On Tue, April 24, 2007 3:40 pm, H.T wrote: > I wrote this piece of code to use for Google searching using daterange > directive. it works ok on local host running IIS and PHP 5.1.2 but > when i > test it on my host running php 4.4.4 on linux, $julian_days_from and > $julian_days_to variables don't get assigned any values and therefor > they > remain empty! Wild Guess: You don't have the JD/Gregorian functions installed, and your error_reporting is such that you don't even see the error message about the functions not existing. > What is wrong with this code? > > Here is the code: > > <?php > > if ($_POST){ This seems like an odd test to me... $_POST is an array. When will an array return "true"? I dunno... Hopefully it's a documented feature that hasn't changed, and even if the very first element of $_POST is: $_POST[0] = 0; this test will do what you expect... I just wouldn't bet the bank on it, personally... > if (empty($_POST['from'])){ > $error[]='Please enter From date.'; > } > else{ > $from=explode('-',$_POST['from']); Okay, you're ASSUMING that POST is valid date format, and not some whack XSS thingie. First Big Mistake. It's particularly egregious, since you almost for sure have a very specific date format here of YYYY-MM-DD or whatever. Test for that format, and kick out an "invalid From date" with $error[] if it's not kosher input. > $julian_days_from = gregoriantojd($from[1],$from[0],$from[2]); > } > if (empty($_POST['to'])){ > $error[]='Please enter To date.'; > } > > else { > $to=explode('-',$_POST['to']); > $julian_days_to = gregoriantojd($to[1],$to[0],$to[2]); > } > if ($julian_days_from>$julian_days_to){ > $error[]='From date can not be greater than To date!'; > } > if (empty($_POST['search'])){ > $error[]='Please enter your search term.'; > } > if (!isset($error)){ > $search_ready=explode(' ',$_POST['search']); > foreach($search_ready as $search_ready_val){ > $search_term=$search_term.'+'.$search_ready_val; > } > switch($_POST['search_in']){ > case ('web'): The parens here are kinda silly, at best... case 'web': > $query='http://www.google.com/search?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case > ('images'): Here you are pretty much allowing a XSS attack on not only your own computer, but also blindly shoving potentially ikcy stuff Google's way... Not the best way to make friends with Google folks. $_POST['language'] is probably supposed to be one of < 100 possible inputs. Check that it *IS* one of those inputs. $query='http://images.google.com/images?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case > ('video'): > $query='http://video.google.com/videosearch?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;case > ('book'): > $query='http://books.google.com/books?hl='.$_POST['language'].'&q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'&lr=lang_'.$_POST['language'];break;default:} > //header("Location:".$query);}}?><html><head><meta Hopefully this HTML came from a nicer-formatted source and is automatically crammed in here like this... If not, it's pretty icky, imho, to just have it that badly-formatted... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php