Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by OJB

  1. Fair enough... Best of luck with the site
  2. No problemo... I meant why dont you use text fields, radio buttons, drop down lists etc.... Like for HD-DVD I would personally use a radio button For things like movie title I would use text field instead.... Text areas come in handy for the review sections obviously because they are lengthy pieces of writing.... Anyway, glad I could help... Dont forget to sanitise your data too as I mentioned at the bottom of my first post!
  3. You dont seem to be grabbing the rating_audio and rating_video in your select: >$dvd = @mysql_query("SELECT id, title, list_title, year, studio, mpaa_rating, runtime, retail_price, release_date, criticid, posted, dvd_cover, rating_film, rating_features, rating_audiovideo, rating_overall, director, writer, cast, theater_releasedate, supplemental_features, body_film, body_features, body_audiovideo, image1, image2, keywords, discs, chapters, screenformat, audio_english, subtitles, amazon, body_overall, edition, hddvd FROM dvd_reviews WHERE id='$id'"); As a test I also deleted all the stuff that grabs from other tables so I was left with just the form. I filled in all the details... then put die(print_r($_POST)); at the top of the page and pressed submit... ALL values were infact in the POST array including rating_audio and rating_video... So i guess its because of the select query I have also noticed the following issue with your code: >$studios = @mysql_query('SELECT id, name FROM studio ORDER BY name'); if (!$videos) { exit('<p>Unable to obtain studio list from the database.</p>'); } should be if(!$studios) not if(!$videos) also, why are you using textareas for everything?
  4. So if you put a die statement after the query to print out the query are you saying the values for rating_audio and rating_video aren't there? die($sql); have you tried doing: die(print_r($_POST)); under where you are checking if the body_film isset? This will show you whether or not they are in the POST array. If they are in the POST array then they should be in the SQL statement. If they are in the SQL statement but not getting put into the DB then you may need to look at the field types in your DB of rating_audio and rating_video to make sure they are appropriate Just as a side note, you don't appear to be cleaning any of your POST values before banging them into the DB... I would suggest you mysql_real_escape_string them all and intval( )'ing the ones which should only be integers... just for ease of mind.
  5. WOW! hahah thanks a lot andy thats awesome.. really appreciate that... I will definitely give it a go at some point, thats brilliant! hahahah
  6. Hey guys I was wondering whether anyone knew of a way to automatically create .rar or .zip (I dont mind which) files from a list of files on my server... A bit more info: I want users to be able to select certain files and add them to a basket type thing. Then once they have paid I want a zip of the files they selected to be created on the fly and then emailed to them. I know the emailing can be done, just not sure if its possible to do the compression thing dynamically. Anyone know if this is do-able? Or anything similar? Thanks chaps, OJB
  7. Google suspects the site has malware... which has probably been inserted maliciously due to insecure permissions or scripts somewhere http://www.google.com/support/bin/answer.p...m=1&ct=help There is a link at the bottom of how to resolve this issue with google.
  8. if you are posting to the same page then why not use the $_POST array to repopulate the fields i.e. ><form action="thispage.php" method="post"> <input type="text" name="whatever" value="<?php echo (isset($_POST['whatever']) ? $_POST['whatever'] : ''); ?>" /> <input type="submit" name="insert" value="Insert" /> </form> This will repopulate the 'whatever' field with the value that was entered before the user clicked 'Insert' and it will leave the fields blank when the form is loaded for the first time (i.e. when the post array is empty) edit: sorry if this is an old thread i replied then saw the date.
