|
PHP - Is Escapeshellarg Needed If Passing Serialized Data?
I had been escaping my arguments before passing to exec(), and then type casting back on the other end. Recently needed to pass an array, and at first planned on json_encode(), but gave serialize/unserialize a try and discovered that it automatically took care of the type casting. The data is coming from me thus I am not (hopefully!) worried about malicious data. Any need to also use escapeshellarg() either before or after serializing? Thanks Similar TutorialsOk...working with serialized data is not fun. This is how WordPress does it. I had something working a little, but it wasn't getting all the information I needed. The query below appears to retrieve all the information I need. What I'm trying to do is determine what type of Subscription (s2member_level) a User gets and where they live (county). I eventually want to show the total number of each group, as well as the Usernames (only 18 total right now). The below code SHOULD look like this: Region 1: ## members Region 2: ## members Region 3: ## members Region 4: ## members Region 5: ## members But...right now it just shows Region : 18 members (no number after the region) Code: [Select] $custom = 'SELECT * FROM wp_usermeta um1 INNER JOIN wp_usermeta um2 JOIN wp_users u ON um1.user_id=um2.user_id WHERE um1.meta_key = "wp_s2member_custom_fields" AND um2.meta_value LIKE "%s2member_level%" AND um1.user_id = u.ID GROUP BY um1.user_id'; $c_results = mysql_query($custom); $region = array(); while($line = mysql_fetch_assoc($c_results)) { $meta_value = unserialize($line['um1.meta_value']); $region[$meta_value['county']]++; }; foreach ($region as $key => $value) { echo "Region $key: $value members<br>"; } This is just a sample of the data retrieved for four Users. I used the Inner Join through help on here. Each row shows two entries from the same table. The code above appears to be counting the valid results properly, but it's not dividing them up. So it appears to work down to the "foreach" part. Quote umeta_id user_id meta_key meta_value umeta_id user_id meta_key meta_value 15624 1073 wp_s2member_custom_fields a:1:{s:6:"county";s:1:"1";} 15617 1073 wp_capabilities a:1:{s:15:"s2member_level2";s:1:"1";} 16041 1094 wp_s2member_custom_fields a:1:{s:6:"county";s:1:"3";} 16034 1094 wp_capabilities a:1:{s:15:"s2member_level2";s:1:"1";} 16491 1117 wp_s2member_custom_fields a:1:{s:6:"county";s:1:"2";} 16484 1117 wp_capabilities a:1:{s:15:"s2member_level2";s:1:"1";} 16671 1126 wp_s2member_custom_fields a:1:{s:6:"county";s:1:"3";} 16664 1126 wp_capabilities a:1:{s:15:"s2member_level2";s:1:"1";} Hey all, I'm am stumped. I'm working with someone else's code and I find they are using serialized arrays a lot. unfortunately at present I am not to familiar with serialized arrays and how to work with them and Ive been searching for an answer for a bit but I am not doing so hot in my quest, so I thought I'd come here and give it a crack. From what I gather the person that did this portion of the site I am working on pulled this as is from linkedin. From it I am trying to reconstruct it for the page I am putting into, this information is stored in hundreds of db entries so I cant really redo everything. Is there a direct way of working with this or do I have to covert it to an array or what is the best way to handle data like below, or serialized arrays in general for that matter. Example of what I am looking at: Code: [Select] {"@attributes":{"total":"1"},"position":{"id":"155477330","title":"Lead Architect","summary":{},"start-date":{"year":"2010","month":"10"},"is-current":"true","company":{"id":"209012","name":"Sprint Mobile Inc","type":"Privately Held","industry":"Internet"}}} And another example: Code: [Select] {"@attributes":{"total":"3"},"position":[{"id":"161998487","title":"Senior UX\/UI Designer","summary":"Plan, Design, and Direct User Experience Design\/Development. Also in charge of sharing and spreading the UX philosophy company-wide.","start-date":{"year":"2011","month":"1"},"is-current":"true","company":{"id":"209012","name":"UpMo","type":"Privately Held","industry":"Internet"}},{"id":"149276847","title":"Owner \/ Creative Director","summary":"I'm 27 years old and born and raised in Charleston, South Carolina. \n\nAs a web designer and developer with nearly 14 years of experience, I've always found myself to be interested in business development. I started my first web business when I was 17 years old and watched it grow from a one man operation in a bedroom, to twelve employees working from two office locations. \n\nOver the years I have developed over 200 websites and assisted in the design\/development in as many more.