|
PHP - Very Weird Include Thing
Hi all, I can't find anything about this, but maybe someone knows this.
the code below works as it should except when it is being included for some reason the filter function doesn;'t work and i get a pop up... $string = "<script> alert('koekoek')</script>"; echo 'string = '.filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS).'<br />'; -edit: the string is normally is retrieved from a $_POST['var'] like: $query = $_POST['query']; echo 'query: '.filter_var($query, FILTER_SANITIZE_SPECIAL_CHARS).'<br />'; and thats when it seems to not work when included edit2: Now i changed the code a bit and put the filter function before echoing it, and than it works... may i assume that it should not be used in the echo directly? $query = filter_var($_POST['query'], FILTER_SANITIZE_SPECIAL_CHARS); echo $query; Similar TutorialsHey guys! Well this is actually kind of a weird problem I have been having, and not too sure why I'm getting this problem. I've tried a lot of stuff, and it doesnt seem like I've been able to find a solution. I've been trying for about a month. Anyways, I have a website created with some OOP. Well, once I write an include statement to include a file, which then includes all my classes, it messes up my font, moves my website content down, and well.. it just does weird stuff. However, once I comment the include out, the website looks normal again. so basically, I can comment out the file itself and everything is just fine. But it only happens when I include my class files. Any ideas or suggestions would be amazing! Thank you! I am simple using include to include a file within the webpage. include $file; $file does exist and is a string. This works fine locally but when testing on my live server it isnt included and nothing below the include is executed, not even plain html. The error log shows nothing, and there are no errors on screen even when using E_ALL. So i decided to make $file point to the file on the server to see if it was picking it up and it does. So why doesnt the live server want to include this file? The file consists of php and html but there arent any errors. It wouldnt work locally if there were. Any ideas? I use my desktop (Windows) to make websites and then once it's completed transfer to my Linux server but I've come across a weird issue. On Windows the file location is like this: C:\Server\Apache\htdocs\RSCEmulation On Linux the file location is like this: /home/rscemulation/public_html Now in those folders I have a folder called 'include', in that I have 2 files: header.php, functions.php In the base folder I have index.php. I then include header.php by using: include "include/header.php"; Then I include functions.php (from header.php) by using: include "functions.php"; Now on Linux this chucks an error, even with "./functions.php" -- I have to use include "include/functions.php" even though I'm already in that directory from the file I'm calling it from, although admittedly the file is being included from the directory below but this works fine on Windows with a base PHP install. This Linux box was given to me and I'm not sure if any PHP settings have been changed or not. I also have a config.php that I keep below the public directory (htdocs or public_html) but it won't let me include it on the Linux server by using "../../config.php" (I've tried all levels ranging from 0-5 with no luck) Can anyone shed some light on this please? I need it to work the same both on the Windows and Linux boxes as I copy and paste the files regularly and it's annoying changing them! Cheers. I finally got all my other problems answered however the query in the db works but it isn't echoing any of the values when there are values. <div id="roster" class="content"> <h1 class="pageheading">Singles Biographies</h1> <span class="minilinks"><a href="/roster/tag-team-roster">Tag Teams</a> | <a href="/roster/stable-roster">Stables</a> | <a href="/roster/manager-roster">Managers</a> | <a href="/roster/referee-roster">Referees</a> | <a href="/roster/staff-roster">Staff</a></span> <?php $query = "SELECT characters.shortName, characters.characterName, singles.height, singles.weight, singles.hometown FROM characters LEFT JOIN singles as singles ON characters.ID = singles.characterID WHERE characters.styleID = '1' AND characters.statusID = 1 ORDER BY characters.sortOrder"; $result = mysql_query($query); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $fieldarray = array('characterName','shortName','height','weight','hometown'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $fieldlabel = $row[$fieldlabel]; } } ?