Jump to content

requinix

Administrators
  • Posts

    15,227
  • Joined

  • Last visited

  • Days Won

    427

Everything posted by requinix

  1. Actually it's not technically SQL injection: OP would have to wrap the list in quotes for it to work with his only-using-one-column approach, and since the string's contents have been mres()ed then he's safe. What could cause problems is expecting the output to be strictly numeric so the risk of injection is really XSS (not to mention bugs with the code expecting numbers and getting something else). But yeah, I pointed it out to Dan back when the code came up I just didn't want to bother posting about it.
  2. FYI the next step down from money_format() is number_format().
  3. printf() or money_format(), such as printf('<td>£%.2f</td>', getPriceVAT($getFig["product_price"]));
  4. Instead of giving a link directly to the file, make the link point to a PHP script. This script makes sure the user is logged in first, then logs the download and outputs the file (which you passed to it via the URL).
  5. Is ref.php a PHP script or a directory?
  6. Use an absolute path. Easiest way would be with the DOCUMENT_ROOT. <?php include($_SERVER["DOCUMENT_ROOT"] . "/bodyCopy/copy-content.php"); ?>
  7. Looks fine to me, though the backslash isn't necessary when the period is in a character set (loses its metacharacter meaning). What message text is failing?
  8. It's not worth the time to implement a "pure" MVC solution. It's a lot of work for very little gain. First you need to understand something. Design patterns like MVC are not prescriptions for code. They are recommendations, suggestions, and all-around advice. The lesson that MVC tries to teach is to keep the database code (model) separate from the controller (most of the application logic) separate from the view (where you render the page). So, - The controller is what takes data from the model and gives it to the view, and what takes information from the view and transfers it to the model. And all the logic that may entail. - So yes, you need it. - The model is the data source. It has the entities in the system. It does a variety of things with data. It doesn't necessarily have to use a database, but if that's what you need then that's what it does. - You're using PHP so I say stick to normal PHP practices. Unless you want to turn the various forms into entities themselves (and the view simply renders it) then let the view specify the inputs and the controller grab the values from $_POST. That's perfectly fine. - You have 40-50 inputs. There's going to be a lot of code, and a lot of that is going to be quite repetitive. You can stick things in arrays or tables or whatever other data structures you want, there's still going to be some kind of repetition somewhere.
  9. No. No no no. If you want multiple values then use multiple rows in the table. bad_table id | field ---+------ 1 | a,b,c good_table id | field ---+------ 1 | a 2 | b 3 | c
  10. "table" is a reserved word. Rename your table to something that's actually, you know, useful?
  11. Are both outputs valid JSON? Yeah, certainly.
  12. By the way folks, it's spl_autoload_register() that registers the callback functions.
  13. That looks nothing like the XML from the script you posted.
  14. [0] is the entire string matched, [1] is the first capture group. You know, what you get when you surround something in parentheses...
  15. And what's the output of this script?
  16. Sure did: MSDN is pretty great, actually. There's also Wikipedia and the RFC if you'd rather read those. Also, I retract my statement about not relying on it. Seems browser support has increased to nearly everyone.
  17. Alternate syntax, it's valid albeit practically never used.
  18. Some browsers support the data protocol. But I wouldn't rely on it.
  19. $.get
  20. Since you're taking the route of making the merchant do the work, how about having them send a bill (invoice) to the customer?
  21. There's an alternative to cronjobs that can often work: calculating the expected values when they're needed. If X=10 as of an hour ago, and it increases at one per minute, now X=10+1*60=70. In fact the only time you have to update the stored value is when it changes due to some external factor.
  22. Good point: if this class is meant to solve the problem of autoloading classes, PHP already supports that out-of-the-box (but please use the SPL function, not __autoload()).
  23. Before I try to critique the design, what need does this fulfill or what problem does this solve that normal code $class = new base(); $class->hey(); does not?
  24. Take a look at Jessica's answer in your other thread, try to understand what it does and how it works, then apply your newfound knowledge to this var_dump output. It's exactly the same problem, just with different data this time.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.