Date: 01/01/06     Keywords: php, mysql, sql

Ok, new problem.

I have got my fulltext searches to work, but am very much against the idea of stopwords. many of them I want people to be able to search.

Now I have tried setting the path of the file containing them to nothing, but my shell access is having an off day (plus I don’t really want to change thing in there).

Is there a way in the query of letting some of the stopwords pass. I’m using version 4.0.25

Thanks for any help

(i know this is a php group, but not everyone here is part of mysql, but most of you seem to know your way round it (plus, this is for a php search page :D))

x posted to mysql

Source: http://www.livejournal.com/community/php/387303.html

Date: 01/01/06     Keywords: php, mysql, html, sql, web

Hi all, I'm a complete and total noob to PHP and MySQL. I'm working on putting up a site/cart for a friend.

http://www.allthingsally.com

I'm barely dipping my toes in, I know, I'm using a pre-made cart, that self-installs, has a web-based back-end built in, and should be easier than pie.

I've managed to get much of the changes made from the demo cart that I wanted to, and now I'm stuck. The pages are all basically built off of a single template, and it's an HTML template at that, so it should be more in my realm of expertise. Now as you can see on the page, there is a graphic/logo that should be displaying on the top, but for the life of me, I can't get it to work. I've stared at it and relinked for about 4 hours now, and I'm getting no-where. Any help/ideas would be swell.

If this is too vague, or doesn't make any sense, just let me know and I'll elaborate any way I can. I'm sorry if this is beyond stupid.

Thanks in advance.

Source: http://www.livejournal.com/community/php/386583.html

Date: 12/31/05     Keywords: php, mysql, html, sql

Ok, I'm being slowly driven nuts by this. There is a syntax error and whatever it is, my eyes are just sliding right past it each time. If anyone can spot it I will be eternally grateful. The error is "
Parse error: parse error, unexpected ';' in /home/remove/public_html/test/root/admin_functions.php on line 35"

I have marked the line 35 in red.

If anyone can think of a better way of doing this (while your here) that would be great. It takes tags much like you would set for an LJ entry, splits them up and then checks the tags table for them, if they aren’t there it then adds them. Then for each tag, it sets up a map in the maptag table which links the page_id to the tag id (the tag id in the tags table is set in an auto_increment, so it have to run yet another query to find this out).

It doesn’t have to be too fast though, its only admin.

function update_tags($page_id, $tags_string)
{
$tag_array = explode(',', $tags_string, -1);
$count = count($tag_array);
for ($i = 0; $i < $count; $i++)
{
$update_tags_query = "SELECT `id` FROM `tags` WHERE `name` = '" . $tag_array[$i] . "'";
$update_tags_result = mysql_query($update_tags_query) or die('update tags query failed: ' . mysql_error());
if(mysql_num_rows($update_tags_result)==0)
{
//add entry to tags table
$tag_update_query = "INSERT INTO tags (name) VALUES ('" . $tag_array[$i] . "')";
mysql_query($tag_update_query) or die('tag update query failed: ' . mysql_error());

//then find out the new tags id
$tags_query = "SELECT `id` FROM `tags` WHERE `name` = '" . $tag_array[$i] . "'";
$tags_result = mysql_query($tags_query) or die('tags query failed: ' . mysql_error());
$tags_array = mysql_fetch_array($tags_result);

//then add to the maptag table
$maptag_update_query = "INSERT INTO maptag (contentid, tagid) VALUES (" . $page_id . ", " . $tags_array['id'] . ")";
mysql_query($maptag_update_query) or die ('maptag update query 1 failed: ' . mysql_error());
}else(
//add entries to the maptag table
$update_tags_array = mysql_fetch_array($update_tags_result);
$maptag_update_query = "INSERT INTO maptag (contentid, tagid) VALUES (" . $page_id . ", " . $update_tags_array['id'] . ")";
mysql_query($maptag_update_query) or die ('maptag update query 2 failed: ' . mysql_error());
}
}
}

Source: http://www.livejournal.com/community/php/386426.html

Date: 12/30/05     Keywords: php

Heyho,
can anyone tell me how I can do this ( http://www.totallyphp.co.uk/scripts/random_image.htm ) without having to rename the images and without having to enter a number of images? So it just selects a random image from that folder and I don't have to edit anything at all when there's a new picture or something.
It would also be cool to have the name of the file before the .jpg as alt and title. I'm a noob, so please explain as easy as possible ;)
thnx in advance ;)

Source: http://www.livejournal.com/community/php/386106.html

Date: 12/30/05     Keywords: php

I'm using the sendAndLoad() function from flash and calling a php script called authenticate.php:

$authenticated = 0;
$sender = new LoadVars();
$receiver = new LoadVars();
$sender.sendAndLoad("authenticate.php", $receiver);
if ($receiver.auth == 1) {
$authenticated = 1;
}
trace($receiver.auth);

On the PHP side, here's the script (I tested and know that $_SESSION['user_level'] has already been defined):

= 5) {
$auth = 1;
} else {
$auth = 0;
}
header('Content-type: application/x-www-form-urlencoded');
echo "output=$auth";
?>

When I run flash to see $receiver.auth, I get undefined. Apparently, I'm not setting up the right communication. I'm kinda new to the whole Flash/PHP communication thing. Any suggestions?