  9. Looks sweet as a nut Thomas, thanks!!!
  10. Hey guys Was wondering whether I could get my new site added to the TCH family pages? 1. http://www.mixforme.co.uk 2. MixForMe 3. MixForMe provides affordable mixing and mastering solutions for anyone and everyone. 4. The site is a commercial venture 5. I have a linkback located at: http://www.mixforme.co.uk/links.php
  11. I know how you feel I am a developer for my company, but I also get to deal with emails from the children who use the site we have created. We were running a competition recently and I actually had 3 or 4 complaints from the children asking for the prize to be exchanged for a Nintendo Wii?? What is wrong with people nowadays... no you cannot have what ever you want!!! Cheeky buggers
  12. It's always best to sanitise anything which can affect (especially) mysql queries... What you could do is create a table with randomly generated unique hash's for each users IP address So when someone first goes on your site, they get a unique hash assigned to their IP, stored in the DB.... then load this and their IP into the $_SESSION variable and check that those match the DB prior to executing anything based on the session variables, because it is possible to spoof session values... plus checking values to make sure they are as expected... like intval( ) around anything that should only be an integer or mysql_real_escape_string() around anything that is a string these sorts of things will secure it up a little more
  13. I have three site at the moment... two were not coded/designed by me, one was.... but the site is not fully open to the public. I can PM you an address to it if you wish.. Its a CSS and LAMP (Linux, Apache, MySQL, PHP) site, entirely hand coded, but makes use of a limited CMS in the sense that I can write articles which automatically get posted to the main page.... 90% of the stuff on it is dynamically generated though.
  14. haha good to see it coming together nicely man just a quick question... are all of your pages hand written or do you use some variety of (either custom, or off-the-shelf) CMS to power it all?
  15. as a side note, when you click on the review of the film you are getting include errors these immediately give away certain information about your site which is best kept unknown, and it also showed me that your directory listings/structures are not blocked from public view i.e. i can go quite easily, to your includes folder and view the files in there, same with images, reviews and DVD add into your .htaccess in your root folder: Options -Indexes this will stop directory listings
  16. Im no expert on CSS... infact im pretty poo at it (still learning the ropes also) The image border thing, you havent specified a width or style of border, you could also try changing the name from .image to something like .review-image im not sure, but 'image' might be reserved or something???? try this: >.review-image { border: 1px solid #ff0000; }
  17. sorry yea I realised I had got ahead a bit... what exactly is the difference between IE and FF... the only main difference I notice (IE 7 and FF 2) is that under the headings in FF the blue line extends for further, there is more spacing between headings and their subsequent text and there is very slightly less padding between list item points and the text
  18. edit: sorry jumped the gun only to find out you fixed the <ul> tags being missing!! apologies
  19. Unfortunately FTP is not really an option for my site.... I have people registering, paying for the service, uploading some files, being able to delete the files (from the DB and server)... I can't really register FTP accounts for everyone, and also, I need to allow certain people access to certain other peoples files (to download).... It's all quite complex... and I can't really think of a better way of doing it, but 777 *sigh*
  20. ^ ignore that, after more testing it requires 777 but 777 screams DANGER!!
  21. 755 seems to work fine at the moment for me.. I can upload and delete
  22. Hey everyone I have just about finished building this custom script I wrote... Problem is I have 3 folders I need to allow people to upload to and delete from... but if i have CHMOD any lower than 755 it doesn't seem to allow this. Would 755 be secure enough? I only allow uploads in the form of .zip/.rar/.mp3/.gif/.jpg/.jpeg via checks in PHP... but the last thing I want to do is allow my site to be compromised and get shut down for security reasons
  23. As Andy said you will either need to get or write a PHP script to send you the emails and then in your form have it say: <form action="yourphpmailerscript.php" name="Register" id="Register" action ="post"> the PHP script itself can probably be pretty simple... a foreach to run through your $_POST array and appending this into the body section of your email... something similar to this: ><?php if(isset($_POST['Submit'] && !empty($_POST)) { $body = ''; foreach($_POST as $key => $val) { if($key != 'Submit') { $body .= $key . ' - ' . $val.'\n\r'; } } $to = 'YOUREMAIL@GOES.HERE'; $subject = 'Registration at Lincoln MS Website'; $from = "From: " .$_POST['E-mail2']; mail($to, $subject, $body, $from); } ?> Bare in mind this will be a very basic email. it will also do no checks to ensure everything is filled out correctly. It will just send the name of the particular form field, followed by the value entered. It also will not stop bots from submitting your form and sending you emails. If you want to put it into a DB you will have to make sure that sanitize all input from possible SQL-Injection and other filthy things... but thats more complicated
  24. Im with the others on this. The flash should go, its a pain waiting for it to load before I can click on it. For me, simple is key. Using Javascript and Flash isn't the most accessible way to develop webpages especially when some people still browse the internet without javascript enabled I'd say something simple and to the point, PHP, XHTML and a nice CSS style sheet
  • Create New...