[PHP] Blocking URL hacking attemps
I'm using a script called BlackHole that uses PHP and a "hidden" directory to catch bad bots and block them by their IP address from the site [http://perishablepress.com/blackhole-bad-bots/]. It's working very well, but I'd like to expand on the idea. When looking at our access logs, I see someone "adding code" to our URL's in hopes to, apparently, hack into our site. If our URL is like this: http://www.example.com/pages/bolts.php they are adding to it like this: http://www.example.com/pages/bolts.php/wp-content/themes/functions/thumb.php.cache/external_e19f4bb51bc2262e07d23b79b916c12c.php or http://www.example.com/pages/bolts.php/cart.php or http://www.example.com/pages/bolts.php/wp-content/themes/functions/thumb.phptimthumb.php or http://www.example.com/pages/bolts.php/bratislava/stare-mesto Is there a way that I can trap the "extra" info in the URL's and pass it to the BlackHole script to ban these attempts as well? I'm thinking I'll need to compare the entered URL with $_SERVER["PHP_SELF"] and if there's extra info, like another "*.php", after the page name, then ban the IP. I realize that's a rather simplistic explanation and there may be a better way to accomplish this. If anyone has any examples they can share, I'd really appreciate. Thanks, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] learning resources for PHP
On Apr 18, 2012, at 1:30 PM, Henry Martinez wrote: > I've been having a lot of fun with Beginning PHP 5.3 by Matt Doyle. Covers > basics nicely... > > Also, the code samples and explanations are top notch, and you come to really > understand what it is you're doing.. +1 Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Mar 15, 2012, at 11:52 AM, Stuart Dallas wrote: > Change your php.ini settings to log to a file and set display_errors to off. Sometimes when you ask a stupid question you end up getting a brilliant answer. I had no idea about any of this until I received your response, which got me digging. I found out that I could create a custom php.ini file for my site, and within hours of doing this, I had errors logged that I didn't even know I had and was able to fix them. I've since created a cron triggered script which e-mails me any errors on my site. So thanks, Stuart, for posting your response. So far it's caught a coding mistake (by me) and a "no product found in MySQL" error (because of a discontinued item). I don't mean to sound dramatic, but this changes everything for me. It's great to know that I'll be notified of any little (or big!) problem without having to manually hunt it down. Thanks again, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Mar 15, 2012, at 11:35 AM, Daniel Brown wrote: > On Thu, Mar 15, 2012 at 14:31, Stuart Dallas wrote: >> >> The @ prefix is banned from all code I go anywhere near - it's evil! > >For the most part, I agree with you, Hmm... I use it on my web pages (unless I'm testing) so that if something goes wrong, my customers don't see a bunch of garbage with paths to my PHP scripts. Is there a better way to handle this situation? Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 3:06 PM, tedd wrote: > You know, if you sat down with me and saw how my IDE handles braces, I think > you might see the reason why I code like I do. Tedd, I like the demo. Thanks for posting it. From another post of yours, I take it that you're a Mac guy. Which IDE do you use? Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the best 1 book for php
On Apr 7, 2011, at 7:19 AM, Marc Guay wrote: > session_start(); // Genesis > > // do stuff > > session_destroy(); // Revelation Now THAT'S clever! =:) I'm half way though "Beginning PHP 5.3" by Matt Doyle and I like it a lot. Very readable, and up-to-date. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Last Name extraction in query
Jim, > Actually - I can't seem to find a mysql newsgroup anywhere. The ones that > come up in google search are all dead and buried. I found a mailing list that might work for you: To subscribe to the list, send an empty message to Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bar Charts in PDFs
On Feb 11, 2011, at 2:08 AM, Mattias Geniar wrote: > Have a look at the library called 'pChart': > http://pchart.sourceforge.net/ > While it's a bit old... Actually, it's been updated to v2.1 now. It looks pretty nice. http://www.pchart.net/ Marc
Re: [PHP] Array Symbol Suggestion
Thanks for all the responses to my suggestion. I realize this would be a major change, so that's why I also mentioned it as an addition to the language. I'm sure it's just what you're used to, but still being new to all this, it just makes sense (to me anyway) to have different symbols for different variable types: $scalar @array #hash Since the @ sign is already reserved, maybe there's another symbol that would work better? I don't know. These are just ideas that I came up with while reading and I thought I'd throw it out there to see what others thought. I like the idea of a naming convention, so that's what I'll do in my scripts. I also appreciate the heads up on is_string(), is_array(), and var_dump(). Thanks again, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Array Symbol Suggestion
I'd like to make a suggestion for a change, or possibly an addition, to the PHP language. I'm learning PHP and have been very excited with what it can do in relation to HTML. But when I got to the part about arrays, I was disappointed to see that they are designated with a $ the same as other variables. I was learning Perl before I switched, and it uses the @ sign to designate an array. That makes it a lot simpler to see at a glance what is an array and what isn't - at least for beginners like me. Has there been any talk of adopting the @ sign for arrays in PHP? Or is that symbol used for something else that I haven't read about yet? What is the proper channel for making suggestions like this? Thanks, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 4, 2011, at 5:27 AM, Steve Staples wrote: > I now use Komodo (the free version) on my ubuntu workstation, and I love > it... I dont know how I managed before. I use Komodo Edit on OS X and I love it as well, except for the compare files feature. It's the worst one I've ever used. TextWrangler is far superior for file comparisons. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RIGHT Function?
On Nov 13, 2009, at 6:34 PM, Jim Lucas wrote:
You basic problem with the PHP_EOL is that when echo'ed out, it
represents a \n character.
The value you are working with might be \n\r or just \r
I read the links you sent, plus some others. It took me awhile, but
I get it now. If the "return character" that was entered into that
field is not the same as what PHP_EOL is looking for, it won't work.
$parts = preg_split('|[\n\r]+|', $item['unitprice']);
preg_split works perfectly! Very similar to Perl's split function.
Here's what I have now:
$parts = preg_split('|\s+|', $item['unitprice']);
$price = '$'.number_format((count($parts) > 1) ?
$parts[(count($parts)-1)] : $parts[0],2);
Clean and concise. Thanks a million, Jim! I really appreciate your
helpful responses.
Thanks again,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RIGHT Function?
Jim,
$parts = explode(PHP_EOL, $item['unitprice']);
$price = '$'.(( count($parts) > 1 ) ? $parts[0] :
$parts[(count($parts)-1)]);
For some reason, I couldn't get explode to work with PHP_EOL.
$parts[0] would return the entire field, so apparently it wasn't
"exploding". So I tried exploding on the ')' instead, which worked,
but the return character that's after the ')' was included in the
output, i.e.:
$
6.56
so I added 'trim' which took care of that. I also had to use
'number_format' again, since there are exact dollar amounts like 413.
Here's what ended up working for me:
$parts = explode(')', $item['unitprice']);
$price = '$'.number_format(trim((( count($parts) > 1 ) ?
$parts[(count($parts)-1)] : $parts[0])),2);
Any idea why PHP_EOL didn't work? If I could get it to work, I could
remove the trim function and 2 of those parentheses, which would look
a lot nicer.
Thanks again,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RIGHT Function?
Hi Jim, $parts = explode(PHP_EOL, $item['unitprice']); $price = '$'.(( count($parts) > 1 ) ? $parts[0] : $parts[(count($parts)-1)]); Thanks for the code! After reading up on PHP_EOL and explode, I now understand what you've done. However, can you tell me why you like this better? Is it because it is cleaner without the if/else statements, or is there more to it than that? Regards, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RIGHT Function?
I think I've solved a problem that I had posted back in September. Here's a recap: == I need to grab a dollar amount from a text field in a MySQL db that can contain more information than just the price. Here are 4 examples of what could be in that field: 48,(min) 2.66 24,(min) 10.50 4,(min) 104.82 98.56 If there is more info in that field than just the price (as in the first 3 examples), the price is always on the 2nd line. == The following code works with the tests I've given it so far, but I just want to double check before I go live with it: ... if ($position = strpos($item['unitprice'], ')') ) $price = "$" . number_format(substr($item['unitprice'], $position + 1),2); else $price = "$" . number_format($item['unitprice'],2); ... Legend: $item['unitprice'] is coming from a MySQL statement I'm grabbing the position of the right parentheses and adding 1 to it. Then the substr grabs everything from that point to the end of the string, correct? If there isn't a ")" in the field, then the else statement should be performed. Can anyone see any errors in my code? Would there be a better way to write this? Thanks again, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RIGHT Function?
On Sep 24, 2009, at 12:15 PM, Jay Blanchard wrote: substr will work from right to left. If your data is in a variable do this; Thanks, Jay. That does the job. Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RIGHT Function?
Hi all,
I could use some help. I've scoured both the MySQL and PHP sites
that I know of and can't find an answer to this.
I have a price field that sometimes contains entries like this:
250,(min)
5.32
How can I pull just the price ($5.32 in this example) from this field
to display on a web page? Is there a RIGHT function in PHP? When I
search the PHP site, I'm being told there isn't one.
Here's the code I've been using:
WHERE itemid='WR-1240'",$db);
printf('List: $%s', number_format(mysql_result($result,
0,"priceList"),2));
printf('Your Price: $%s', number_format(mysql_result($result,
0,"unitprice"),2)); ?>
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Include Files in HTML
On Sep 4, 2009, at 1:05 PM, Bob McConnell wrote: Depends on what you are including. The only tags that can be inside the head are , , ,
[PHP] Include Files in HTML
In my readings, I've run across examples showing include files being called from within the tags, and other examples showing them called within . I've always put them in the header section myself, but I was wondering if one is better than the other, or is it just personal preference? Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Searching on AlphaNumeric Content Only
Thanks to everyone who has responded. After reading everyone's response, I think I have a very simple way to solve my "problem". Using my original example, if someone wants to find item # 4D-2448-7PS, no matter what they type in, I'll take the input, strip out all non-alphanumeric characters to make it 4D24487PS, add the wildcard character between each of the remaining characters like so, 4*D*2*4*4*8*7*P*S, and then do the search. Still being new at this, it seems to be the simplest approach, or is my thinking flawed? This also keeps me from having to add another field in the db to search on. BTW, this solution needs to work with any db, even ASCII files, so it has to happen in PHP. Thanks again, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Searching on AlphaNumeric Content Only
Is there is a way to search only for the alphanumeric content of field in a db? I have an itemID field that contains item #'s that include dashes, forward slashes, etc, and I want people to be able to search for an item # even if they don't enter the punctuation exactly. Here's an example: let's say there is an itemID of 4D-2448-7PS but someone omits the dashes and searches on 4D24487PS. Is it possible in PHP to have the find be successful, even if the search criteria doesn't exactly match what's stored in the field? If this is possible, I'd appreciate it if someone could just point me in the right direction so I can read up on it. Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: unset() something that doesn't exist
On Aug 26, 2009, at 9:28 AM, Paul M Foster wrote: and having a great marriage to a woman I can spend hours talking about nothing to. I'm jealous. Does she have a sister who's not spoken for? =;) Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Shopping Cart Recommendation
The only e-commerce site I've worked on was based on OSCommerce. It's pretty good, easy to integrate new functionality into, and not too much trouble to style up to look the way you want with CSS. Thanks, Ash. I downloaded CRE Loaded, which is an off-shoot of osCommerce, and the latest version looks pretty nice. I'm digging in to the PHP code to see what that's like. I'm also looking at Magento. That may be more than what we need, but it's getting rave reviews. I can't wait to go 100% PHP on our site! Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Shopping Cart Recommendation
I'd like to get everyone's opinion on a good PHP shopping cart. We need something that will handle a lot of similar items and can be geared for an industrial site selling products from different manufacturers. It needs to be PCI compliant and able to handle at least 5 sub-category levels. I'd also prefer to have it _not_ display the items until after you've drilled down to the final sub- category. The cart needs to be rock solid and should look professional. We're not looking for wizz-bang, look-at-me fancy. We're selling commercial items here, not women's shoes. (My apologies to the women on the list. =;) Real world experience, hearsay, or just gut reactions are all welcome. Thanks for your help, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying 2 digit minutes/seconds
On Aug 20, 2009, at 2:34 PM, Jonathan Tapicer wrote:
You can use sprintf or str_pad to fill in with zeros, with sprintf
you can do this:
echo sprintf('%02d', 5);
Thanks, Jonathan! I learned two new functions today! Both work
great but I think I like sprintf for this application better since
it's more succinct.
echo sprintf('%02d', $theMinute);
echo (str_pad($theMinute,2,"0",STR_PAD_LEFT));
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying 2 digit minutes/seconds
On Aug 20, 2009, at 2:38 PM, Ashley Sheridan wrote:
What's wrong with using the date() function? You can have it output
any
sort of format you wish. So, getting a 2 digit time in
hours:minutes:seconds you would put:
date("H:i:s");
Thanks, Ash. I had tried that before but I couldn't find a way to
make it display in 12 hour time, so I went with the other method. I
guess I didn't look hard enough. =;)
This works:
echo (date("g:i A"));
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Displaying 2 digit minutes/seconds
Hi all,
I'm using this code to display the current time for our location on
our website:
$theMinute = $theTimeIs['minutes']; // make minutes
under 10 show two digits
$theSecond = $theTimeIs['seconds'];
if($theHour > 12){
$theHour = $theHour - 12;
$dn = "PM";
} else {
$dn = "AM";
}
echo "$theHour:$theMinute:$theSecond $dn";
?>
It works great except for one small detail. If the time is 3:04:02,
it is displayed as 3:4:2 which, of course, is very odd looking. So I
corrected it as follows:
12){
$theHour = $theHour - 12;
$dn = "PM";
} else {
$dn = "AM";
}
echo "$theHour:$theMinute:$theSecond $dn";
?>
It works, but is there a better way to do it?
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and CGI
Hi Tedd,
In your .htacess file add this:
# handler for phpsuexec. -- makes following prefixes considered for
php
SetHandler application/x-httpd-php
Thanks for the code. I placed it in the .htaccess file for the
output templates, but unfortunately it didn't work. It just prints
out part of the PHP code on the template:
/ '; for ($year = date("Y") ; $year <= date("Y") + 9 ; $year++)
{ echo "$year\n"; } echo ''; ?>
Thanks also to everyone else who responded as well. I'm off to find
a PHP shopping cart!
Frank
Re: [PHP] Re: PHP and CGI
On Aug 18, 2009, at 7:13 PM, Shawn McKenzie wrote: I assumed that the problem was that he knew PHP and he had downloaded a Perl cart and didn't know Perl. That's exactly the case. I have been running my business on a Perl cart for the last 5+ years, and I can't switch to a PHP cart just yet. I was just hoping to add some functionality with PHP. Perl was much harder for me to grasp than PHP, and from what I can tell, you can't embed Perl in HTML as easy as you can with PHP, so I've switched languages. I guess I was hoping for too much. =:( Thanks, Frank P.S. Does anyone know of a good Perl mailing list? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP and CGI
I've searched high and low for an answer to this. Hopefully someone
here might know. Can PHP be used under a CGI? I tried to put the
following code on one of my perl shopping cart pages but it doesn't
work:
";
for ($year = date("Y") ; $year <= date("Y") + 8 ; $year++) {
echo "$year\n";
}
echo "";
?>
It works fine on a .php page. I know that SSI will not work under
CGI, so maybe it's the same for PHP. Is there anyway to get this to
work?
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedding foreach loops
On Aug 11, 2009, at 12:13 AM, hessi...@hessiess.com wrote: Do *NOT* get into the habit of outputting your HTML using echo or print statements, it becomes unmaintainable very quickly, use a templating language, ether with a framework(recomended) or standalone. This sounds interesting. Could you expound on this a little more and perhaps list a couple of the templates you mention? Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] "PHP 6 and MySQL 5 for Dynamic Web Sites" Book
Has anyone read this book by Larry Ullman yet? If so, what do you think about it? I'm looking for a well-rounded book that covers PHP for e-commerce websites and from what little I've been able to find online, it looks pretty good. Or would you recommend another book? I know that no book has all the answers - I just want something in my hands to read. However, I've bought a few Perl books that were a waste of money, so this time, I thought I'd ask first. Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
Well, it took me all evening to figure it out, but I did. The SQL
statement needed to be changed to
WHERE categories LIKE '%$cat%'
and now it works. I had found an old book on my shelf called "MySQL
and Perl for the Web" and found an example in there that pointed me in
the right direction. I also found a website that gives a concise
description of the SQL commands and syntax:
http://www.1keydata.com/sql/sql-commands.html
So all is well again!
Regards,
Frank
I've run up against something else here that I can't find an answer
for. This line of the script:
$cats = array('01100-01200-01300-06403' => 'Starter Units',
'01100-02201-01300-06403' => 'Add-On Units',
'01100-99222-11341-18451' => 'Extra Shelves');
is supposed to pull all items from each category and gives each
table a heading. Unfortunately, if a product in the db has more
than one category assigned to it, it will not show up in the
generated table. So, if an Extra Shelf has a second category, the
categories are stored as
01100-99222-11341-18451``07108-05253-12341-01451 and if it has 3
categories assigned to it, they're stored like
01100
-99222
-11341-18451``07108-05253-12341-01451``07108-01254-39341-01451, and
so on.
Is there a way that I can tell the array to find all products whose
categories either equal exactly the category I'm giving it or if it
_contains_ that particular category? I've tried using the *
wildcard but that didn't work. I've also tried WHERE categories
CONTAINS '$cat' but that didn't work either.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
I've run up against something else here that I can't find an answer
for. This line of the script:
$cats = array('01100-01200-01300-06403' => 'Starter Units',
'01100-02201-01300-06403' => 'Add-On Units', '01100-99222-11341-18451'
=> 'Extra Shelves');
is supposed to pull all items from each category and gives each table
a heading. Unfortunately, if a product in the db has more than one
category assigned to it, it will not show up in the generated table.
So, if an Extra Shelf has a second category, the categories are stored
as 01100-99222-11341-18451``07108-05253-12341-01451 and if it has 3
categories assigned to it, they're stored like
01100
-99222-11341-18451``07108-05253-12341-01451``07108-01254-39341-01451,
and so on.
Is there a way that I can tell the array to find all products whose
categories either equal exactly the category I'm giving it or if it
_contains_ that particular category? I've tried using the * wildcard
but that didn't work. I've also tried WHERE categories CONTAINS
'$cat' but that didn't work either.
Any insight into this would be greatly appreciated. If I can't find
a fix for this problem, this whole script is useless to me, as most of
our products have multiple categories and so it will only display a
portion of the products that it should, if any at all.