Source: http://www.livejournal.com/community/php/385846.html

Date: 12/30/05     Keywords: no keywords

OK, how do I set a cookie when just clicking a link? (?_?)

In other words, how do I put a setcookie in a <.a href.=."".> tag?

Source: http://www.livejournal.com/community/php/385737.html

Date: 12/29/05     Keywords: no keywords

I have two arrays

Array1
(
    [inv1] => Subtotal1
    [inv2] => Subtotal2

}


Array2
(
    [inv1] => Array
        (
            [0] => ID
            [1] => DATE1
            [2] => LastName
            [3] => FirstName
        )
    [inv2] => Array
        (
            [0] => ID
            [1] => DATE2
            [2] => LastName
            [3] => FirstName
        )
}

Array3
(
    [0] => Array
        (
            [ID] => Array
                (
                    [0] => inv1
                        )
                          [0] => DATE1
                          [1] => Subtotal1
                        )
                    [1] => inv2
                        )
                          [0] => DATE2
                          [1] => Subtotal2
                        )

                    [2] => LastName
                    [3] => FirstName
                )
         )
)

Source: http://www.livejournal.com/community/php/384906.html

Date: 12/29/05     Keywords: php, html, security, web, linux, apache

Greetings all, new reader on the community here.

I'm one of the co-administrators of a small private co-op site, and we recently had our webserver hacked. :( We're still trying to figure out why, but there is some suspicion that PHP vulnerabilities might have been the vector of attack. As a result I am planning to upgrade to the latest and greatest version of PHP, but before we go live again with that, I want to review the PHP that runs on a few sites we host and make sure that I've taken care of as many holes as reasonably possible.

We run Debian Linux, and I've just upgraded us to Apache 2.0 as well. (We plan to upgrade to 2.2 as soon as we have a Debian package for that.) And I plan to put PHP 5.0.5 up off of backports.org.

The questions I would like to pose to the community are:

1) Since PHP 5.1.1 is not available in package form yet, are there any known big problems with 5.0 that might make it necessary for me to build 5.1.1 by hand?

2) I've been reading up in the Security chapter of the docs on php.net, as well as the SecurePHP wiki, and have come up with a list of things I know I'd like to look at. Can anyone recommend things besides these items that I ought to look at?

- Use .htaccess to control who gets to look at source code
- Take sensitive data, e.g., passwords, out of public web space
- Verify that register_globals is OFF
- Validate all user data
- Initialize variables
- Turn off magic quotes
- Use addslashes and stripslashes as needed
- Set expose_php = off in php.ini
- Log errors out to files not in public space rather than displaying them on the page
- Use $_POST, $_GET, $_COOKIE, and $_SESSION for global variables
- Use htmlspecialchars() for hidden form values
- For URL stuff, use both htmlspecialchars() AND urlencode(); the latter should be for specific variables in the URL, and the former for the entire URL

Thank you very much in advance for any pointers!

Source: http://www.livejournal.com/community/php/384514.html

Date: 12/29/05     Keywords: php, asp

Does anyone know of any resources for converting PHP to ASP? I know PHP pretty well, but the site I'm working on currently uses ASP.

Later I've got a site-rebuild planned using nothing but PHP, but I've got some work that needs to be done first...

Source: http://www.livejournal.com/community/php/384272.html

Date: 12/28/05     Keywords: php, mysql, sql, web

I'm the webmaster for Devo bootleg archive Booji Boy's Basement, and I'm converting the whole thing to a PHP/MySQL based back end. However, I've run into a bit of a wall trying to figure out how to implement something.

The DVD pages contain thumbnail screenshot images which link to a full-size screenshot. Here's an example. (Thumbnails are at the bottom.) Some DVD have only 3 shots, some as many as 12. I'd like it to be any number (within reason). However, I've no bloody clue about what would be the best way to implement this in PHP and MySQL.

So, if anyone can give me suggestions and guidelines, I'd appreciate it. What I'm looking at is a second table just for the screenshots, each with an identifier linking it to an entry in the DVD table, but I hope there's a simpler way.

Source: http://www.livejournal.com/community/php/383988.html

Date: 12/28/05     Keywords: cms, templates

Ok, I have been working on my CMS for some time now. This is a bespoke one time only product (although I'm writing so it can have mods, new templates etc, so it can be used else where if I ever feel the need). I have now come to the point of my sites forum.

