yes thats what i have been doing, i have a book on php, though it uses php 3 or 4 or something so its sligthyl old. but alot of it was useful and it went through the importance of checking ever command like that
Printable View
yes thats what i have been doing, i have a book on php, though it uses php 3 or 4 or something so its sligthyl old. but alot of it was useful and it went through the importance of checking ever command like that
Also, php.net is very useful.
Just go to php.net/function, to get the man page on it along with user comments, etc.
i have this part in my code. which DID work then out of nowhere it stopped working and i cant understand it. this is apart of my registration process to make sure the user input the right kind of information
whenever they input something wrong it goes into the first if statement (with all the ||) if nothing is wrong it skips over the if statement, like it should be.PHP Code:
if(($username_check > 0) || ($usersite_check > 0) || ($usersite_check2==0) || ($password_check==0) || ($email_check2==0))
{
if($username_check > 0){
header("Location: register.php?error=2"); //Sorry, that username already exists
}
if($password_check == 0){
header("Location: register.php?error=3"); //The Password and Confirmation Password you entered do not match
}
if($email_check > 0){
header("Location: register.php?error=4"); //sorry that email is taken
}
if($email_check2 == 0){
header("Location: register.php?error=5"); //The Email and Confirmation Email you entered do not match
}
if($usersite_check > 0){
header("Location: register.php?error=7"); //Sorry, that web url is taken
}
if($usersite_check2 == 0){
header("Location: register.php?error=8"); //your web url can only contain letters and numbers
}
header("Location: register.php?error=9991"); //if somehow they got through those if statements, send em back to register
die("error, report to webmaster ($site_email)");
}
see how on the bottom i have the "//if somehow they got through those if statements, send em back to register" part. well when it goes inside this if statement, which means it had to qualify as one of the if statements which are seperated with ||. but it NEVER will go into the ifstatements below it, and always goes to the backup header command i put.
i can't figure out why it does this, it also skips over them if i place them outside the "mother" if statement
I haven't done much php, but looking at the structure of the conditional it's pretty obvious that
a) the header for error # 9991 will always be sent if any error occurs
b) up to six additional headers will be sent depending on how many fields are invalid
it seems to me that you'd only wany to send one header if an error occurs. in that case, why not string together all of the errors and send them as a single header?
And as a side note, sending relative URLs in the Location header field is a violation of the HTTP spec, even though practically all user agents accept it. (Lynx prints a warning.)
Quote:
Originally Posted by Sebastiani
that was actually my plan, and thats when i figured out that my registratinon check process was broken.
actualy as i am typing this now i realised that i don't even need that whole section
lynx?Quote:
Originally Posted by CornedBee
I'd assume he means http://lynx.browser.org/Quote:
Originally Posted by MisterSako
oh i've never heard of it before.
im thinking the fact it's a text only browser would probally very very few to none visitors are going to see my site with lynx
Perhaps. But the fact that it's a text browser makes it a great tool to check your site for basic accessibility. It gives you the answer to the question, "Does my site work if someone doesn't have all the niceties of a modern browser?" Think about mobile phones and other simple devices.
I also just mentioned it because it's picky enough to actually mention your HTTP violation.
I often use Lynx during setting up my Linux computers, by the way, when I need to check something about hardware or download some file. That's before I get a GUI running, so I can't use anything better.
hmm that is a good point. i guess the goal of computer sceince isnt ALWAYS to be lazy :-p
on another note invovlnig my registration process. it jsut occured to me that if you get a error all the fields will be blank if you inputed some wrong data, which could be annoying to the user if they had to write alot of stuff. they could hit the back button and have their infortmation back, but that seems amatuerish and plus it may not always work because of peoples bowsers and stuff.
so im thinking, if i send their input values back through from the process.php file to the register.php file using GET so that the value of the fields will be as they last entered them .
( value="<?php $username ?>" )
could this pose any kind of secruity threat? i dont normally like to just print out variables like this without using some kind of checker statement to verify that the user didnt type their own stuff in the address bar. but this is the only thing i can think of doing besides combining the registering and processing functions into one document.
Which, slightly modified, is not a bad idea. Basically, you should always separate processing and displaying in the code anyway. If you have both well encapsulated, it's easy to make the two effectively the same, so you can directly reuse the values.Quote:
besides combining the registering and processing functions into one document.
That said, there is no security issue with just GET-forwarding the variables - the only problem would be the long querystring, which might be longer than what the server wants to handle. (I think Apache rejects URLs longer than ~1000 characters, perhaps even less.)
Well, don't forward the requested password, as it would appear in clear text in the URL, and users might not like that.