Thanks a million,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
On Aug 4, 2009, at 12:33 PM, Ben Dunlap wrote: I don't follow what you mean by "it gets sent for every itemid" -- can you post an example of the query string that's being generated? Well, do I feel stupid. I thought I had moved it to the correct spot but I hadn't. When value="viewcart.htm" /> is in the table cell with the itemid and qty fields, it gets sent along with each itemid and it's qty. However, when I moved it outside the generated table, it now gets sent only once in the URL, which is what I needed. I apologize for the error. I've been working on this for the past week and I think it's taking its toll on me. =;) Now I just need to work on what Jerry and Bastien told me, as far as PHP parsing only the populated qty fields, but I'm afraid that's over my head. =:\ Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
Sorry... I'm using GET. I have used the code you supplied below, but as I mentioned, it gets sent for every itemid in the table. I needs to be sent only once, and right after the action. That's where I'm stumped. Frank On Aug 4, 2009, at 11:56 AM, Jerry Wilborn wrote: If the form method is "POST" then set the 'c' variable with a hidden value within the form: Jerry Wilborn jerrywilb...@gmail.com On Tue, Aug 4, 2009 at 1:50 PM, wrote: On Aug 4, 2009, at 9:43 AM, Jerry Wilborn wrote: Keep in mind that you can use name=var[] value=value1, name=var[] value=value2 and php will create an array as $_REQUEST['var'] with each of your values. The keys are numbered and don't count on what order they'll come through. Thanks for the tip, Jerry. I'm still trying to figure this out, but in the meantime, I'm running into another problem. I have the action on the form set as "/shop.cgi?c=viewcart.htm" but it keeps stripping out everything after the question mark. I want "c=viewcart.htm" sent only once in the URL, so I can't place it in the form as it then gets sent along with every itemid in the form. How does one append a path extension after the auto-generated question mark? Thanks, Frank
Re: [PHP] Multiple MySQL Queries
On Aug 4, 2009, at 9:43 AM, Jerry Wilborn wrote: Keep in mind that you can use name=var[] value=value1, name=var[] value=value2 and php will create an array as $_REQUEST['var'] with each of your values. The keys are numbered and don't count on what order they'll come through. Thanks for the tip, Jerry. I'm still trying to figure this out, but in the meantime, I'm running into another problem. I have the action on the form set as "/shop.cgi?c=viewcart.htm" but it keeps stripping out everything after the question mark. I want "c=viewcart.htm" sent only once in the URL, so I can't place it in the form as it then gets sent along with every itemid in the form. How does one append a path extension after the auto-generated question mark? Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
Is what I'm looking to do not possible in PHP? I've come close with
a JavaScript version, but I'd rather not rely on everyone having JS
turned on. Or am I stuck having to use JS?
Thanks again,
Frank
I'd like to revisit this one last time. Below is the revised code
I'm using, but I don't like having individual 'Add To Cart' buttons
for each item. I've tried to find a way to have only one that
resides outside the nested tables for all items, but without luck.
It would need to send every item that has a quantity to the cart,
but only those items. The URL that would be passed needs to look
like this:
/shop.cgi?
c=viewcart.htm&itemid=P74S&i_P74S=80&S2448S&i_S2448S=100&AC&i_AC=26
(The above URL is sending 3 items and their quantities to the cart;
80 - P74S, 100 - S2448S and 26 - AC.)
Thanks again for all your help. I'm learning a lot on this list -
albeit slowly! ;)
Regards,
Frank
$cats = array('02121-19222-13349-11451' => 'Stationary
Posts','04103-99222-48340-11422' => 'Solid Galvanized Shelves');
echo '';
foreach ( $cats AS $cat => $title) {
echo <<
{$title}
Item#
Description
(Click for more info)
Price
Qty
START;
$cat = mysql_real_escape_string($cat, $db);
$SQL = "SELECT itemid,description,unitprice
FROM catalog
WHERE categories='$cat'
ORDER BY itemid";
if ( ($result = mysql_query($SQL, $db)) !== false ) {
while ( $item = mysql_fetch_assoc($result) ) {
$price = "$" . number_format($item['unitprice'],2);
echo <<
{$item['itemid']}
{$item['description']}
{$price}
value="{$item['itemid']}" />
size="4" />
name="addToCartButton" alt="Add To Cart" />
ROW;
}
} else {
echo "No results for category #{$cat}!";
}
echo '';
}
echo '';
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
I'd like to revisit this one last time. Below is the revised code
I'm using, but I don't like having individual 'Add To Cart' buttons
for each item. I've tried to find a way to have only one that resides
outside the nested tables for all items, but without luck. It would
need to send every item that has a quantity to the cart, but only
those items. The URL that would be passed needs to look like this:
/shop.cgi?
c=viewcart.htm&itemid=P74S&i_P74S=80&S2448S&i_S2448S=100&AC&i_AC=26
(The above URL is sending 3 items and quantities to the cart; 80 -
P74S, 100 - S2448S and 26 - AC.)
