| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Comments:
<0> cat
<0> LOL
<0> omg
<1> http://pastebin.com/568159
<2> how would i schedule a php function for a specific time?
<3> cron
<2> hmm thought so
<4> JeeHoover: one tip, try to use both single and double quotes for your code. so you don't need to escape the double quotes and can write: $a .= '<select name="something"'>';
<5> I am very close if I may have just a little bit more help, there is no error but it has something to do with line 63. The issue is that it isn't paginating, it shows the results and the prev, next links but the results still comeout in full rather than just 10. http://www.rafb.net/paste/results/tXGHIT12.html Please help. :)
<4> JeeHoover: also, for($a = "1"; $a <= 31; $a++) should be written as for($a = 1; $a <= 31; $a++)
<6> DAaaMan64: put everything in $sql before the query, and echo it.
<6> DAaaMan64: also learn the glories of double quotes, which you can put variables in.
<1> okay, just change that "1" to 1
<1> deadroot, I had it as 1, but wanted to try to get it so that if the variable had 1 in it, it wouldn't select the day or month "1"
<1> unless it was "1"
<1> rather than get confuzzled with 1 meaning true
<1> didn't work..
<4> oh, you'll need to use === then
<6> JeeHoover: use === if you want to check value and type
<1> okay, I have to get usd to that one
<5> CryWolf, thanks for responding, I got :select id, year, name, genre, platform from videogames LIMIT 10,10. I am not sure I am understand the first 10... Sorry about the double quote thing, someone else's code...
<4> === is more efficient than ==, so it's worth using a lot if possible
<6> DAaaMan64: you should look in the mysql manual if you don't understand LIMIT
<4> JeeHoover: oh yeah, you may want to make a function just to generate the options
<5> I do understand it sorry, I believe the first 10 represents where to start, and the second 10 is how many to print.
<1> cool
<4> like: function createOptions(array $options, mixed $selected)
<1> deadroot, its all included
<6> DAaaMan64: and you're getting more than 10 results with that query?
<5> CryWolf, yes
<5> That is what I am trying to figure out
<4> JeeHoover: in that last pastebin? it's not used
<6> DAaaMan64: how did you figure out that it's because of line 63?
<6> DAaaMan64: why not get num_pages after the query is first executed, rather than executing it again?
<5> Because of this in the while loop: $row = mysqli_fetch_***oc($result), I think. But I am going to test the query, sorry it leate....
<6> nevermind, I see...it needs to get all rows...but count(*) would work better there.
<6> the more I look at this code, the worse it gets
<4> JeeHoover: here's mine. watch out for the '===' that i used. http://pastebin.com/568166
<5> Cry wolf I tested that query from phpmyadmin, and I got 10 results, so I really think it has something to do with line 63...
<6> DAaaMan64: impossible. mysql_fetch_* does not fetch more rows than are returned by mysql
<5> while I agree with you, why did it happen I copied and pasted "select id, year, name, genre, platform from videogames LIMIT 10,10" into the query box and hit go. I got 10 results, unless I goofed something else up....
<6> DAaaMan64: have you changed line 62?
<5> that is what I am working on :) Just a sec :)
<6> what did you echo, then?
<5> here is an update plus some echo's: http://www.rafb.net/paste/results/cN11qi11.html
<5> $lowerbound = 10, $pagelength = 10
<6> DAaaMan64: you've missed the point
<1> hmm okay deadroot , I'm not one that understand OOp
<6> DAaaMan64: your current line 62 goes *before* line 61. Then line 61 only queries using $sql. That way, you know that what you echo is what you're using.
<1> tho mine does select
<1> dpending on the value you p*** it
<4> it's not OOP :)
<1> oops
<1> no it isn't
<1> reading it too fast
<1> but yeah, if you p*** $day or $month true, it won't select anything
<1> if you p*** it 23 for day, it will select 23
<1> anyways, new question...
<1> if a user isn't authenticated, and they try to access a restricted page, this happens
<1> header("Location: login.php?ref=Business.php");
<1> that works
<1> oh hmm
<1> i think i have it
<5> CryWolf, Check this out: http://www.rafb.net/paste/results/3wb5e230.html , the result of the 3 echos; was: "1010select id, year, name, genre, platform from videogames LIMIT 10,10", wth?
<1> nope, the get value stays in there
<1> after they go back to the login screen, if it authenticates them
<1> this happens
<6> DAaaMan64: yes. what's the problem?
<4> JeeHoover: i don't understand what is the problem
<1> if(isset($_GET['ref'])) { header("Location: ".$_GET['ref']); }
<1> but it doesn't take them back to that page..