Boy, I wish I had found this thread sooner because then I wouldn't have to make such a huge post. Here it goes:
Yes, infact it's quite common for smaller scripts. Take for instance this bare bone code:Quote:
Originally Posted by MisterSako
All this requires is that in your forms you include a hidden variable called action so you can easily find out what you should be doing in your code. If you didnt specify an action variable you'd have huge if statements check for which variables should be defined. By using a simple action variable you group your variable checks into single sections. Nice neat code.PHP Code:
switch($_REQUEST['action']) {
case "login":
login();
break;
case "search":
search();
break;
default:
main_page();
break;
}
function login() {
// check if $_REQUEST['user'] and $_REQUEST['pass'] is set
// .. if not display login form and return;
// if set, check if this is a valid login (escape input if this is a mysql ceck.
// $usrname = mysql_real_escape($_REQUEST['user']);
// $passwrd = mysql_reql_escape($_REQUEST['pass']);
// $sql = "select * from login_table WHERE user = '$usrname' AND pass = '$passwrd'";
// .. if result is null display bad login message, display login form again and return;
// if login is good, set session variables, and forward back to the main page.
}
function search() {
// check if search input is specified, if not display search form
// if search is specified display search results return;
}
function main_page() {
// display your main page
// return;
}
The problem with your second loop not working is that you've already looped through all the record sets. Mysql queries return a record set just like an associative array.Quote:
Originally Posted by MisterSako
The code:
Says logically while mysql returns me a record set I want to do this loop. I dont want to exit until fetch_array is null. Hence you come out of the first loop already at the end of your array. Luckily, mysql has a handy dandy function that allows you to reset the record set index. It's mysql_data_seek. However, you should rewrite the code so you don't need to do this as its very unefficient and theres probably a tremendously better way to do it. It looks roughly like you want to know how many QnA's you selected. So you can use mysql_num_rows() To find out.PHP Code:
while($row = mysql_fetch_array( $result ))
In the php.ini file there's some php tag options. One is asp tags, the other is short tags (<? ?>).Quote:
Originally Posted by MisterSako
Quote:
Originally Posted by php.net
The customary method is to stay at the login page on error. Ie if the login is being processed on a seperate file, you could also have the same login form in that page so you can echo out an error and display the login again. You could also use session variables even though the user hasn't logged in yet. Just set $_SESSION['login_error_msg'] = "you failed at loggin in"; Then on the main page check to see if the variable is set, if so display the message.Quote:
Originally Posted by MisterSako
Session's are the standard form of variable storage. To keep things secure, the onlything that should be stored in a cookie, is a session id. If they edit the value, then all they do is lose their session.Quote:
Originally Posted by MisterSako
Use strpos to find the location of a string within a string. If the string does not contain the search, it returns false. In php to determine the difference between false and 0 (because a sub string could start @ 0) use !== or ===. The three character signs mean check variable type as well as value.Quote:
Originally Posted by MisterSako
Not a command persay, but very easy to accomplish.Quote:
Originally Posted by MisterSako
use -8, because character indexes are 0 based, but strlen is 1 based.PHP Code:
$newstring = substr($oldstring, strlen($oldstring)-(8), 7);
This is a fun one, as it involves a neat logic trick.Quote:
Originally Posted by MisterSako
PHP Code:
$search_str = strrev($str);
$needle_str = strrev($needle);
$last_pos = strpos($needle_str, $search_str) - (strlen($search_str) - strlen($needle_str));
// (13)
Hello World! World! // 18 long
// (5)
!dlroW !dlroW olleH // 18 long
// 18 - 5 = 13 // huzah
Welcome to the Repeating Department of Redundancy Department (RDR Department).Quote:
Originally Posted by MisterSako
Chop off the first if statement and just use the nested statements. Also, if you are using cookies, you should be aware that header() tends not to work as session_start() sends out header statements that will make the header() function error out. Use a javascript, or html meta redirect instead unless you know your session isn't going ot use cookies and send out headers before hand.
Just conformation here:Quote:
Originally Posted by CornedBee
http://www.zend.com/zend/spotlight/mimocsumissions.php
Quote:
Originally Posted by Zend
i can't seem to figure out how to send POSTs between pages without it being a form. can someone give me an example of a variable being sent to a page using the POST method (with out it behing a form)
i would appreciate it
To my experience, it's not possible. Did you use the following, by the way? I don't see any disadvantage of using it.Quote:
Originally Posted by MisterSako
Code:<form ...>
<input type="hidden" name="someName" value="someVal" />
...
</form>