Results 1 to 8 of 8

Thread: Online Glossary (php)

  1. #1
    Flak Monkey! Dorza's Avatar
    Join Date
    Jul 2003
    Location
    UK - South Wales
    Posts
    1,762
    Thanks
    34
    Thanked
    17 times in 15 posts
    • Dorza's system
      • Motherboard:
      • Asus P5B Deluxe - WiFi
      • CPU:
      • Q6600 @ 3.06Ghz
      • Memory:
      • 2GB Crucial
      • Storage:
      • 500GB Samsung SpinPoint
      • Graphics card(s):
      • Geforce 9600GT
      • PSU:
      • Cosair HX520W
      • Case:
      • LianLi something something or other
      • Monitor(s):
      • Eizo FlexScan S1910 (1280*1024)
      • Internet:
      • 2mb Virgin (when they want to give me that: else 1mb)

    Online Glossary (php)

    Just enquiring about the best way to do this. I've already got a working model (will explain it later on), but it occurred to me whilst i was doing it that its going to create a lot of recursive code which isn’t efficient. Any way here’s how the current system works.

    At the top of my page i have links with the names of each alphabetical letter, at the end I have a link called "View All". These links display all appropriate glossary entries for the name of the link. For example the View All link will display all the entries in the glossary while the "A" link will only display those starting with the letter A.

    In the following example i have used the "View All" link since this is what i have working. The HREF for this link is:
    PHP Code:
    ' . $_SERVER['PHP_SELF'] . '?viewAll=Yes 
    Now, further on down the page i have the following code which will display all of the glossary enties in the database :
    Note the viewAll in the "View All" Link and the viewAll in the GET variable

    PHP Code:
      <?php if(isset($_GET['viewAll'])) :
            
    //gloss_id = ID of the entry
                //gloss_acro = Acronym or Word to be entered e.g CPU
                //gloss_def = Defination of Acronym e.g Central Processing Unit
                //gloss_info = Information about this item e.g heart of a computer
                //gloss_char = Character Symbol for link sorting. Not needed for View All Link
                //gloss_date = Date of entry
            
    $datalist = @mysql_query("SELECT gloss_id, gloss_acro, gloss_def, gloss_info, gloss_char, gloss_date
                              FROM glossary
                          ORDER BY gloss_acro ASC"
    );
                          
                            if (!
    $datalist) {
                            exit(
    '<p>Error performing query: ' mysql_error() . '</p>');
                                        }

                                while (
    $data mysql_fetch_array($datalist)) {
        
                                    
    $g_id $data['gloss_id'];
                                    
    $g_acro $data['gloss_acro'];
                                    
    $g_def $data['gloss_def'];
                                    
    $g_info $data['gloss_info'];
                                    
    $g_date date("jS-M-y" ,$data['gloss_date']); // Not working yet
                                    
                                    // Display the glossary entries
                                    
    echo "$g_acro <br /> $g_def <br />$g_info<br /> $g_date<br /><br />" ;
                                
                                                          }
           endif;
    ?>
    The GET Variable at the top of the code checks if the "View All" Link has been activated (clicked) , If it has it runs the code below it and displays all the glossary entries on the page.

    This is when I suddenly realized i would need a mass of code to display the Glossary entries via their Alphabetical links. What i mean is if i wanted to display all Glossary entries starting with "A" I would need to change the "A" link HREF to
    PHP Code:
    ' . $_SERVER['PHP_SELF'] . '?A=Yes 
    and the $GET variable attribute to check "A" then run the code blow it with the appropriate changes to display all entries starting with A made. I would need a total of 27 blocks of similar code glossary to work as ive described above. As you can see this would make a very large list of code which basically does the same thing.

    Im guessing there’s a much better way to do this and a much shorter way to do it. If so could anyone guide me in the right direction please? If there’s something you don't understand in my explanation let me know so i can clarify things a bit.
    Last edited by Dorza; 15-09-2005 at 09:35 PM.

  2. #2
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    easy.

    searchterm as the variable

    then you can index the string, like its an array of characters, then test that its iether A to Z

    so if !(($searchterm[0]>0x40)&&($searchterm[0]<=5B)) {
    // invalid input
    } else {
    $searchterm = $searchterm[0];
    //use that.
    }

    just wrote that so it should work, but might be syntaxily incorect.
    throw new ArgumentException (String, String, Exception)

  3. #3
    Flak Monkey! Dorza's Avatar
    Join Date
    Jul 2003
    Location
    UK - South Wales
    Posts
    1,762
    Thanks
    34
    Thanked
    17 times in 15 posts
    • Dorza's system
      • Motherboard:
      • Asus P5B Deluxe - WiFi
      • CPU:
      • Q6600 @ 3.06Ghz
      • Memory:
      • 2GB Crucial
      • Storage:
      • 500GB Samsung SpinPoint
      • Graphics card(s):
      • Geforce 9600GT
      • PSU:
      • Cosair HX520W
      • Case:
      • LianLi something something or other
      • Monitor(s):
      • Eizo FlexScan S1910 (1280*1024)
      • Internet:
      • 2mb Virgin (when they want to give me that: else 1mb)
    Thanks for your reply, im still quite a novice at php, could you explain that code to me please, id like to understand how it works before i use it. I also dont understand the "searchterm as variable" line, what does that mean, how might i set it up?

    Thanks Animus

  4. #4
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    right by searchterm as variable, i just ment its THE vriable.

    on the page you would have like:

    foo.php?letter=A
    foo.php?letter=B
    foo.php?letter=C
    ...
    foo.php?letter=Z

    then have like $searchterm = $_GET('letter');

    then, becuase you should NEVER EVER EVER EVER EVER EVER just blindly use a variable in a database, we validate it. capital A is 0x41 (in hex) and Z is 0x5A.

    as you can see i didn't test the above code properly, i made a mistake, <=0x5B should just be<0x5B or <=0x5A

    a string is an array of chars, so we simply get the first char, and then make sure its higher than A and lower than Z if its not, you can display an error message, or just do the list all query.

    then we set the variable to just the first character, making sure that its ONLY one character long.

    you could do this with a "regular expression" but this way is slightly faster, this way in your variable searchterm, you have something u can use straight in your SQL query.

    I've not done PHP for over a year now thou, so it might have a few bugs.
    throw new ArgumentException (String, String, Exception)

  5. #5
    Flak Monkey! Dorza's Avatar
    Join Date
    Jul 2003
    Location
    UK - South Wales
    Posts
    1,762
    Thanks
    34
    Thanked
    17 times in 15 posts
    • Dorza's system
      • Motherboard:
      • Asus P5B Deluxe - WiFi
      • CPU:
      • Q6600 @ 3.06Ghz
      • Memory:
      • 2GB Crucial
      • Storage:
      • 500GB Samsung SpinPoint
      • Graphics card(s):
      • Geforce 9600GT
      • PSU:
      • Cosair HX520W
      • Case:
      • LianLi something something or other
      • Monitor(s):
      • Eizo FlexScan S1910 (1280*1024)
      • Internet:
      • 2mb Virgin (when they want to give me that: else 1mb)
    thanks for your help. got it sorted now, didnt quite use what you gave, but it seems to work fine so far:
    PHP Code:
    $letter $_GET['letter'];     //letter = <a href="blah?letter=A-Z"> in A-Z links, 1 is used for # link
            
    if ($letter) {
                            
                
    $datalist = @mysql_query("SELECT gloss_id, gloss_acro, gloss_def, gloss_info, gloss_char, gloss_date
                              FROM glossary
                          WHERE gloss_char LIKE '%
    $letter%' 
                          ORDER BY gloss_acro ASC"
    );
                          
                            if (!
    $datalist) {
                            exit(
    '<p>Error performing query: ' mysql_error() . '</p>');
                                        }

                                while (
    $data mysql_fetch_array($datalist)) {
        
                                    
    $g_id $data['gloss_id'];
                                    