\n\nBeing an entrepreneur, I've developed a sixth sense for quality assurance on web projects -- in other words, if I cannot give it a thumbs up for my own business, why would I give it to you?","start-date":{"year":"2010","month":"6"},"is-current":"true","company":{"id":"1487228","name":"Brandon Rivers Consulting, LLC.","industry":"Internet"}},{"id":"71905623","title":"Chairman \/ Chief Executive Officer","summary":"Brandon is responsible for setting strategy and overseeing the day-to-day business and operations of Campus Rhythm.\n\nIn this position, Brandon\u2019s core responsibility is not only facilitating business outside of Campus Rhythm, but balancing internal and external initiatives to build a sustainable corporation. \n\nCampus Rhythm is the FIRST and ONLY fully automated Student to Student textbook network that allows students all over the country to set their own prices, and be connected to other students to buy and sell textbooks.","start-date":{"year":"2007","month":"10"},"is-current":"true","company":{"name":"Campus Rhythm, LLC.","industry":"Internet"}}]} I'm dealing with data that WordPress creates for Users when they register and subscribe, and to use it for other purposes, I have to wrap my head around serialized data. It's not sinking in well. The below code works well for what I wanted at the time. It takes into consideration where the Subscriber lives (divided up into five areas) and counts how many I have. That is noted by wp_s2member_custom_fields and ANY s2member_level. There are three levels, and I need to actually note how many there are at each Member level. There is another line of data for each user_id meta_key = wp_capabilities meta_value = a:1:{s:15:"s2member_level2";s:1:"1";} Code: [Select] $custom = 'SELECT * FROM wp_usermeta WHERE meta_key = "wp_s2member_custom_fields" AND user_id IN (SELECT user_id FROM wp_usermeta WHERE meta_value LIKE "%s2member_level%")'; $c_results = mysql_query($custom); $region = array(); while($line = mysql_fetch_assoc($c_results)) { $meta_value = unserialize($line['meta_value']); $region[$meta_value['county']]++; }; foreach ($region as $key => $value) { echo "Region $key: $value members<br>"; } This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=351561.0 Greetings, I'm trying to execute a shell command with a user-supplied password as input. The password may contain apostrophes and and virtually any other character. Unfortunately, when using escapeshellarg(), the password argument is interpreted as two separate arguments, as escapeshellarg() will handle apostrophes (single quotes) by breaking out of the already quoted text and using a backslash escape. $password = escapeshellarg("ex'ample!%"); // The password will actually be supplied by an HTML form. $command = ('echo '.$password); echo "$command"; // Returns 'ex'\''ample!%' Does anyone have any input on how to accomplish what I'm trying to do? I'd like to allow obscure passwords without disallowing specific characters, while still being "safe" in passing the information to a shell command. Double quotes would work for passing single quotes, but I'm afraid I might break other characters there. Thanks. I can add and delete data from my table. Now I need to be able to change one or more fields in an entry. So I want to retrieve a row from the db, display that data on a form where the user can change any field and then pass the changed data to an update.php program. I know how to go from form to php. But how do I pass the data from retrieve.php to a form so it will display? Do I use a URL and Get? Can I put the retrieve and form in the same program? Hi, I've currently started to modify a chat script of mine to output a moderation panel but the moderation page seems empty(blank) every time I load it. What im trying to do is to take the ID part in my URL via the $_GET and look it up in my database table in the column named id, then select that specific row to be able to retrieve the StringyChat_ip and place it into another table to ban the IP and the second thing im trying to do is to be able to delete the specific row from my table.