<5> CryWolf, it never returns 10 rows, it always returns to many on the php page, however from sql query I get 10 rows. That is the problem.
<4> JeeHoover: oh
<6> DAaaMan64: what does mysqli_num_rows() say immediately after the query is executed?
<4> JeeHoover: since you're using sessions, you might want to save the URI in it, before giving the user the login box
<4> so when authenticated, you can use the saved URI
<4> it's a lot more reliable then depending on the HTTP referer
<1> thats an idea
<1> but why not use the http referer, its always there...
<4> it's not always there
<1> it isn't?
<7> nope
<1> but if its in the url as a ?something=something
<4> i can kill referrers
<4> i can edit the urls
<8> referer is supplied by the user and can never be trusted
<1> true
<1> thanks
<4> anything supplied by the user should be treated as suspect
<4> but one thing though
<4> somebody pointed out that not checking the referrers could lead to a security hole
<8> how?
<1> instead of saying $_SESSION['ref'] == "Business.php"
<4> say i'm logged into a well known site. say phpbb
<1> could I say
<1> use a function that returns the page name?
<4> and while logged in, i visit another website
<8> JeeHoover: basename($_SERVER['REQUEST_URI']);
<5> CryWolf: I am not sure I understood exactly what you wanted me to do, but this is what I did: http://www.rafb.net/paste/results/ip52qn15.html , and the results of all echos was: 21 0 10 select id, year, name, genre, platform from videogames LIMIT 0,10
<1> aidan, how much does that give?
<8> JeeHoover: TIAS
<1> the whole http://blahblah.
<1> or just the file
<8> no, basename strips that
<8> TIAS, try it and see
<6> DAaaMan64: in short, what was the output of mysqli_num_rows?
<1> thanks
<5> CryWolf, based of of what I tried it was 21
<4> where somebody crafted a URL that will go to that phpbb site and delete my account. if phpbb doesn't check the referrer, it may go ahead
<5> CryWolf, which is how many total rows there are.
<4> .... that wasn't a good explanation.. /sigh
<8> deadroot: uh that makes no sense, nor is it even remotely plausable
<6> DAaaMan64: have you tried $sql = "..."; echo $sql; mysqli_query($sql); ?
<9> aidan: it's more like a well-known problem
<7> aidan: Actually... it's compeltely doable
<6> DAaaMan64: and have you tried it with the older mysql extension instead of mysqli, since you're not using OOP anyway?
<1> nope
<8> et: how? is it talking about session hijacking?
<8> is he*
<7> but using the refere for ANYTHING, is just stupid
<1> something wrong with this:
<1> if($_SESSION['ref'])
<1> {
<1> header("Location: ".$_SESSION['ref']);
<1> }
<9> aidan: no, more like XSS in a more general fashion
<8> JeeHoover: please don't paste in the channel. location requires a FQDN etc
<5> CryWolf, yes the result is the same: select id, year, name, genre, platform from videogames LIMIT 0,10
<8> et: I don't understand :(
<7> JeeHoover: Using (trusting/relying upon) HTTP_REFERER is like relying upon me not banning you for no reason at all.
<9> deadroot: well, checking the referer is evil because some UAs and proxies filter it
<1> hmmm
<1> FQDN?
<1> no, its a session variable Jymmm, not a referer
<6> JeeHoover: where does $_SESSION['ref'] come from?
<5> would that mean that $result is the one populating the rows?
<4> et: i know. i also filter it
<6> DAaaMan64: that question makes no sense.
<6> DAaaMan64: have you tried with the mysql extension instead of mysqli?
<1> here?
<1> $_SESSION['ref'] == basename($_SERVER['REQUEST_URI']);
<6> why is it called ref then?
<1> cus
<8> JeeHoover: have you looked at what that string is giving you?
<9> aidan: you are logged in to a site, say example.com, which uses cookies for session management. now, while being logged in, you visit evil.com, which has a <form action="http://example.com/deletemyaccount.php?confirm=yes"; method="get"></form> and submits the form as soon as you visit the site via javascript
<4> i visit an "eg.com" that requires authentication. eg.com deletes my account if i click on the url "eg.com/delete". i visit "evil.com" while logged into "eg.com". "evil.com" runs a Javascript that sends my browser to "eg.com/delete". my account gets deleted because "eg.com" didn't check where that request comes from.
<4> is that clearer?
<9> s/get/post/ actually.
<7> JeeHoover: Give it up, your current thought process is completely flawed at this point.
Return to
#php
or
Go to some related
logs:
dengares
#perl
#bash
ext2 unsupported optional features mount t=ext2
#debian
apt-get install chillispot
#lisp
#fedora
Exception... 'Permission denied to get property XULElement.selectedIndex
css scale background image
|
|