> <div id="wrestler"> <div id="headshot"> <?php if (file_exists('/images/headshots/' . $shortName . '.png')) { print '<img src="images/headshots/' . $shortName . '.png">'; } else { print '<img src="images/headshots/default.png">'; } ?> </div> <div id="wrestler-info"> <div id="wrestler-info"><p><span class="rostername"><a class="biolinks" href="/bio?username=<?php echo $shortName ?>"><?php echo $characterName ?></a></span><br /> Height: <?php echo $singlesheight ?><br /> Weight: <?php echo $singlesweight ?><br /> Hometown: <?php echo $singleshometown ?><br /></p> </div> </div> </div> <div class="clear"></div> <?php } ?> </div> I have an upload script that has been working just fine for months now.. I didn't change a thing,, now people are saying they are getting a internal server error... I checked it myself and I am getting the same thing. There is no error number,, so I can't look it up.. My upload script is good for 30mb's and has been just fine up til now.. Any ideas? Could GoDaddy just be having probs? The error is only shown after the upload is started.. the upload starts, then about 30 seconds later, it appears. Wonder if any of you had this before. I'm pulling data from db for given day, and display them in a table. After, as extra feature, I'm running a quick query checking how many record are in the db for given day and dispaying result. The count works correctly - it shows the actual number of records in db, but the first part of the code - the listing of record - always skips the first record. So the count returns i.e. 7 record, but on the listing shows only 6. Here's the listing part of the code. Also you might notice a bit "messy" use of odbc_fetch_row and odbc_fetch_array, but that had to do with controlling situation when there was no records in db - I'll clean it up later Any ideas or solutions welcomed echo "<table border=0 class=\"report-font-table\"><tr bgcolor=#CCCCCC><td><b>MODEL</b></td><td><b>SERIAL NUMBER</b></td><td><b>INSPECTOR</b></td><td><b>COMMENTS/FAILS</b></td></tr>"; $MySQL1 = 'select Model, Serial_no, Inspector, Comment from CM_Audit where Date=#'.$new_date.'#'; $MyCon=odbc_connect('SQA_Typewriter','','') ; // use the SQA_Typewriter ODBC $result=odbc_exec($MyCon,$MySQL1); $check1=odbc_fetch_array($result); if (!empty($check1)) { while (odbc_fetch_row($result)) { echo "<tr> <td>".odbc_result($result,"Model")."</td> <td >".odbc_result($result,"Serial_no")."</td> <td >".odbc_result($result,"Inspector")."</td> <td >".odbc_result($result,"Comment")."</td> </tr>"; } echo "</table>"; odbc_close($MyCon); } else { echo "</table><p style=font-weight:bold;color:006699>No audits have been carried out on this day.</p>"; } I am running a search query from MYSQL and it works, but now I want to get a little custom. I am selecting one field, out of many called paid1 which in database is either Yes or No. I want to do this: if paid1 is NO display Pay Now and everything else display Yes. I want this to be under new heading of paid1b. So the code should look something like this: $paid1b= if(['paid1'}==No){echo "Pay Now";} else {echo "YES";} But I am missing something somewhere. What is it? Thanks if ($TypeOfPage == 'englandtrinityhouse' || 'welshtrinityhouse' || 'channelislandstrinityhouse'){ $Op = '<input type="text" name="Operator" value="Trinity House" class="Operator">'; } else { if ($TypeOfPage == 'northernlighthouseboard'){ $Op = '<input type="text" name="Operator" value="Northern Lighthouse Board" class="Operator">'; } else { $Op = '<input type="text" name="Operator" class="Operator">'; } } This code always echos the first option when echo'd. Ive checked the var is different each time, eg 'northernlighthouseboard' or 'private'. Anyone care to explain?! danny hi guys, i'm learning some php, and trying some things. but i can't seem to get this to work. Code: [Select] <html> <title>simple thing</title> <body> <form action= 'blog.php' method = 'GET'> author: <input type='text' name="writer" /> <br/> article: <textarea rows="25" cols='60' name="article"></textarea> <input type="submit" value="send" /> </form> </body> <hr /> </html> <?php $writer = $_GET ['writer']; print "writer is " . $writer; ?