Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My first project with php & mysql: Easy Invoice

Started by om sa, Jun 11 2011 09:01 PM

Please log in to reply

10 replies to this topic

#1
om sa

Posted 11 June 2011 - 09:01 PM

Newbie

Members
11 posts

Hey all,

Finally I have managed to finish my first project with php & mysql, which I called Easy Invoice.

The project still in beta phase, and need some testing and enhancement to be ready to use.

Easy Invoice is a simple billing system that aims to help small companies and shops to track their sales invoices.

The system was developed using php & mysql, and needed nearly three weeks to be completed.

Project link at Source forge

And this is the demo site
User: demo & Pass: demo

Finally, here you can go through the code online

I can't wait to hear your thoughts and comments about it.

Regards.

#2
bbqroast

Posted 15 June 2011 - 07:16 PM

Codecall Addict

Members
554 posts

Location:/etc/passwd

Cool!
BTW If I put a ' in a invoice it gets slashed :(.

Please, write clearly with proper structure. Double spacing makes the text feel un-jointed, Capitalizing Every Word Means People Stop Before Every Word Sub-Consciously Which Is A Pain In The Backside, and use code tags! (The right most styling box).

#3
om sa

Posted 16 June 2011 - 02:20 AM

Newbie

Members
11 posts

hey,
nice catch,
I think the problem caused by mysql_real_escape_string() function, which aims to prevent SQL Injection.
I'll look into it, and try to find a solution.

#4
Alexander

Posted 16 June 2011 - 02:26 AM

It's Science!

Moderators
4,120 posts

Location:Vancouver, Eh! Cleverness: 200

You've (or he does have) magic quotes enabled, this will automatically escape form variables and cause mysql_real_escape_string to escape twice without knowing.

You should create your own escape function, i.e.

function myEscapeFunction($string) {

    if(get_magic_quotes_gpc() == true) {

        $string = stripslashes($string);

    }

    return mysql_real_escape_string($string);

}

Note that this "feature" will be removed in PHP 6 releases

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#5
om sa

Posted 16 June 2011 - 07:50 AM

Newbie

Members
11 posts

Thanks Alexander,

By saying 'magic quotes enabled'? do you mean in PHP configuration ?

#6
Alexander

Posted 16 June 2011 - 05:58 PM

It's Science!

Moderators
4,120 posts

Location:Vancouver, Eh! Cleverness: 200

Yes, you can read about it on the PHP manual:
PHP: Magic Quotes - Manual

It was a controversial feature to automatically escape for you when enabled on certain installations, although this causes double escaping as mysql_* functions are not aware of its existence. This is due to be removed later on although we have not gotten there yet.

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.