Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts

    Url not echoing $puser :S

    Im having trouble echoing my url correctly.

    i have checked $puser above the code and it echos admin yet when i add it to this code

    PHP Code:
    <a href="<? echo  $puser?>&m=<?=(($m-1)<1) ? 12 $m-1 ?>&amp;y=<?=(($m-1)<1) ? $y-$y ?>"><img src='http://www.runningprofiles.com/calendar/images/prev.gif' height='18' width='18' alt='' border='0' /></a>
    all i get echoed is http://www.runningprofiles.com/members/&m=9&y=2009


    now i must mention that i use a rewrite rule on this page
    PHP Code:
    RewriteRule ^([^/.]+)/?$ members/index.php?page=profile&username=$
    any help would be great guys

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    What does $puser contain ? And could you explain please which URL exactly you would like to be echoed ?

  • #3
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Ok $puser;contains the username of the person currently logged in.

    the url i would like to see would look something like this

    http://www.runningprofiles.com/members/admin&m=9&y=2009


    admin being the username obtained by $puser. 9 being the month form
    PHP Code:
    <?=(($m-1)<1) ? 12 $m-1 ?>
    and 2009 from
    PHP Code:
    <?=(($m-1)<1) ? $y-$y ?>">

  • #4
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    I tried your code together with the RewriteRule. For me it echoed the URL with "admin". So it worked ...

    Could you explain your problem a little bit more in detail please ? Where the file which contains the hyperlink is located ? In the HTTP server root ? Or in the folder "members"? .htaccess with the rule is in the same folder ?

  • #5
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Well when i run the code it wont echo the "admin" part... but the strange thing is when i chnage the & to ? it will but then my $m = $_GET['m']; wont get the month... its highly strange.

    My profile.php and htaccess. files are in an include folder within members ( public_html/members/incude)

    on profiles.php im including a calander script
    PHP Code:
     <?php  include "diary/cal_show.php";?>
    which then goes to my cal_show.php shown below

    PHP Code:
    <script src="http://www.runningprofiles.com/jquery.js" type="text/javascript"></script>
    <link href="http://www.runningprofiles.com/members/diary/facebox/facebox.css" media="screen" rel="stylesheet" type="text/css"/>
    <script src="http://www.runningprofiles.com/members/diary/facebox/facebox.js" type="text/javascript"></script>    
    <script>
    jQuery(document).ready(function($) {
      $('a[rel*=facebox]').facebox()
    }) </script>




    <?php


    // there is NO NEED to edit ANY of this code

    $ev_dat = array();
    for (
    $i=0;$i<32;$i++) {
        
    $ev_dat[$i]=0;
    }

    $now date("Y-m-d"time());
    list(
    $ty$tm$td) = explode('-',$now); // ty=thisyear, etc. used for highlighting 'today'

    include("cal_parms.php"); // assorted configuration variables
    include($dat_names); // retrieved from cal_parms.php as a 'language' file

    if (!isset($_GET['m'])) { 
        
    $m date("m",mktime()); 
    } else {
        
    $m $_GET['m'];
    }
    if (!isset(
    $_GET['y'])) {
        
    $y date("Y",mktime());
    } else {
        
    $y $_GET['y'];
    }
       
    /*== get what weekday the first is on ==*/ 
    $tmpd getdate(mktime(0,0,0,$m,1,$y)); 
    $month $tmpd["month"]; 
    $firstwday$tmpd["wday"]; 
    if (
    $firstDayIsMonday == 1) {
        if (
    $firstwday == 0) {
            
    $firstwday 6;
        } else {
            
    $firstwday--;
        }
    }
    $lastday mk_getLastDayofMonth($m,$y); 

    /*== get the last day of the month ==*/ 
    function mk_getLastDayofMonth($mon,$year
    {
        for (
    $tday=28$tday <= 31$tday++) 
        {
            
    $tdate getdate(mktime(0,0,0,$mon,$tday,$year)); 
            if (
    $tdate["mon"] != $mon
            { 
                break;
            }
        }
        
    $tday--; 
        return 
    $tday
    }
      
    // compute range of dates for this month to match dates in database in the format yyyy-mm-dd
    if (strlen($m)<2) {
        
    $q="0";
        
    $q.=$m;
    }
    else {
        
    $q $m;
    }    
    $dats_beg $y"-"$q"-01";
    $dats_en $y"-"$q"-"$lastday;
      
    // open db conn and select all records where date is between $dats_beg and $dats_en
    include("cal_db_conn.php");
    mysql_connect($db_host$db_login$db_pass) or die ("Can't connect!"); 
    mysql_select_db($db_name) or die ("Can't open database!"); 
    $query "SELECT * FROM $db_table WHERE (ev_dat>='$dats_beg') AND (ev_dat<='$dats_en') "
      
    $result mysql_db_query($db_name$query); 
    // any matches?
    if ($result)
    {
        
    // handle the matches and pass relevant info to arrays
        
    while ($myrow mysql_fetch_array($result)) 
        { 
            
    $found $myrow['ev_dat'];
            
    $pieces explode("-"$found);
            
    $dd intval($pieces[2]);
            
    $ev_dat[$dd] = $myrow['id'];
        }
    }
    ?> 
    <table cellpadding="1" cellspacing="1" border="0" bgcolor="#<? echo $bg_edge?>"> 
    <tr><td colspan="7" bgcolor="#<? echo $bg_top?>"> 
    <table cellpadding="1" cellspacing="1" border="0" width="100%"> 
    <tr bgcolor="#<? echo $bg_top?>"><th width="20" style="<?php echo $hcell?>"><a href="<? echo  $puser?>&m=<?=(($m-1)<1) ? 12 $m-1 ?>&amp;y=<?=(($m-1)<1) ? $y-$y ?>"><img src='http://www.runningprofiles.com/calendar/images/prev.gif' height='18' width='18' alt='' border='0' /></a></th> 
    <th style="<?php echo $hcell?>">
    <?php
    echo  "<a href='../diary/show-month.php?mon="$m"&amp;yr="$y"'rel=\"facebox\">";
    echo 
    "<span style='text-decoration:none'>"$mo[intval($m)]. " "$y"</span></a>";
    ?>
    </th> 
    <th width="20" style="<? echo $hcell?>"><a href="<? echo $_SERVER['PHP_SELF']; ?>?m=<?=(($m+1)>12) ? $m+1 ?>&amp;y=<?=(($m+1)>12) ? $y+$y ?>"><img src='http://www.runningprofiles.com/calendar/images/next.gif' height='18' width='18' border='0' alt='' /></a></th> 
    </tr>
    </table> 
    </td></tr> 
    <tr bgcolor="#<? echo $bg_top?>">
    <th width="20" style="<?php echo $hcell?>"><? echo $da[1]; ?></th>
    <th width="20" style="<?php echo $hcell?>"><? echo $da[2]; ?></th> 
    <th width="20" style="<?php echo $hcell?>"><? echo $da[3]; ?></th>
    <th width="20" style="<?php echo $hcell?>"><? echo $da[4]; ?></th>
    <th width="20" style="<?php echo $hcell?>"><? echo $da[5]; ?></th>
    <th width="20" style="<?php echo $hcell?>"><? echo $da[6]; ?></th> 
    <th width="20" style="<?php echo $hcell?>"><? echo $da[7]; ?></th>
    </tr> 
        
    <?  
    $d 
    1
    $wday $firstwday
    $firstweek true
    /*== loop through all the days of the month ==*/ 
    while ( $d <= $lastday

        
    /*== set up blank days for first week ==*/ 
        
    if ($firstweek
        {
            if (
    $wday!=0) {     
                echo 
    "<tr bgcolor='#"$bg_tabl"'>\n";
                for (
    $i=1$i<=$firstwday$i++) { 
                     echo 
    "<td style='"$tcell"' bgcolor='#"$bg_fill"'>&nbsp;</td>\n"
                }
            }
            
    /*== Sunday start week with <tr> ==*/ 
            
    else { 
                echo 
    "<tr bgcolor='#"$bg_tabl"'>\n";
            } 
            
    $firstweek false;
        }
        
    /*== check for event ==*/   
        
    echo "<td style='"$tcell"' ";
        
    // is this day 'today' AND there's no event today
        
    if (($ty==$y) && ($tm==$m) && ($td == $d) && (!$ev_dat[$d])) { 
            echo 
    "bgcolor='#"$bg_now"'>"$d;
        }
        elseif (
    $ev_dat[$d]) {
            
    // get what's happening that day and use as 'mouseOver' for the link
            
    $query "SELECT * FROM $db_table WHERE id=$ev_dat[$d] ";
            
    $result mysql_query($query); 
            
    $ev mysql_fetch_array($result);
            
    $titl $ev['ev_title'];
            echo 
    "bgcolor='#"$bg_act"'>";
            
    $url "../diary/show.php?event="$ev_dat[$d]. "&amp;sho="$win_sho;
          
                 echo 
    "<a href=' $url' rel=\"facebox\" title=\""$titl"\">"$d"</a>";
           
        }
        else {
            echo 
    "bgcolor='#"$bg_days"'>"$d
        }
        echo 
    "</td>\n"

        
    /*== Saturday end week with </tr> ==*/ 
        
    if ($wday==6) {
            echo 
    "</tr>\n"
        }
        
    $wday++; 
        
    $wday $wday 7
        if ((
    $wday==0) AND ($d!=$lastday)){ echo "<tr bgcolor='#"$bg_tabl"'>\n"; }
            
    $d++; 
        }
        
    // and close off the table
        
    if (($wday!=7) AND ($wday!=0)) {
            for (
    $i=$wday$i<=6$i++) {
                echo 
    "<td style='"$tcell"' bgcolor='#"$bg_fill"'>&nbsp;</td>\n";
            }
            echo 
    "</tr>";
        } 
    echo 
    "\n</table>"
    include(
    "win_open.php");


    ?>

    line 101 is where im trying to code the link so that when a user is on a profile page, they can also look at a diary of the person

  • #6
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    1) The code you have posted does not initialize the variable $puser anywhere. And I do not see any include or require statements above the place where $puser is echoed. Could you tell me where $puser is initialized ?

    2) Since the variables you use in your queries a based on potential user input, I would highly recommend to use mysql_real_escape_string() on them before using them in the queries to avoid SQL injections. Please notice that anything which comes from the arrays $_GET, $_POST, $_COOKIE must be considered as potential user input, should never be trusted and must be always escaped or strictly validated.

  • #7
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Ah this is alitte embarrasing lol... i started this project awhile back and i forgot i had chnaged $puser to $username ... thats why it didnt work.

    thanks without your help i wouldnt notice that.

    so with all $_GET, $_POST chnage them to use mysq escape and it would be fine?

    any other advice?

  • #8
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    Actually you could simply escape variables $dats_beg, $dats_en and any other right before using them in the query. For string variables you would use mysql_real_escape_string(). If you are sure some variable must be e.g. an integer you could cast it to the integer explicitly with intval() before using it in a query. Actually there are many functions in PHP which allow to check that a variable contains a number. For some variables with complicated format you could even use regular expressions (if no other method of validation could be used effectively). The main point is to never use anything from potential user input ($_GET, $_POST, $_COOKIE or any other input) not escaped or validated in queries. Or someone could try to attack you with an SQL injection attack (stealing sensitive data, deleting all the records in the database etc.).
    Last edited by SKDevelopment; 10-16-2009 at 12:35 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •