Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 05/25/2021 in all areas

  1. Too many people are obsessed with "filtering" bad inputs. You don't have to "filter" anything. You don't have to remove HTML tags. You don't have to remove SQL keywords. You don't have to strip quotes or backslashes. All you have to do is make sure that whatever the user typed doesn't screw around with what you're trying to do. Want to put it into HTML? Make sure it doesn't screw around with your HTML. Want to put it into SQL? Make sure it doesn't screw around with your SQL. Want to send it in JSON? Make sure it doesn't screw around with your JSON. And every single one
    3 points
  2. Don't use "SELECT * ". Specify the columns you want. This makes it easier for others, like me, to understand what is in the table and what the query is doing. Indent your code to show the nested structure of loops etc. If you had done those I might have given this problem more than a cursory glance. So you'll have to settle for a generic example of using a recursive function to give an indented list of parent/child elements. Also, Don't run queries inside loops. Use JOINs to get all the data in a single query THE DATA TABLE: category +----+---------+--------+ | id
    2 points
  3. If you want it in a single query, initialize the variables in a joined subquery SELECT , (@csumA := @csumA + A) as cumulative_A , (@csumM := @csumM + M) as cumulative_M , (@csumE := @csumE + E) as cumulative_E , (@csumW := @csumW + W) as cumulative_W FROM ( SELECT WEEK(s.date) week, SUM(CASE WHEN s.user_id = 50 THEN s.points ELSE 0 END) AS A, SUM(CASE WHEN s.user_id = 51 THEN s.points ELSE 0 END) AS M, SUM(CASE WHEN s.user_id = 52 THEN s.points ELSE 0 END) AS E, SUM(CASE WHEN s.user_id = 53 THEN s.points ELSE 0 E
    2 points
  4. because you haven't specified a length of 1 (one) - https://www.php.net/manual/en/function.substr.php
    1 point
  5. Don't use the version from FlatPak: it's unofficial and apparently buggy. Install VS Code from an official source.
    1 point
  6. Here's my attempt DATA mysql> select * from ajoo -> order by user, recno; +-------+----------+---------+---------+ | recno | user | v_score | rollavg | +-------+----------+---------+---------+ | 6 | mina1111 | 4 | 3.2500 | | 7 | mina1111 | 3 | 3.2000 | | 8 | mina1111 | 2 | 3.2000 | | 9 | mina1111 | 4 | 3.4000 | | 10 | mina1111 | 5 | 3.6000 | | 11 | mina1111 | 0 | 2.8000 | | 12 | mina1111 | 1 | 2.5000 | | 13 | mina1111 | 1 | 1.7500 | | 14 | mina1111 | 1 | 0.7500 | | 1 | nina1
    1 point
  7. Editor is a bit buggy with multiple toolbar rows, but I think I got it.
    1 point
  8. Over the lifetime of this (or any other) Application, you will spend far more time reading its code than you will writing any of it so go for whichever form expresses your intention most clearly. Personally, I'd go with the former or, perhaps, an even more concise one: if ( ! isset( $_SESSION['user'] ) ) exit ; if ( 'SiteOwner' !== $_SESSION['user'] ) exit ; I'm not sure of the context in which this runs - perhaps a redirect to another page might be more appropriate than the "exit"? YMMV. Regards, Phill W.
    1 point
  9. if(!isset($_SESSION['user']) || $_SESSION['user'] !== 'SiteOwner') { exit; }
    1 point
  10. <a href="\"index.php?id=".<?php echo $data['id']; ?>."\">"
    1 point
  11. Excellent! If anyone asks, you're now applying the Principle of Least Privilege, getting your application work with the minimum level of permissions - just what it needs and nothing more. Also, you are now qualified to laugh openly at anyone that runs their entire Application as root. 😉 Regards, Phill W.
    1 point
  12. The only difference that missing </div> makes is that the second find() returns the text up to the next </div>, thus giving $name = "Name: madac" $age = "Age: 18 <div class='man'>Class: 12</div> " $cls = "Class: 12" So you just need to look for and trim off the excess "<div> ... </div>" Perhaps... $html = str_get_html('<div> <div class="man">Name: madac</div> <div class="man">Age: 18 <div class="man">Class: 12</div> </div>'); $name = trim_html($html->find('div[class="man"]', 0
    1 point
  13. You cannot browse to /test2 with your address bar. It is only accessible by POSTing an HTML form.
    1 point
  14. ...except when you use get? I am not "laravel literate" but aren't these using "get"? ...
    1 point
  15. But something is trying to use GET. You do not support it, which is why there is an error, but something is trying. The error message. How did you get it to happen? What did you do to see it?