My Http link look something like
http://imagecrab.fre.../ban.php?id=159
and my ban.php page where I want to lookup the 159 part and do the banning etc looks like
<?
include("admin_code_header.php");
if ($_POST["DeletePost"]) {
$id = $_POST['id'];
$query = "DELETE FROM ".$dbTable." WHERE id='".$id."'";
mysql_query($query);
echo "ID removed from system: ".$id;
}
if ($_POST["BanIP"]) {
$IP_To_Add = $_POST["ip"];
$sql = "INSERT INTO ".$IPBanTable." (ip) VALUES (\"$IP_To_Add\")";
$result = mysql_query($sql);
}
$result = mysql_query("SELECT * FROM ".$dbTable." WHERE id='".$id."'",$db);
while ($myrow = mysql_fetch_array($result)) {
$msg = $myrow["StringyChat_message"];
$idm = $myrow["id"];
?>
<html>
<form name="form<? echo $myrow["id"];?>" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="DeletePost" type="submit" id="DeletePost" value="Delete">
<input name="BanIP" type="submit" id="BanIP" value="Ban <? echo $myrow["StringyChat_ip"];?>">
</form>
</html>
<?
}
?>
What is the point of serializing an array and can some show me an example as to when it should be used? Hi.
I'm in the need of some help. Cant figure out what is wrong with the code. Getting undefined all the time. The idea is to pass current playing video and user data to javascript using data-value="valuehere" and then let javascript to send the data to db with the current time and so on. I had a working solution but wanted to use videojs player and now im stuck. The code before was:
(function(a){
a(".history").on("click",function(){
var b=a(this).data("mp4");
var store_type=a(this).data("store_type");
var store_title=a(this).data("store_title");
var store_tmdbid=a(this).data("store_tmdbid");
var subtitle=a(this).data("subtitle");
var resume=a(this).data("resume");
var user_id=a(this).data("user_id");
var playpath=a(this).data("mp4")+a(this).data("resume");
a(".yt-modal-box").append('<div class="modal fade" id="yt-modal"><div class="modal-dialog"><div class="modal-body flex-video widescreen"></div></div></div>');
a("#yt-modal").modal();
a("#yt-modal").find(".modal-body").html('<button type="button" class="modal-close" data-dismiss="modal" aria-hidden="true"></button><div id="video_container"><video width="100%" controls autoplay id="video"><source src="'+playpath+'" type="video/mp4"><track kind="subtitles" src="files/Movies/Subtitles/'+subtitle+'" srclang="et" />Your browser does not support the video tag.</video></div>');
a(document).on("hide.bs.modal",function(){ clearInterval(refreshId); a(".modal-body").html("")})
function updater(){
$.post("modules/api/unfinished/update.php",{
unban: "none",
user_id: user_id,
filename: b,
store_type: store_type,
store_title: store_title,
store_tmdbid: store_tmdbid,
lenght: video.duration,
position: video.currentTime,
})
.done(function(data){
if(data == 1){
$.post("assets/api/unfinished/update.php",{
unban: "unban", user_id: user_id, filename: b, lenght: video.duration, position: video.currentTime,
})
function redirect(){
window.location = 'logout.php'
}
setTimeout(redirect, 2000);
}
});
}
var refreshId = setInterval(updater, 5000);
})
})(jQuery);
Now i have something like this:
<video id="example_video_1" class="video-js vjs-default-skin vjs-big-play-centered history" controls preload="auto" width="100%" height="389" data-resume="123" data-setup="{}" >
var myValue;
(function(a){
a(".history").ready(function(){
myValue=a(this).data("resume");
})
videojs("example_video_1").ready(function(){
var myPlayer = this;
myPlayer.on("play", function(){
alert(window.myValue); // I would like to use the myValue under this.
});
//myPlayer.play();
});
})(jQuery);
If you have something then please help out. Thanks.