Thanks again for all your help. I'm learning a lot on this list -
albeit slowly! ;)
Regards,
Frank
$cats = array('02121-19222-13349-11451' => 'Stationary
Posts','04103-99222-48340-11422' => 'Solid Galvanized Shelves');
echo '';
foreach ( $cats AS $cat => $title) {
echo <<
{$title}
Item#
Description
(Click for more info)
Price
Qty
START;
$cat = mysql_real_escape_string($cat, $db); //sanitizes the data
to prevent SQL injection
$SQL = "SELECT itemid,description,unitprice
FROM catalog
WHERE categories='$cat'
ORDER BY itemid";
if ( ($result = mysql_query($SQL, $db)) !== false ) {
while ( $item = mysql_fetch_assoc($result) ) {
$price = "$" . number_format($item['unitprice'],2);
echo <<
{$item['itemid']}
{$item['description']}
{$price}
value="{$item['itemid']}" />
size="4" />
name="addToCartButton" alt="Add To Cart" />
ROW;
}
} else {
echo "No results for category #{$cat}!";
}
echo '';
}
echo '';
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a range be passed to a query?
On Aug 3, 2009, at 7:19 AM, Miller, Terion wrote: Not sure why none of these are working for me since you have them tested against your tableI get this error... Hopefully I'm not speaking out of turn here, but did you by any chance copy and paste that code from an e-mail? If so, there may be invisible characters masquerading as spaces. I use TextWrangler (on a Mac) and choose "Zap Gremlins..." so they show and then delete them. That usually solves the problem for me. Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Better Formatting Options?
Is there a more efficient way to write the following?
itemid='ABC1'",$db);
printf("List: %s\n", money_format('$%i',
mysql_result($result,0,"priceList"))); ?>
I have many products per page and this code pulls the list price and
formats it. It works fine, but I'd like to know if I can shorten it.
I've looked at number_format over money_format and it's a little
shorter, but not by much. Are there better options than printf and
mysql_result for my use?
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
On Jul 28, 2009, at 4:38 PM, Jim Lucas wrote:
I saw your other email before sending. The problem with the way you
show you want it there is that each result set would have to be the
same
size. I'm going to assume that they won't be...
Well, they SHOULD be but you never know. Thanks for thinking about
that.
But, here is another round...
I think all the above is correct. Give it a try and let us know.
It works! The only thing I had to change was:
{$item['price']}
to
{$price}
Jim, I can't thank you enough. This is exactly what I was hoping for.
Regards,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
On Jul 28, 2009, at 12:48 PM, Jim Lucas wrote:
';
echo '';
foreach ( $cats AS $cat ) {
echo ''.htmlspecialchars($cat).'';
}
echo '';
foreach ( $cats AS $cat ) {
echo '';
$cat = mysql_real_escape_string($cat, $db);
$SQL = "SELECT itemid,description,unitprice
FROMcatalog
WHERE categories='$cat'
ORDER BY itemid";
if ( ($result = mysql_query($SQL, $db)) !== false ) {
while ( $item = mysql_fetch_assoc($result) ) {
$price = money_format('%i', $item['unitprice']);
echo <<{$item['description']}
ROW;
}
} else {
echo "No results for category #{$cat}!";
}
echo '';
}
echo '';
?>
We're getting close! This now displays everything in 2 columns.
