requinix

Do I have any idea how to "sending sms with whatsapp via PHP"? Yes.

It's why we're here.

Not sure. Look in /var or /var/run for something appropriate. Based on the "connection refused" error message from earlier, you don't have one. I'm not sure what the "service" is. I would guess it's the name of the system service, but I'm not sure why pgAdmin would care about that. Anyway, don't worry about it for now.

No problem. The thing I linked has a few examples on how to set up a prepared statement, pass values into it, run the statement, and get the results back.

user_name? Not sure where you're going with that, but my point is that by putting a $_GET value directly into your query, anyone can change the query to do whatever they want. Even to make it do Bad Things. What you need are prepared statements: you build a query with the structure that you want, using placeholders for where data needs to go, then you tell MySQL what data goes in those placeholders. Prepared statements actually have a few other benefits, but they don't apply much to this particular situation.

Unfortunately for you, that's not the end of your problems. Question for you: what query would run if I were to visit your page, go into my browser's address bar, and change the ticket_id to be anything I wanted? For example, what if I changed it to 123+OR+ticket_id+=+456

When you're using prepared statements you pass the query string to prepare(). You don't use query() at all.

Ah, I was reading pgAdmin 3 documentation. For the hostname, put the path to the socket file. Not all *nix systems are running an authentication system on port 113. You don't need to use it unless you have something special running there that provides some specific form of authentication - which I'm sure you don't.

Again: don't use 127.0.0.1 as the host. Remove the configuration entirely so it uses a socket. You know, like how MySQL connections often work.

It's not. You're effectively dropping all authentication.

Take a look at the authentication configuration for PostgreSQL. "local" connections are peer (system username), while the "host" connections from the local machine are ident (username and password). If you have a password set up for the michael user/role then this should work. But you shouldn't need one: remove the host from the pgAdmin configuration to connect by socket, keep the database and user (but you may want to switch back to postgres/postgres for those), drop the password, and I think drop either the username or role.

Don't comment it. Leave it be. Do you know what it is? Do you know what it means?

Look at line 3 of phpMQTT.php.

Uppercase or lowercase does not matter. Read the rest of the page. It tells you how to use a WHERE clause. Correctly.

WHERE And please ask your database questions in the appropriate database forum.

I think you missed the point. It doesn't matter what timezone the user is in because you're recording and comparing dates on the server. A duration of one year is a duration of one year for everyone. Please localize it. Don't record the end time at all. It starts at a particular moment, it goes up until the date that's one year later, and you check for validity using a <= so that the end date is also considered valid. It will give the user slightly more than one year, and depending on timezones that extra may or may not be noticeable to the user, but who cares.

One table. You create the order in a pending state when they complete the first page. You can update that order with information from the second page, with user information if/when you get it, with whatever. When all the requirements are met you can switch the order to complete or ready or whatever.

If that happens then, with my description, the order will be marked as pending and only have some fields filled in. Or maybe it has everything filled in but it's still pending, not sure. Either way, you can query the table to find these people. Also not sure about this user vs. visitor distinction, but I believe the answer is still what I said: the order is pending, has some information filled in, does not have the "user ID" part of it provided, and you can query for that.

One table for orders. They can be marked as pending/not complete. That's okay. They can have incomplete information - while still pending. That's okay.

You need to address this. Everything should be HTTPS nowadays and there is no good reason why anything should not be. Especially when it comes to content like advertising - that needs to be served in a secure way. I cannot believe there is no way to get those ads working over HTTPS. Check their documentation, complain to support, whatever.

- A role is a user. - Easy mode: a database is a database, ignore schemas and just use "public". - Don't worry about clusters. - Ownership is... ownership. I mean, it's the same thing that it means in English. Owning. - Apache and php-fpm can run as different users, if you want. - No, roles don't need to have database with their name. It's just easy that way. - You can't create a database and give ownership to somebody your role isn't associated with. Use the postgres user to create the michael database, owner michael. Then reconnect as michael and do whatever you want.

Remember what I said about using a form? Use a form.

I'm not sure I followed that question but I think the right reply is something like "if you enter 3-15-2020 as the date then what is the time?"

Use a form, not a link.

If the database is on the local machine then you should use peer authentication. When something connects locally, PostgreSQL will ask the system for the username on the connecting end. That'll be your php-fpm pool user. It then allows a connection to the database by that name. IIRC, 1. Use a different user than "postgres". Create a new system user and update your php-fpm pool to use that username (which should mean creating a new pool if you have more than one site running). Restart, obviously. 2. With PostgreSQL, set up authentication for that new user. 3. Create a matching database and move all your data into it. Be careful about ownerships. 4. Update your PDO connection: no host so it connects locally, and drop the username (it's automatic) and password (not used).