Hi,
I have a php script that generates a select dropdown box
<option value="1"> Bob </option>
<option value="2"> Tim </option>
<option value="3"> Sam </option>
<option value="4"> Phil </option>
I then have the following javascript to produce my google api graph:
<script type="text/javascript">
google.load('visualization', '1', {'packages':['corechart']});
google.setOnLoadCallback(drawChart);
function drawChart() {
var jsonData = $.ajax({
url: "test1.php",
dataType:"json",
async: false,
}).responseText;
var data = new google.visualization.DataTable(jsonData);
var chart = new google.visualization.LineChart(document.getElementById('chart_div'));
chart.draw(data);
}
</script>
This then runs a php script that returns the data back in Json format.
How can I pass the <option value=""> through the to the test1.php script to generate the json data based on the the value selected i.e 1, 2, 3 etc.
i an new at javascript and the google api can anyone let me know how I can get this variable sent through by the google api script. and for the graph to refresh every time another option is chosen.
Thanks
krisI'm using PHP and MySQL to display images on the first page.
When the image is clicked on I'm passing an ID to a new page.
I want that ID to display the ID data that's associated with that ID.
For example:
ID 1 should display - Title - title1, Details - details1, image - image1
and ID 2
ID 1 should dislay - Title - title2, Details - details2, image - image2
But only displaying ID 1 data not matter if the URL is - website.com/thedetials.php?id=1 or website.com/thedetials.php?id=2
In other words, it displays the same data even though the id in the URL is different.
Page 1
$sql="SELECT * FROM thetable";
$result = mysqli_query($con,$sql);
echo " <ul>";
while($row = mysqli_fetch_array($result) {
echo "<li'>";
echo "<a href='page2.php?id=$row[id]'><img src=$row[image]></a>";
echo "</li>";
}
echo "</ul>";
?>
<?php
// End while loop.
mysqli_close($con);
?>
Page 2
$id = $_GET['id']; $sql="SELECT id, title, details, image, FROM thetable"; $result = mysqli_query($con,$sql); $row = mysqli_fetch_array($result); ?> <?php echo $row['title'] ?> <?php echo $row['details'] ?> <img class='projectItem-pic' src="<?php echo $row['image']?>">If I use below - No data displays, not sure why. $sql="SELECT * FROM thetable WHERE id = $id";Can someone tell me what I'm doing wrong? Edited by patmon, 08 June 2014 - 09:22 PM. Having some issues, hopefully you guys can identify a solution for me. There are 7 Servers involved in this situation - Each with its own website. Server 1 houses a page with content that is shared by the other 6 servers. I need to change an image (logo) at the top of Server 1 page based upon which server they originally came from. For example they are traveling from server 4, when they arrive at server 1 they see server 1 content however the image at the top will corrospond with correct brand in this example server 4's logo. Cookies have not been a reliable solution considering they are usually disabled. Please Help Guys, Any feedback is Fantastic! Hi guys, I have a form with a multiselect option as below Code: [Select] <select multiple="multiple" id="smoker" name="smoker[]"> <option value="" selected="selected">Please select</option> <option value="No" >No</option> <option value="Occasionally" >Occasionally</option> <option value="Often" >Often</option> <option value="Open to All" >Open to All</option> </select> and need to pass this info into mysql insert, but before that I need them to be seperated by coma, i have the code below but keep getting errors Code: [Select] if ($_SERVER['REQUEST_METHOD'] == 'POST') { $smoker=stripslashes($_POST['smoker']); $smoker_db=implode(", ",$smoker); } this is the error i get Quote Notice: Array to string conversion in ...... Could you please help me with this? Many thanks in advance I'm teaching myself a bit of OOP in php. found that i could pass an object into the SESSION array if i serialize() the object and then unserialize() it where i need it in other page files. all seems to work well until it comes time for a user to logout from my application and attempt to destroy the session. at times, when they log back in, this serialized SESSION value seems to still be set while other SESSION values have been cleared. at least i *thinnk* this is what is going on.