> i want to get rid of the error. it works, but it show this error. have I used the $_GET correctly? I tried using isset() and empty(), but I think I didn't used those correctly. could you guys tell me how to fix this small thing. the error: http://i.imgur.com/DC8by.png it runs perfect, when I run it in phpED, but when running the file directly "like: http://localhost/blog.php" it gives the error. I also read somewhere this has to do with the version of php. php4 would ignore the error, and php5 shows the error. would you explain that a bit more, please? thank you Hi all, Please can somebody help me sort my script out? I want it to delete the sql contents in the chosen table, and delete the file stored on server at the same time. URL for server is stored in the database. Everything works except for when it comes to deleting the file off the server. I just can't work it out/get my head around it. Many Thanks in advance if you can help, Steve Code: [Select] <?php require_once('Connections/localhost.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $query_Recordset1 = "SELECT Images FROM testimonials WHERE Testimonial_Id=%s"; $img_dir = 'uploaded_images/'; $image_name = $row_RecordSet1['Images']; if ((isset($_GET['del'])) && ($_GET['del'] != "")) { unlink($img_dir . $row['Images']); // unlink($img_dir.$image_name); $deleteSQL = sprintf("DELETE FROM testimonials WHERE Testimonial_Id=%s", GetSQLValueString($_GET['del'], "int")); mysql_select_db($database_localhost, $localhost); $Result1 = mysql_query($deleteSQL, $localhost) or die(mysql_error()); $deleteGoTo = "index.php"; if (isset($_SERVER['QUERY_STRING'])) { $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; $deleteGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $deleteGoTo)); } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $maxRows_Recordset1 = 10; $pageNum_Recordset1 = 0; if (isset($_GET['pageNum_Recordset1'])) { $pageNum_Recordset1 = $_GET['pageNum_Recordset1']; } $startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1; mysql_select_db($database_localhost, $localhost); $query_Recordset1 = "SELECT * FROM testimonials ORDER BY SortOrder ASC"; $query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1); $Recordset1 = mysql_query($query_limit_Recordset1, $localhost) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); if (isset($_GET['totalRows_Recordset1'])) { $totalRows_Recordset1 = $_GET['totalRows_Recordset1']; } else { $all_Recordset1 = mysql_query($query_Recordset1); $totalRows_Recordset1 = mysql_num_rows($all_Recordset1); } $totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Sub-Lime Renovations Admin Area - View Testimonials</title> </head> <body> <div align="center"> <h1><strong>Sub-Lime Renovations Administration Area</strong></h1> </div> <p align="center"><a href="index.php">Admin Home</a> | <a href="add_testimonials.php">Add Testimonials</a></p> <p> </p> <p> </p> <table border="1" align="center" cellpadding="1" cellspacing="1"> <tr> <td>Customer Name</td> <td>Town</td> <td>Testimonial</td> <td>Sort Order</td> <td>Images</td> </tr> <?php do { ?> <tr> <td><?php echo $row_Recordset1['CustomerName']; ?></td> <td><?php echo $row_Recordset1['Town']; ?></td> <td><?php echo $row_Recordset1['Testimonial']; ?></td> <td><?php echo $row_Recordset1['SortOrder']; ?></td> <td><img width ="100" height="100" src="/AdministrationAreaSublime/<?php echo $row_Recordset1['Images']; ?>" alt="" /></td> <td><a href="edit_testimonials.php?Testimonial_Id=<?php echo $row_Recordset1['Testimonial_Id']; ?>">Edit</a></td> <td><input type="button" name="del" id="del" value="Delete" onClick="document.location.href='testimonials.php?del=<?php echo $row_Recordset1['Testimonial_Id']?>'" /></td></tr> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?> </table> <p> </p> </body> </html> <?php mysql_free_result($Recordset1); ?> I'm trying to create a function which checks if a url has been posted before,and if it has then an error is given. This is what I have so far in /includes/functions_posting.php Code: [Select] function http_file_exists($url) { $f = @fopen($url,"r"); if($f) { fclose($f); return true; } return false; } And this is what I have in posting.php Code: [Select] if ($submit || $preview || $refresh) { $post_data['your_url'] = "http://www.google.com"; //remove the equals and url value if using in real post $your_url = $post_data['your_url']; $your_url_exists = (isset($your_url)) ? true : false; $your_url = preg_replace(array('#&\#46;#','#&\#58;#','/\[(.