JC5 Posted July 14, 2008 Share Posted July 14, 2008 Not sure which category this fits in..maybe CSS or JS or HTML but here goes. If you go to devwebsites.com and go to search and and it will display results. It displays much too wide. I tried to make the ad 200 px wide or 100px wide and it wont let me it says it has to be 795 px or longer..any ideas on how to fix? ...imthinking of just rearranging some stuff Link to comment Share on other sites More sharing options...
JC5 Posted July 17, 2008 Author Share Posted July 17, 2008 Cmon people 106 views and no help. Thanks anyway... Link to comment Share on other sites More sharing options...
Ingolme Posted July 17, 2008 Share Posted July 17, 2008 The problem is that we really don't know what you're refering to.By the way, in performing a search for the word "and" I got a MySQL error, this looks like a security problem. With a bit of thinking I could actually exploit this mistake. You should always put your values between quotes when performing queries. mysql_real_escape_string() won't save you from reserved words if you don't put quotes around the search term in the first place. Link to comment Share on other sites More sharing options...
Lonig Posted July 17, 2008 Share Posted July 17, 2008 I assume you mean adsense ad's.They are specifically made by the data provided... go into your adsense account and make a new ad that fits. they have all sorts of ad sizes.Plus, technically, if you are altering the size/shape/text without their authorization, you can end up getting removed from the program. So just choose a new ad layout from the adsense page. Link to comment Share on other sites More sharing options...
JC5 Posted July 17, 2008 Author Share Posted July 17, 2008 By the way, in performing a search for the word "and" I got a MySQL error, this looks like a security problem. With a bit of thinking I could actually exploit this mistake. You should always put your values between quotes when performing queries. mysql_real_escape_string() won't save you from reserved words if you don't put quotes around the search term in the first place.Incorrect. I tried it and it worked fine. U may have been doin this search while i was diong maitenance....but i saw no sql error.... and I already refitted the ads since I cant get help here fast. I posted this back on monday and decided to just reapply... Link to comment Share on other sites More sharing options...
Ingolme Posted July 17, 2008 Share Posted July 17, 2008 It's still doing the same to me. And it's only woth the word and, not any other words. MySQL error: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3Query: SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.visible>0 AND t.closed NOT LIKE 'moved|%' AND ()Does anybody else want to confirm this for me? http://www.devwebsites.com/forums/search.php/ Link to comment Share on other sites More sharing options...
Lonig Posted July 17, 2008 Share Posted July 17, 2008 tried to search for the word "and" without quotes and got this error... (different than Ingol's last) MySQL error: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3Query: SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.visible>0 AND t.closed NOT LIKE 'moved|%' AND () Tried in both IE6 and Opera 9.51. Tried at 3:21pm Central accord to my horrible clock. Link to comment Share on other sites More sharing options...
Skemcin Posted July 17, 2008 Share Posted July 17, 2008 I went to http://devwebsites.com/ from the left navigation, I clicked "Search" in the top left region under "Search by Keyword" I type "and" - without the quotes I got the following error dumped on the screen:MySQL error: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3Query: SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.visible>0 AND t.closed NOT LIKE 'moved|%' AND () (at time of this post)I only see Google ads presented on the homepage and did not see any issues with it corrupting the display Link to comment Share on other sites More sharing options...
JC5 Posted July 18, 2008 Author Share Posted July 18, 2008 I should have mentioned that I was replacing the search thing with the google search box righit under it...thought you would just use the google search box....nvm......cuz i just edited the site an hour ago n now the things not there. I havent had time to remove the search.. Link to comment Share on other sites More sharing options...
Kahor Posted July 18, 2008 Share Posted July 18, 2008 With a bit of thinking I could actually exploit this mistake. You should always put your values between quotes when performing queries. mysql_real_escape_string() won't save you from reserved words if you don't put quotes around the search term in the first place.Not directly related to the OP, but could you give an exemple of what you mean by putting values between quotes in your queries ?One exemple where it's secure, and one where it's not, with a possible exemple of how you could exploit that, if you don't mind, I used to work a lot with php/sql in a school project and am very curious about the subject.If you don't have time/will to explain, a good link would serve a long way too.Thx Link to comment Share on other sites More sharing options...
