query); while($row = mysql_fetch_assoc($qres)) $accounts[] = $row; return($accounts); } ?> is there probably anyone who could tell me what I've done wrong, please? Thanks ozzo Hey I finally got this code working yesterday, when the user enters a name into the form and submits it the specific users details should be shown on the next page, this was working fine yesterday and when i turned my laptop on today it is not working, I am not getting any errors just not displaying the user details?? Any ideas? Heres the code Form: <table width="300" border="1" align="center" cellpadding="2" cellspacing="1" bgcolor="#9999cc"> <tr> <form name="form1" method="post" action="getdetails.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong><center>Personal Details</center> </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="submit" type="text" id="username"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Get Details"></td> </tr> </table> </td> </form> </tr> </table> getdetails.php <html> <head> <link rel="stylesheet" type ="text/css" href="anything2.css" </head> <body> <div id="container"> <div id="header"><img src="imagesb.jpg" alt="Cool Image" align="left"> <img src="images.jpg" alt="Cool Image" align="right"><center><b><font size="6.5"><br><br>User Details</b></center></font> </div> <div id="leftnav"><center> <br><br> <input type= "button" style="width:120px;" value="Home" onClick="window.location= 'home.php' "> <br><br> <input type= "button" style="width:120px;" value="Club Details" onClick="window.location= 'clubdetails.php' "> <br><br> <input type= "button" style="width:120px;" value="Future Events" onClick="window.location= 'futureevents.php' "> <br><br> <input type= "button" style="width:120px;" value="News" onClick="window.location= 'news.php' "> <br><br> <input type= "button" style="width:120px;" value="FAQ" onClick="window.location= 'faq.php' "> <br><br> <input type= "button" style="width:120px;" value="Wall" onClick="window.location= 'wall.php' "> <br><br> <input type= "button" style="width:120px;" value="About Us" onClick="window.location= 'about.php' "> </div> <div id="body"> <br><br> <?php mysql_connect ("localhost","root","") or die("Cannot connect to Database"); mysql_select_db ("test"); if (isset($_POST['Submit'])){ $username=mysql_real_escape_string(trim($_POST['Submit'])); $sql = "select * from memberdetails WHERE username='$username'"; $result = mysql_query ($sql); while ($row = mysql_fetch_array($result)) { $username= $row["username"]; $firstname= $row["firstname"]; $surname= $row["surname"]; $dob= $row["dob"]; $totalwins= $row["totalwins"]; $totalloses= $row["totalloses"]; $email= $row["email"]; $country= $row["country"]; $info= $row["info"]; echo "<b><u>Username:</b></u> $username<br>"; echo "<b><u>Firstname:</b></u> $firstname<br>"; echo "<b><u>Surname: </b> </u> $surname<br>"; echo "<b><u>Date of Birth:</b></u> $dob<br>"; echo "<b><u>Total Chess Wins:</b></u> $totalwins<br>"; echo "<b><u>Total Chess loses:</b></u> $totalloses<br>"; echo "<b><u>Email Address: </b></u> $email<br>"; echo "<b><u>Born in: </b></u> $country<br>"; echo "<b><u>Other Details:</b></u> $info<br><br><br>"; }} ?> <a href="delete.php">Delete User</a> <div id="footer">This is the footer</div> </body> </html> Im working with php 5.1.6. With xampp 1.5.14.
Im also working on a stock application. If I want to say add stock product (add_stock.php) this error is generated on screen. It seems to refer to a function in ump.class.php
Here we go,
ump.class.php
<?php
/**
* GUMP - A fast, extensible PHP input validation class
*
* @author Sean Nieuwoudt (http://twitter.com/SeanNieuwoudt)
* @copyright Copyright (c) 2011 Wixel.net
* @link http://github.com/Wixel/GUMP
* @version 1.0
*/
class GUMP
{
// Validation rules for execution
protected $validation_rules = array();
// Filter rules for execution
protected $filter_rules = array();
// Instance attribute containing errors from last run
protected $errors = array();
// ** ------------------------- Validation Data ------------------------------- ** //
public static $basic_tags = "<br><p><a><strong><b><i><em><img><blockquote><code><dd><dl><hr><h1><h2><h3><h4><h5><h6><label><ul><li><span><sub><sup>";
public static $en_noise_words = "about,after,all,also,an,and,another,any,are,as,at,be,because,been,before,
being,between,both,but,by,came,can,come,could,did,do,each,for,from,get,
got,has,had,he,have,her,here,him,himself,his,how,if,in,into,is,it,its,it's,like,
make,many,me,might,more,most,much,must,my,never,now,of,on,only,or,other,
our,out,over,said,same,see,should,since,some,still,such,take,than,that,
the,their,them,then,there,these,they,this,those,through,to,too,under,up,
very,was,way,we,well,were,what,where,which,while,who,with,would,you,your,a,
b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,$,1,2,3,4,5,6,7,8,9,0,_";
// ** ------------------------- Validation Helpers ---------------------------- ** //
/**
* Shorthand method for inline validation
*
* @param array $data The data to be validated
* @param array $validators The GUMP validators
* @return mixed True(boolean) or the array of error messages
*/