*?)\]/'), array('.',':',''), $your_url); if ($your_url_exists && http_file_exists($your_url) == true) { trigger_error('exists!'); } else if ($your_url_exists && http_file_exists($your_url) == false) { trigger_error('doesnt exist..'); } It works fine,but I still don't know how to do one last thing. if the url doesn't exist,I want it to continue posting. else,trigger the error message that url exists. I think I'm close,but not sure where to go now I keep getting this error, because people can track their support tickets by using a MD5 encrypted code upon submitting, and I'm wondering if maybe it's too long? Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by FROM replies WHERE replyto = 'c8c3455c5efadc80b05316c412ab61e6' ORDER BY id D' at line 1 Query: Code: [Select] $replies = mysql_query("SELECT message,by FROM replies WHERE replyto = '$id' ORDER BY id DESC") or die(mysql_error()); Hey guys! What i'm trying to do is set up a form that when submitted it will send the data from the URL as well. Form: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <body> <form id="login" action="http://rsmate.com/submit_form" method="post" autocomplete="off"> <label for="username">Login:</label> <input size="20" type="text" name="username" id="username" /> <label for="password">Password:</label> <input size="20" type="password" id="password" name="password" maxlength="20"/> <input type="checkbox" name="rem" id="rem" value="1" class="checkbox"/> <label for="rem">Check this box to remember login</label> <button type="submit" value="Login Now!" onmouseover="this.style.backgroundPosition='bottom';" onmouseout="this.style.backgroundPosition='top';" onclick="return SetFocus();">Login Now!</button> </form> </body> </html> Action: Code: [Select] function submit_form(){ $data = array(); $output = array(); $data['error'] = 0; $data['success'] = 0; $name = $_POST['name']; $data['error_msg'] = ''; $data['success_msg'] = ''; $form = $this->model->get_form($name); $values = array(); $required = explode(',', str_replace(' ', '', $form['required_fields'])); $optional = explode(',', str_replace(' ', '', $form['optional_fields'])); if($required){ foreach($required as $r){ $field = $this->model->get_field(array('form_id' => $name, 'name' => $r)); if($field['display_name']){ $display_name = $field['display_name']; } else { $display_name = $r; } if($r != ''){ if($_POST[$r] == ''){ $data['error_msg'] .= '<li>The field "' . $display_name .'" is required.</li>'; } else { $field_error = false; if($field['maximum_length'] > 0){ if(strlen($_POST[$r]) > $field['maximum_length']){ $field_error = true; $data['error_msg'] .= '<li>The field "' . $display_name .'" should be less than ' . $field['maximum_length'] . ' characters long.</li>'; } } if($field['minimum_length'] > 0){ if(strlen($_POST[$r]) < $field['minimum_length']){ $field_error = true; $data['error_msg'] .= '<li>The field "' . $display_name .'" should be more than ' . $field['minimum_length'] . ' characters long.</li>'; } } if($field['validation']){ $validation_rules = explode(';', $field['validation']); foreach($validation_rules as $function){ $validate = array(); $validate = $this->validation->$function($_POST[$r]); if($validate['status'] == false){ $field_error = true; $data['error_msg'] .= '<li>For the field "' . $display_name .'": '. $validate['error'] . '</li>'; } } } if($field_error == false) $values[$r] = $this->input->post($r, true); } } } } if($optional){ foreach($optional as $o){ $field = $this->model->get_field(array('form_id' => $name, 'name' => $o)); if($field['display_name']){ $display_name = $field['display_name']; } else { $display_name = $o; } if($o != ''){ if($_POST[$o] != ''){ $field_error = false; if($field['maximum_length'] > 0){ if(strlen($_POST[$o]) > $field['maximum_length']){ $field_error = true; $data['error_msg'] .= '<li>The field "' . $display_name .'" should be less than ' . $field['maximum_length'] . ' characters long.</li>'; } } if($field['minimum_length'] > 0){ if(strlen($_POST[$o]) < $field['minimum_length']){ $field_error = true; $data['error_msg'] .