Jump to content
#StayAtHome ×


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by requinix

  1. 1. You're still putting a variable into the query. The user_name from the session. Make that be a parameter too. 2a. Your query is searching for a ticket_id that matches your $filename. 2b. You aren't checking if the query perhaps didn't return any results. 2c. Your query is returning the ticket_id, file_name, and user_name. In that order. You are only binding the one $filename, and in the first position. Which would be the ticket_id. Please, try spending more time learning about this. If you can't see the page I linked you then find another site on the internet that talks about how to do prepared statements with mysqli.
  2. Look at the example code from that page I linked you to. Do you see the question marks in the queries? Notice how it does not put variables into the queries directly? That's what you need to do: use a question mark in every place that you want a piece of data, then use bind_param() to fill in the values. In the first bit of code you're using fetch_assoc() to get rows of data. So the values you need will be in $row. PHP isn't creating variables for you because you didn't tell it to do that. In the second bit of code you're using bind_result() which will create variables.
  3. Almost. Are you using php-fpm or mod_php?
  4. Do I have any idea how to "sending sms with whatsapp via PHP"? Yes.
  5. Not sure. Look in /var or /var/run for something appropriate. Based on the "connection refused" error message from earlier, you don't have one. I'm not sure what the "service" is. I would guess it's the name of the system service, but I'm not sure why pgAdmin would care about that. Anyway, don't worry about it for now.
  6. No problem. The thing I linked has a few examples on how to set up a prepared statement, pass values into it, run the statement, and get the results back.
  7. user_name? Not sure where you're going with that, but my point is that by putting a $_GET value directly into your query, anyone can change the query to do whatever they want. Even to make it do Bad Things. What you need are prepared statements: you build a query with the structure that you want, using placeholders for where data needs to go, then you tell MySQL what data goes in those placeholders. Prepared statements actually have a few other benefits, but they don't apply much to this particular situation.
  8. Unfortunately for you, that's not the end of your problems. Question for you: what query would run if I were to visit your page, go into my browser's address bar, and change the ticket_id to be anything I wanted? For example, what if I changed it to 123+OR+ticket_id+=+456
  9. When you're using prepared statements you pass the query string to prepare(). You don't use query() at all.
  10. Ah, I was reading pgAdmin 3 documentation. For the hostname, put the path to the socket file. Not all *nix systems are running an authentication system on port 113. You don't need to use it unless you have something special running there that provides some specific form of authentication - which I'm sure you don't.
  11. Again: don't use as the host. Remove the configuration entirely so it uses a socket. You know, like how MySQL connections often work.
  12. It's not. You're effectively dropping all authentication.
  13. Take a look at the authentication configuration for PostgreSQL. "local" connections are peer (system username), while the "host" connections from the local machine are ident (username and password). If you have a password set up for the michael user/role then this should work. But you shouldn't need one: remove the host from the pgAdmin configuration to connect by socket, keep the database and user (but you may want to switch back to postgres/postgres for those), drop the password, and I think drop either the username or role.
  14. Don't comment it. Leave it be. Do you know what it is? Do you know what it means?
  15. Look at line 3 of phpMQTT.php.
  16. Uppercase or lowercase does not matter. Read the rest of the page. It tells you how to use a WHERE clause. Correctly.
  17. WHERE And please ask your database questions in the appropriate database forum.
  18. I think you missed the point. It doesn't matter what timezone the user is in because you're recording and comparing dates on the server. A duration of one year is a duration of one year for everyone. Please localize it. Don't record the end time at all. It starts at a particular moment, it goes up until the date that's one year later, and you check for validity using a <= so that the end date is also considered valid. It will give the user slightly more than one year, and depending on timezones that extra may or may not be noticeable to the user, but who cares.
  19. One table. You create the order in a pending state when they complete the first page. You can update that order with information from the second page, with user information if/when you get it, with whatever. When all the requirements are met you can switch the order to complete or ready or whatever.
  20. If that happens then, with my description, the order will be marked as pending and only have some fields filled in. Or maybe it has everything filled in but it's still pending, not sure. Either way, you can query the table to find these people. Also not sure about this user vs. visitor distinction, but I believe the answer is still what I said: the order is pending, has some information filled in, does not have the "user ID" part of it provided, and you can query for that.
  21. One table for orders. They can be marked as pending/not complete. That's okay. They can have incomplete information - while still pending. That's okay.
  22. You need to address this. Everything should be HTTPS nowadays and there is no good reason why anything should not be. Especially when it comes to content like advertising - that needs to be served in a secure way. I cannot believe there is no way to get those ads working over HTTPS. Check their documentation, complain to support, whatever.
  23. - A role is a user. - Easy mode: a database is a database, ignore schemas and just use "public". - Don't worry about clusters. - Ownership is... ownership. I mean, it's the same thing that it means in English. Owning. - Apache and php-fpm can run as different users, if you want. - No, roles don't need to have database with their name. It's just easy that way. - You can't create a database and give ownership to somebody your role isn't associated with. Use the postgres user to create the michael database, owner michael. Then reconnect as michael and do whatever you want.
  24. Remember what I said about using a form? Use a form.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.