I'm making a website where im alowing my users (after that they are loged in) to Add a (car) advertisement!
I have a form where the user can submit his car information.(add-vehicle.php)
Now I want to display each new advertisement in my list-view. (car-list.php)
How can I do this?
Use urlencode /urldecode to pass variables in url's urlencode
I recommand to use urlencode('string')
and then later when get your variable with urldecode('string')
Response to your comment:
if (isset($_GET['merk'],$_GET['car_id'],$_GET['titel']) === true )
{
$merk = urldecode(trim ($_GET['merk']));
$car_id = urldecode(trim($_GET['car_id']));
$titel = urldecode(trim($_GET['titel']));
}
You're changing a space into a hyphen. If it is stored in the database as a space, it will never find it because "This Entry" is different from "This-Entry". As others said, urlencode will work better, but if you still want to replace the space with a hyphen, just make sure that it is done the same in the database as well.
First, nobody in this world will know what you have in your database to tell what's the problem! At least post an example data.
Second, you must be sure of what you have and what you are comparing to.
You are basically asking if a is equal to b and to be fair that's something that you should be able to tell if you're programming!
Third, you should implement a methodology that allows you to quickly test your code, and that's from printing your data to the browser to a fully automated test.
Related
i hope you may be able to help me out.
I am building a scrape script using simple html dom.
I have a few sites where i need to get the thumbnail path, name of the movie and some other stuffs. I have build me an admin panel where i save in plaintext the methods required to find that stuff based on the matching pattern.
Eg.
$movie_name = $result->children(0)->children(0)->innertext;
This works just like it supposed to work but when i save children(0)->children(0)->innertext in the database and then back into variable, eg,
$variable = "children(0)->children(0)->innertext";
$movie_name = $result->$variable;
it does not work.
I am pretty sure i am going horribly wrong about this, so please give me a hint how i could just save the methods in plaintext and then call them.
It must be stored in plaintext because the dom is frequently changing so i will be able to keep up with it.
Best regards.
You're looking for the PHP eval() function:
$movie_name = $result->eval($variable);
Having said that, be warned that eval is evil.
Instead, I would recommend xpath.
Hope this helps!
Got it, eval() was the answer. Since no user input is going to the eval() its pretty safe in my particular case. Just had to do some escaping and declaring the variable containing the method inside eval();
This piece of code works for me.
$res_mov_url_e = eval("\$res_mov_url = \$result->$movie_url;");
Anyway big thanks guys!
OK, so I shave my head, but if I had hair I wouldn't need a razor because I'd have torn it all out tonight. It's gone 3am and what looked like a simple solution at 00:30 has become far from it.
Please see the code extract below..
$psusername = substr($list[$count],16);
if ($psusername == $psu_value){
$answer = "YES";
}
else {
$answer = "NO";
}
$psusername holds the value "normann" which is taken from a URL in a text based file (url.db)
$psu_value also holds the value "normann" which is retrieved from a cookie set on the user's computer (or a parameter in the browser address bar - URL).
However, and I'm sure you can guess my problem, the variable $answer contains "NO" from the test above.
All the PHP I know I've picked up from Google searches and you guys here, so I'm no expert, which is perhaps evident.
Maybe this is a schoolboy error, but I cannot figure out what I'm doing wrong. My assumption is that the data types differ. Ultimately, I want to compare the two variables and have a TRUE result when they contain the same information (i.e normann = normann).
So if you very clever fellows can point out why two variables echo what appears to be the same information but are in fact different, it'd be a very useful lesson for me and make my users very happy.
Do they echo the same thing when you do:
echo gettype($psusername) . '\n' . gettype($psu_value);
Since i can't see what data is stored in the array $list (and the index $count), I cannot suggest a full solution to yuor problem.
But i can suggest you to insert this code right before the if statement:
var_dump($psusername);
var_dump($psu_value);
and see why the two variables are not identical.