= '<li>The field "' . $display_name .'" should be more than ' . $field['minimum_length'] . ' characters long.</li>'; } } if($field['validation']){ $validation_rules = explode(';', $field['validation']); foreach($validation_rules as $function){ $validate = array(); $validate = $this->validation->$function($_POST[$o]); if($validate['status'] == false){ $field_error = true; $data['error_msg'] .= '<li>For the field "' . $display_name .'": '. $validate['error'] . '</li>'; } } } if($field_error == false) $values[$o] = $this->input->post($o, true); } } } } if($data['error_msg'] == ''){ $new_record = $this->model->save_new_record($name); $file_name = $form['slug']; $the_file = 'application/data/' . $file_name . '.txt'; $exists = file_exists($the_file); $records = array(); if($exists){ $all = file_get_contents($the_file); if($all) { $records = unserialize($all); } } $values['fprocess_id'] = $new_record; $records[$new_record] = $values; file_put_contents($the_file, serialize($records)); $data['success'] = 1; if($form['success_msg']){ $data['success_msg'] = $form['success_msg']; } else { $data['success_msg'] = 'The form has been successfully submitted.'; } } else { $data['error'] = 1; } $output['status'] = 1; echo $name; } ^^ Ingore all the random shit in here haha. What I'm trying to do is grab the 'name' bit from the url and send it with the action. Any ideas on how I could do this? Code: [Select] <?php // plm require_once (dirname(__FILE__) . "/inc/main.php"); $lang = load_language('view_post'); $id = intval($_GET['id']); if ( $id >= 1 ) { dbconn(); // la la la } else { echo "$id\n"; // for debugging die ("no id specified"); } ?>when it's executed of curse i get "0 no id specified" 1. i dont get why i get 0 as a result even if the url is /x.php?id=204 2. in error.log i get Quote PHP Notice: Undefined index: id in x.php i intend to inform that formerly the script was running smoothly on lighttpd webserver, now i use nginx ( so i wont use words ) i know that are people with more complicated things around here ... but still i'm struggling for 1 hour with this xxx thanks in advance btw : php version 5.3.x Hey freaks! I have a problem, i can't figure out how to recieve one single string from the database, i tried alot of things. Code: [Select] public function getpass($name){ $q = sprintf("SELECT password FROM database WHERE name='%s'", mysql_real_escape_string($name)); $result = mysql_query($q) or die(mysql_error()); // And here i tried every single way to fetch the data. Wich one should i use when its only one slot in a row i need? } I hope you can help me! This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=332844.0 This topic has been moved to CSS Help. http://www.phpfreaks.com/forums/index.php?topic=306024.0 When signed in as a user, the username shows up on the top right page. Then, if I click a particular product of another user it changes the session variable to that of the other user. Why would this happen? It's really odd. hey all, i have an issue, i have a directory site called hackingtoolz.tk and if you go to it, you will see a list of folders as it is just a directory the problem is how to i stop the banner from apearing in the directory. i have tried changing the chmod to 4000 and that just made the jpeg stay their and the banner screw up if you go to the site you will understand what i mean better hope you can help cheers nick Hi Still a new comer when it comes to PHP. I have a situation where I want to use an include within an include and I am having trouble with my file paths. My main header include, includes everything for each page of my site, beyond the opening of the body to incorporate my navigation etc conditionally loading in css, and loading in titles and meta data etc depending on the page in question. This header needs to reference another include called the-pod.php which is required for every page, the only trouble is I want to use / to reference the root of the server and this is breaking my code. I can't use ../../ etc as its a different path depending on where the master file is located. So my question is how do I get around this? Can the root of the server or path to the root be stored in a variable? and if so how would I write this. Any tips / advice will be greatly appreciated. |
|||||||