public static function is_valid(array $data, array $validators)
{
$gump = new Gump();
$gump->validation_rules($validators);
if($gump->run($data) === false) {
return $gump->get_readable_errors(false);
} else {
return true;
}
}
/**
* Magic method to generate the validation error messages
*
* @return string
*/
public function __toString()
{
return $this->get_readable_errors(true);
}
/**
* Perform XSS clean to prevent cross site scripting
*
* @static
* @access public
* @param array $data
* @return array
*/
public static function xss_clean(array $data)
{
foreach($data as $k => $v)
{
$data[$k] = filter_var($v, FILTER_SANITIZE_STRING);
}
return $data;
}
/**
* Getter/Setter for the validation rules
*
* @param array $rules
* @return array
*/
public function validation_rules(array $rules = array())
{
if(!empty($rules)) {
$this->validation_rules = $rules;
} else {
return $this->validation_rules;
}
}
/**
* Getter/Setter for the filter rules
*
* @param array $rules
* @return array
*/
public function filter_rules(array $rules = array())
{
if(!empty($rules)) {
$this->filter_rules = $rules;
} else {
return $this->filter_rules;
}
}
/**
* Run the filtering and validation after each other
*
* @param array $data
* @return array
* @return boolean
*/
public function run(array $data)
{
$data = $this->filter($data, $this->filter_rules());
$validated = $this->validate(
$data, $this->validation_rules()
);
if($validated !== true) {
return false;
} else {
return $data;
}
}
/**
* Sanitize the input data
*
* @access public
* @param array $data
* @return array
*/
public function sanitize(array $input, $fields = NULL, $utf8_encode = true)
{
$magic_quotes = (bool)get_magic_quotes_gpc();
if(is_null($fields))
{
$fields = array_keys($input);
}
foreach($fields as $field)
{
if(!isset($input[$field]))
{
continue;
}
else
{
$value = $input[$field];
if(is_string($value))
{
if($magic_quotes === TRUE)
{
$value = stripslashes($value);
}
if(strpos($value, "\r") !== FALSE)
{
$value = trim($value);
}
if(function_exists('iconv') && function_exists('mb_detect_encoding') && $utf8_encode)
{
$current_encoding = mb_detect_encoding($value);
if($current_encoding != 'UTF-8' && $current_encoding != 'UTF-16') {
$value = iconv($current_encoding, 'UTF-8', $value);
}
}
$value = filter_var($value, FILTER_SANITIZE_STRING);
}
$input[$field] = $value;
}
}
return $input;
}
/**
* Return the error array from the last validation run
*
* @return array
*/
public function errors()
{
return $this->errors;
}
/**
* Perform data validation against the provided ruleset
*
* @access public
* @param mixed $input
* @param array $ruleset
* @return mixed
*/
public function validate(array $input, array $ruleset)
{
$this->errors = array();
foreach($ruleset as $field => $rules)
{
#if(!array_key_exists($field, $input))
#{
# continue;
#}
$rules = explode('|', $rules);
foreach($rules as $rule)
{
$method = NULL;
$param = NULL;
if(strstr($rule, ',') !== FALSE) // has params
{
$rule = explode(',', $rule);
$method = 'validate_'.$rule[0];
$param = $rule[1];
}
else
{
$method = 'validate_'.$rule;
}
if(is_callable(array($this, $method)))
{
$result = $this->$method($field, $input, $param);
if(is_array($result)) // Validation Failed
{
$this->errors[] = $result;
}
}
else
{
throw new Exception("Validator method '$method' does not exist.");
}
}
}
return (count($this->errors) > 0)? $this->errors : TRUE;
}
/**
* Process the validation errors and return human readable error messages
*
* @param bool $convert_to_string = false
* @param string $field_class
* @param string $error_class
* @return array
* @return string
*/
public function get_readable_errors($convert_to_string = false, $field_class="field", $error_class="error-message")
{
if(empty($this->errors)) {
return ($convert_to_string)? null : array();
}
$resp = array();
foreach($this->errors as $e) {
$field = ucwords(str_replace(array('_','-'), chr(32), $e['field']));
$param = $e['param'];
switch($e['rule']) {
case 'validate_required':
$resp[] = "The <span class=\"$field_class\">$field</span> field is required";
break;
case 'validate_valid_email':
$resp[] = "The <span class=\"$field_class\">$field</span> field is required to be a valid email address";
break;
case 'validate_max_len':
if($param == 1) {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be shorter than $param character";
} else {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be shorter than $param characters";
}
break;
case 'validate_min_len':
if($param == 1) {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be longer than $param character";
} else {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be longer than $param characters";
}
break;
case 'validate_exact_len':
if($param == 1) {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be exactly $param character in length";
} else {
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be exactly $param characters in length";
}
break;
case 'validate_alpha':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain alpha characters(a-z)";
break;
case 'validate_alpha_numeric':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain alpha-numeric characters";
break;
