Leaderboard

Short answer: it's safe. Longer answer: it's as safe as any other PHP file on your server. It's a common practice to put this script, or at least a script that defines variables/constants with database credentials, in a PHP file that is not located inside the web root (eg, outside of your public_html or www or whatever directory that your site is based in) because if it's not an actual page then it really shouldn't be in the root; this practice is easy to achieve when you get larger sites that have a single public_html/index.php that runs an "application" or some similar concept whose files are all outside the root.

If you are starting with this (which could be the result from a table subquery) ... +----+----------------------+------------+-----------------+----------+ | id | disciplina | moduloUfcd | idcpDisciplinas | anoTurma | +----+----------------------+------------+-----------------+----------+ | 58 | Comunicação Visual | 8599 | 49 | 11 | | 59 | Comunicação Visual | 133 | 49 | 11 | | 60 | Comunicação Visual | 134 | 49 | 10 | +----+----------------------+------------+-----------------+----------+ then this query ... SELECT group_concat(id separator ', ') as ids , disciplina , group_concat(moduloUfcd separator ', ') as mods , idcpDisciplinas , anoTurma FROM gmc GROUP BY idcpDisciplinas, anoTurma; gives ... +--------+----------------------+-----------+-----------------+----------+ | ids | disciplina | mods | idcpDisciplinas | anoTurma | +--------+----------------------+-----------+-----------------+----------+ | 60 | Comunicação Visual | 134 | 49 | 10 | | 58, 59 | Comunicação Visual | 8599, 133 | 49 | 11 | +--------+----------------------+-----------+-----------------+----------+

Typically yes, that's what you see out on the net, but I would have to disagree with this method. IMO there is really only two common cases to use Try/Catch, that being the DB Connection and handling a duplicate constraint error. There is no need to litter the code base with Try/Catch blocks. (Yes, I was guilty of that until I got spanked by @Jacques1 and learned better) What "should" be done is set the PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION and let the exceptions bubble up and let PHP handle it, which it does very well. set_exception_handler can also be used if you want a custom handler for exceptions.

Actually, I think that Barand just made a small mistake, which is certainly very unusual for him The unique constraint should be: UNIQUE KEY `unq_page_link` (`user_id`, `page_link`), That will enforce uniqueness on a user/link basis, which is what I assume you are going for. This is a better solution in that you are using the db to enforce your integrity rule rather than relying on the front end code to do it for you. With that said, code around database queries needs to be written in a way that you catch and deal with database errors appropriately. Typically that is done with a try..catch block. I can't give you specifics without knowing in advance what db api you are using (mysqli vs pdo) . Here's an example out of the "(The only proper) PDO tutorial" which is highly recommended reading for anyone learning the PDO api: try { $pdo->prepare("INSERT INTO users VALUES (NULL,?,?,?,?)")->execute($data); } catch (PDOException $e) { $existingkey = "Integrity constraint violation: 1062 Duplicate entry"; if (strpos($e->getMessage(), $existingkey) !== FALSE) { // Take some action if there is a key constraint violation, i.e. duplicate name } else { throw $e; } } Assuming you are using PDO this could be adjusted to fit your problem as it is essentially the same issue you would face in dealing with the unique constraint violation to prevent a user from adding the same link multiple times. If you are using mysqli, then you should certainly read this. A general discussion of php error handling strategies is good to read. The important thing to note about this, is that you don't want to generalize error handling to try .. catch blocks around all your queries. This is a specific issue, having to do with something you expect to happen frequently. Lots of other database exceptions can happen, and you want to have a generalized exception handling solution for those.

Removing the battery from a fire alarm does not make the fire go away.

Seems to me that the best approach would be to fix the problem instead of disabling the warning.

Very interesting. That seems like something to look into but I do move at a pretty slow pace. I really do appreciate the ideas.

If $cat_id contains "" then the query will fail with a syntax error. But we don't know what's in it, nor do we know what's in your table - and we certainly have no idea what "don't work" means unless you tell us. Check if your query gave an error message.

Welcome to the community. It is designed for those interested in learning and developing systems based on PHP and related technologies. We do not allow for advertisements. Members in good standing are allowed to place promotional links in their signatures. Messages created solely for the purpose of advertisements will be edited or removed.

You do it in the same way you have in your get_post($pid) function, only this time pass the category id get_posts($cat_id)

You can't put functions inside strings like variables. <?php $x = date('Y'); $y = 1989; $description = "In this classic lecture which was delivered over " . ($x - $y) . " years ago, etc etc....."; echo $description; // ==> In this classic lecture which was delivered over 31 years ago, etc etc..... ?>

Have you tried putting a WHERE clause in your query, for example WHERE blog.cat_id = 4

No you don't. You have a function perfectly capable of giving you the current session ID. Why do you think you have to take that value, which is going to be the same value every time you call the function so long as the session is active, and put it into $_SESSION for you to get it? If you want the session ID then call the function. Stop overthinking this. No. You see two session files. Containing session data. For two different sessions. How did you run those queries? That's a rhetorical question. You aren't supposed to tell me the answer. You're supposed to consider what the answer is and then continue thinking about the implications of that answer in order to find the answer to your question.

I suggest you start your hunt for an answer over here.

Hi Barand, Amazing code and you only read a description of my bookmark profile. You are a 'helluva' coder. Your expertise and mastery shows in your replies. I don't really need to change anything that you have posted other than names but i didn't post to get free code. I am trying to learn from your example. I'm reading about sql now so that i can think better about these problems and approprite solutions. I'd like to come to the same conclusions as you oneday. I really learn alot from you and i thank you for that. Meantime, i've changed the last login code and it works well. I was actuly just inserting your login into lastlogin then inserting the current login into current login. I guess it is easier to say that login becomes your last login before i update the login. I guess i was thinking wrong here. Your idea is better. I don't have time to add the book mark code today. I have alot of things to do and i am behind schedule. I'll read more about sql before i go to bed, then tomorrow i will tackle this topic. I finished adding the bookmark profile to each page, so all i have to do now is submit it to the dbase. This code example is a great start! I also have to read the data from the db before i can display the bookmarks. I do not have so much coding experience as you do, so i am a bit slow. I'll update the post when i can finish this feature. I'll let you see the final code here so you can offer an opinion if you want to do so. Thank you, Barand, i have learned alot about sql today. You are steeringme in the right direction!