Code:
<?php
$gateway_url = $url."?ORDERID=".$orderid."&SESSIONID=".$sessionid;
echo '<iframe src="{$gateway_url}" frameborder="0" scrolling="no"></iframe>';
?>
koharu
Last Activity: Jun 11 '14, 12:57 AM
Joined: Apr 30 '14
Location: Western Australia (Perth)
-
Maybe try;
Without seeing the rest of your code, debugging is not really possible. -
Since you have no validation, one can assume that there could be an issue with your SQL Query, or the data being sent to your SQL Query. Turn on Error Reporting (error_reportin g('E_ALL'); and ensure you have proper levels of validation applied to your query to ensure your query is returning data.
Also, your page will only display if something is posted to it, if nothing is posted to the page, it will display a blank page.Leave a comment:
-
Both of the above are great ideas, and should be followed as a standard. You can also add header("Locatio n: somewhere.php") ; which will quickly redirect a person on successful completion of inserting into a Database, pressing the back button will take the person back to the form.
Another option is to use jQuery to post the data, and lock the form so no double clicking on buttons will cause issues.Leave a comment:
-
Hi Kity.
I've cleaned up the code you posted, please bare in mind that most cases of bad coding are due to messy coding being difficult even for the author to follow.
Here's the cleaned code with comments on improvement. I have verified that the syntax is correct and working.
...Code:<?php session_start(); include("includes/config_db.php"); // Define $myusername and $mypassword $myusernameLeave a comment:
-
Ok, well... There are a few methods I can think of.
Method 1;
Validate the $_SERVER['HTTP_REFERER'] (This can be spoofed, so it isn't fool-proof)
Method 2;
Use Includes within your index.php file (structure your index.php file as a gateway file) and in all files being included, validate that a specific variable has been passed. If it hasn't, spoof an error 404 with PHP.
Method 3;
Use Apache...Leave a comment:
-
Verify that your Apache or webserver is configured to run XML files (if not just this XML file) as a PHP file, otherwise, calling it whatever.xml will cause the server to serve the php file as an XML file without the file being sent through the PHP Parser.Leave a comment:
-
What I would do to achieve this ADITYA NAYAK is as followed;
Create a $_POST html fieldset and form, code my script to wait for data to be posted. Using the posted data from the input, I would then use CURL to execute the URL and return the output into a variable where I can manipulate the output, then echo the output to the browser.
Perhaps this might be a good method for you too? Be careful of XSS vulnerabilities in your...Leave a comment:
-
Hi Fatma Fares.
Standard MySQL Syntax for an Insert Statement goes as followed;
For example;Code:INSERT INTO `add que` VALUES ();
I suggest you do some reading on MySQL Queries here;Code:INSERT INTO `my users` VALUES ('','Koharu',md5('myPass'),'something@towho.com');
https://dev.mysql.com/doc/refman/5.0/en/examples.html...Leave a comment:
-
I cut and pasted that script onto a blank server running PHP, MySQL and Apache. It worked perfectly. Verify the code you have in your own files.
One can be forgiven to assume that there was some form of copy and paste issue (PEBKAC?) based on "3." causing the error.
Can you paste up the contents of your update_script.p hp file?Leave a comment:
-
Hi Oriola1
I noticed that your script is very susceptible to SQL injections. There are two options for you, you can look at using the string prepare function native to MySQLi. (See: http://php.net/manual/en/mysqli.prepare.php) as best practices are to never use the string directly within the query. I have hardened your code, and fixed some notable errors I saw. Bare in mind that you need to specify the mysqli link for mysqli_error to...Leave a comment:
No activity results to display
Leave a comment: