I am not by any means a professional coder but have managed to muddle my way through a design that I quite like and it uses php and a mysql database to collect and organize a portfolio of film work.
I know very little about php security and am looking for any advice on what I need to do with my code to make it safer. I have added a couple of things in that I have researched but am not sure if I am putting them in the correct places and if it is enough etc.
I would be very appreciative if someone could take a look and tell me what I need to do! - but please remember that I am not an experienced programmer and may get lost in the jargon a bit.
Below is the entire of the code, as I understand it is easier for people to see what's going on from the whole lot as opposed to be copying bits out.
Thank you so much anyone who can help me on this, I am much obliged! And I hope that I have not made too much of groanable coding for you!
Rob
THE CODE
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
<script type="text/javascript" language="javascript" src="lytebox.js"></script>
<link rel="stylesheet" href="lytebox.css" type="text/css" media="screen" />
<SCRIPT language="JavaScript">
function changecategory(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var newcategory = document.getElementsByName("newcategory");
else if( document.all ) // this is the way old msie versions work
var newcategory = document.all["newcategory"];
else if( document.layers ) // this is the way nn4 works
var newcategory = document.layers["newcategory"];
for(var x=0; x<newcategory.length; x++) {
if (newcategory[x].id == thechosenone) {
newcategory[x].style.display = 'block';
}
else {
newcategory[x].style.display = 'none';
}
}
showonlyone('newboxes1')
}
function showonlyone(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var newboxes = document.getElementsByName("newboxes");
else if( document.all ) // this is the way old msie versions work
var newboxes = document.all["newboxes"];
else if( document.layers ) // this is the way nn4 works
var newboxes = document.layers["newboxes"];
for(var x=0; x<newboxes.length; x++) {
if (newboxes[x].id == thechosenone) {
newboxes[x].style.display = 'block';
}
else {
newboxes[x].style.display = 'none';
}
}
}
function chcol(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var sublink = document.getElementsByName("sublink");
else if( document.all ) // this is the way old msie versions work
var sublink = document.all["sublink"];
else if( document.layers ) // this is the way nn4 works
var sublink = document.layers["sublink"];
for(var x=0; x<sublink.length; x++) {
if (sublink[x].id == thechosenone) {
sublink[x].style.color = '#33cccc';
}
else {
sublink[x].style.color = '#666666';
}
}
}
</SCRIPT>
<SCRIPT LANGUAGE="javascript">
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a)&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a.indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a;}}
}
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers.document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
function MM_openBrWindow(theURL,winName,features) { //v2.0
window.open(theURL,winName,features);
}
</SCRIPT>
<style>
body {
font-family: arial, helvetica, sans-serif;
font-size: 12px;
color: #666666;
}
a:link {color:#666666; text-decoration:none;}
a:hover {color:#33cccc; text-decoration:none;} /* mouse over link */
.link {color:#666666; text-decoration:none;}
.link:hover {color:#33cccc; text-decoration:none;} /* mouse over link */
div#container {width: 800px; text-align: left; position: relative; top: 0px; left: 50%; margin-left: -400px;};
#div-before, #div-after {
background-color:#88d;
}
#content {
background-color:white;
}
#contentpadding {
padding:0px;
}
#leftcolumn {
float:left;
width:300px;
padding-left:15px;
background-color:white;
}
#firstnextbutton {
width:80px;
}
#nextbutton {
float:right;
width:220px;
padding-left:15px;
}
#backbutton {
width:80px;
}
#pageno {
float:right;
}
#menufooterline {
position:relative;
width="100%";
text-align:right;
top:-30px;
}
#rightcolumn {
float:right;
width:400px;
background-color:white;
}
#footer {
clear:both;
background-color:#33d;
}
div#filmtitles {text-align:right; width:300px;}
div#submenu {text-align:right; }
#tab {
float:left;
width:100px;
}
#rightcolumnheader {
float:left;
text-align:left;
height: 62px;
}
#pageheader {
color:black;
font-size:26px;
}
#videotype {
position:relative;
top:-4px;
font-size:16px;
color:#33cccc;
}
#role {
position:relative;
top:-4px;
}
#videopopupthumb {
float:left;
padding-right: 5px;
}
#videopopuptitle {
width:400px;
color:black;
font-weight:normal;
font-size:20px;
}
#videopopuptype {
font-weight:normal;
font-size:12px;
color:#33cccc;
}
#videopopuprole {
font-weight:normal;
font-size:10px;
top:-70px;
}
#videopopupfooter {
clear:both;
height: 10px;
}
#additionalbanner {
position:absolute;
width: 200px;
height:120px;
top:50px;
right:0px;
text-align: right;
}
#pagecontent {
font-size:14px;
clear:both;
padding-left: 100px;
}
#bodytexttitle {
color: #33cccc;
}
#client {
width:100%;
text-align:right;
color: #33cccc;
}
#playbutton {
width:100%;
height:27px;
text-align:right;
}
#links {
position: relative;
top: -20px;
font-size:10px;
text-align:left;
}
</style>
</head>
<body>
<div id="container">
<div id="div-before">
</div>
<div id="content">
<img src="images/site_images/logo.jpg" alt="robert hindle logo" />
<div id="contentpadding">
<div id="leftcolumn">
<!-- LEFT COLUMN -->
<!-- LEFT COLUMN -->
<!-- LEFT COLUMN -->
<br />
<div id="menu">
<a href="films.htm" onMouseOut="MM_swapImage('films_button','','images/site_images/films_button.jpg', 1)" onMouseOver="MM_swapImage('films_button','','images/site_images/films_button_selected.jpg',1)"><img src="images/site_images/films_button.jpg" id="films_button" border="0"></a>
<a href="credits.htm" onMouseOut="MM_swapImage('credits_button','','images/site_images/credits_button.jpg', 1)" onMouseOver="MM_swapImage('credits_button','','images/site_images/credits_button_selected.jpg',1)"><img src="images/site_images/credits_button.jpg" id="credits_button" border="0"></a>
<a href="about.htm" onMouseOut="MM_swapImage('about_button','','images/site_images/about_button.jpg', 1)" onMouseOver="MM_swapImage('about_button','','images/site_images/about_button_selected.jpg',1)"><img src="images/site_images/about_button.jpg" id="about_button" border="0"></a>
<a href="contact.htm" onMouseOut="MM_swapImage('contact_button','','images/site_images/contact_button.jpg', 1)" onMouseOver="MM_swapImage('contact_button','','images/site_images/contact_button_selected.jpg',1)"><img src="images/site_images/contact_button.jpg" id="contact_button" border="0"></a>
</div><!-- END MENU -->
<div id="submenu">
<a href="javascript:changecategory('newcategory1');" name="sublink" id="sublink1" style="color: #33cccc" onClick="chcol('sublink1')">by category </a>
<a href="javascript:changecategory('newcategory2');" name="sublink" id="sublink2" onClick="chcol('sublink2')" >by job role </a>
<a href="javascript:changecategory('newcategory3');" name="sublink" id="sublink3" onClick="chcol('sublink3')" >by favourites </a>
</div>
<br />
<!-- MENU BY CATEGORY -->
<!-- MENU BY CATEGORY -->
<!-- MENU BY CATEGORY -->
<div name="newcategory" id="newcategory1" style=" display: block; height:450px">
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes1');" >Drama</a> </div>
<div name="newboxes" id="newboxes1" style="padding: 5px; width:300px; height:340px">
<!-- THUMBNAILS -->
<?php
include 'config.php';
include 'opendb.php';
?>
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE category='drama'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$category=mysql_result($result,$i,"category");
$pageid = "newpage".$category;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z= 0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z== "1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles" > <a href="javascript:showonlyone('newboxes2');" >Documentary</a> </div>
<div name="newboxes" id="newboxes2" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE category='documentary'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$category=mysql_result($result,$i,"category");
$pageid = "newpage".$category;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z = 0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z= 1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z == "1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes3');" >Music Videos</a> </div>
<div name="newboxes" id="newboxes3" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE category='musicvideo'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$category=mysql_result($result,$i,"category");
$pageid = "newpage".$category;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z= 0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z== "1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes4');" >Corporate</a> </div>
<div name="newboxes" id="newboxes4" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE category='corporate'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$category=mysql_result($result,$i,"category");
$pageid = "newpage".$category;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z= 0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z== "1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
</div> <!-- END menu_bycategory -->
<!-- END MENU BY CATEGORY -->
<!-- END MENU BY CATEGORY -->
<!-- END MENU BY CATEGORY -->
<!-- MENU BY JOB ROLE -->
<!-- MENU BY JOB ROLE -->
<!-- MENU BY JOB ROLE -->
<div name="newcategory" id="newcategory2" style=" display: none; height:450px">
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes1');" >Director</a> </div>
<div name="newboxes" id="newboxes1" style="padding: 5px; width:300px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE job_role='director'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$job_role=mysql_result($result,$i,"job_role");
$pageid = "newpage".$job_role;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z= 1;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z =="1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles" > <a href="javascript:showonlyone('newboxes2');" >Editor</a> </div>
<div name="newboxes" id="newboxes2" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE job_role='editor'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$job_role=mysql_result($result,$i,"job_role");
$pageid = "newpage".$job_role;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z=0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z=="1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes3');" >Camera</a> </div>
<div name="newboxes" id="newboxes3" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE job_role='camera'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$job_role=mysql_result($result,$i,"job_role");
$pageid = "newpage".$job_role;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z=0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z=="1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes4');" >Producer</a> </div>
<div name="newboxes" id="newboxes4" style="display: none;padding: 5px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role FROM $table WHERE job_role='producer'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$job_role=mysql_result($result,$i,"job_role");
$pageid = "newpage".$job_role;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z=0;
$a=2;
$currentpage = 0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z=="1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
</div>
</div>
</div> <!-- END menu_byjobrole -->
<!-- END MENU BY JOB ROLE -->
<!-- END MENU BY JOB ROLE -->
<!-- END MENU BY JOB ROLE -->
<!-- MENU BY FAVOURITES -->
<!-- MENU BY FAVOURITES -->
<!-- MENU BY FAVOURITES -->
<div name="newcategory" id="newcategory3" style=" display: none; height:450px">
<div id="filmtitles"> <a href="javascript:showonlyone('newboxes1');" >Favourites</a> </div>
<div name="newboxes" id="newboxes1" style="padding: 5px; width:300px; height:340px">
<!-- THUMBNAILS -->
<?php
$query="SELECT id, link, alt_text, category, job_role, favourite FROM $table WHERE favourite='true'";
$result=mysql_query($query);
$num=mysql_numrows($result);
$pageid = "nodata";
$i = 0;
if ($num > 0) {
$favourite=mysql_result($result,$i,"favourite");
$pageid = "newpage".$favourite;
}
?>
<SCRIPT LANGUAGE="javascript">
function changepage<?php echo "$pageid"; ?>(thechosenone) {
if( document.getElementById ) // this is the way the standards work
var <?php echo "$pageid"; ?> = document.getElementsByName("<?php echo "$pageid"; ?>");
else if( document.all ) // this is the way old msie versions work
var <?php echo "$pageid"; ?> = document.all["<?php echo "$pageid"; ?>"];
else if( document.layers ) // this is the way nn4 works
var <?php echo "$pageid"; ?> = document.layers["<?php echo "$pageid"; ?>"];
for(var x=0; x<<?php echo "$pageid"; ?>.length; x++) {
if (<?php echo "$pageid"; ?>[x].id == thechosenone) {
<?php echo "$pageid"; ?>[x].style.display = 'block';
}
else {
<?php echo "$pageid"; ?>[x].style.display = 'none';
}
}
}
</SCRIPT>
<?php
echo"<div name=\"".$pageid."\" id=\"".$pageid."1\" style=\" display: block; height:340px\">";
$z=0;
$a=2;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$link=mysql_result($result,$i,"link");
$alt_text=mysql_result($result,$i,"alt_text");
$img_identifier = $link . rand(1, 100);
echo "<a href=\"films.php?film=" . $link ." \" onMouseOut=\"MM_swapImage('" . $img_identifier ."','','images/thumbs/" . $link .".jpg', 1)\" onMouseOver=\"MM_swapImage('" . $img_identifier . "','','images/thumbs/" . $link . "_selected.jpg',1)\"><img src=\"images/thumbs/" . $link .".jpg\" id=\"" . $img_identifier . "\" border=\"0\" alt=\"". $alt_text . "\" ></a>";
echo " ";
if (($i+1) % 3 == '0') { echo"<br /><br />";}
if (($i+1) % 12 == '0') {
if ($i>12) {$z=1;}
$pageno = $a;
$currentpage = $pageno -1;
$back =$a-2;
if ($back > 0) {
echo"<div id=\"nextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno. "');\" >More...</a> </div>";
echo "<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div>";
}
else echo"<div id=\"firstnextbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$pageno."');\" >More...</a> </div>";
echo"<div id=\"pageno\" >".$currentpage." </div></div>
<div name=\"".$pageid."\" id=\"".$pageid.$pageno."\" style=\"display: none; \"padding: 5px; width:300px; height:340px\">";
$a++;
}
$i++;
}
if ($z=="1") {
$back = $back +1;
$currentpage = $currentpage +1;
echo"<div id=\"backbutton\" > <a href=\"javascript:changepage".$pageid."('".$pageid.$back."');\" >< Previous</a> </div><div id=\"pageno\" >".$currentpage." </div>";}
?>
<?php
mysql_close();
?>
</div>
</div>
</div> <!-- END menu_byfavourites -->
<!-- END MENU BY FAVOURITES -->
<!-- END MENU BY FAVOURITES -->
<!-- END MENU BY FAVOURITES -->
<div id="menufooterline">
<img src="images/site_images/menu_footer_line.jpg" />
</div>
</div> <!-- END LEFT COLUMN -->
<!-- RIGHT COLUMN -->
<div id="rightcolumn">
<?php
if (isset($_GET['film'])) {
$film = htmlentities($film);
$film = ($_GET['film']);
include 'config.php';
include 'opendb.php';
$query="SELECT link FROM $table WHERE link= '$film'";
$result=mysql_query($query);
if (mysql_num_rows($result) > 0) {
$query="SELECT * FROM $table WHERE link= '$film'";
$result=mysql_query($query);
$i = 0;
$link=mysql_result($result, $i, "link");
$alt_text=mysql_result($result, $i, "alt_text");
$job_role=mysql_result($result, $i, "job_role");
$film_header=mysql_result($result, $i, "film_header");
$film_type_txt=mysql_result($result, $i, "film_type_txt");
$role=mysql_result($result, $i, "role");
$description=mysql_result($result, $i, "description");
$client=mysql_result($result, $i, "client");
$link1=mysql_result($result, $i, "link1");
$link2=mysql_result($result, $i, "link2");
$link3=mysql_result($result, $i, "link3");
$video_link=mysql_result($result, $i, "video_link");
$additional_footer_img=mysql_result($result, $i, "additional_footer_img");
$additional_banner=mysql_result($result, $i, "additional_banner");
?>
<div id="tab">
<?php
echo"<img src=\"images/thumbs/" .$link . "_tab.jpg\" />";
?>
</div>
<div id="rightcolumnheader">
<div id="pageheader">
<?php echo $film_header ."." ?>
</div>
<div id="videotype">
<?php echo $film_type_txt ?>
</div>
<div id="role">
<?php echo $role ?>
</div>
</div> <!-- END right column header -->
<div id="pagecontent">
<br /><br />
<div id="bodytexttitle">
Description.
</div>
<div id="bodytext">
<?php echo $description ?>
</div> <!-- END bodytext -->
<br />
<div id="client">
<?php echo "Client:" . $client ?>
</div>
<br />
<div id="playbutton">
<?php
if ($video_link <> '') {
echo "<a href =\"video/".$video_link."\" rel=\"lyteframe\" rev=\"width: 480px; height: 290px; scrolling: no;\" info='<div id=\"videopopupthumb\">
<img src=\"images/thumbs/".$link."_tab.jpg\"></div><div id=\"videopopuptitle\">".$film_header.".</div><div id=\"videopopuptype\">".$film_type_txt."</div><div id=\"videopopuprole\">".$role."</div><div id=\"videopopupfooter\"></div>'><img src=\"images/site_images/play_button.jpg\" width=\"80px\" height=\"27px\" border=\"0\" /></a>";
}
?>
</div>
<div id="links">
<?php
echo "<div><a href=\"http://".$link1."\" target=\"_blank\" class=\"link\">".$link1."</a></div>";
echo "<div><a href=\"http://".$link2."\" target=\"_blank\" class=\"link\">".$link2."</a></div>";
echo "<div><a href=\"http://".$link3."\" target=\"_blank\" class=\"link\">".$link3."</a></div>";
?>
</div>
<br />
<div id="pagecontentfooter">
<?php
if ($additional_footer_img <> '') {
echo"<img src=\"images/additionalfooter/".$additional_footer_img."\" />";
}
?>
</div>
</div> <!-- END page content -->
<?php
}
else
{
die("Unknown film, please use the links on the right to select the film you would like to watch.");
}
}
?>
</div> <!-- END RIGHT COLUMN -->
<div id="footer">
FOOTER
</div> <!-- END FOOTER -->
<!-- ADDITIONAL ABSOLUTE DIVS -->
<div id="additionalbanner">
<?php
if ($additional_banner <> '') {
echo"<img src=\"images/additionalbanner/".$additional_banner."\" />";
}
?>
</div>
<!-- END ADDITIONAL ABSOLUTE DIVS -->
</div></div> <!-- END CONTENT AND CONTENT PADDING -->
<div id="div-after">
<p>id = div-after</p>
</div>
</div><!-- END CONTAINER -->
</body>
</html>
Relative novice seeking php security advice for new site
Moderator: General Moderators
-
roberthindle
- Forum Newbie
- Posts: 5
- Joined: Sun Jul 19, 2009 11:26 am
-
spider.nick
- Forum Commoner
- Posts: 72
- Joined: Wed Jul 15, 2009 12:22 pm
- Location: Overland Park, KS