case 'validate_alpha_dash':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain alpha characters & dashes";
break;
case 'validate_numeric':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain numeric characters";
break;
case 'validate_integer':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain a numeric value";
break;
case 'validate_boolean':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain a true or false value";
break;
case 'validate_float':
$resp[] = "The <span class=\"$field_class\">$field</span> field may only contain a float value";
break;
case 'validate_valid_url':
$resp[] = "The <span class=\"$field_class\">$field</span> field is required to be a valid URL";
break;
case 'validate_url_exists':
$resp[] = "The <span class=\"$field_class\">$field</span> URL does not exist";
break;
case 'validate_valid_ip':
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to contain a valid IP address";
break;
case 'validate_valid_cc':
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to contain a valid credit card number";
break;
case 'validate_valid_name':
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to contain a valid human name";
break;
case 'validate_contains':
$resp[] = "The <span class=\"$field_class\">$field</span> field needs contain one of these values: ".implode(', ', $param);
break;
case 'validate_street_address':
$resp[] = "The <span class=\"$field_class\">$field</span> field needs to be a valid street address";
break;
}
}
if(!$convert_to_string) {
return $resp;
} else {
$buffer = '';
foreach($resp as $s) {
$buffer .= "<span class=\"$error_class\">$s</span>";
}
return $buffer;
}
}
/**
* Filter the input data according to the specified filter set
*
* @access public
* @param mixed $input
* @param array $filterset
* @return mixed
*/
public function filter(array $input, array $filterset)
{
foreach($filterset as $field => $filters)
{
if(!array_key_exists($field, $input))
{
continue;
}
$filters = explode('|', $filters);
foreach($filters as $filter)
{
$params = NULL;
if(strstr($filter, ',') !== FALSE)
{
$filter = explode(',', $filter);
$params = array_slice($filter, 1, count($filter) - 1);
$filter = $filter[0];
}
if(is_callable(array($this, 'filter_'.$filter)))
{
$method = 'filter_'.$filter;
$input[$field] = $this->$method($input[$field], $params);
}
else if(function_exists($filter))
{
$input[$field] = $filter($input[$field]);
}
else
{
throw new Exception("Filter method '$filter' does not exist.");
}
}
}
return $input;
}
// ** ------------------------- Filters --------------------------------------- ** //
/**
* Replace noise words in a string (http://tax.cchgroup.com/help/Avoiding_noise_words_in_your_search.htm)
*
* Usage: '<index>' => 'noise_words'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_noise_words($value, $params = NULL)
{
$value = preg_replace('/\s\s+/u', chr(32),$value);
$value = " $value ";
$words = explode(',', self::$en_noise_words);
foreach($words as $word)
{
$word = trim($word);
$word = " $word "; // Normalize
if(stripos($value, $word) !== FALSE)
{
$value = str_ireplace($word, chr(32), $value);
}
}
return trim($value);
}
/**
* Remove all known punctuation from a string
*
* Usage: '<index>' => 'rmpunctuataion'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_rmpunctuation($value, $params = NULL)
{
return preg_replace("/(?![.=$'€%-])\p{P}/u", '', $value);
}
/**
* Translate an input string to a desired language [DEPRECIATED]
*
* Any ISO 639-1 2 character language code may be used
*
* See: http://www.science.co.il/language/Codes.asp?s=code2
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
/*
protected function filter_translate($value, $params = NULL)
{
$input_lang = 'en';
$output_lang = 'en';
if(is_null($params))
{
return $value;
}
switch(count($params))
{
case 1:
$input_lang = $params[0];
break;
case 2:
$input_lang = $params[0];
$output_lang = $params[1];
break;
}
$text = urlencode($value);
$translation = file_get_contents(
"http://ajax.googleapis.com/ajax/services/language/translate?v=1.0&q={$text}&langpair={$input_lang}|{$output_lang}"
);
$json = json_decode($translation, true);
if($json['responseStatus'] != 200)
{
return $value;
}
else
{
return $json['responseData']['translatedText'];
}
}
*/
/**
* Sanitize the string by removing any script tags
*
* Usage: '<index>' => 'sanitize_string'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_sanitize_string($value, $params = NULL)
{
return filter_var($value, FILTER_SANITIZE_STRING);
}
/**
* Sanitize the string by urlencoding characters
*
* Usage: '<index>' => 'urlencode'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_urlencode($value, $params = NULL)
{
return filter_var($value, FILTER_SANITIZE_ENCODED);
}
/**
* Sanitize the string by converting HTML characters to their HTML entities
*
* Usage: '<index>' => 'htmlencode'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_htmlencode($value, $params = NULL)
{
return filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
}
/**
* Sanitize the string by removing illegal characters from emails
*
* Usage: '<index>' => 'sanitize_email'
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_sanitize_email($value, $params = NULL)