Now as far as I see this, there are two ways of attacking the problem.

1. I can take an "off the shelf package" (I have a version of IPB) and mod this to integrate with my CMS. This will require some very big mods and it will never truly fit in with the look of the rest of the site.


2. I can write my own. Ok, so it would be very simple, but one you can start a thread on and comment on. It would have to be no where near as powerful as IPB, but I could build up its functionality over time.

Source: http://www.livejournal.com/community/php/383623.html

Date: 12/27/05     Keywords: database

Hi everyone,
I am writing a program that uses zip code location information. I am having a really hard time finding a database for this information in a format that I need. Almost all of the databases I have found have the records like this:

Sample Records
"Key West","FL","33040","305","12087","Monroe","P",
"Stock Island","FL","33040","305","12087","Monroe","A",
"Raccoon Key","FL","33040","305","12087","Monroe","N",
"Agoura","CA","91376","818","06037","Los Angeles","A","P"

I think what I may be looking for is a list of states with unique IDs. A list of counties tied to those state IDs. A list of zip codes tied to those county IDs.

Am I wrong? The sample records dont seem to follow the rules for database normalization.

Any insite would be much appreciated.

cross posted.

Source: http://www.livejournal.com/community/php/383371.html

Date: 12/23/05     Keywords: php, mysql, rss, database, sql

Hiya,

I don't have a shell account and uploads via PHP are disabled on my server and this is why I'm looking for a robust RSS parser which feeds into a MySQL database. Since it's nearly impossible to install anything I'm looking for functions/classes I can use.

I have been able to get LastRSS to work but this does not use MySQL and writes to a directory. I need to leave that directory set to 777 - which is, clearly, no good.

I've lost faith in the RSS parser I wrote. It glitches too often.

Does anyone have any recommendations?

Source: http://www.livejournal.com/community/php/383211.html

Date: 12/22/05     Keywords: php, mysql, html, sql, web

I am learning classes (trying to anyway).

I have class called photo. It contains two functions:

create_folder()
sterilize_text()

In the create_folder function I want to clean user uploaded data before creating a folder based on that data. I have a few special rules so I wanted to put this in a seperate function instead of regexing all over my pages.

I read that using functions within functions in classes is easy, but I don't know how and the tutorial I'm using doesn't touch on using nested functions.

So what happens is when I invoke the class and use create_function(), php exits with this:

Fatal error: Call to undefined function: sterilize_text() in /var/www/html/includes/classes.php on line 34
Line 34 is : $brand = sterilize_text($myrow[brand]);

Is there a way to code this so I can use functions within functions, inside of my class? I've included the relevant scripts below.

Thank you.

class photo
{

	var	$model;

	// mk the folder for an uploaded image.
	function create_folder($model)
	{

		global $dbx, $dbxold;
		if (!isnum($model)||strlen($model)>5) {return(false);}
		
		$q = "SELECT brand FROM spec WHERE model='$model'";
		$result = mysql_query($q,$dbxold);
		$myrow = mysql_fetch_array($result);

		$brand = sterilize_text($myrow[brand]); 

		if ($brand=="") {return(false);}
		$webpath = "/images/dirtbikes/$brand";
		$uploaddir = $_SERVER["DOCUMENT_ROOT"] . $webpath;
		if (!file_exists($uploaddir)) {
			mkdir ($uploaddir, 0777);
			chmod($uploaddir,0777);
			if (!file_exists($uploaddir)) {
				echo "
unable to create directory. :(
";
				return(false);
			}
		}

		$dir_array[] = $webpath;
		$dir_array[] = $uploaddir;
		return $dir_array;

	}

	function sterilize_text($text)
	{
		$hyphen = 	"_";
		$dash = 	"-";
		$text = strtolower($text);
		$text = ereg_replace('[^a-zA-Z0-9_\\,]', '', $text);
		$text = ereg_replace('[\\]', $dash, $text);
		$text = ereg_replace('[,]', $hyphen, $text);
		return $text;
	}

}

create_folder($model); 

	echo "
";
	print_r($dir_array);
	echo "
";

?>

Source: http://www.livejournal.com/community/php/382729.html

Date: 12/21/05     Keywords: no keywords

I've read up on basename(), but it doesn't seem to do what I want.

I have several files that all use the same bit of code. In that code, the filename is important to link to the same file in the other language. I'd like to be able to code in the process of getting the filename, rather than having to remember to change it every time. Is there a function to do this? My other searches only turned up stuff on reading in and writing to files, which isn't what I want.

Thanks in advance!

Source: http://www.livejournal.com/community/php/382398.html

Date: 12/19/05     Keywords: php, sql, google

Are there tools I can use to test my scripts for injections, prior to releasing to the public?

If there are standalone products would you be so kind as to provide the name, so I can google a download page?

