Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by requinix

  1. You know how if you put numbers in a query string, like ?value=123, and you try to get it in $_GET, the value is a string? Same thing. But what you're doing to total these numbers is... silly. Why are you putting these things into an array? Using Array.reduce? All you need is simple addition. You way overthought it.
  2. First thing to do is read the documentation to understand what you will be working with: PDO's prepared statements If you're still not sure how to use them, there are plenty of resources on the internet about it.
  3. You cannot take down the post, and even though I could it's already too late to stop people from seeing it. Whether you're vulnerable or not depends on how checkInput() works. But that aside, you should do what gw1500se suggested: change your code to use PDO or mysqli, which both support prepared statements that will get rid of the SQL injection problems.
  4. I already did. I specifically said it shouldn't go there.
  5. What you're describing makes me nervous, but yes: you probably should put that block (which doesn't need the Directory) inside your website configuration's VirtualHost.
  6. That's why you would need that table subquery: to break your set of desired departments into single values. Then you can FIND_IN_SET each of those values inside the dept_code list.
  7. SELECT... FROM... JOIN ( SELECT 1 UNION SELECT 2 UNION SELECT 3 ) AS not_an_actual_table There's a term for that subquery but I don't remember what it is.
  8. And I agree that conf-available is not the right place for your RewriteRules. But you shouldn't be creating a new file in sites-available either and for basically the same reason: if you look through sites-available you'll find websites, and your RewriteRules are not websites. But they are used for a website, so put them in your site's configuration. As in inside the VirtualHost block. Alternatively, you could put the rules in a separate file somewhere (like within your application) and include it from inside the site configuration.
  9. If you were using mysql_* functions before then you need to use mysqli_* functions now. They are very similar. Check the documentation because it is not just a matter of adding 'i's to the function names. Otherwise the easiest way to find out what you need to change is to test the site locally on PHP 7 and see what happens. PHP 5.6 to 7.4 isn't a huge set of changes, but there are a number of differences that aren't necessarily easy to spot. Also check the migration guides. Each guide between 5.6 and 7.4.
  10. Take a look at the things in conf-available and see if your custom directives seem to fit in with what's there.
  11. Honestly I don't quite follow exactly what's going on, but if all you need to do is cut off the hours at 20 then I'd think you should simply check the updated $sum and do a bit of math if it's above $horas.
  12. I suspect there's a cleaner way, but the only thing I can think of now is to turn those department IDs into a fake JOINed table (using a SELECT 1 UNION SELECT 2 UNION... chain, or VALUES), then use FIND_IN_SET.
  13. Don't put multiple pieces of data (multiple departments) into one field (dept_code). The correct way to deal with that sort of situation is to create a new table where each row contains (1) the user and (2) one of their departments. Most people will have only one row in the table but some will have more.
  14. Think about how the code is working. "If the sum is less than the hour limit, add more to the sum." That will keep adding and adding until you go over the limit. You have to stop before you go over the limit.
  15. Alright, that's confirmation enough for me. You are not using UTF-8 right now. You need to be. There are a lot of places you will need to check to see what they're doing. It will take more than 5 minutes for you to fix this problem so don't rush it. This looks like a good resource. A lot of it applies to you. Some of it does not.
  16. What is the JSON and what is the error? And are you using correct character encodings? UTF-8 for the database connection and tables and columns and strings and webpages and PHP settings and I could keep going?
  17. You get an undefined variable warning because the variable was not defined. Since you haven't posted the code for it, my guess is that you might have misspelled its name somewhere.
  18. Given that you wrote the minifier yourself, it's going to be very hard for us to recommend anything given we have absolutely no idea what the minifier is or how it works. I mean, I can't even tell if it's written in PHP... And on that note, why did you write it yourself? There are plenty of existing minifiers out there that don't have bugs like stripping significant whitespace.
  19. You are safe against SQL injection. Now the problem you have to solve is that you're storing plain passwords in your database. That's super bad. Fix it.
  20. You do know that ".class1.class2" and ".class1 .class2" mean two different things, right? Is the minifier buggy and incorrectly removing the space? Or is the source it's processing incorrect? How about more of a description about what's going on, why you have this problem in the first place, and exactly what you need when you say "find strings that match a pattern of"?
  21. What the heck is that? No. No no no. There's absolutely no reason to be doing that.
  22. Right: let PHP "cast", as in convert as it wants to. The loose typing system. There's no reason why a literal should be of the wrong type. If you need a float then write 123.4, and if you need a string that contains a float (why?) then write '123.4'. Well, actually, with floats there are potential issues with floating-point accuracy, so there could be technical reasons for having to express a float value as a string. I don't think there are accuracy problems with literals though, but worst case an inline round() would fix that. Besides in strict_types situations, the only time I would ever really use casts (or the function equivalents) is if I wanted to sanitize what was probably already a safe value. Like, if I had a paginate function for a SQL query, I would int-cast a hypothetical $offset argument before inserting it into the query.
  23. Actually PDO as a whole doesn't support floats. If you must have literal floats then yes, you have to cast them. Or instead of fighting the language you can let PHP cast them as needed.
  24. "£{$pom}" ?? "Even"; "£{$pom}" is a string. It will never, ever be null. It may be a shock to you, but the ?? operator is not the right hammer for this screw.
  25. That is not valid PHP syntax. Besides, the base-64 stuff is for file_put_contents. According to the documentation, file_put_contents returns "the number of bytes that were written to the file". That does not help you. Close, except you're not using valid PHP syntax here either. Programming is not a matter of throwing stuff into your IDE until it works. You have to actually understand what things mean and how to use them. Copying and pasting stuff might eventually get you the right answer but it's going to be a pain in the butt until you get there.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.