{
return filter_var($value, FILTER_SANITIZE_EMAIL);
}
/**
* Sanitize the string by removing illegal characters from numbers
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_sanitize_numbers($value, $params = NULL)
{
return filter_var($value, FILTER_SANITIZE_NUMBER_INT);
}
/**
* Filter out all HTML tags except the defined basic tags
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_basic_tags($value, $params = NULL)
{
return strip_tags($value, self::$basic_tags);
}
/**
* Filter out all SQL Valnurablities
*
* @access protected
* @param string $value
* @param array $params
* @return string
*/
protected function filter_mysql_escape($value, $params = NULL)
{
return mysql_real_escape_string($value);
}
// ** ------------------------- Validators ------------------------------------ ** //
/**
* Verify that a value is contained within the pre-defined value set
*
* Usage: '<index>' => 'contains,value value value'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_contains($field, $input, $param = NULL)
{
$param = trim(strtolower($param));
$value = trim(strtolower($input[$field]));
if (preg_match_all('#\'(.+?)\'#', $param, $matches, PREG_PATTERN_ORDER)) {
$param = $matches[1];
} else {
$param = explode(chr(32), $param);
}
if(in_array($value, $param)) { // valid, return nothing
return;
} else {
return array(
'field' => $field,
'value' => $value,
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Check if the specified key is present and not empty
*
* Usage: '<index>' => 'required'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_required($field, $input, $param = NULL)
{
if(isset($input[$field]) && trim($input[$field]) != '')
{
return;
}
else
{
return array(
'field' => $field,
'value' => NULL,
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided email is valid
*
* Usage: '<index>' => 'valid_email'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_email($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_EMAIL))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value length is less or equal to a specific value
*
* Usage: '<index>' => 'max_len,240'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_max_len($field, $input, $param = NULL)
{
if(!isset($input[$field]))
{
return;
}
if(function_exists('mb_strlen'))
{
if(mb_strlen($input[$field]) <= (int)$param)
{
return;
}
}
else
{
if(strlen($input[$field]) <= (int)$param)
{
return;
}
}
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
/**
* Determine if the provided value length is more or equal to a specific value
*
* Usage: '<index>' => 'min_len,4'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_min_len($field, $input, $param = NULL)
{
if(!isset($input[$field]))
{
return;
}
if(function_exists('mb_strlen'))
{
if(mb_strlen($input[$field]) >= (int)$param)
{
return;
}
}
else
{
if(strlen($input[$field]) >= (int)$param)
{
return;
}
}
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
/**
* Determine if the provided value length matches a specific value
*
* Usage: '<index>' => 'exact_len,5'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_exact_len($field, $input, $param = NULL)
{
if(!isset($input[$field]))
{
return;
}
if(function_exists('mb_strlen'))
{
if(mb_strlen($input[$field]) == (int)$param)
{
return;
}
}
else
{
if(strlen($input[$field]) == (int)$param)
{
return;
}
}
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
/**
* Determine if the provided value contains only alpha characters
*
* Usage: '<index>' => 'alpha'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_alpha($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!preg_match("/^([a-zÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÒÓÔÕÖÙÚÛÜÝàáâãäåçèéêëìíîïðòóôõöùúûüýÿ])+$/i", $input[$field]) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value contains only alpha-numeric characters
*
* Usage: '<index>' => 'alpha_numeric'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_alpha_numeric($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!preg_match("/^([a-z0-9ÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÒÓÔÕÖÙÚÛÜÝàáâãäåçèéêëìíîïðòóôõöùúûüýÿ])+$/i", $input[$field]) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value contains only alpha characters with dashed and underscores
*
* Usage: '<index>' => 'alpha_dash'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_alpha_dash($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!preg_match("/^([a-z0-9ÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÒÓÔÕÖÙÚÛÜÝàáâãäåçèéêëìíîïðòóôõöùúûüýÿ_-])+$/i", $input[$field]) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid number or numeric string
*
* Usage: '<index>' => 'numeric'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_numeric($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!is_numeric($input[$field]))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid integer
*
* Usage: '<index>' => 'integer'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_integer($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_INT))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a PHP accepted boolean
*
