joymis
-
Posts
37 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by joymis
-
-
Hello,
I have a code use for preventive SQL Injection, but the code looks not work, this is my code<?php class Util{ public static function edit_array($array) { array_walk_recursive($array, 'Util::edit_value'); } public static function edit_value(&$value) { $value = trim(htmlspecialchars($value, ENT_QUOTES)); } } Util::edit_array($_POST); print_r($_POST); ?>I print $_POST value and use browser's developer tools confirm, but the value still show single quote not '
I don't know why, please help me.
In addition to htmlspecialchars function, I want to know what should I also use to prevent SQL Injection.Thanks.
-
Hi, dsonesuk
Thank you for your help, It's work.
-
Hello, everyone
Assume I have the following some code
<form> ... <tr> <td> <button type="button" onclick="EditReset(0)"></button> <input type="text" class="edit_file_name" value="123"> </td> </tr> <tr> <td> <button type="button" onclick="EditReset(1)"></button> <input type="text" class="edit_file_name" value="abc"> </td> </tr> ... </form> <script> function EditReset(index){ // what kind of method can do it } </script>when I edit 1st row input change '123' to '123edit'
and edit 2nd row input change 'abc' to 'abcedit'
and then I click button ( EditReset(0) ), how can I do reset '123edit' to '123' but 'abcedit' will not be reset
because I don't want to use form.reset() reset all, have any method can do it?
Thank you -
ok, I will try it
Thanks for your help!
-
Hello!
I have a object array like this
[3]=> string(289) "struct Order4Vendor { string jit_batch; string line_id; string part_no; string order_no; string order_seq; decimal jit_qty; decimal no_ship_qty; decimal vend_qty; dateTime vend_updated; string part_name; string jit_no; dateTime pl_ship_dt; string modl_name; string vend_no;}" [6]=> string(97) "struct GetSingleOrder { string vend_no; string vend_pwd; string order_no; string order_seq;}" [7]=> string(69) "struct GetSingleOrderResponse { Order4Vendor GetSingleOrderResult;}"this is my code
<?php$soap = new SoapClient("xxxxx");$params= array( 'vend_no' => 'v1220', 'end_pwd' => 'ly3e90', 'order_no' => 'D153906', 'order_seq' => '001' );$result = $soap->GetSingleOrder($params)->GetSingleOrderResult;echo $result->jit_batch;?>How can I get $result->jit_batch value?
when I executed the program, my apache log display this message
[Wed Apr 15 17:13:57 2015] [error] [client 10.0.0.56] PHP Fatal error: Uncaught SoapFault exception: [soap:Server] System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.NullReferenceException: Object reference not set to an instance of an object.n at Asine.Gck.Services.WebServices.VMI2ec.VerifyVendor(String vend_no, String vend_pwd)n at Asine.Gck.Services.WebServices.VMI2ec.GetSingleOrder(String vend_no, String vend_pwd, String order_no, String order_seq)n --- End of inner exception stack trace --- in /JOY/www_beta/soap/client.php:27nStack trace:n#0 /JOY/www_beta/soap/client.php(27): SoapClient->__call('GetSingleOrder', Array)n#1 /JOY/www_beta/soap/client.php(27): SoapClient->GetSingleOrder(Array)n#2 {main}n thrown in /JOY/www_beta/soap/client.php on line 27Hope anyone can help
Thanks!
-
I got the answer, it's because of the code in the wsdl is wrong
<soap:address location="http://10.0.0.51:80/creat_wsdl.php" />
I modified it to server.php, and then it's work.
Thanks for your help!
-
I'm not sure why that would be happening. Have you tried using __soapCall to call one of the functions manually?
Yes, I have tried used __soapCall, but the same as before
-
Use the full URL to the WSDL file, not just a filename.
it's the same as before
<?phpini_set("soap.wsdl_cache_enabled", "0");$soap = new SoapClient("http://10.0.0.51/webservice.wsdl");echo $soap->Add('2', '4').'<br>'; // no displayecho $soap->bbbbb().'<br>'; // no displayvar_dump($soap->__getFunctions()); // can get function//=== no use WSDL , it's work ===========================$soap = new SoapClient(null, array("location" => "http://10.0.0.51/server.php","uri" => "abcd"));echo '<br>'.$soap->bbbbb();?>Thank you very much.
-
If you view the HTML source of the page, you only see a few <br> tags and the output from var_dump?
Yes, like this
Thank you very much.
-
What does the var_dump show?
It's show this.
array(2) { [0]=> string(32) "string Add(string $a, string $b)" [1]=> string(14) "string bbbbb()" }
Thank you very much.
-
Hello!
I reference Internet example try to practice SOAP, but I get a problem
I didn't use NUSOAP, this is my code
server.php
<?phpinclude("webservice.class.php"); ini_set("soap.wsdl_cache_enabled", "0");$server = new SoapServer('webservice.wsdl', array('soap_version' => SOAP_1_2,'uri' => "abcd")); $server->setClass("webservice"); $server->handle();?>webservice.class.php
<?php class webservice{ public function Add($a, $ { return $a + $b; } public function bbbbb() { return "Hello1234"; } }?>webservice.wsdl
<?xml version="1.0" ?><definitions name="test" targetNamespace="urn:test" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:test" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns="http://schemas.xmlsoap.org/wsdl/"><types xmlns="http://schemas.xmlsoap.org/wsdl/" /><portType name="testPort"> <operation name="Add"> <input message="tns:AddRequest" /> <output message="tns:AddResponse" /> </operation> <operation name="HelloWorld"> <input message="tns:HelloWorldRequest" /> <output message="tns:HelloWorldResponse" /> </operation></portType><binding name="testBinding" type="tns:testPort"><soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" /><operation name="Add"><soap:operation soapAction="urn:test#webservice#Add" /><input><soap:body use="encoded" namespace="urn:test" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /></input><output><soap:body use="encoded" namespace="urn:test" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /></output></operation><operation name="HelloWorld"><soap:operation soapAction="urn:test#webservice#HelloWorld" /><input><soap:body use="encoded" namespace="urn:test" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /></input><output><soap:body use="encoded" namespace="urn:test" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" /></output></operation></binding><service name="test"><documentation /><port name="testPort" binding="tns:testBinding"><soap:address location="http://10.0.0.51:80/creat_wsdl.php" /></port></service><message name="AddRequest"><part name="a" type="xsd:string" /><part name="b" type="xsd:string" /></message><message name="AddResponse"><part name="Add" type="xsd:string" /></message><message name="HelloWorldRequest"></message><message name="HelloWorldResponse"><part name="HelloWorld" type="xsd:string" /></message></definitions>
client.php
<?phpini_set("soap.wsdl_cache_enabled", "0");$soap = new SoapClient("webservice.wsdl");echo $soap->Add('2', '4').'<br>'; // no displayecho $soap->bbbbb().'<br>'; // no displayvar_dump($soap->__getFunctions()); // can get function//=== no use WSDL , it's work ===========================$soap = new SoapClient(null, array("location" => "http://10.0.0.51/server.php","uri" => "abcd"));echo '<br>'.$soap->bbbbb();?>Internet example explanation client.php use first and second "echo" can be display data
but it always only third "echo" can be display data....I don't know why
I look log, it's not print any error , use dump function that can get function
Hope anyone can helpMy English isn't very good, please don't mind.Thanks
about for preventive SQL Injection
in PHP
Posted
OK, I will change to use prepared statements to prevent SQL injection
thank you for your help.