    $g_acro $data['gloss_acro'];
                                    
    $g_def $data['gloss_def'];
                                    
    $g_info $data['gloss_info'];
                                    
    $g_date date("jS-M-y" ,$data['gloss_date']); //not working yet
                                    

                                    // Display the glossary entries
                                    
    echo "$g_acro <br /> $g_def <br />$g_info<br /> $g_date<br /><br />" ;
                                
                                                          }
            

            } else { 
    //Repeat the query without the "WHERE" clause
                           //This is for View All link

     

    Thanks again Animus
    Last edited by Dorza; 16-09-2005 at 03:32 PM.

  6. #6
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    okay, what would happen if i put in a ' and an sql comment, followed by DROP TABLE *;

    The code i used wasn't to do anything with the database, but to validate the input. That is make sure its not going to hurt things.

    PHP i used to like, I'd been a strong advocate of it since version 3, but .net and IIS6 are just better in everyway whitby's IDE is fantastic. But most of all:

    PHP is hidesously insecure (i'm going to get flamed for this probably) but it encourages, always has done, realy insecure code.

    Before using a variable in an SQL query, you must validate it, this means make sure its not nasty. The code i posted was to make sure that it was in the range A-Z, and only use one charactor (ignore any more that excistsed). Without that sorta thing, your very vunerable.
    throw new ArgumentException (String, String, Exception)

  7. #7
    Flak Monkey! Dorza's Avatar
    Join Date
    Jul 2003
    Location
    UK - South Wales
    Posts
    1,762
    Thanks
    34
    Thanked
    17 times in 15 posts
    • Dorza's system
      • Motherboard:
      • Asus P5B Deluxe - WiFi
      • CPU:
      • Q6600 @ 3.06Ghz
      • Memory:
      • 2GB Crucial
      • Storage:
      • 500GB Samsung SpinPoint
      • Graphics card(s):
      • Geforce 9600GT
      • PSU:
      • Cosair HX520W
      • Case:
      • LianLi something something or other
      • Monitor(s):
      • Eizo FlexScan S1910 (1280*1024)
      • Internet:
      • 2mb Virgin (when they want to give me that: else 1mb)
    Id like to use what you told me, i try to make security/best practices the highest priority if i know about them (which is hard if your still kind of new to the whole scripting malarkey) but when i use :

    if !(($searchterm[0]>0x40)&&($searchterm[0]<=5B))

    it just comes back with an error saying: syntax error, unexpected '!', expecting '(' in blah blah. Ive moved the ! everywhere that would make sense to me but then the error changes to Unexpected T_STRING. I've had errors like this before and sorted them out but this one has got me i simply can't see (though my inexperience probably) what’s wrong or what i need to do.

    EDIT:In your last post are you talking about the possibility of an SQL injection attack?
    Last edited by Dorza; 16-09-2005 at 07:44 PM.

  8. #8
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    yes its an injection attack

    first error is because ! should have a ( before, and another ) at the end.

    this is because i'm using something that can't be done in PHP with the way it handles strings evidently. Before comparing the character to an integer, you must use ORD

    so code is now
    if (!((ord($searchterm[0])>0x40)&&(ord($searchterm[0])<5B)))
    throw new ArgumentException (String, String, Exception)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Matrix online pay to play?
    By Jamiedaking in forum PC
    Replies: 9
    Last Post: 24-03-2005, 05:01 PM
  2. Online Gaming bad for you?
    By Nick in forum HEXUS News
    Replies: 9
    Last Post: 28-02-2005, 12:22 PM
  3. The Matrix Online, BETA call!
    By Nick in forum HEXUS News
    Replies: 1
    Last Post: 15-02-2005, 12:02 PM
  4. My new 512kb connection - online gaming
    By starside in forum Gaming
    Replies: 10
    Last Post: 28-02-2004, 04:14 AM
  5. Decent non-PHP online gallery
    By pickers in forum Software
    Replies: 4
    Last Post: 11-01-2004, 08:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •