• What are you working on? v6
    4,671 replies, posted
Darm! [URL="http://960.gs"]960.gs[/URL] is fucking nice Used it to make some simple layout on my Minecraft status page. [url]http://mcstatus.nisd.dk/Details/Index/1[/url]
What's the current post limit for threads?
∞
Most email clients (hotmail included) are shite. Hence the requirement to use old and dated technologies.
[QUOTE=Fizzadar;32993867]Most email clients (hotmail included) are shite. Hence the requirement to use old and dated technologies.[/QUOTE] But Hotmail is still better than gmail, in terms of rendering code that's appropriate to this decade.
[QUOTE=iamacyborg;32994002]But Hotmail is still better than gmail, in terms of rendering code that's appropriate to this decade.[/QUOTE] Supporting non-standard extensions is what made IE6 the mess it was. That, and it's a fucking email, I gladly accept that my high-res marketing spam messages don't render properly in gmail.
Been working on whats the best method of positioning tf2r's adverts, decided a few days back on doing a small thin header text ad at the top and just above the footer at the bottom a large text and other media one. Login today to see if it affected anything and saw this. [img]http://horobox.co.uk/u/Reag_1319797136.png[/img] Also got some fun comments about them. :v:
[QUOTE=eddy-tt-;32995970]Been working on whats the best method of positioning tf2r's adverts, decided a few days back on doing a small thin header text ad at the top and just above the footer at the bottom a large text and other media one. Login today to see if it affected anything and saw this. Also got some fun comments about them. :v:[/QUOTE]I'VE BEEN BANNED FROM ADSENSE STOP REMINDING ME THAT OH GJHJJHHKJHIOWEHFOWHEFOIWEHFOWEOIWEFHOHW
Kohana is a pain in the ass, ima learn to use codeigniter.
[QUOTE=zzlawlzz;32996082]Kohana is a pain in the ass, ima learn to use codeigniter.[/QUOTE] Many of the guys who made codeigniter are the same who made Kohana, and Kohana is generally regarded as an improvement over CI. I think it's safe to assume you're having problems with OOP and the MVC paradigm, two things you'll find across most popular PHP frameworks.
[QUOTE=StinkyJoe;32996432]Many of the guys who made codeigniter are the same who made Kohana, and Kohana is generally regarded as an improvement over CI. I think it's safe to assume you're having problems with OOP and the MVC paradigm, two things you'll find across most popular PHP frameworks.[/QUOTE] I was having trouble connecting mysql Then i found all these links and got confused even more.
I escape now, happy?
[QUOTE=iamacyborg;32990076]Email clients don't like floated divs, or CSS that isn't inline. And that's in [b]hotmail, which is light years ahead of gmail.[/b][/QUOTE] I almost peed laughing
[QUOTE=toaster468;32997133]I escape now, happy?[/QUOTE] You haven't escaped it, I can still inject SQL. Can I see your code for the "escaping"?
[QUOTE=Kopimi;32997315]I almost peed laughing[/QUOTE] Then you have obviously never done HTML email development.
[QUOTE=StinkyJoe;32997330]You haven't escaped it, I can still inject SQL. Can I see your code for the "escaping"?[/QUOTE] [code] <?PHP $reply = $_POST["text"]; $string = (string)$reply; mysql_connect("localhost", "ha ha no", "notgettingitthateasy") or die(mysql_error()); mysql_select_db("no") or die(mysql_error()); $stringout = htmlspecialchars($string); if ($stringout == "" || $stringout == " "){ echo "Error, please try again."; }else{ echo "<body onLoad='pagereturn()'>"; $sql = "INSERT INTO `nop`.`nu uh` (`no`) VALUES ('$stringout');"; mysql_query($sql) or die(mysql_error()); echo "Added!"; echo "</body>"; mysql_real_escape_string($stringout); } ?> [/code]
htmlspecialchars is not escaping [editline]27th October 2011[/editline] [url]http://php.net/manual/en/function.mysql-real-escape-string.php[/url] Look at the documentation, it returns a string.
and when you're trying to display strings do [url]http://us2.php.net/stripslashes[/url]
[QUOTE=TehWhale;32999098]htmlspecialchars is not escaping [editline]27th October 2011[/editline] [url]http://php.net/manual/en/function.mysql-real-escape-string.php[/url] Look at the documentation, it returns a string.[/QUOTE] [code] mysql_real_escape_string($stringout); [/code]
[QUOTE=toaster468;32999466][code] mysql_real_escape_string($stringout); [/code][/QUOTE] that is correct.
Do I have to escape all variables or ones used in a query?
[QUOTE=toaster468;32999466][code] mysql_real_escape_string($stringout); [/code][/QUOTE] [url]http://php.net/manual/en/book.pdo.php[/url] [editline]27th October 2011[/editline] [QUOTE=toaster468;32999569]Do I have to escape all variables or ones used in a query?[/QUOTE] only the ones received from user input
[QUOTE=toaster468;32999569]Do I have to escape all variables or ones used in a query?[/QUOTE] [php]$sql = "INSERT INTO `nop`.`nu uh` (`no`) VALUES ('".mysql_real_escape_string($string)."')";[/php]
[QUOTE=toaster468;32999466][code] mysql_real_escape_string($stringout); [/code][/QUOTE]It. Returns. A. String. [code]imafuckingfunction($sup);[/code] does nothing if it's meant to return something. [code]$escapedstring = mysql_real_escape_string($stringin); mysql_query("SELECT * FROM table WHERE column=$escapedstring");[/code] All you had to do was look at the example page.
[QUOTE=zzlawlzz;32999622][php]$sql = "INSERT INTO `nop`.`nu uh` (`no`) VALUES ('mysql_real_escape_string($string)')";[/php][/QUOTE] So would I need to use the Htmlchars function on the string as well? htmlspecialchars()
[QUOTE=toaster468;32999642]So would I need to use the Htmlchars function on the string as well?[/QUOTE] yup.
[code] <html> <head> <script type="text/javascript"> function pagereturn(){ //window.location = "http://www.guest.toaster468.com" } </script> </head> <?PHP $reply = $_POST["text"]; $string = (string)$reply; mysql_connect("localhost", "no", "no") or die(mysql_error()); mysql_select_db("no") or die(mysql_error()); $stringout = htmlspecialchars($string); $stringout2 = mysql_real_escape_string($stringout); $stringout3 = (string)$stringout2; if ($stringout == "" || $stringout == " "){ echo "Error, please try again."; }else{ echo "<body onLoad='pagereturn()'>"; $sql = "INSERT INTO `no`.`no` (`no`) VALUES ('$stringout3')"; mysql_query($sql) or die(mysql_error()); echo "Added!"; echo "</body>"; mysql_real_escape_string($stringout); } ?> </html> [/code] Am I doing it right?
[QUOTE=toaster468;32999997][code] <html> <head> <script type="text/javascript"> function pagereturn(){ //window.location = "http://www.guest.toaster468.com" } </script> </head> <?PHP $reply = $_POST["text"]; $string = (string)$reply; mysql_connect("localhost", "no", "no") or die(mysql_error()); mysql_select_db("no") or die(mysql_error()); $stringout = htmlspecialchars($string); $stringout2 = mysql_real_escape_string($stringout); $stringout3 = (string)$stringout2; if ($stringout == "" || $stringout == " "){ echo "Error, please try again."; }else{ echo "<body onLoad='pagereturn()'>"; $sql = "INSERT INTO `no`.`no` (`no`) VALUES ('$stringout3')"; mysql_query($sql) or die(mysql_error()); echo "Added!"; echo "</body>"; mysql_real_escape_string($stringout); } ?> </html> [/code] Am I doing it right?[/QUOTE] do htmlspecialchars FIRST then do the string escape [editline]28th October 2011[/editline] After reading the user guide for code igniter, I think i'll like this. :v:
[QUOTE=zzlawlzz;33000171]do htmlspecialchars FIRST then do the string escape [editline]28th October 2011[/editline] After reading the user guide for code igniter, I think i'll like this. :v:[/QUOTE] I did, I think.
[QUOTE=toaster468;32999997] [/code] Am I doing it right?[/QUOTE] Why are you manually casting it to string? It's definitely a string no matter how little you trust it. PHP automatically casts variables around as required - You should either declare the variable as a certain type or only use casting when you need to be absolutely sure it's a numeric data type. I don't think there's any circumstance that you need to manually cast to string in though. You can also re-use the same variables, makes it a bit easier to figure out what's going on. Here's how I'd do it, you might want to look up the trim and empty functions. [code] <?PHP $string = $_POST["text"]; mysql_connect("localhost", "no", "no") or die(mysql_error()); mysql_select_db("no") or die(mysql_error()); $string = htmlspecialchars($string); $string = mysql_real_escape_string($string); if (empty(trim($string)) { echo "Error, please try again."; } else { $sql = "INSERT INTO `no`.`no` (`no`) VALUES ('$stringout3')"; mysql_query($sql) or die(mysql_error()); echo "Added!"; echo "</body>"; } ?> [/code]
Sorry, you need to Log In to post a reply to this thread.