* Usage: '<index>' => 'boolean'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_boolean($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
$bool = filter_var($input[$field], FILTER_VALIDATE_BOOLEAN);
if(!is_bool($bool))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid float
*
* Usage: '<index>' => 'float'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_float($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_FLOAT))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid URL
*
* Usage: '<index>' => 'valid_url'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_url($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_URL))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if a URL exists & is accessible
*
* Usage: '<index>' => 'url_exists'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_url_exists($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
$url = str_replace(
array('http://', 'https://', 'ftp://'), '', strtolower($input[$field])
);
if(function_exists('checkdnsrr'))
{
if(!checkdnsrr($url))
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
else
{
if(gethostbyname($url) == $url)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
}
/**
* Determine if the provided value is a valid IP address
*
* Usage: '<index>' => 'valid_ip'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_ip($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_IP) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid IPv4 address
*
* Usage: '<index>' => 'valid_ipv4'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_ipv4($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided value is a valid IPv6 address
*
* Usage: '<index>' => 'valid_ipv6'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_ipv6($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
if(!filter_var($input[$field], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the input is a valid credit card number
*
* See: http://stackoverflow.com/questions/174730/what-is-the-best-way-to-validate-a-credit-card-in-php
* Usage: '<index>' => 'valid_cc'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_cc($field, $input, $param = NULL)
{
if(!isset($input[$field]) || empty($input[$field]))
{
return;
}
$number = preg_replace('/\D/', '', $input[$field]);
if(function_exists('mb_strlen'))
{
$number_length = mb_strlen($input[$field]);
}
else
{
$number_length = strlen($input[$field]);
}
$parity = $number_length % 2;
$total = 0;
for($i = 0; $i < $number_length; $i++)
{
$digit = $number[$i];
if ($i % 2 == $parity)
{
$digit *= 2;
if ($digit > 9)
{
$digit -= 9;
}
}
$total += $digit;
}
if($total % 10 == 0)
{
return; // Valid
}
else
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the input is a valid human name [Credits to http://github.com/ben-s]
*
* See: https://github.com/Wixel/GUMP/issues/5
* Usage: '<index>' => 'valid_name'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_valid_name($field, $input, $param = NULL)
{
if(!isset($input[$field])|| empty($input[$field]))
{
return;
}
if(!preg_match("/^([a-zÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÒÓÔÕÖÙÚÛÜÝàáâãäåçèéêëìíîïñðòóôõöùúûüýÿ '-])+$/i", $input[$field]) !== FALSE)
{
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
/**
* Determine if the provided input is likely to be a street address using weak detection
*
* Usage: '<index>' => 'street_address'
*
* @access protected
* @param string $field
* @param array $input
* @return mixed
*/
protected function validate_street_address($field, $input, $param = NULL)
{
if(!isset($input[$field])|| empty($input[$field]))
{
return;
}
// Theory: 1 number, 1 or more spaces, 1 or more words
$hasLetter = preg_match('/[a-zA-Z]/', $input[$field]);
$hasDigit = preg_match('/\d/' , $input[$field]);
$hasSpace = preg_match('/\s/' , $input[$field]);
$passes = $hasLetter && $hasDigit && $hasSpace;
if(!$passes) {
return array(
'field' => $field,
'value' => $input[$field],
'rule' => __FUNCTION__,
'param' => $param
);
}
}
} // EOC
Here is add_stock.php
<?php
include_once("init.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>POSNIC - Add Stock Category</title>
<!-- Stylesheets -->
<link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet'>
<link rel="stylesheet" href="css/style.css">
<link rel="stylesheet" href="js/date_pic/date_input.css">
<link rel="stylesheet" href="lib/auto/css/jquery.autocomplete.css">
<!-- Optimize for mobile devices -->
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<!-- jQuery & JS files -->
<?php include_once("tpl/common_js.php"); ?>
<script src="js/script.js"></script>
<script src="js/date_pic/jquery.date_input.js"></script>
<script src="lib/auto/js/jquery.autocomplete.js "></script>
<script>
/*$.validator.setDefaults({
submitHandler: function() { alert("submitted!"); }
});*/
$(document).ready(function() {
$("#supplier").autocomplete("supplier1.php", {
width: 160,
autoFill: true,
selectFirst: true
});
$("#category").autocomplete("category.php", {
width: 160,
autoFill: true,
selectFirst: true
});
// validate signup form on keyup and submit
$("#form1").validate({
rules: {
name: {
required: true,
minlength: 3,
maxlength: 200
},
stockid: {
required: true,
minlength: 3,
maxlength: 200
},
cost: {
required: true,
},
sell: {
required: true,
}
},
messages: {
name: {
required: "Please Enter Stock Name",
minlength: "Category Name must consist of at least 3 characters"
},
stockid: {
required: "Please Enter Stock ID",
minlength: "Category Name must consist of at least 3 characters"
},
sell: {
required: "Please Enter Selling Price",
minlength: "Category Name must consist of at least 3 characters"
},
cost: {
required: "Please Enter Cost Price",
minlength: "Category Name must consist of at least 3 characters"
}
}
});
});
function numbersonly(e){
var unicode=e.charCode? e.charCode : e.keyCode
if (unicode!=8 && unicode!=46 && unicode!=37 && unicode!=38 && unicode!=39 && unicode!=40 && unicode!=9){ //if the key isn't the backspace key (which we should allow)
if (unicode<48||unicode>57)
return false
}
}
</script>
</script>
</head>
<body>
<!-- TOP BAR -->
<?php include_once("tpl/top_bar.php"); ?>
<!-- end top-bar -->
<!-- HEADER -->
<div id="header-with-tabs">
<div class="page-full-width cf">
<ul id="tabs" class="fl">
<li><a href="dashboard.php" class="dashboard-tab">Dashboard</a></li>
<li><a href="view_sales.php" class="sales-tab">Sales</a></li>
<li><a href="view_customers.php" class=" customers-tab">Customers</a></li>
<li><a href="view_purchase.php" class="purchase-tab">Purchase</a></li>
<li><a href="view_supplier.php" class=" supplier-tab">Supplier</a></li>
<li><a href="view_product.php" class="active-tab stock-tab">Stocks / Products</a></li>
<li><a href="view_payments.php" class="payment-tab">Payments / Outstandings</a></li>
<li><a href="view_report.php" class="report-tab">Reports</a></li>
</ul> <!-- end tabs -->
<!-- Change this image to your own company's logo -->
<!-- The logo will automatically be resized to 30px height. -->
<a href="#" id="company-branding-small" class="fr"><img src="<?php if(isset($_SESSION['logo'])) { echo "upload/".$_SESSION['logo'];}else{ echo "upload/posnic.png"; } ?>" alt="Point of Sale" /></a>
</div> <!-- end full-width -->
</div> <!-- end header -->
<!-- MAIN CONTENT -->
<div id="content">
<div class="page-full-width cf">
<div class="side-menu fl">
<h3>Stock Management</h3>
<ul>
<li><a href="add_stock.php">Add Stock/Product</a></li>
<li><a href="view_product.php">View Stock/Product</a></li>
<li><a href="add_category.php">Add Stock Category</a></li>
<li><a href="view_category.php">view Stock Category</a></li>
<li><a href="view_stock_availability.php">view Stock Available</a></li>
</ul>
</div> <!-- end side-menu -->
<div class="side-content fr">
<div class="content-module">
<div class="content-module-heading cf">
<h3 class="fl">Add Stock </h3>
<span class="fr expand-collapse-text">Click to collapse</span>
<div style="margin-top: 15px;margin-left: 150px"></div>
<span class="fr expand-collapse-text initial-expand">Click to expand</span>
</div> <!-- end content-module-heading -->
<div class="content-module-main cf">
<?php
//Gump is libarary for Validatoin
if(isset($_POST['name'])){
$_POST = $gump->sanitize($_POST);
$gump->validation_rules(array(
'name' => 'required|max_len,100|min_len,3',
'stockid' => 'required|max_len,200',
'sell' => 'required|max_len,200',
'cost' => 'required|max_len,200',
'supplier' => 'max_len,200',
'category' => 'max_len,200'
));
$gump->filter_rules(array(
'name' => 'trim|sanitize_string|mysql_escape',
'stockid' => 'trim|sanitize_string|mysql_escape',
'sell' => 'trim|sanitize_string|mysql_escape',
'cost' => 'trim|sanitize_string|mysql_escape',
'category' => 'trim|sanitize_string|mysql_escape',
'supplier' => 'trim|sanitize_string|mysql_escape'
));
$validated_data = $gump->run($_POST);
$name = "";
$stockid = "";
$sell = "";
$cost = "";
$supplier = "";
$category = "";
if($validated_data === false) {
echo $gump->get_readable_errors(true);
} else {
$name=mysql_real_escape_string($_POST['name']);
$stockid=mysql_real_escape_string($_POST['stockid']);
$sell=mysql_real_escape_string($_POST['sell']);
$cost=mysql_real_escape_string($_POST['cost']);
$supplier=mysql_real_escape_string($_POST['supplier']);
$category=mysql_real_escape_string($_POST['category']);
$count = $db->countOf("stock_details", "stock_name ='$name'");
if($count>1)
{
$data='Dublicat Entry. Please Verify';
$msg='<p style=color:red;font-family:gfont-family:Georgia, Times New Roman, Times, serif>'.$data.'</p>';//
?>
<script src="dist/js/jquery.ui.draggable.js"></script>
<script src="dist/js/jquery.alerts.js"></script>
<script src="dist/js/jquery.js"></script>
<link rel="stylesheet" href="dist/js/jquery.alerts.css" >
<script type="text/javascript">
jAlert('<?php echo $msg; ?>', 'POSNIC');
</script>
<?php
}
else
{
if($db->query("insert into stock_details(stock_id,stock_name,stock_quatity,supplier_id,company_price,selling_price,category) values('$stockid','$name',0,'$supplier',$cost,$sell,'$category')"))
{
$db->query("insert into stock_avail(name,quantity) values('$name',0)");
$msg=" $name Stock Details Added" ;
header("Location: add_stock.php?msg=$msg");
}else
echo "<br><font color=red size=+1 >Problem in Adding !</font>" ;
}
}
}
if(isset($_GET['msg'])){
$data=$_GET['msg'];
$msg='<p style=color:#153450;font-family:gfont-family:Georgia, Times New Roman, Times, serif>'.$data.'</p>';//
?>
<script src="dist/js/jquery.ui.draggable.js"></script>
<script src="dist/js/jquery.alerts.js"></script>
<script src="dist/js/jquery.js"></script>
<link rel="stylesheet" href="dist/js/jquery.alerts.css" >
<script type="text/javascript">
jAlert('<?php echo $msg; ?>', 'POSNIC');
</script>
<?php
}
?>
<form name="form1" method="post" id="form1" action="">
<table class="form" border="0" cellspacing="0" cellpadding="0">
<tr>
<?php
$max = $db->maxOfAll("id", "stock_details");
$max=$max+1;
$autoid="SD".$max."";
?>
<td><span class="man">*</span>Stock ID:</td>
<td><input name="stockid" type="text" id="stockid" readonly maxlength="200" class="round default-width-input" value="<?php echo $autoid; ?>" /></td>
<td><span class="man">*</span>Name:</td>
<td><input name="name"placeholder="ENTER CATEGORY NAME" type="text" id="name" maxlength="200" class="round default-width-input" value="<?php echo $name; ?>" /></td>
</tr>
<tr>
<td><span class="man">*</span>Cost:</td>
<td><input name="cost" placeholder="ENTER COST PRICE" type="text" id="cost" maxlength="200" class="round default-width-input" onkeypress="return numbersonly(event)" value="<?php echo $cost; ?>" /></td>
<td><span class="man">*</span>Sell:</td>
<td><input name="sell" placeholder="ENTER SELLING PRICE" type="text" id="sell" maxlength="200" class="round default-width-input" onkeypress="return numbersonly(event)" value="<?php echo $sell; ?>" /></td>
</tr>
<tr>
<td>Supplier:</td>
<td><input name="supplier" placeholder="ENTER SUPPLIER NAME" type="text" id="supplier" maxlength="200" class="round default-width-input" value="<?php echo $supplier; ?>" /></td>
<td>Category:</td>
<td><input name="category" placeholder="ENTER CATEGORY NAME" type="text" id="category" maxlength="200" class="round default-width-input" value="<?php echo $category; ?>" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>
</td>
<td>
<input class="button round blue image-right ic-add text-upper" type="submit" name="Submit" value="Add">
(Control + S)
<td align="right"><input class="button round red text-upper" type="reset" name="Reset" value="Reset"> </td>
</tr>
</table>
</form>
</div> <!-- end content-module-main -->
</div> <!-- end content-module -->
</div> <!-- end full-width -->
</div> <!-- end content -->
<!-- FOOTER -->
<div id="footer">
<p>Any Queries email to <a href="mailto:sridhar.posnic@gmail.com?subject=Stock%20Management%20System">sridhar.posnic@gmail.com</a>.</p>
</div> <!-- end footer -->
</body>
</html>
now who can tell me what is wrong with the function filter_var() method on line 186 in ump.class.php?
This one requires lots of up front information: I have a page, for this example that I will call page.php. It takes get parameters, and for this example I'll call the parameter "step". So I have a URL like this: page.php?step=1 This page has a form with an action of page.php?step=1. The code on the page validates the posting information. If the information is bad, it returns the user to page.php?step=1; if it is good, it takes the user to page.php?step=2 via header( "location:page.php?step=2" ). So redirection is done by relative path, not full URLs. This all works as expected. Now what I've done is set .htaccess to be HTTPS for this page, via this code: # Turn SSL on for payments RewriteCond %{HTTPS} off RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] This works (initially). However, once you try to post the form, it just redirects back to the step=1 version of the page. I really don't know how or why that would be. I'm not sure how else I can explain this or what other information you may have. But it's frustrating to not get a page working in HTTPS that works in HTTP. Very odd. Any suggestions? (I don't even really know the best location to figure out when/why it's redirecting back to the original page.) Hi.., I use below method to export data to excel. header('Content-type: application/ms-excel'); header('Content-Disposition: attachment; filename=abc.xls'); if I run the script from the server. (http://localhost/export.php) it is work. (pop-up window if i want save or open the file) but if i run the script from the client (http://192.168.1.5/export.php) it is not work. (nothing happen) any idea how to solve this? require_once 'includes/upload.class.php'; $upload = new uploads(); $details = $upload->getFileInformation($id); <?php echo $details['upload_desc']; ?> then here the class. require_once 'db.class.php'; class uploads extends database { private $uploadData; function uploadFile() { public function getFileInformation($id) { $this->uploadData = $this->readData("uploadfiles", "upload_id", $id); return $this->uploadData; } But it wont work! Some of you may have seen one of my many posts about email issues. Some users don't get them, and I have determined it is probably because we are marked as spam.
We are a service that grades sales team members on their phone skills. Listening to pre-recorded calls, grading and uploading them to our site, and then another part of our business looks them over and sometimes leaves a message that then get's forwarded to this persons work email.
I have determined there is ways to get marked as spam as default by not having an opt out link. This is not an option, these sales members employer has opted in, and the emails are going to work related accounts hosted at that employer. Also, if one of these staff members is not so bright, or disgruntled they may mark us as spam anyways. The bottom line is that we have very little control over whether we are or are not marked as spam.
So we want to start looking into sending text messages and this is where I start to question how good of an idea this is.
First off, if it was me, and the messages where being sent to a device that my employer did not provide, I would in no way want work related text messages coming to me. Unless there is a vested interest in getting them. IE, I'm the boss at this place and am always on the clock. What if you are on the bottom? It's just a job for you.
What if it is a pre-paid device, text messages cost money. What then? What if they don't even have, or want a cell phone?
The short of it is this. If I'm at a job that is just another job, and this employer tells me that I have to get these messages. I'm going to look for another job. I see the organizations having continuous issues and complaints from their employees. Thus us as a business having issues keeping clients.
What am I getting into here? What are your opinions on this matter? What are your recommendations as to alerting users of something on our site that we can rest assured are being received 100% of the time?
Thanks!
Nick
Hi there, As the question says i tried several things but i can't work it out and my knowledge about php isn't that well. i need help trying to get this delete feature to work its not deleting from the database (by the way i took out my database names and passwords at the top of the file) is it possible someone could help me, ive been working on this for like a week and cant figure out the problem. thanks! you can email me at spr_spng@yahoo.com picture 2.png is showing what it looks like Code: [Select] <?php $host="localhost"; // Host name $username="username"; // Mysql username $password="password"; // Mysql password $db_name="database_name"; // Database name $tbl_name="table_name"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); $count=mysql_num_rows($result); ?> <style> /*table affects look of the whole table look */ table { margin-left: auto; margin-right: auto; border: 1px solid #330000; border-collapse:collapse; width:70%; border-width: 5px 5px 5px 5px; border-spacing: 1px; border-style: outset outset outset outset; border-color: #330000 #330000 #330000 #330000; border-collapse: separate; background-color: #330000; #800517 f535aa #330000 school color #9A0000 school color2 #991B1E school color3 #CCCC99 school color4 #9A0000 } /*th is table header */ th { text-align: left; height: 2.5em; background-color: #330000; color: #FC0; font-size:1.5em; } /*td is table data or the cells below the header*/ td { text-align: left; height:1.0em; font-size:1.0em; vertical-align:bottom; padding:10px; border-width: 5px 5px 5px 5px; padding: 8px 8px 8px 8px; border-style: outset outset outset outset; border-color: #9A0000 #9A0000 #9A0000 #9A0000; background-color: #CCCC99; -moz-border-radius: 0px 0px 0px 0px; } </style> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td><form name="form1" method="post" action=""> <table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td bgcolor="#FFFFFF"> </td> <td colspan="4" bgcolor="#FFFFFF"><strong>Pick Which Rows you want to delete, Then press delete.</strong> </td> </tr> <tr> <td align="center" bgcolor="#FFFFFF"><strong>Id</strong></td> <td align="center" bgcolor="#FFFFFF"><strong>Name</strong></td> <td align="center" bgcolor="#FFFFFF"><strong>Lastname</strong></td> <td align="center" bgcolor="#FFFFFF"><strong>Email</strong></td> <td align="center" bgcolor="#FFFFFF">delete</td></tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td bgcolor="#FFFFFF"><? echo $rows['id']; ?></td> <td bgcolor="#FFFFFF"><? echo $rows['name']; ?></td> <td bgcolor="#FFFFFF"><? echo $rows['lastname']; ?></td> <td bgcolor="#FFFFFF"><? echo $rows['email']; ?></td> <td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['id']; ?>"></td> </tr> <?php } ?> <tr> <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td> </tr> <? // Check if delete button active, start this // edited if($delete){ for($i=0;$i<$count;$i++){ $del_id = $checkbox[$i]; $sql = "DELETE FROM $tbl_name WHERE id='$del_id'"; $result = mysql_query($sql); } // if successful redirect to delete_multiple.php if($result){ echo "<meta http-equiv=\"refresh\" content=\"0;URL=delete_multiple.php\">"; } } mysql_close(); ?> </table> </form> </td> </tr> </table> Hi everybody *asian accent*, im trying to figure out how to display xml in php i know how to do things like <condition> <conditionId>4000</conditionId> <conditionDisplayName>Very Good</conditionDisplayName> </condition> for each blah blah as $item $condition = $item->condition->conditionId echo $condition; BUT........how do i get these values in XML to display in php this <searchResult count="2"> I want to get the value of count to display help please Well, for those of you who use facebook, if you move pages from messages, to feed, to events or anything like that, you will notice the entire page doesn't load. At first, I though there must be some Ajax involved but then I realised that the page url is changing with new GET variables. So what is going on? What are they doing? So I wanted to use a \ in order to stop PHP from registering my quotes. For some reason it does not seem to work. I am running PHP version 5.3.8. What am I doing wrong? |
|||||||