Leaderboard

Too many people are obsessed with "filtering" bad inputs. You don't have to "filter" anything. You don't have to remove HTML tags. You don't have to remove SQL keywords. You don't have to strip quotes or backslashes. All you have to do is make sure that whatever the user typed doesn't screw around with what you're trying to do. Want to put it into HTML? Make sure it doesn't screw around with your HTML. Want to put it into SQL? Make sure it doesn't screw around with your SQL. Want to send it in JSON? Make sure it doesn't screw around with your JSON. And every single one

Don't use "SELECT * ". Specify the columns you want. This makes it easier for others, like me, to understand what is in the table and what the query is doing. Indent your code to show the nested structure of loops etc. If you had done those I might have given this problem more than a cursory glance. So you'll have to settle for a generic example of using a recursive function to give an indented list of parent/child elements. Also, Don't run queries inside loops. Use JOINs to get all the data in a single query THE DATA TABLE: category +----+---------+--------+ | id

If you want it in a single query, initialize the variables in a joined subquery SELECT , (@csumA := @csumA + A) as cumulative_A , (@csumM := @csumM + M) as cumulative_M , (@csumE := @csumE + E) as cumulative_E , (@csumW := @csumW + W) as cumulative_W FROM ( SELECT WEEK(s.date) week, SUM(CASE WHEN s.user_id = 50 THEN s.points ELSE 0 END) AS A, SUM(CASE WHEN s.user_id = 51 THEN s.points ELSE 0 END) AS M, SUM(CASE WHEN s.user_id = 52 THEN s.points ELSE 0 END) AS E, SUM(CASE WHEN s.user_id = 53 THEN s.points ELSE 0 E

because you haven't specified a length of 1 (one) - https://www.php.net/manual/en/function.substr.php

Don't use the version from FlatPak: it's unofficial and apparently buggy. Install VS Code from an official source.

Here's my attempt DATA mysql> select * from ajoo -> order by user, recno; +-------+----------+---------+---------+ | recno | user | v_score | rollavg | +-------+----------+---------+---------+ | 6 | mina1111 | 4 | 3.2500 | | 7 | mina1111 | 3 | 3.2000 | | 8 | mina1111 | 2 | 3.2000 | | 9 | mina1111 | 4 | 3.4000 | | 10 | mina1111 | 5 | 3.6000 | | 11 | mina1111 | 0 | 2.8000 | | 12 | mina1111 | 1 | 2.5000 | | 13 | mina1111 | 1 | 1.7500 | | 14 | mina1111 | 1 | 0.7500 | | 1 | nina1

Editor is a bit buggy with multiple toolbar rows, but I think I got it.

Over the lifetime of this (or any other) Application, you will spend far more time reading its code than you will writing any of it so go for whichever form expresses your intention most clearly. Personally, I'd go with the former or, perhaps, an even more concise one: if ( ! isset( $_SESSION['user'] ) ) exit ; if ( 'SiteOwner' !== $_SESSION['user'] ) exit ; I'm not sure of the context in which this runs - perhaps a redirect to another page might be more appropriate than the "exit"? YMMV. Regards, Phill W.

if(!isset($_SESSION['user']) || $_SESSION['user'] !== 'SiteOwner') { exit; }

<a href="\"index.php?id=".<?php echo $data['id']; ?>."\">"

Excellent! If anyone asks, you're now applying the Principle of Least Privilege, getting your application work with the minimum level of permissions - just what it needs and nothing more. Also, you are now qualified to laugh openly at anyone that runs their entire Application as root. 😉 Regards, Phill W.

The only difference that missing </div> makes is that the second find() returns the text up to the next </div>, thus giving $name = "Name: madac" $age = "Age: 18 <div class='man'>Class: 12</div> " $cls = "Class: 12" So you just need to look for and trim off the excess "<div> ... </div>" Perhaps... $html = str_get_html('<div> <div class="man">Name: madac</div> <div class="man">Age: 18 <div class="man">Class: 12</div> </div>'); $name = trim_html($html->find('div[class="man"]', 0

You cannot browse to /test2 with your address bar. It is only accessible by POSTing an HTML form.

...except when you use get? I am not "laravel literate" but aren't these using "get"? ...

But something is trying to use GET. You do not support it, which is why there is an error, but something is trying. The error message. How did you get it to happen? What did you do to see it?

You're going to have to do some troubleshooting. Find out what is causing a GET request against /test2, then we can make it stop doing that.

Before you can use $_SESSION you must call "session_start()". Put it at the start of the code.

An alternative is to use a similar approach (of scanning the table for existing records) but at the time of the vote submission to prevent another vote from being added if there are already 10 from that user.

Apparently something is trying to hit /test2 using GET instead of POST. Is it from the form? Is there any kind of Javascript involved? Does the form you posted, which clearly states it does use POST, actually have anything to do with the issue?

There is a very easy way to do this using a MySql myisam table. Store each vote in a table like this... CREATE TABLE `vote` ( `username` varchar(50) NOT NULL, `vote_year` year(4) NOT NULL, `week_num` tinyint(4) NOT NULL, `vote_count` int(11) NOT NULL AUTO_INCREMENT, `time_voted` datetime DEFAULT CURRENT_TIMESTAMP, `voted_for` int(11) DEFAULT NULL COMMENT 'Who/whatever was voted for', PRIMARY KEY (`username`,`vote_year`,`week_num`,`vote_count`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; Note the last column of the primary key is the auto-increment column "vote_count". This will

You entered "j" and it's listing records with user containing "j". So I don't see what's wrong with that. Are you talking about getting all those duplicates? It's because you're joining the login and dados_user tables together without telling MySQL how to join them together. You need a query that looks like SELECT login.user, dados_user.nome_proprio FROM login JOIN dados_user ON login.??? = dados_user.??? WHERE login.user LIKE '%$procura%' AND login.eliminado = 0

This is a fundamental difference between files and directories. On a file, the execute bit makes the file .. well .. executable. On a directory, the "execute" bit makes the directory "navigable", i.e. you can get "into" it. At present, you can see that the directory exists - you can 'r'ead it in a listing of the parent directory - but you cannot navigate into it. To do that, the directory must have its Execute bit set. More typical permissions on a directory would be 750: User:rwx Group:rx Other:(None) This link explains it better, albeit talking about NFS and

Use the code tags button "<>" when posting code. I added them for you this time.

You haven't installed Node globally.

To be clear, procedural versus object-oriented code has absolutely nothing to do with server security. Either people can see your code and files or they cannot.

->with('a',$data1) The first argument to with() is the name of the variable you want to create inside the view. The second one is its value.

https://www.google.com/search?q=how+to+use+blade+templates+in+laravel

That was intended as a hint. Make them both the same and you should then be able to create your foreign key.

Is the column UNSIGNED in both tables?

What is $request[1] supposed to be? Don't you mean $id?

Since you want to filter an array, I suggest array_filter() $times = [ '2021-06-02T19:40:00Z', '2021-06-03T02:10:00Z', '2021-06-03T01:10:00Z', '2021-06-02T23:05:00Z', '2021-06-02T23:05:00Z', '2021-06-02T23:07:00Z', '2021-06-02T23:20:00Z', '2021-06-02T18:20:00Z', '2021-06-03T00:10:00Z', '2021-06-03T00:40:00Z' ]; $d = new DateTime('23:59:59', new DateTimeZone('Z')); $newtimes = array_filter($times, function($v) use ($d) { return new DateTime($v) <= $d; });

app and App are two different things.

Are you sure you put Ultimate.php in the right place? What's the code in that file?

... I finished reading. The [^\dX]+ is indeed very graceful, like a slinky dress. Very svelte. Exactly what I was hoping for. I'm disappointed that I didn't think of it or try it. There's no way I could have ever figured that out. In fact I won't even use it, it will make me mad every time I see it. I am starting to think PHP is like music, or genetics; your either born to be a Beethovin, or stuck for the rest of your life making Elevator music. Why couldn't I have figured that out!? Certainly not for lack of trying. ... Maybe I could have figured it out. Probably not. ...You shoul

I have come to the conclusion that nothing works perfectly to do this. This surprises me. How many servers and for how many years has this problem been around? OPTIONS PHP provides filters. The filters are pretty generic. Strip tag seems useless. One greater than symbol in the input and most of the good data is stripped out Clean-html seems better than the rest but I'll be damned if I can get it to work on my system https://github.com/dave-kennedy/clean-html

https://www.letmegooglethat.com/?q=install+mysql+on+linux