Leaderboard

It depends on the collation setting for the column.

OK - sorry. A little closer look at the question you're actually asking. first off, date's format 'h' is a 12-hour format with leading 0, so it won't read as '20'. And MySQL TIME type doesn't include AM/PM. Try changing the date format to 'H:i:s'.

User doesn't care. They don't look at URLs when they're just browsing around, and if they want to share the page they'll either use a share button or copy/paste what's up there. In fact that copying and pasting is a huge reason why ideas like putting session IDs into the URL (PHP's session.use_cookies/use_only_cookies) are strongly discouraged. That said, try to keep it simple. example.com/product.php?id=123 (or /products/123) is fine. Attempting to obfuscate it because you're scared, like example.com/product.php?product_id=uw433hyg5kishev6nyliser6nbyioq2gv49n68of325ob8nq534tb8, is not fine. People don't like things they can't understand: "123" is a number and people are okay with numbers, "B00005N5PF" is some sort of cryptic ID but it's okay too because it's short and easy to understand, but "uw433hyg5kishev6nyliser6nbyioq2gv49n68of325ob8nq534tb8" is a code and codes are for hackers. CoDeS aRe FoR hAcKeRs Probably, yeah. Lots of stuff on the internet already works like that. People are used to it.

I don't like having side conversations not specific to the thread topic,. But since this appears to be more instructive, I thought I'd respond to this question. There are a multitude of uses for hashes aside from passwords. It all depends on the developer identifying a need and implementing it. Basically any time you need to compare complex data. Here are a couple examples: 1. File comparison. For example, let's say you have an application that picks up a file every hour for processing. The file gets written regularly from some process outside of your application. BUT, even though it gets written regularly, it may not have any new data. I might store a hash when I process the file. Then, every hour I will run a hash on the current file contents. If the hash is the same, then I don't process it. There are many use cases where file comparison is needed and where hashing will fill that need. 2. Creating a unique key. In a mp3/music app I worked on, I needed to quickly look for duplicates based on a combination of multiple meta data fields before I inserted new records into the database. Since I was dealing with raw "text" values from the files being process I had not yet determine the unique IDs for some of that meta data. So, I could not use a unique constrain on a single table and it would require a query with multiple JOINs in order to check for a duplicate - on every MP3 file. The processing was executing against hundreds/thousands of files, so I wanted an efficient process. In order to simplify this process, I just created a unique key using a hash on the multiple values and could just check that value against a single table in the DB.

I wasn't trying to sound sarcastic, but I still don't follow what you are trying to accomplish in real life. Why do you want a product name, color and every SKU associated with it on one row? What happens if you have 25 SKUs of Blue Pliers? If this is a report, I think there is a better way to communicate things. Follow me?

What does a sample of your data look like before the query and what should it look like after? I showed you mine, you show me yours.

This begs the question, "Why the phuk are you boring us to death here, on what is basically a PHP site, with all this Python stuff when you could be doing it to the members of "python-forum.io?"

It's been over 10 years since I messed with Authorize.net API. I first used it to allow people to make single secure payments from a web page of mine to a bank account. That's it. Back then, they didn't have all of this fancy new stuff. Therefore, i really don't have any valuable comparisons to give. Also, I do not consider myself to be anything close to an expert (or even intermediate) level of creating secure systems. I ran a mail server about 6 years ago and that was a total nightmare. Literally, as soon as the server went live, it was plagued with bots and whatever else that started using my SMTP server as an open relay and my IP became blacklisted pretty quickly for spam. I google ad nauseum for how to secure this and how to secure that and what the best practices were, but I was in way over my head with absolutely no budget for anything to help me out. After 4 years of trying to maintain a mail server that successfully sent and received mail with no issues (though, there were still issues), I finally was able to convince my boss to switch to a Google Business account and let them handle all of that guff. Mail servers are an absolute nightmare that I wouldn't wish upon my worst enemy. I mean, installing SSL certificates is easier than maintaining a mail server. Anyway, this topic has nothing to do with mail servers. You know, I've never tried to even perform a breach in my life. I've never even tried to breach myself. It's an exhausting realm of web development that I avoid like the plague. Really, what is secure? Unless you're a Fortune 1000 company or something, I doubt you're going to have a hoard of people trying to hack your site; don't flatter yourself. I was a web developer and ran probably the least secure site, in my opinion, but the audience for that site was so minuscule compared to that of large corporations. It's about the same concept as viruses. Most people running a *nix system do not really need to worry about viruses because *nix systems do not take up much of the market share for personal computers. However, Windows is always being probed and poked and molested because it has a gigantic user-base. In any case, Authorize.net seems to have improved pretty much everything they had when I messed with it over a decade ago. Most, if not everything, of what I utilized is gone or deprecated. I mean, I would trust it. At the end of the day, though, the most secure you'll ever be able to make your system is if you cut it off from the net. If it's not on the internet, you really have nothing to worry about. If you're not connected to the internet, you're not going to get any viruses anytime soon. I know that's not an answer, but it's a hard truth to accept. Online banking is really awesome in my opinion, but I know that at any particular time, something could go awry and cause my life hell.

If you are using Authorize.net, then you can setup Customer Payment Profiles, using their API. You can then store (or relegate) the customer payment profile id to your users table in your database. Then, you don't have to worry about storing credit cards info anywhere. https://developer.authorize.net/api/reference/index.html#customer-profiles-get-customer-payment-profile Maintaining reconciliation with Authorize.net customer profiles and your own database/table of users can allow you to do what you're attempting to do. Using the API, you can send a request for the current users list of payment profiles. If there are more than two profiles, then you can write in whatever logic you want in your PHP script, for instance, aborting the chance of a transaction from the user, showing them an error message. Everything you need and more is available in their API.

According to your first post you have an array of paths/filenames EG $arr = [ 'xxx/yyy/aaa-bbb-xxx.txt', 'xxx/yyy/aaa-vcf.txt', 'xxx/yyy/aaa-bbb-vbn.txt', 'xxx/yyy/aaa-bbb-vvv.txt', 'xxx/yyy/aaa-bbb-vcf.txt', 'xxx/yyy/aaa-bbb-xcv.txt' ]; If that is the case, I think your preg_split line needs to add a "." so the file extension is excluded. I.E. if(preg_split("/[-.]+/", $userBase)[2] == $keyword) ^ then echo array_search_partial($arr, 'vcf'); //--> 4 Also, your function should return something (false ?) if no match is found.

Alternatively you can use the "@@" prefix for system variables E.G. mysql> select user(), @@hostname, @@port; +----------------+-----------------+--------+ | user() | @@hostname | @@port | +----------------+-----------------+--------+ | root@localhost | DESKTOP-DCGAC4S | 3306 | +----------------+-----------------+--------+

Another way is to simply: ALTER TABLE table_name SET AUTO_INCREMENT=0; Hope that helps.

You can use this regex to match internationally, even Japanese. /([\w -'\p{L}]+)/

IANAL. Check Articles 12-22 for the most significant parts. No, there does not have to be a means to contact the site owner, but there does have to be a way for the user to request their information, and/or that the information be destroyed. Which means some means of contact. If you don't already have a contact page then you can put the information in your privacy policy.

Either that or the OP is should not be programming.

Use glob() function which returns an array of the files. E.G. $folder = 'C:/Users/... /chartSamples/' ; foreach (glob("{$folder}*.png") as $fn) { echo basename($fn) . '<br>'; } giving column.png doughnut.png line.png radar.png rosechart.png stacked.png

The $freqs array contains the counts for P1, P2 , P3 for each digit... $freqs = Array ( [0] => Array # digit "0" ( [0] => 4 # P1 [1] => 7 # P2 [2] => 1 # P3 ) [1] => Array ( [0] => 3 [1] => 2 [2] => 6 ) [2] => Array ( [0] => 4 [1] => 4 [2] => 6 ) which, coincidentally, is the same structure as the output table. You now loop through the array and for each digit (row) loop through its array (positions columns) and build the table. // // create frequncy table and calc digit totals // $totals = array_fill_keys(range(0,9), []); $tdata = ''; foreach ($freqs as $n => $occs) { $tdata .= "<tr><td><b>$n</b></td>"; foreach ($occs as $o) { $tdata .= "<td>$o</td>"; } $total = array_sum($occs); $totals[$n] = [$n,$total]; $tdata .= "<td>=</td><td><b>$total</b></td></tr>\n"; } My complete solution...

Binding is useful when you want to process records in a loop. Bind the variables first then, in the loop, update the values and execute. EG $data = [ [ 1, 'Curly'], [ 2, 'Larry'], [ 3, 'Mo'] ]; $stmt = $db->prepare("INSERT INTO testuser (id, username) VALUES (:id, :user)"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->bindParam(':user', $username, PDO::PARAM_STR); foreach ($data as $user) { list($id, $username) = $user; $stmt->execute(); } EDIT: But, with PDO, there is the alternative that I used before EG $data = [ [ 1, 'Curly'], [ 2, 'Larry'], [ 3, 'Mo'] ]; $stmt = $db->prepare("INSERT INTO testuser (id, username) VALUES (?, ?)"); foreach ($data as $user) { $stmt->execute($user); } where the values are passed as an array when executing.

The answer is "normalize". Don't store comma-separated lists (especially when the list items are ids). The role_access table should be CREATE TABLE `role_access` ( `id` int(10) NOT NULL PRIMARY KEY, `page` int NOT NULL, `role` int(7) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; INSERT INTO `role_access` (`id`, `page`, `role`) VALUES (1,1,1), (2,2,1), (3,3,1), (4,4,1), (5,5,1), (6,2,2), (7,4,2), (8,5,2); Now you can join to the page table to get the page name

In that case you need to specify the banner you are looking for in the LEFT JOIN's ON clause EG (looking for banner #2) SELECT DISTINCT f.id as frameId , f.title as frameTitle , bf.banner_id FROM frames f LEFT JOIN banner_frame bf ON bf.frame_id = f.id AND bf.banner_id = 2 ORDER BY f.id; +---------+------------+-----------+ | frameId | frameTitle | banner_id | +---------+------------+-----------+ | 1 | Frame 1 | 2 | | 2 | Frame 2 | NULL | | 3 | Frame 3 | NULL | | 4 | Frame 4 | NULL | | 5 | Frame 5 | 2 | +---------+------------+-----------+

Just about all of your code is misplaced. The PHP code should be first. (except for output which should be in the html/body section Your <form> should be in the html/body section. Your <options>..</options>s should be between the <select>..</select> tags plus your course material appears to be many years out of date.

Your ?> is misplaced. It needs to be at the end of the PHP code and before the HTML code.

PHP and ASP are two very different languages and programming styles. Don't try to find PHP versions of the ASP things you know and instead learn the PHP way of doing it. Whatever editor you want. There is no best one.

... or you could have used <?=$tdata?> as I did. FYI, my PDO connection code is... $dsn = "mysql:dbname=$database; host=$host; charset=utf8"; $db = new pdo($dsn, $username, $password, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); so that any errors are reported

try WHERE wa.nurse=? or you can go with: WHERE wa.nurse=:nid $stmt->bindParam(":nid", $nid); $stmt->execute(); @Barand already showed you this and he showed you how to make your query beter readable:

I find the easiest way for this type of report is to store the data in a structured array as you process the query results. The array structure should reflect the report structure. EG Array ( [Week 38 Thursday 19/09/2019] => Array ( [shift] => 1 [ward] => ICU [patients] => Array ( [0] => Array ( [bed] => 1 [id] => HSSC014 [name] => Patient E ) [1] => Array ( [bed] => 3 [id] => HSSC019 [name] => Patient B ) [2] => Array ( [bed] => 6 [id] => 3bb2dc [name] => Patient J ) ) ) It is then just a matter of looping through the arrays to produce the desired output. HINT: You want to show patients on each day where that date is between the patients admission date and discharge date (ie.. the patient is there). It makes the logic much simpler, therefore, if unknown discharge dates (sometime in the future) are set to the "infinity date" (9999-12-31) +-----+------------+------+------+------------+----------------+-------+ | aid | patient_id | ward | bed | from_date | discharge_date | notes | +-----+------------+------+------+------------+----------------+-------+ | 8 | 3bb2dc | 7 | 6 | 2019-09-19 | 2019-09-22 | NULL | | 9 | HSSC018 | 5 | 1 | 2019-09-19 | 9999-12-31 | NULL | <-- discharge date not yet known +-----+------------+------+------+------------+----------------+-------+ This code builds the array from the query Now you just have to loop through the array with a couple of nested foreach() loops to output, like this ... $tdata = ''; foreach ($data as $dt => $ddata) { $tdata .= "<tr><th class='day'>$dt</th><th class='day' colspan='5'>&nbsp;</th></tr> <tr><td>&nbsp;</td><td class='ca'>{$ddata['shift']}</td><td>{$ddata['ward']}</td><td colspan='3'>&nbsp;</td></tr>\n"; foreach ($ddata['patients'] as $p) { $tdata .= "<tr><td colspan='3'>&nbsp;</td><td class='ca'>{$p['bed']}</td><td>{$p['id']}</td><td>{$p['name']}</td></tr>\n"; } } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sample</title> <style type="text/css"> body { font-family: verdana,sans-serif; font-size: 12pt; padding: 20px 50px; } th { padding: 16px; text-align: left; background-color: #396; color: #FFF; } th.day { background-color: #EEE; color: black; } td { padding: 8px 16px; } .ca { text-align: center; } </style> </head> <body> <table> <tr><th>Date</th><th>Shift</th><th>Ward</th><th>Bed</th><th colspan="2">Patient</th></tr> <?=$tdata?> </table> </body> </html> Results

Use a DatePeriod $dt1 = new DateTime('next sunday'); $diwk = new DateInterval('P7D'); $di6 = new DateInterval('P6D'); $num_weeks = 8; $period = new DatePeriod($dt1, $diwk, $num_weeks-1); foreach ($period as $d) { echo $d->format('M d') . ' &ndash; ' ; $end = $d->add($di6)->format('M d'); echo "$end<br>"; }

.. therefore the query being executed is SELECT * FROM UserList WHERE UserID=E0000001 1 ) String variables in a SQL statement need to be in single quotes otherwise they are thought to be a column name. 2 ) The variable shouldn't be there at all - you should be using a prepared statement and passing the id as a parameter $query = mysqli_prepare($con, "SELECT * FROM UserList WHERE UserID = ? "); $query->bind_param('s', $id); $query->execute();

OK, I need to correct myself I was mixing up some of the techniques. I went back and reviewed a training session about account management on Pluralsight (great training material). Troy Hunt (the author) recommends the following approach to prevent account enumeration: Upon submitting a form to register an account provide the user a common message along the lines of "Your registration has been processed, an email has been sent to complete your account". They would get this message in the case of a successful registration or a duplicate username/email. 1. If the registration was successful, the user receives an email to confirm the account 2. If there was a duplicate, send an email to the user that the account was already registered. Of course, this requires a more complicated process of user registration.

Agreed, you should let the user keep trying to register until eventually, in desperation, they try a different user name. At that point, when it works, they realize that the problem was a duplicate username. But at least, you didn't tell them. Just to add some clarity here. @benanamen is correct in that you don't want to create a system that allows a malicious user to easily ascertain usernames from your system - specifically in mass. And, @Barand is correct that it makes no sense on a registration page to NOT tell a user you could not create their account because they chose a user ID that is already in use. The problem to solve is to prevent a malicious user from farming the system to create an inventory of all your users through automation. The malicious users could then iterate through all the users trying different common passwords until they get a match. If this is important, there are various solutions that can be employed: 1. CAPTCHA or some other means that requires human interaction 2. Slow them down. Introduce a delay of a few seconds or more in the registration process which would make the time to get a full list lengthy even with automation. Easy to implement and would not be noticed by users. (as long as it is not excessive) 3. Keep a log of requests by IP, session, or some other means. If those attempts exceed a threshold you set then either prevent new requests or introduce an even longer delay. More difficult to implement. There are other ways (such as using analytics) to programatically detect malicious submissions. But, you need to determine the risks to your application and the costs associated with any potential data breach in order to weight how much effort to invest. EDIT: This is a registration page where a user is creating an account - not an authentication page. You should never tell a user the reason you could not authenticate them (i.e. username not found or password wrong). But, that is not what this was about

I didn't realize this was a challenge question. You're all being lazy relying on the date function 😁 function isFridayThirteenth($year, $month, $day) { $m = (($month+9)%12)+1; $C = floor($year/100); $Y = $year%100-(($m<11)?0:1); $W = ($day + floor(2.6*$m - 0.2) - (2*$C) + $Y + floor($Y/4) + floor($C/4)) % 7; return ($W==5 && $day==13); }

Perfect! I see it now. I ended up following your advice and created an fgetcsv PHP script (which only took me an hour, not the 2 days I anticipated :-) Now instead of the hassle of opening the file in excel, copy-and-pasting into text editor, creating a mySQL lookup, formatting the data to paste back into Excel, etc., all I have to do is open up SSH and type "php my_new_script.php" and voila.

Create a view for yourself that shows threads and the initial posts. It'll make life easier. Though I'm really skeptical that XenForo doesn't have a way to get that information sort of finding the first post for a given thread ID - after all, since there is an ID in the first place, surely there is some source generating that ID, right? Once you have the view the query to find users is trivial.

Not even close. This code... $product_details = "SELECT * FROM product WHERE product_id=".$_GET['product_id']; $prepare = $connect->prepare($product_details); $prepare->execute(); ...would embed any SQL injection code contained in the GET into the query which would then be executed. (Just as an unprepared query would) In the correct version the injection code would only be treated as data and not part of the SQL code.

Truncate the table. It will also delete all the data. TRUNCATE TABLE table_name; TRUNCATE TABLE table_name;

...and you are NOT using a framework like jQuery or Prototype, think long and hard to come up with a very good reason why you are not! In all my years of coding, the only valid reason I have ever seen for not using one of these tools, is because someone is trying to learn it the old fashioned way (but not necessarily actually build websites with it). Or...someone is trying to build their own framework. That's it! IMO there has been no other reason worthy enough to warrant not using jQuery or the like! "It will bloat my website, increase page load time, blahblah" is not a good enough reason! These frameworks are compacted and browsers will cache them! So if you post an AJAX question here and your code and/or question does not involve the use of an existing framework like jQuery, then be prepared for you first response to be something along the lines of "Why aren't you using a framework?" Seriously. It is super easy. Way easier than that code you're trying to post. Save yourself the headache. Get jQuery or similar. DO IT.

It was not my intention (nor do I think I implied it) to say you're stupid if you don't use a framework. I said do yourself a favor and make your life easier. Also, I am not "just another soldier" in the "we use frameworks" army. I actually actively resisted and opposed frameworks for a very long time. I too made arguments such as "If people learn jQuery, they won't learn the core language and therefore they will be weak." But the bottom line is that there's always going to be a certain amount of coding involved to keep things cross-browser compatible. And after several years of developing and maintaining my own baked framework (because that is essentially what you wind up with), I came to the realization that there's a whole lot of people out there much smarter than me who are dedicated to maintaining frameworks such as jQuery, vs. just myself, and on my very best of days my code will look very similar to theirs anyways. In short, I came to the realization that it was a waste of my time trying to develop and maintain my own baked framework, because my coding career does not revolve around that framework. Now, I still agree with the notion that one should take the time to learn javascript without frameworks, before diving into using them. I still absolutely agree with the dangers of not properly learning the nuances of javascript if you don't. And the same can be said for any language and framework. But if you've reached that level of expertise, all you are doing is holding yourself back by dedicating time and effort to maintaining your own baked solution. There's basically no compelling argument to do it, unless you are looking to distribute it and focus solely on it. Literally thousands of sites and coders out there developing, testing and submitting feedback etc. to a framework will always do it better than you, one person, trying to basically do the same thing on your own. And for what? Bragging rights? If I'm "just another.." then tell me, what makes you think rolling your own is better? I honestly want to know, because as I said, I did start on your side of the fence. Anyways, I also agree that there's little point in using it if you're only going to use like 1 tiny piece of it. I suppose I will concede that maybe I should amend the OP to weigh the options. But thing is, 9/10 times I see people not using a framework for stuff like AJAX.. turns out the site they are working on is already using a framework. This certainly comes up a lot more for freelancers and coders working in agencies who work with many clients on many sites and it's constantly new sites/clients in the door, vs. some coder working as web dev for a single company. Point being that if you get hired by a client to do some work on their site, it is better to evaluate what they already have going on there and use what's already there, than to just start throwing your own stuff into the mix. If you want to talk about unnecessary bloat, well that's a prime example right there. P.s. - telling me to "keep it civil" right after you've thrown out a "you're just another.." statement.. classy.

Lol first impression was "who the hell is starting yet another thread in caps". But I think many people here agree on what you just wrote. I don't even bother reading vanilla js doing ajax stuff.

🍎 🍎 🍎 🍊 🍊 🍊