Ultimately, what I need is a display like this:
Starter Units Add-On Units
Item#Description Price Item#Description Price
18247C4 $85.89 A18247C4 --- $76.32
18367C4 $97.37 A18367C4 --- $82.55
I just noticed something. This code places all items in a single
block. Each item needs to be separated, so using my example
data above the html output would need to look like this:
Starter Units
Add-On Units
Item#
Description
Price
Item#
Description
Price
18247C4 <-- starter unit info
" "
$85.89 " "
A18247C4 <-- add-on unit info
---" "
$76.32 " "
18367C4 <-- starter unit info
" "
$97.37 " "
A18367C4 <-- add-on unit info
---" "
$82.55 " "
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple MySQL Queries
On Jul 28, 2009, at 12:48 PM, Jim Lucas wrote:
';
echo '';
foreach ( $cats AS $cat ) {
echo ''.htmlspecialchars($cat).'';
}
echo '';
foreach ( $cats AS $cat ) {
echo '';
$cat = mysql_real_escape_string($cat, $db);
$SQL = "SELECT itemid,description,unitprice
FROMcatalog
WHERE categories='$cat'
ORDER BY itemid";
if ( ($result = mysql_query($SQL, $db)) !== false ) {
while ( $item = mysql_fetch_assoc($result) ) {
$price = money_format('%i', $item['unitprice']);
echo <<{$item['description']}
ROW;
}
} else {
echo "No results for category #{$cat}!";
}
echo '';
}
echo '';
?>
We're getting close! This now displays everything in 2 columns.
Ultimately, what I need is a display like this:
Starter Units Add-On Units
Item#Description Price Item#Description Price
18247C4 $85.89 A18247C4 --- $76.32
18367C4 $97.37 A18367C4 --- $82.55
I got the headers to work with this code:
...
foreach ( $cats AS $cat ) {
echo 'Item ID';
echo 'Description';
echo '(Click for more info)';
echo 'Price Each';
echo 'Purchase';
}
echo '';
...
(I don't need to show the category #'s in the header fields) but I
can't get the rest of the data to flow like I want it.
Thanks,
Frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Multiple MySQL Queries
This may be more of a MySQL question than PHP, but I'm hoping someone
can point me in the right direction. I have working code (below) that
pulls data from a particular category in our db. I'd like to be able
to pull data from multiple categories in the same db and place them on
the same page.
I've been working on this for the last 4 days with no luck. Some
pages say that you can't do multiple MySQL queries while others say
there is a workaround but I haven't found it. Does anyone know how to
do this?
Thanks,
Frank
// in header
$result = mysql_query("SELECT itemid,description,unitprice FROM
catalog WHERE categories='" . $cat1 . "' ORDER BY itemid",$db);
while ($item = mysql_fetch_assoc($result))
{
$item_list .= "" . $item['itemid'] . "
$item['itemid'] . "=1\">". $item['description'] ."
$". money_format('%i', $item['unitprice']) ."
";
}
echo "Item IDDescription>(Click for more info)Price Eachth>Purchase$item_list";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Possible Server Infection?
On Apr 4, 2009, at 6:51 PM, TG wrote: Anyway, just some thoughts. Good luck! Thanks to TG, Bastien, and Marc. I appreciate the input. Regards, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Possible Server Infection?
Hi all, I was wondering if someone might know about a problem I'm having on my server. It appears that I've been infected by a rogue PHP script(?). Something has gone through my server and placed .htaccess files in every directory that didn't have one with contents that look like this: Options -MultiViews ErrorDocument 404 //graphics/cc/52.php The path is different for each file and corresponds to the directory that it's in. The php document name is a different number for each file I've found. Does this sound familiar to anyone? What would be the purpose of placing files like these in the directories? As far as I know, there isn't a file called "52.php" anywhere on my site, so this doesn't make any sense to me. I realize that this is a very general question, but I'm hoping that someone has seen or heard of this type of thing before and can help me eliminate the problem. I'm using A2 Hosting and they don't know why this happened. Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stopping bad entries in PHP form
I have a PHP form that allows end users to request a sample of the products we sell. Unfortunately, a person/people have found it and are sending in bad requests. We sell only within the US, and so I've set up the form so that they must choose one of the 50 States. But we keep getting requests with countries in the city field, i.e. "Moscow Russia". Is there a way that I can scan for country names, etc. in the text fields and stop a request from going through if it finds one of those "banned" words? I've searched for a solution but haven't been able to find it. If this is not enough info, please let me know. Also, I only know enough PHP just to be dangerous, so please be kind. =;) Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
