PHP - Should You Hide .php ?
Does showing .php on the end of web pages pose any security risk? My websites uses mod_rewrites pretty extensively, e.g.
www.mysite.com/profiles/saranaclake www.mysite.com/subscribe/view-offers
However I still have a lot of web pages which are static pages that end with .php and I'm wondering if I should clean that up both for aesthetic reasons and for security...
Similar TutorialsHi guys I would like one of you to help me. I have a bit of trouble with the echo, where I don't want to print out on the php page. The echo that I don't want to print out on my page is "The information have already been updated in the database". I don't want to get rid of them, but I want to hide them in the php unless I update some information using with the methods through $username and $name. Here's the code: <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'myuser'); define('DB_PASSWORD', 'mypass'); define('DB_DATABASE', 'mydbname'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $username = clean($_GET['user']); $password = clean($_GET['pass']); $user = clean($_GET['user']); $image = clean($_GET['image']); $name = clean($_GET['name']); if($username == '') { $errmsg_arr[] = 'username ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'PASSWORD ID missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $qry="SELECT * FROM members WHERE username='$username' AND passwd='$password'"; $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error()); if(mysql_num_rows($result) > 0) { $qrytable1="SELECT id, image, name FROM favorites WHERE username='$username'"; $result1=mysql_query($qrytable1) or die('Error:<br />' . $qry . '<br />' . mysql_error()); $row = mysql_fetch_row($result); echo "The information have already been updated in the database"; } else { if(isset($_GET['user'])) { $insert[] = 'username = \'' . clean($_GET['user']) .'\''; } if(isset($_GET['image'])) { $insert[] = 'image = \'' . clean($_GET['image']) . '\''; } if(isset($_GET['name'])) { $insert[] = 'name = \'' . clean($_GET['name']) . '\''; } $names = implode(',',$insert); $sql = "INSERT INTO favorites (username, image, name) VALUES ('$user','$image','$name')"; if (!mysql_query($sql,$link)) { die('<br>Error: ' . mysql_error() . "<br>Query: $sql" ); } echo "The information have been updated."; } while ($row = mysql_fetch_array($result1)) { echo "<p id='image'>"; echo $row['image'] . "</p>"; echo "<p id='name'>"; echo $row['name'] . "</p>"; echo '<p id="delete"> <a href="delete.php?id='.$row['id'].'">Delete</a></td>'; } } ?> Any advise would be much appreicate. Thanks, Mark Hi, I have a question, just to satisfy my curiosity. How do people hide their copyright text or links? For example there are a lot of free source like joomla extension with their signature on the bottom. I wanted once to remove a text of copyright from a php script, but i couldn't find it. I even use kind of search word in files software. Ok.. I stopped looking for it, but I'm still curious. How do they do that? Do they include from outside the scirpt? It is possible to hide the data in the url?! I have something like this: ?action=viewArticle&articleid=1 Hi all I know this contains a bit of JavaScript but it comes from some dynamically created pages using php which are causing it an issue. Here's my scenario. I have a DB with locations, regions, jobtitles and names in it. My users can select from the DB a specific job title or a location. This can produce a report of information from a couple of people, up to over 100 (who can still be filtered by any of the above DB columns) I want to dynamically produce some JS buttons to show / hide any sections which are irrelevant to the user. eg I select by job title, it gives me all the managers, duty managers, staff, cleaners, etc from the DB for all locations. I then want 5 buttons to be on the page, each with a different region on it. (this I can do) I can dynamically label the divs around each of the user information. The issue I have is making the buttons do what I want. So if you press a button labelled "North West" it hides all records which are not from northwest region. Here's what I have so far, I just can't seem to get the functionality