in my logout handler, i have the following:
$_SESSION = array(); // clear all SESSION vars setcookie(); // clear cookies session_destroy();but the above does not seem to be working. my guess is there is something native to serialized SESSION values that im not yet aware of. any help here would be much appreciated. Hi I will try and explain this as best I can, as I am not sure if the "include" is causing the problem. What I am trying to achieve is count the total number of vehicles in the "vehicles" db table and pass it to views (I have recently moved over to MVC so still learning so please be kind and keep it simple for me please) I have a folder in views called "vehicletracker" , within this folder I have 2 files "index.php" and "widget.php".........The "widget.php" file is an "include" within "index php". The problem I am having is passing data from the controller to the view, I keep getting an "Undefined index: total" error and wonder if someone can help and show me where I am going wrong. This is my Model
<?php
class Widget {
private $db;
public function __construct(){
$this->db = new Database;
}
public function countVehicles(){
$this->db->query("SELECT * FROM vehicles");
return $this->db->rowCount();
}
}
This is my controller
<?php
class Widgets extends Controller{
public function __construct(){
$this->widgetModel = $this->model('Widget');
public function widget (){
$data['total'] = $this->widgetModel->countVehicles();
$this->view('vehicletracker/widget', $data);
}
}
And my view
<h2 class="text-white"><?php echo $data['total']; ?></h2>
Thanks in advance for any help you can give Alright, So i want to pass a session from www.mysite.com to mobile.mysite.com And i'm doing so by calling this on the top of every page on each site: <?php session_set_cookie_params(360000, "/",".mysite.com"); session_start(); print_r($_SESSION); ?> yet, the session data that is set on one subdomain is NOT printed on the other subdomain. I've even tried destroying the sessions several times to start over. But it won't work. What could be up? Thanks I have a shopping system set up and all works fine until the page where I ask for the clients invoice details etc... I am using php to validate the form data. This works fine but then after it has validated and you submit the form the data does not get passed as I am using a http location redirect. I have heard people mention curl to pass the data, but have never used this before and dont know where to start. Is there an alternate way of doing this. The form data is passed to another website url of a site that processes our payments. Please can someone tell me the best method? I know I could validate with javascript, but want to stay away from that. This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=355809.0 I've been poking around the Internet for the answer to this without any success. This query APPEARS to run, but NOTHING GETS INSERTED. The QuestionID in the Questions table is set to auto-increment, so I only need the QuestionText data for this table. the QuestionID in the Answers table is not because there might be four or five options per question. The snippets of code under consideration is pasted below snipped from index.php: Code: [Select] <form action="./newquestion.php" method="post"> Question Text:<br><input type="text" size=100 name="QuestionText" /><br><br> <input type="submit" value="Enter next question"/> </form> Then snipped from newquestion.php mysql_select_db(quiz); $query = mysql_query("INSERT INTO Questions VALUES ('$_POST[QuestionText]'"); $result = mysql_query($query); Thank you all. I'm sure I'll learn this pretty fast, but I still need a little help. Hi, I have a (probably quite simple) question about passing form data to a php script that contains an iframe with another php script that also needs some of this form data. Basically, my problem is as follows: I have the following code in a file called example1.php: Code: [Select] <html> //some html stuff <?php if(isset($_POST['from'])) {$from1 = $_POST['from'];} else {$from1 = 'English';} $langList = array('English', 'French', 'German', 'Dutch'); print('<select id="from" name="from">'); foreach ($langList as $lang) {printf('<option %s>%s</option>', ($from1 == $lang ? 'selected="selected"' : ''), $lang); } echo '</select>'; ?> //some more html stuff </html> As you can see, it retrieves a variable via POST and selects its value from a list. The variable is posted from an html file (example0.htm) containing the following: Code: [Select] <form method="post" action="example1.php"> This worked fine, until I put example1.php inside an iframe in example2.php as follows: Code: [Select] <html> //some html here <?php //some php here ?> <iframe src ='example1.php' id='something' name='something' > </iframe> </html> and changed: "post" action="example2.php" in my html form. My question is: how do I pass form data from example0.htm to example2.php to example1.php, so that example2.php gets loaded when the submit button on my form gets pressed, but so that example1.php (which gets loaded from the iframe in example2.php) can also access the form data? Thanks! |
|||||||