Ingolme Posted July 18, 2008 Share Posted July 18, 2008 Not directly related to the OP, but could you give an exemple of what you mean by putting values between quotes in your queries ?One exemple where it's secure, and one where it's not, with a possible exemple of how you could exploit that, if you don't mind, I used to work a lot with php/sql in a school project and am very curious about the subject.If you don't have time/will to explain, a good link would serve a long way too.ThxI'm not exactly sure how I would do it now, but the fact that it's reading the given input as a reserved word means that it's not being interpretted as a string.A normal query might be something like this:$value = mysql_real_escape_string($_POST['text']);mysql_query("SELECT * FROM my_table WHERE field='{$value}'"); Note that '{$value}' is between quotes, so no matter what you give it it's not going to cause an errorIf you remove the quotes you might get something like this:$value = mysql_real_escape_string($_POST['text']);mysql_query("SELECT * FROM my_table WHERE field={$value}"); People can put reserved words, such as "INSERT", "SELECT", "AND"... and it might have an effect on the query.This person's query looks strange to me. It looks something like this:First, $value has double quotes removed and interpretted somehow, single quotes are removed too. Backslashes are not escaped, which I was able to find that out too. And occasionally it returns LOWER(t.subject) LIKE '%something%'There is some kind of formatting to the variable I'm calling $value before a query similar to this one:SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.visible>0 AND t.closed NOT LIKE 'moved|%' AND ({$value}) Link to comment Share on other sites More sharing options...
Skemcin Posted July 18, 2008 Share Posted July 18, 2008 so is the ad banner issue resolved? Link to comment Share on other sites More sharing options...
JC5 Posted July 18, 2008 Author Share Posted July 18, 2008 i went back and just completely removed the search link on the navigation section. I put a new section for search. when i made this search button I was allowed to choose the sites I wanted. I chose:http://www.devwebsites.com/http://www.w3schools.comhttp://www.devshed.com/http://www.dynamicsitesolutions.com/I couldnt decide what else to do =/ Anyway I understand the problem but thats not an immediate attention as the google thing is there. when im done some other stuff i might go into the search.php file and work on itEdit: What do you guys think of the ads on the right? Link to comment Share on other sites More sharing options...
Kahor Posted July 18, 2008 Share Posted July 18, 2008 A normal query might be something like this:$value = mysql_real_escape_string($_POST['text']);mysql_query("SELECT * FROM my_table WHERE field='{$value}'"); Note that '{$value}' is between quotes, so no matter what you give it it's not going to cause an errorIf you remove the quotes you might get something like this:$value = mysql_real_escape_string($_POST['text']);mysql_query("SELECT * FROM my_table WHERE field={$value}"); People can put reserved words, such as "INSERT", "SELECT", "AND"... and it might have an effect on the query.Ok I kinda get it, though I always used my php variables wrapped in '". ."' and not {}(for exemple '".$value."') when used in sql queries, are you still talking about php ? Is my syntax correct and more importantly, secure ? What would be the equivalent NON secure way ? Link to comment Share on other sites More sharing options...
Lonig Posted July 18, 2008 Share Posted July 18, 2008 The ads on the right are fine, except I see in Opera 9.51 the follow bit of text between the middle and right columns. Reasons why this site isDon't have time to look at the source at the moment, but its in between the middle and right, and is in white font. I'll check back later and if its not fixed i'll look at source.Good looking site thus far, best of luck Link to comment Share on other sites More sharing options...
Lonig Posted July 18, 2008 Share Posted July 18, 2008 <p align="center"> Reasons why this site is better then all the rests:</p></div> Thats the line. Maybe all the nbsp's are breaking the format or something. again, I'll mess with it more later if you don't figure it out. Link to comment Share on other sites More sharing options...
Kahor Posted July 18, 2008 Share Posted July 18, 2008 Don't use ...use style attribute or css stylesheetHaven't used in a while but what I remenber is that used to break design depending on the navigator, much better to use CSS for that kind of things Link to comment Share on other sites More sharing options...
Skemcin Posted July 18, 2008 Share Posted July 18, 2008 is not a tool for positioning text.I do not like the two different ad themes - choose one. I prefer the top one as its font size matches much better. Link to comment Share on other sites More sharing options...
JC5 Posted July 18, 2008 Author Share Posted July 18, 2008 i am swamped now. for you all using opera 9.51 I am at a summer camp and all i am using is linux's firefox3 lol. anyway i try to work on it some but what i hate is how the ads go a little farther down then the content stuff. I think I will put a <br /> in there or put some padding to make them equal in the center. If you want to go ahead and mess with the and just tell me what i should put in place of that i'd do the rest man. then on the left I may put a section for tutorials and tip/tricks. ps.If you dont know what i mean by that just go to dynamicsitesolutions.com and look how he did it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.