right as I know very little about JS. Code: [Select] <script language=javascript type='text/javascript'> function showdiv(pass) { var divs = document.getElementsByTagName('div'); for(i=0;i<divs.length;i++){ if(divs[i].id.match(pass)){//if they are 'see' divs if (document.getElementById) // DOM3 = IE5, NS6 divs[i].style.visibility="visible";// show/hide else if (document.layers) // Netscape 4 document.layers[divs[i]].display = 'visible'; else // IE 4 document.all.divs[i].visibility = 'visible'; } else { if (document.getElementById) divs[i].style.visibility="hidden"; else if (document.layers) // Netscape 4 document.divs[i].visibility = 'hidden'; else // IE 4 document.all.divs[i].visibility = 'hidden'; } } } </script> and then one my php has processed I get a record such as. Code: [Select] <div id='NEREGION'> <table border='1' > <tr><td colspan='4'>Glasgow </td></tr> <tr><td colspan='2' >Employee Name : **********</td><td >Employee Number : *****</td><td colspan='2'>Start Date 25th November 2002</td></tr> <tr><td colspan='3'> </td><td rowspan='3'><img src='image.php?ed=2063&y2007=1&y2008=1&y2009=0&y2010=0&y2011=0&forename=1234&surname=5436' height ='400px' width='350px'></td></tr><tr><td colspan='2'>20th June 2007</td><td> NFR Petrol Delivery - Refresher Course</td></tr><tr><td colspan='2'>2nd December 2008</td><td> Incremental Sales</td></tr></table></div> Any ideas? Hi all, Relitively new to PHP but am trying to code a site that dynamically creates urls using Joomla CMS. Basically I'd like a div to show on pages' url starts /component/.... but hide it if not. The urls of the pages on which the div is to be hidden start /index.php?. I've tried Code: [Select] <?php if (strpos($_SERVER['REQUEST_URI'], 'component') > 0) { echo '<div id=\"stuffdiv\">stuff</script></div>';} ?> only issue is... its always fasle hence the div never shows. If i replace > with >= its always true, and appears on all pages, even those not containing 'component'... Can someone tell me if this should work or if Im being really stupid? Thanks in advance! Tom hi everyone. i need to figure out how to display one tr or another based on if N/A appears in one of the TR's. if i use: 'if ($result['NoChargeFile'] = 'N/A')' it repeats N/A for all rows. if i use: 'if ($result['NoChargeFile'] = N/A)' only the TotalFees TR is displays. What i need to do is display the TOTALFEES if the NOCHARGEFILE is not N/A. If NOCHARGEFILE is N/A, display N/A instead of the TOTALFEES. Any ideas how to fix this issue? thanks. Code: [Select] <?php echo "<table width='100%' border='0' cellpadding='1'>"; $string = $string."$pages->limit"; $query = mysql_query($string) or die (mysql_error()); $result = mysql_fetch_array($query); if($result==true) { do { echo "<tr>"; echo '<td nowrap>' . $result['CompanyName'] . '</td>'; echo '<td nowrap>' . $result['CompanyReferenceNumber'] . '</td>'; if ($result['NoChargeFile'] = 'N/A') { echo '<td nowrap>' . $result['NoChargeFile'] . '</td>'; } else { echo '<td nowrap>' . $result['TotalFees'] . '</td>'; } echo '<td nowrap>' . $result['DateRecorded'] . '</td>'; echo '<td nowrap>' . $result['DateClosed'] . '</td>'; echo "</tr>"; } while($result = mysql_fetch_array($query)); } // close table> echo "</table><hr>"; ?> I figured it out. i need == not =. Hi can any one help iv built a cms but when i had a page how easy is it to have a show or hide while making changes to the page many thanks for any help I have a particular PHP file which is publicly located, however, I don't want anyone but me to access. Below are my thoughts how to do so. Please comment.
Use an uncommon name, and definitely not index.php.
Either include a file called index.html in the same directory, or set up Apache not to show them using Options -Indexes, or maybe both for good measure.
Require some variable to be set to a given value in either the GET or POST array, and if not set, throw a 404 header and display the 404 missing file HTML. In my php web site the video player appears and plays the video. In Chrome you can right click on the player screen and choose 'inspect element' etc, but another choice is 'Copy video URL'. How can I block that, or hide (or disguise/rename) video URLs?
Hi I need a script to hide IP address with proxy and read a web page
$username="myuser"; The script doesn't work, it doesn't show me the page output. Any solution? Here is what is echoing the string "Resource id #1". However I do not know if it is the php or javascript that is outputting this. Can anyone tell me why this is showing and how to make it not show? PHP: Code: [Select] $directory = "Images/items/$product/"; //get all image files with a .jpg extension. $images = glob($directory . "*.jpg"); $imgone = $images[0]; $gallery = '<tr><td valign="top" align="center">'; foreach($images as $image) { $tn = explode("/", $image); $tnname = $tn[3]; $gallery .= '<a href="#" rel="'.$image.'" class="image" alt="Images/items/'.$product.'/large/'.$tnname.'"><img src="Images/items/'.$product.'/thumbs/'.$tnname.'" class="thumb" border="1" style="margin-bottom:7px;"/></a> '; } if(is_dir("Images/items/".$product)) $gallery .= "</td></tr><tr><td width='300'>".$link."<div id='image' class='bigimg' align='left'>"; if(is_dir('Images/items/'.$product)) $gallery .= '<img src="'.$imgone.'" border="0"/></div></a></td></tr>'; JS (jQuery) Code: [Select] $(function() { $(".image").click(function() { var image = $(this).attr("rel"); var large = $(this).attr("alt"); $('#image').hide(); $('#image').fadeIn('slow'); $('#image').html('<a href="' + large + '" ><img src="' + image + '"/></a>'); return false; }); }); Hi Sorry if this is the wrong place for this but I'm totally stumped here and I know its a basic question but I'm very new to php and I need help :-) Basically all i would like to do is hide certain file types, folders (specifically the folder .AppleDouble) and hidden files, below is my code so far and I'd really appreciate it if anyone could help me out by taking a look! Any help would be very gratefully received! Here's my code so far: <? $rootdir = "../media/Documents"; function printdir($dir) { $dircount = 0; $filecount = 0; $handle = opendir($dir); while (false != ($file = readdir($handle))) { if (@filetype($dir . "/" . $file) == "dir" AND $file != "." AND $file != "..") { $dirlist[$dircount] = $file; $dircount++; } else { if (strtolower(substr($file, -4)) == ".avi") { $filelist[$filecount] = substr($file, 0, (strlen($file)-4)); $filecount++; } } } closedir($handle); if ($dircount>0) {sort ($dirlist);} if ($filecount>0) {sort ($filelist);} for ($i = 0; $i < $dircount; $i++) { echo "<dl>\n"; echo "<dt><B>" . $dirlist[$i] . "</B></dt>\n"; flush(); printdir($dir . "/" . $dirlist[$i]); echo "</dl>\n\n"; } for ($i = 0; $i < $filecount; $i++) { echo "<dd>" . $filelist[$i] . "</dd>\n"; flush(); } if ($filecount + $dircount == 0) { echo "<dd><i><empty folder></i></dd>\n"; } } printdir($rootdir); ?> Hi guys, I want to set up a php script to connect to php sources on another site, something is like this: <?php $mysql = array ( 'host' => 'http://www.mysite.com/myscript.php', } <?php try { include_once('mysql_connect.php'); } Is the source is correct to use that I want to read the script while hide the actual url in the config php script?? Thanks, Mark Hei everyone. When any one clicks on any ad network banner that i place on site after a click on banner i want it to hide / remove. I need this so wont have multiple ad clicks and prevent being banned I dont need a function on a simple click anywhere on page. I need when banner clicked to get hidden after the click is made on it. Edited October 17, 2015 by skendoHello,
I have 3 buttons on my website,
I also have 3 divs with content in it(a lot of pictures in each).
So imagine that when someone clicks on the button A, DIV A shows up but DIV B & C hide.
What I am not too happy about is that I have noticed that even if the DIV are hidden, the whole graphics are loaded.
Is there a way to put the content into other files and only load the files when the user request it please so I can then load the page empty(onload only).
Thank you,
Ben
example: you have a file cabinet, then you reach for a folder
pull the folder half way out, and see only half the folder
pull the folder the rest of the way out, you can see the whole folder
problem: How do I make the div visible only up to the point it's pulled out?
What I have:
style="width:100%; height:100%; overflow:hidden;" Hi,
I have some show/hide links like this:
<a href="javascript:ReverseDisplay('content1')" class="hide-show-button">show</a> <a href="javascript:ReverseDisplay('content2')" class="hide-show-button">show</a> <a href="javascript:ReverseDisplay('content3')" class="hide-show-button">show</a> <a href="javascript:ReverseDisplay('content4')" class="hide-show-button">show</a>using this code: var click = 0;If I click one link, it shows the content and then shows "hide" which is correct. However, if I click another link, it shows the content, but displays "show" until I click it again, so I end up in a strange loop. Is there a way I can have each of the link always display "show" when not collapsed and "hide" when collapsed? Thanks! I'm using this php code and would like to know if there is a way to hide the email? Code: [Select] echo "Email: <span style='color:#00F'><a href='mailto:".$result['email']."?subject=".$result['title']."'>".$result['email']."</span></a>"; This topic has been moved to HTML Help. http://www.phpfreaks.com/forums/index.php?topic=350146.0 So I am completely done with my forum after several posts here and a lot of time. But crap! I just realized that the way my avatar system works it will give away the password! I REALLY don't want to redo that system because truth is it is about 40 percent of the entire sites coding. It works by making pictures in a directory named the usersname.thepassword . Whatever filesystem. Now when I echo the path everyone can see the password and username in the source code! And thy can click it to see the picture! Is there a way to hide the paths or the source codeM thanks! |