Cibiņš Posted June 4, 2012 Report Share Posted June 4, 2012 (edited) Nesaprotu, kādēļ ja neaizpilda visus nepieciešamos laukus, saglabājot datus sesijā kods viss kā vajag. Bet kā aizsūta uz datubāzi tā kods ir izķēmots..:@ Uztaisot kautko un noseivojot sesijā tiek izvadīts šāds kods iekš formas: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head></head><body> <p><img src="http://www.enkurs.lv/newsletters/resources/files/design_aktuali.jpg" height="224" width="250" /></p><p>user axa</p> </body></html> Aizsūtot uz datubāzi tiek piebāzti pirms pēdiņām sleši :@ Un jo vairāk tu to seivošanas podziņu spaidīsi lai apdeitotu tabulas ierakstu, jo vairāk sleši līdīs priekšā :@ Tas tad kad pievieno ierakstu. Kad ieraksts jau ir modificēts, tad labojot ierakstu visur sleši klāt pa vienam. Izmēģināju daslešoties uz velna paraušanu nekas nelīdz.. :@ <!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.0 Transitional//EN\\\" \\\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\\"><html><head></head><body> <p><img src="http://www.enkurs.lv/\"http:/www.enkurs.lv/\\"http:/www.enkurs.lv/newsletters/resources/files/design_aktuali.jpg\\"\"" height="\"\\"224\\"\"" width="\"\\"250\\"\"" /></p><p>user axa</p> </body></html> Kods kurš "prikolējās" if(isset($_POST['savedraft'])){ $ttl=strip_tags($_POST['title']); $news=stripslashes($_POST['newscontent']); $escaped_ttl=mysql_real_escape_string($ttl); $escaped_news=mysql_real_escape_string($news); $stripslashed_ttl=stripslashes($escaped_ttl); $old = array('\r\n','<p></p>','\"','\"'); $new = array('','<p> </p>','"',''); $protected = str_replace($old, $new, $escaped_news); if(!$escaped_news || !$stripslashed_ttl){ $errormessage='<div id="msgbox3" class="errormessage"><img src="resources/template/img/warning-icon.png" width="16" height="16" alt="err_orng" style="position: absolute; margin-left: -25px; margin-top: -1px;" />Warning: Please fill required fields marked with *!</div>'; $_SESSION['wlm_news_ttl']=$stripslashed_ttl; $_SESSION['wlm_news_cntnt']=$protected; } else{ $checkhash = mysql_query("SELECT * FROM mails WHERE control='$hash'"); $hash_exist = mysql_num_rows($checkhash); if($hash_exist>0){ mysql_query("UPDATE mails SET name='$stripslashed_ttl', content='".$protected."', modified_by='".$_SESSION["onlineblinds_name"]."', modify_date='$timetype' WHERE control = '".$hash."'")or die(mysql_error()); } else{ mysql_query("INSERT INTO mails (name, content, add_by, add_date, modified_by, modify_date, control, status) VALUES ('$stripslashed_ttl','$protected','".$_SESSION["onlineblinds_name"]."','$timetype','".$_SESSION["onlineblinds_name"]."','$timetype','$hash','2');") or die(mysql_error()); } $errormessage='<div id="msgbox1" class="errormessage"><img src="resources/template/img/active-icon.png" width="16" height="16" alt="err_orng" style="position: absolute; margin-left: -25px; margin-top: -1px;" />Saved to draft!</div>'; if(isset($_SESSION['wlm_news_ttl'])){ unset($_SESSION['wlm_news_ttl']); } if(isset($_SESSION['wlm_news_cntnt'])){ unset($_SESSION['wlm_news_cntnt']); } } } Kā lai atkratās no tiem kaitinošajiem slešiem???? Edited June 5, 2012 by Cibiņš Link to comment Share on other sites More sharing options...
briedis Posted June 5, 2012 Report Share Posted June 5, 2012 http://php.net/manual/en/security.magicquotes.php Link to comment Share on other sites More sharing options...
Cibiņš Posted June 5, 2012 Author Report Share Posted June 5, 2012 (edited) Briedim kā vienmēr-taisnība! IDEĀLI!!! Viss sanāca, Paldies Briedi! :)) Bet tagad nevaru iebraukt ka lai nosūta e-pastā tiem e-pastiem, kas reģistrēti tabulā tā lai sūtot masu e-pastu neparādās pie To: 'user@email.com; user1@email.com; ....' bet konkrētais e-pasts. Piedevām skatos ka mans variants ir pasūdīgs, jo ja teiksim ir 1000 e-pasti, tad var sabremzēties. Pašlaik viņš izvada: implode() [function.implode]: Invalid arguments passed in.......Kādi argumenti tad īsti jāpadod no tabulas lai nemestu erroru un nosūtītos reģistrētajiem lietotājiem un mails nosūtās visiem tabulā esošajiem lietotājiem? $subscrquery = mysql_query("SELECT * FROM subscribers WHERE subscr_status='1'")or die(mysql_error()); while ($rowsubsc = mysql_fetch_array($subscrquery)) { $subscr_mail=$rowsubsc['subscr_mail']; $escaped_mail=mysql_real_escape_string($subscr_mail); $stripslashed_mail=stripslashes($escaped_mail); } $receiver = implode(',',$stripslashed_mail); $msgheader=$stripslashed_ttl; $mailheaders = "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=UTF-8\r\n"; $mailheaders .= "From: ".$sender." <".$sender.">\r\n"; $mailheaders .= "Reply-To: ".$sender." <".$sender.">\r\n"; $mailmsg .= $stripslashed_news; mail($receiver,$msgheader,$mailmsg,$mailheaders); Edited June 5, 2012 by Cibiņš Link to comment Share on other sites More sharing options...
Kavacky Posted June 5, 2012 Report Share Posted June 5, 2012 BCC? Link to comment Share on other sites More sharing options...
Cibiņš Posted June 5, 2012 Author Report Share Posted June 5, 2012 nu tak nē. Mēģināju uzmeikot savādāku sourci bet nekā :( Pirmajam saņēmējam nosūta vienu vēstuli, otram - vienu vēstuli bet divi saturi, trešajam-viena vēstule un trīs saturi. Kā lai uztaisa lai katram aizsūta pa vienam saturam? $subscrquery = mysql_query("SELECT subscr_mail FROM subscribers WHERE subscr_status='1'")or die(mysql_error()); while(list($subscr_mail) = mysql_fetch_row($subscrquery)) { $msgheader=$stripslashed_ttl; $mailheaders = "MIME-Version: 1.0\r\n"; $mailheaders .= "Content-type: text/html; charset=UTF-8\r\n"; $mailheaders .= "From: ".$sender." <".$sender.">\r\n"; $mailheaders .= "Reply-To: ".$sender." <".$sender.">\r\n"; $mailmsg .= $stripslashed_news; mail($subscr_mail,$msgheader,$mailmsg,$mailheaders); } Link to comment Share on other sites More sharing options...
xPtv45z Posted June 5, 2012 Report Share Posted June 5, 2012 Un ko tad tu gaidīji, kaut ko šādu ieliekot ciklā!?!? $mailmsg .= $stripslashed_news; Link to comment Share on other sites More sharing options...
Cibiņš Posted June 5, 2012 Author Report Share Posted June 5, 2012 Viss čiki piki, šis $to=array(); while($row = mysql_fetch_array($subscrquery)) { array_push($to, $row['subscr_mail']); } bija tas kas vajadzīgs :)) Paldies visiem! Link to comment Share on other sites More sharing options...
Recommended Posts