    1 point
  16. You're going to have to do some troubleshooting. Find out what is causing a GET request against /test2, then we can make it stop doing that.
    1 point
  17. Before you can use $_SESSION you must call "session_start()". Put it at the start of the code.
    1 point
  18. An alternative is to use a similar approach (of scanning the table for existing records) but at the time of the vote submission to prevent another vote from being added if there are already 10 from that user.
    1 point
  19. Apparently something is trying to hit /test2 using GET instead of POST. Is it from the form? Is there any kind of Javascript involved? Does the form you posted, which clearly states it does use POST, actually have anything to do with the issue?
    1 point
  20. There is a very easy way to do this using a MySql myisam table. Store each vote in a table like this... CREATE TABLE `vote` ( `username` varchar(50) NOT NULL, `vote_year` year(4) NOT NULL, `week_num` tinyint(4) NOT NULL, `vote_count` int(11) NOT NULL AUTO_INCREMENT, `time_voted` datetime DEFAULT CURRENT_TIMESTAMP, `voted_for` int(11) DEFAULT NULL COMMENT 'Who/whatever was voted for', PRIMARY KEY (`username`,`vote_year`,`week_num`,`vote_count`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; Note the last column of the primary key is the auto-increment column "vote_count". This will
    1 point
  21. You entered "j" and it's listing records with user containing "j". So I don't see what's wrong with that. Are you talking about getting all those duplicates? It's because you're joining the login and dados_user tables together without telling MySQL how to join them together. You need a query that looks like SELECT login.user, dados_user.nome_proprio FROM login JOIN dados_user ON login.??? = dados_user.??? WHERE login.user LIKE '%$procura%' AND login.eliminado = 0
    1 point
  22. This is a fundamental difference between files and directories. On a file, the execute bit makes the file .. well .. executable. On a directory, the "execute" bit makes the directory "navigable", i.e. you can get "into" it. At present, you can see that the directory exists - you can 'r'ead it in a listing of the parent directory - but you cannot navigate into it. To do that, the directory must have its Execute bit set. More typical permissions on a directory would be 750: User:rwx Group:rx Other:(None) This link explains it better, albeit talking about NFS and
    1 point
  23. Use the code tags button "<>" when posting code. I added them for you this time.
    1 point
  24. To be clear, procedural versus object-oriented code has absolutely nothing to do with server security. Either people can see your code and files or they cannot.
    1 point
  25. ->with('a',$data1) The first argument to with() is the name of the variable you want to create inside the view. The second one is its value.
    1 point
  26. https://www.google.com/search?q=how+to+use+blade+templates+in+laravel
    1 point
  27. That was intended as a hint. Make them both the same and you should then be able to create your foreign key.
    1 point
  28. 1 point
  29. What is $request[1] supposed to be? Don't you mean $id?
    1 point
  30. Since you want to filter an array, I suggest array_filter() $times = [ '2021-06-02T19:40:00Z', '2021-06-03T02:10:00Z', '2021-06-03T01:10:00Z', '2021-06-02T23:05:00Z', '2021-06-02T23:05:00Z', '2021-06-02T23:07:00Z', '2021-06-02T23:20:00Z', '2021-06-02T18:20:00Z', '2021-06-03T00:10:00Z', '2021-06-03T00:40:00Z' ]; $d = new DateTime('23:59:59', new DateTimeZone('Z')); $newtimes = array_filter($times, function($v) use ($d) { return new DateTime($v) <= $d; });
    1 point
  31. app and App are two different things.
    1 point
  32. Are you sure you put Ultimate.php in the right place? What's the code in that file?
    1 point
  33. ... I finished reading. The [^\dX]+ is indeed very graceful, like a slinky dress. Very svelte. Exactly what I was hoping for. I'm disappointed that I didn't think of it or try it. There's no way I could have ever figured that out. In fact I won't even use it, it will make me mad every time I see it. I am starting to think PHP is like music, or genetics; your either born to be a Beethovin, or stuck for the rest of your life making Elevator music. Why couldn't I have figured that out!? Certainly not for lack of trying. ... Maybe I could have figured it out. Probably not. ...You shoul
    1 point
  34. I have come to the conclusion that nothing works perfectly to do this. This surprises me. How many servers and for how many years has this problem been around? OPTIONS PHP provides filters. The filters are pretty generic. Strip tag seems useless. One greater than symbol in the input and most of the good data is stripped out Clean-html seems better than the rest but I'll be damned if I can get it to work on my system https://github.com/dave-kennedy/clean-html
    1 point
  35. https://www.letmegooglethat.com/?q=install+mysql+on+linux
    0 points
This leaderboard is set to New York/GMT-04:00
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.