The var_dump function will output the content stored in the variable and the type (string, integer, array ec..), so you will figure out why the if statement is returning false
Since it looks like you have non-printable characters in your string, you can strip them out before the comparison. This will remove whatever is not printable in your character set:
$psusername = preg_replace("/[[:^print:]]/", "", $psusername);
0D 0A is a new line. The first is the carriage return (CR) character and the second is the new line (NL) character. They are also known as \r and \n.
You can just trim it off using trim().
$psusername = trim($psusername);
Or if it only occurs at the end of the string then rtrim() would do the job:
$psusername = rtrim($psusername);
If you are getting the values from the file using file() then you can pass FILE_IGNORE_NEW_LINES as the second argument, and that will remove the new line:
$contents = file('url.db', FILE_IGNORE_NEW_LINES);
I just want to thank all who responded. I realised after viewing my logfile the outputs in HEX format that it was the carriage return values causing the variables to mismatch and a I mentioned was able to resolve (trim) with the following code..
$psusername = preg_replace("/[^[:alnum:]]/u", '', $psusername);
I also know that the system within which the profiles and usernames are created allow both upper and lower case values to match, so I took the precaution of building that functionality into my code as an added measure of completeness.
And I'm happy to say, the code functions perfectly now.
Once again, thanks for your responses and suggestions.
So I'm trying to do something extremely simple, and after reading through forums, and researching on google I still can't figure out why this is not working. But this is mostly like because I'm still a very much noobie programmer. I'm trying to send information through a url, and having a script pick it up using the $_GET super global.
Here's the link code, in a file called TESTFORM.php:
<p>
Here's a link:
ID
</p>
This is the TESTGET.php script:
<?php
if (isset($_GET['id']))
echo 'it is set<br />';
else
echo 'it is not set<br />';
?>
This yields in a "It is not set" appearing on the page every time. Any thoughts? Are there ghosts in my computer ruining my code? Thanks for taking the time to read through this! Happy coding!
I'm no PHP programmer, but I do know from HTML that computers (especially file names) don't "like" spaces. Try removing the spaces in the id = 5 code.
Your problem is the extraneous space here around the URL parameters:
ID
That will result in PHP seeing the parameter as $_GET["id_"]. The space gets converted into an underscore.
It's always best to use var_dump($_GET); or var_dump($_REQUEST) when you run into such problems. Secondarily it is sometimes helpful to get rid of isset in such cases. Albeit you have a custom error message in place of the language notices intended just for that.
Have you tried to remove spaces in your link?
ID
Code seems fine at a glance, have you tried removing the spaces in
?id = 5 to ?id=5
I have message stored in my database containing a slash: e.g. don\'t
To present the message I use this procedure. The thing is the backslash is still displayed.
How can I get rid of it.
I have tried many things, and read several postings here, but can't get it to work. Anyone here to help me and tell me what is the best way..
$msg2 = html_entity_decode($row3[comment]);
echo stripslashes(nl2br($msg2));
When storing them in the database, you should store them as mysql_real_escape_string($phpString).
Why do you use html_entity_decode for this? Just stripslashes should be sufficient here..
One guy tried to exploit it using this script
http://www.searchr.us/web-search.phtml?search=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872%29+String.fromCharCode%28105%29%29;%3C/script%3E
How do i stop it ?
And he also said that it is vulnerable to XSS and LPI...Please help me stop it.
Thanking You,
You need to HTML-encode all user-entered data that you output, including the user's search string.
To be safe, HTML-encode all values that are not explicitly meant to be HTML code.
The quick solution is to:
<?php echo htmlspecialchars($blah); ?>
instead of
<?php echo $blah; ?>
The long solution is to read a book on web site security.
Seeing as how that is a search query string, I'm guessing you're pulling the value directly from the query string and re-displaying it to the user?
Something along the lines of "Your search of 'something' returned 0 results"?
You need to encode any user entered data before displaying it.