Leaderboard

Too many people are obsessed with "filtering" bad inputs. You don't have to "filter" anything. You don't have to remove HTML tags. You don't have to remove SQL keywords. You don't have to strip quotes or backslashes. All you have to do is make sure that whatever the user typed doesn't screw around with what you're trying to do. Want to put it into HTML? Make sure it doesn't screw around with your HTML. Want to put it into SQL? Make sure it doesn't screw around with your SQL. Want to send it in JSON? Make sure it doesn't screw around with your JSON. And every single one

I enjoy the challenge when someone posts a problem I can get my teeth into.

Don't use "SELECT * ". Specify the columns you want. This makes it easier for others, like me, to understand what is in the table and what the query is doing. Indent your code to show the nested structure of loops etc. If you had done those I might have given this problem more than a cursory glance. So you'll have to settle for a generic example of using a recursive function to give an indented list of parent/child elements. Also, Don't run queries inside loops. Use JOINs to get all the data in a single query THE DATA TABLE: category +----+---------+--------+ | id

If you want it in a single query, initialize the variables in a joined subquery SELECT , (@csumA := @csumA + A) as cumulative_A , (@csumM := @csumM + M) as cumulative_M , (@csumE := @csumE + E) as cumulative_E , (@csumW := @csumW + W) as cumulative_W FROM ( SELECT WEEK(s.date) week, SUM(CASE WHEN s.user_id = 50 THEN s.points ELSE 0 END) AS A, SUM(CASE WHEN s.user_id = 51 THEN s.points ELSE 0 END) AS M, SUM(CASE WHEN s.user_id = 52 THEN s.points ELSE 0 END) AS E, SUM(CASE WHEN s.user_id = 53 THEN s.points ELSE 0 E

I'll eat my words. I couldn't resist the challenge so, having slept on it, I wrote a an SQL function "isConsecutive(dates)" to find records where there are fewer than 10 dates and they are consecutive. TEST DATA and QUERY TABLE: ahtest +----+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | adates

try foreach ($array as $k => $d) { if ($k > 0) { if (strtotime($d) > strtotime($array[$k-1])+6) { $new[] = "-------------------"; } } $new[] = $d; } $new = Array ( [0] => 2021-02-10 09:04:48 [1] => 2021-02-10 09:04:54 [2] => 2021-02-10 09:05:00 [3] => 2021-02-10 09:05:06 [4] => 2021-02-10 09:05:12 [5] => 2021-02-10 09:05:18 [6] => ------------------- [7] => 2021-02-10 09:06:18 [8] => 2021-02-10 09:06:24 ) [edit...] Alternative solution... $new = []; $ne

$this (programming pun intended) is the correct syntax, but produced a different error than the one you posted about the undefined variable. what was the error message in $this case? i'm going to guess that the database connection probably failed and there's no useful error handling in the code. while not the cause of the most immediate problem, your main code should be responsible for creating the database connection, then use dependency injection to supply that to any class that needs it. by making each class responsible for getting a specific database connection, your code is not ge

TIP: If you are creating home-grown charts, plotting the values is the easy bit. 95% of the coding effort will be in the drawing of chart area, plot area, axes, axis labels, scaling, titles etc. You can sidestep this with a simple table with horizontal bars. EG CODE EXAMPLE... <?php $values = [ 'Strongly Disagree' => 7, 'Disagree' => 10, 'Neither' => 12, 'Agree' => 25, 'Strongly Agree' => 41 ]; function valueChart(&$values) { $ou

Sort the array first. Assuming you start with ... $options = [ [ 'type' => 'Visual disability', 'name' => 'Audio-described cut-scenes' ], [ 'type' => 'Visual disability', 'name' => 'Highlighted path to follow' ], [ 'type' => 'Physical disability', 'name' => 'Sensitivity settings for all the controls' ], [ 'type' => 'Visual disability', 'name' => 'Screen readers on menus' ], [ 'type' => 'Visual disability', 'name' => 'Slow down the game speed' ], ]; then ...

I tried Googling charts.js to have a look at their API documentation. What I found was nothing like the formats that you appear to be using. I did manage to get a chart produced using google.visualization api (if that helps) <?php $getdata = ' { "result": [ { "ID": 1, "Users": [ { "UserObject": { "UserName": "User1", "-": { "ID": 1 }, "0": "0" }, "User": "User1", "Amount": 10 }, { "UserObject": { "UserName": "User

That's why I laid it out the way I did with the comments - so it would be easy for you get the separate feet/inches values if you still wanted to go that way. [edit] Look more closely at my code - you require two substring_index()s to extract the inches. The inner to get the string before the final " and the outer one to get the string after the ' SET feet = substring_index(@height, '\'', 1) * 12 , inches = substring_index(substring_index(@height, '"', 1), '\'', -1)

Meanwhile, here's an alternative solution to my previous one, this one without the SQL variables. SELECT SUM(CASE WHEN DATE(datein) > DATE(dateout) THEN DATEDIFF(datein, dateout) - 1 ELSE 0 END ) as tot_absent FROM ( SELECT a.dateout , MIN(b.datein) as datein FROM ajoo_login a LEFT JOIN ajoo_login b ON a.dateout < b.datein GROUP BY a.dateout ) logins; +------------+ | tot_absent | +------------+ | 327 | +------------+

OK, I loaded your data into a test table INSERT INTO ajoo_login (datein, dateout) VALUES ('2019-03-30 17:05:24', '2019-03-30 17:09:47'), ('2019-04-01 15:13:32', '2019-04-01 15:19:46'), ('2019-04-04 23:37:21', '2019-04-04 23:50:51'), ('2019-04-18 15:28:35', '2019-04-18 15:33:10'), ('2019-04-23 16:35:20', '2019-04-23 16:42:35'), ('2019-04-24 12:03:07', '2019-04-24 12:10:28'), ('2019-05-01 08:05:48', '2019-05-01 08:20:28'), ('2019-05-08 18:04:04', '2019-05-08 18:14:57'), ('2019-05-09 08:18:15', '2019-05-09 08:29:38'), ('2019-06-18 12:49:01', '2019-06-18 13:10:15'), ('2019-09-05 17:17:33', '20

NOTE: both instances of $db->query(..) in the above post should be $db->prepare(..)

However, using the string just as far as the the first entity $valrD = json_decode(valrGet, true); echo '<pre>$valrD = ', print_r($valrD, 1), '</pre>'; gives therefore $target = 'BTC/ZAR'; foreach ($valrD['response']['entities'] as $k => $ents) { if ($ents['pair_name'] == $target) { echo "$target asking price : {$ents['ask']['price']}<br>"; break; } } outputs "BTC/ZAR asking price : 179382.54"

if ($success) { $_SESSION["userLoggedIn"] = $username; header("Location:index.php"); }else{ $error = $account->getError(Constants::$registerFailed); } It's a good practice to use an exit after the header ("Location ...

Short answer: it's safe. Longer answer: it's as safe as any other PHP file on your server. It's a common practice to put this script, or at least a script that defines variables/constants with database credentials, in a PHP file that is not located inside the web root (eg, outside of your public_html or www or whatever directory that your site is based in) because if it's not an actual page then it really shouldn't be in the root; this practice is easy to achieve when you get larger sites that have a single public_html/index.php that runs an "application" or some similar concept whose fil

1 and 2 would presumably be input from the web page. The rest would be something like: for ($m=1; $m<=$M; $m++) { for ($l=1; $l<=$L; $l++) { for ($j=1; $j<=$N; $j++) { #do calculation here storing it in a 2D array } # select minimum here (perhaps min() function) } } # use array sort # use PHP vector class # compute distance from vectors # echo results in desired format

You are missing the step to prepare the query before binding the parameters. I would strongly advise you use PDO rather than mysqli - much simpler.

If it helps, note that that a <button> element can have a value attribute independent of its label <?php $option = $_GET['option'] ?? ''; if ($option) echo "You chose $option<hr>"; ?> <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sample</title> </head> <body> <form> Select an option <button name="option" value="1">Choose me</button> <button name="option" value="2">Choose me</button>

try $temp = []; foreach ($cars as $car) { $qty = intval($car); $key = trim(strstr($car, ','), ','); if (!isset($temp[$key])) $temp[$key] = 0; $temp[$key] += $qty; } foreach ($temp as $k => $t) { $newcars[] = "$t,$k"; }

code that unconditionally (always) outputs the raw database statement errors for the connection, query, prepare, and execute statements, only helps hackers when they intentionally trigger errors, since these errors contain things like the database hostname/ip address, database username, if a password is being used or not, part of the sql syntax, and web server path information. the only time you should output the raw database statement errors is when learning, developing, or debugging code/query(ies) and you are viewing the site as the developer/programmer. at all other times, you should

I created an extra table to define which category the values were in mysql> select * from catval; +-----+------+ | val | cat | +-----+------+ | 1 | 4 | | 2 | 4 | | 3 | 4 | | 4 | 4 | | 5 | 3 | | 6 | 3 | | 7 | 2 | | 8 | 2 | | 9 | 1 | | 10 | 1 | +-----+------+ then $sql = "SELECT a.cat as cata , b.cat as catb FROM datatb d JOIN catval a ON d.grpa = a.val JOIN catval b ON d.grpb = b.val "; $result = $db->query($sql); //categories $cat = [

You could roll your own. function twoColorCircle($a, $b, $sz) { $out = "<svg width='$sz' height='$sz' viewBox='0 0 1000 1000'> <linearGradient id='grad2' x1='0' y1='0' x2='1' y2='0'> <stop offset='0%' style='stop-color:$a'/> <stop offset='50%' style='stop-color:$a'/> <stop offset='50%' style='stop-color:$b'/> <stop offset='100%' style='stop-color:$b'/> </linearGradient> "; $c = 500; $r = 499; $out .= "<circle cx='$c' cy='$c' r='$r' fill='url(#grad

<a href="\"index.php?id=".<?php echo $data['id']; ?>."\">"

Before you can use $_SESSION you must call "session_start()". Put it at the start of the code.

What i wanted to say, i couldnt find a link like the one Barand have. will look again and as fast i find a link like the one Barand has i will donate you the same amount. EDT: I found a link. I have now donated you both 100 NOK

What you've done is create an array of strings. The Book objects that represent 'Moby Dick' and 'Wuthering Heights' are $first_book and $second_book. So this is what you're looking for: $book = array($first_book, $second_book);

XAMPP is fine, sure. The point is that you're complaining about the hassle of having to upload files to some server somewhere every time you want to make a change. Well, you know what the easiest way to see changes is? If you don't have to move the files anywhere. Don't bring the files to the server. Bring the server to the files.

The example might have been using a constant. Those are pre-defined values like define('USERNAME', 'noreply@example.com'); // or const USERNAME = 'noreply@example.com'; In the first one, the constant is created with a function, and the name of the constant needs to be a string because it's passed as a value to the define() function. The second one shows a special syntax for creating constants, where the name of the constant doesn't have to be a string because that's how the syntax works: name of constant = value of constant. Note that for both of those syntaxes, the email value i

Using an "age_group" table as suggested and a test table with 999 random records ... +--------------+------------+--------+--------+ +--------+---------------+------+-----+---------+----------------+ | age_group_id | group_name | lo_age | hi_age | | Field | Type | Null | Key | Default | Extra | +--------------+------------+--------+--------+ +--------+---------------+------+-----+---------+----------------+ | 1 | Under 18 | 0 | 17 | | id | int(11) | NO | PRI | NULL | auto_increment | | 2 | 18 - 29

All the mysql_* functions were removed in 7.0. You'll need to rewrite the script entirely using either mysqli_* or PDO (recommended) in order for this to work.

Get a pencil and read through the code line by line as if it were being executed. For each iteration, note the values of i and d and the values that would be output. You should get this (try it yourself before peeping)

method is misspelt in the form tag, so this is actually a get method form and none of the $_POST data exists.

If you have PHPAdmin with admin rights then you need to check GRANTs for user 'apache'. That is likely the crux of your problem.

Surprisingly, that tutorial got it pretty right. It could use a hand full of small improvements but overall they got it right.

Simples! Do your php processing before the html section. <?php ?> <html> </html>

If $cat_id contains "" then the query will fail with a syntax error. But we don't know what's in it, nor do we know what's in your table - and we certainly have no idea what "don't work" means unless you tell us. Check if your query gave an error message.

No you don't. You have a function perfectly capable of giving you the current session ID. Why do you think you have to take that value, which is going to be the same value every time you call the function so long as the session is active, and put it into $_SESSION for you to get it? If you want the session ID then call the function. Stop overthinking this. No. You see two session files. Containing session data. For two different sessions. How did you run those queries? That's a rhetorical question. You aren't supposed to tell me the answer. You're suppos

Your breadcrumb is based on browsing history. Are you sure that's what you want? Because I really doubt it is. And if it is then you should really reconsider because that's not how they're supposed to work. Unlike the kind you hear about in stories, page breadcrumbs are not history but about location. For example, look at the breadcrumbs for this page (just above the page header): this page is located in PHP Coding Help, which is a subforum of PHP Coding, which is one of the main categories for the whole site.

Ah, there's no feeling in the world quite the same as receiving a reply that says "thank you for the advice on what I should be doing right but I really don't give a damn".

You're still trying to paddle upstream without a paddle. My suggestion would to be look at a CURRENT tutorial on adding, updating, and deleting data to a database table. I would also suggest PDO instead of mysqli as I feel it's more robust, but that is a personal preference. I like this PDO tutorial as they do a nice job explaining how PDO works : https://phpdelusions.net/pdo

This XPath expression will find a product if it is is stock and return no items if it's not. $items = $xml->xpath( "/ STOREITEMS / PRODUCT [ @ITEM = '$product_queried' and STOCK / text() = 'In Stock' ] " ); Regards, Phill W.

try $product_queried = '09shjk1'; $xml=simplexml_load_string($xmlstr) or die("Error: Cannot make object"); $items = $xml->xpath("//PRODUCT[@ITEM='$product_queried']"); if ($items) echo $items[0]['ITEM'] . ' - ' . $items[0]->STOCK . '<br>'; else echo "Not found";

Especially when learning PHP (like I currently am), it is really really important to have the latest PHP and latest mySQL. I literally spent months on cleaning up my PHP 5 code only to realize that PHP 7.4 is available, and those months could have been spent learning how to code properly. So definitely upgrade your PHP and mySQL to the max. Email your shared hosting company if necessary... ask them to move you to a newer server, etc. THEN all you have to do is stick the Error Reporting code on top, and it (along with a few google searches) will actually teach you how to fix everything in your

What fields do you think should go in which tables, and what fields are you not sure about?

Not enough information. Where and how was the session variable set? Is there a session_start call at the beginning of this script? There may be other issues, unrelated, with your query as well. You are not using prepared statements which may be OK as long as ':id' is not coming from a web page. Also it is bad practice to use * in a query. Specify only those columns you intend to actually use.

Yeah, must be tough. I was only in my 50s when I started learning PHP.

This is an environmental issue between your local server and your Production one, i.e. something is set up differently between the two. That require() statement is telling PHP to go and read the contents of some file and to fail if it cannot find that file. The file is specified in the variable, $view. To what value is this variable set to on your local server? Where does the PHP code set that value? Regards, Phill W.

Is the div in the DOM on page load or is it added dynamically later? You may have to use .on() to bind the event to the element.