473,402 Members | 2,072 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > $_server[php_self]

Join Bytes to post your question to a community of 473,402 software developers and data experts.

$_server[php_self]

hi all i'm having issues with this returned function. I can get it to
delete a database but i really want it to grab the stateselect
extention and grab all the cities related to that state. I wanted to
contain this on one page instead of going over multiple pages which i
can do. Sorry if this doesn't make much sense i'm a newbie.. below is
the code. the isset($_get is where i have the issues. any help would
be appreciated.

<?php

$dbcnx = @mysql_connect('localhost', 'root', '');
if (!$dbcnx) {
die( '<p>Unable to connect to the ' .
'database server at this time.</p>' );
}
// Select the hotel database
if (! @mysql_select_db('uniguest') ) {
die( '<p>Unable to locate the Hotel List ' .
'database at this time.</p>' );
}

$result = @mysql_query('SELECT DISTINCT state FROM hotelList ORDER by
state');
if (!$result) {
die('<p>Error performing query: ' .
mysql_error() . '</p>');
}
while ( $row = mysql_fetch_array($result) ) {
echo(' | <a href="' . $_SERVER['PHP_SELF'] . '?stateSelect=' .
$row['state'] . '">' . $row['state'] . '</a>');
}
// Select the hotel database
if (! @mysql_select_db('uniguest') ) {
die( '<p>Unable to locate the Hotel List ' .
'database at this time.</p>' );
}

if (isset($_GET['stateSelect'])) {
$state2 = $_GET['stateSelect'];
$query = mysql_query("SELECT * FROM hotelList WHERE state='$state2'
ORDER by name")
or die (mysql_error());
$name = $row['name'];
echo($name);
} else {
echo('<p>Error: ' .
mysql_error() . '</p>');
}
?>

Sep 19 '05 #1
1 1579
Mikey P:
hi all i'm having issues with this returned function. I can get it to
delete a database but i really want it to grab the stateselect
extention and grab all the cities related to that state. I wanted to
contain this on one page instead of going over multiple pages which i
can do. Sorry if this doesn't make much sense i'm a newbie.. below is
the code. the isset($_get is where i have the issues. any help would
be appreciated.

First off I wanted to suggest you do some reading on PHP Security as
your application falls victim to an input validation failure. Anytime
you get data from a user IE: $_GET, $_POST, $_COOKIE, $_REQUEST,
$_SERVER you need to check that the data you are getting is right...
Read the PHP Security Guide: http://phpsec.org/projects/guide/

Also your code is quite ugly... Work on formatting and not hiding
errors. Fix them first not hide them. In production you should log
your errors instead of allowing them to be displayed to the browser.
Also you only need to select the database once, and you should reuse
variables when they make sense to.

When inserting data into mysql use mysql_real_escape_string

Now onto fixing your code:
http://pastebin.com/368628
--
Mike Willbanks
Zend Certified Engineer
http://www.digitalstruct.com
Sep 20 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
$_SERVER[PHP_SELF] and <SELECT>
by: Salve Håkedal | last post by:
When I select Februar here and sends, selection returns to Januar. I know why: no option is marked selected... But can php get this right in an easy way? <html><head><title>Part of a bigger...
PHP
13
Why no [fragment] in parse_url($_SERVER['PHP_SELF'])?
by: deko | last post by:
I'm trying to identify which named anchor is currently being viewed on a page. Although the address bar of my browser shows #whatever appended to the end of the url, I can't seem to find it in a...
PHP
3
Difference between $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF']
by: Joshua Beall | last post by:
Hi All, What is the difference between $_SERVER and $_SERVER, and which is better to use? According to the CGI 1.1 spec (http://hoohoo.ncsa.uiuc.edu/cgi/env.html), SCRIPT_NAME is not...
PHP
10
form action = <?=$_SERVER['PHP_SELF']?> - stopped working
by: tHatDudeUK | last post by:
My form action code to submit values to itself have stopped working using the code form action = <?=$_SERVER?> This code used to work My web host recently told me they enabled phpsuexec...
PHP
1
"page Not Found" after submitting form to $_SERVER['PHP_SELF'] through Post Action
by: Michael Brennan-White | last post by:
If I submit my for using a get action the resulting page loads . If I use a post action I get an error page saying "The page cannot be found". I am calling the originating page!!! This happens...
PHP
10
$_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?)
by: Jim Carlock | last post by:
Looking for a way to extract the path from the pfqpn (partially full qualified path name). $sThisServer = $_SERVER; // returns either aquaticcreationsnc.com or www.aquaticcreationsnc.com ...
PHP
7
Help with $_POST and $_SERVER['PHP_SELF'] please.
by: Dynamo | last post by:
I am using values stored an $_POST array to display records from a table before asking the user if he is sure he wants to delete them. If the user confirms then the records are deleted. Without...
PHP
5
Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected)
by: Tom | last post by:
I have a function that restricts access to a page to logged in users. When a user who isn't logged in goes to the page, it will dynamically generate a login form. I'm trying to use it in...
PHP
4
XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ?
by: Jim Carlock | last post by:
Are the XSS / Cross Site Scripting attacks fixed in Version 4.44? I'm seeing that $_SERVER doesn't return the $_SERVER appended to it. I was just messing with a few things and noticed that...
PHP
4
$_SERVER[PHP_self]
by: vinnie | last post by:
can someone explain me with an easy example what the function for? I've read on the php.net, but didn;t really catch the point. I'm a newbie. Thanks
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!