If there are pages explaining how to actually do php/sql injections could someone provide that too?

Source: http://www.livejournal.com/community/php/381657.html

Date: 12/19/05     Keywords: no keywords

Ok, I'm trying to create what I think is called a parser.

I have some text stored in var (say called $foo) and somewhere in this text is

Now, I'm trying to work out to copy the "function_name" part into another var so I can then search the db for the code and then use the str_replace function to substitute the original tag for the correct code or text.

Now I have been told this is a task for regular expressions, but I have been looking into this and I’m just finding myself getting overwhelmed.

Can anyone help?

Source: http://www.livejournal.com/community/php/381336.html

Date: 12/19/05     Keywords: php, html, security

This forum post got me thinking more about security. (yes, that is me with a similar question there)

http://forum.hardened-php.net/viewtopic.php?id=20

After trying the methods in this blog post got me thinking and looking for an alternative.

http://blog.phpdoc.info/archives/13-XSS-Woes.html

So I started thinking of a safer way to accomplish the same thing. I was looking at the manual at http://php.net/ and came across $_SERVER['SCRIPT_FILENAME'] and did a little playing with it. I did a simple echo statement, and it returned the path for the script and nothing else, even using injection methods. Is this a good substitute for PHP_SELF? Anyone know any security issues with this superglobal? I have several scripts that use PHP_SELF, and would like a safe alternative.

*edit*
I just noticed I accidentally made this friends only post, so I removed that

Source: http://www.livejournal.com/community/php/380992.html

Date: 12/18/05     Keywords: cms, php, mysql, sql

How do you make your site searches? I am constructing (yet another) CMS of late and am once again at the issue of searching. I am trying to build an SQL statement that will do a full text search of looking in several fields and then ranks each return so they can then be ordered by that before looping them out in php.

How do other people do this? have you found a particular way of doing this that you find works well. My current solution isn’t the most efficient method out there.

Thanks

X-posted to mysql

Source: http://www.livejournal.com/community/php/380708.html

Date: 12/17/05     Keywords: spam

So, what am I still missing? 'Cause apparently spam was still getting through, so they shut down the contact processing script at my host.

First off, I secured the script in a folder protected by .htaccess requiring the user to use the "guest" method of logging in.

I added the checks suggested here. What lack I yet?

]*?>.*?@si', // Strip out javascript
 '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
 '@([\r\n])[\s]+@', // Strip out white space
 '@&(quot|#34);@i', // Replace HTML entities
 '@&(amp|#38);@i',
 '@&(lt|#60);@i',
 '@&(gt|#62);@i',
 '@&(nbsp|#160);@i',
 '@&(iexcl|#161);@i',
 '@&(cent|#162);@i',
 '@&(pound|#163);@i',
 '@&(copy|#169);@i',
 '@&#(\d+);@e');
 $replacewith=array('',
 '',
 '\1',
 '"',
 '&',
 '<',
 '>',
 ' ',
 chr(161),
 chr(162),
 chr(163),
 chr(169),
 'chr(\1)');
 $formfield=preg_replace($toclean,$replacewith,$formfield);
 return $formfield;
}


if (!empty($HTTP_POST_VARS)){
 //Set up variables
 $now = date( "D dS M h:m:s" ); // Set these variables according to your details 
 $toAddress = "bii@biistate.net" ;
 $redirect = "contactconfirm.php"; 
 $subject = "Contact Message from BII Website" ;
 
 $formEmail = cleanitup(trim($HTTP_POST_VARS['youremail']));
 $formName = cleanitup(trim($HTTP_POST_VARS['yourname']));
 $formOrg = cleanitup(trim($HTTP_POST_VARS['yourorganization']));
 $formMessage = cleanitup(trim($HTTP_POST_VARS['comment']));
 
 if (eregi("\r",$formEmail) || eregi("\n",$formEmail)){
 die("Why ?? :(");
 }
 
 
 //Check to make sure there's only one email address and nothing else in the email form field.
 if (ereg('^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,4})$',$formEmail)) {
 // is good
 // Email message 
 $message ="\n\r";
 $message .= "Name: " .$formName. "\n" ;
 $message .= "Email: " .$formEmail. "\n" ;
 $message .= "IP Address: ".$REMOTE_ADDR. "\n";
 $message .= "Organization:" .$formOrg. "\n" ;
 $message .= "Comments:\n" ;
 $message .= $formMessage. "\n" ;

 $headers="From: \"".$formName."\" <".$formEmail.">\n";

 $bMailSent = mail($toAddress, $subject, $message, $headers);
 if (!$bMailSent){ 
 echo "Unable to send email"; 
 } 
 else { header("Location: $redirect"); }
 }
 else{
 die('This appears to be spam and will not be sent. Go away.');
 }
 
}


?> 

Source: http://www.livejournal.com/community/php/380498.html