Jump to content

dalecosp

Members
  • Content Count

    471
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by dalecosp

  1. Potentially TOO simple. I want to make sure that a user is coming from inside our site, for the most part, when doing a search. Even the good bots will abuse a page if they can construct anything they want via GET. The bad ones will bring your server to its knees if they can.
  2. Yes! That is the essence of my answer above. Redirect-after-POST: User posts search form, handler determines if query is valid. If so, search term (and optionally, some clue as to the result) is saved in the DB and the ID of the saved datum is fed back to the script. Header() is used to send the client to a search page with this ID attached, page reads the search ID and grabs the terms and returned items and displays them. It could probably be implemented in the SESSION, but then it's not as "shareable". With a saved searchID, if you desire, you can re-use the URL to grab the same set of search results for any arbitrary period of time, and the concept of URI permanence is preserved.
  3. Search should be performed using "redirect-after-POST", aka PRG (Post-Redirect-Get). As such, there should be a parameter in the URL of the search results page, such as a distinct searchid, which can be used by the search script to recall terms and possibly even the result set.
  4. After some investigation, I'd suggest using is_dir() and is_link() in your testing instead of comparing a value against filetype().
  5. Is this "working" for just one directory? (IOW, are we chasing the correct problem?)
  6. Haha, I do. jhertilus, you can leave off "AND admin_id='$admin_id'" and it should have the effect you want. Alternatively, if you feel you MUST have something there, you could try "AND admin_id IS NOT NULL", or, if all admins have a non-zero ID, "AND admin_id > 0", you could test for length ("AND length(admin_id) > 0") ... but really, requinix is totally correct. Follow the KISS principle.
  7. Shouldn't be too difficult, either with scandir() or glob() and array_merge(). Keeping track of which dir was which would seem to be the hardest thing in that train of thought. The alternative might be to make your list of dirs an array, looping through it with foreach(). Some people think nested loops are stinky, but I don't see why it wouldn't be apropos here.
  8. I'm not sure what you mean, "this is also different?" mail() is a native PHP function, and send_mail() is simply a wrapper around the mail() call that tests it for success and sends __SUCCESS_MESSAGE__ or __ERROR_MESSAGE__ out as JSON. You should be able to tell which it's responding with. If you're using mail() instead of send_mail(), you should just assign a variable to it and check the value of this variable. $success = mail($to, $subject, $message, $headers); if (!$success) echo "Mail did not send!!"; Keep in mind that for multiple headers, you must end each with "\r\n". mac_gyver is very correct to speak to you about DELIVERABILITY, which is totally different than the success or failure of a call to mail(). It seems to me that you need your sysadmin to take a look at the server's mail-logs.
  9. And a 3rd approach: implement a counter and check its modulus against the desired number of columns ... Older-school, hackish, should work though.
  10. First issue is here: $sql = new stdClass(); $sql should be a PDO object, not a StandardClass object.
  11. A smart manager would use a sandbox. Perhaps he has one.
  12. Great answer! Of course, if it's run by cron, it might actually start with: #!/usr/bin/env php And then have your line of code next.
  13. Try using a positive call to strlen() instead of a negative call to empty()? Also, for debugging, have it print the name it thinks it got; you should learn something.
  14. If you're doing 10 hours 7 days ... you don't *need* to be doing a F/OSS project --- is that your choice or some company taskmaster's? (I'd forward you some vaca time ... seems like I'm never gonna get to use mine --- lots to do here too )
  15. Thanks. A login is required for Examples? I can do that, but I wasn't sure that it wasn't just a mistake. Also, one thought, based on reading your "Functions" list. One of the things that causes annoyance in PHP is varying styles of function names. Your functions list also has some different types of names: Snake case: clean_number, decimal_to_fraction, etc. Camel case: AddressToPoints, Hex2RGB Mixed Camel: getDistanceBetweenPoints, getAddressFromPoints, etc. I would suggest that you might have a better chance of being "programmer-friendly" if you standardized names and didn't give us another lingo that we had to keep bookmarked just so we could look up the function names and signatures ...
  16. Welcome Jessica. PM me a link. Also, as you're from Cincy, do you know ElizabethN?
  17. See Mac_Gyver's first sentence (and really, the whole post) above. He called it precisely.
  18. Bad: if ($qry = 0) {Good: if (!$qry || !$qry->num_rows) {Bad: if ($qry < 5) {Good: if ($qry->num_rows < 5) {
  19. Welcome fellow PHPhreak!
  20. You might also try using a browser that doesn't re-interpret system error messages quite so blatantly.
  21. Welcome. Here are several things I've noticed in reading the code, not in any particular order and certainly not in order of importance. 1. The ending "?>" is extraneous. Also, in PHP, functions don't end with semicolons (although this may not break the parser). 2. It counts the number of sent emails ($num_emails), but never uses this variable; in fact, it doesn't report success at all. 3. Conversely, it doesn't count the number of failed email attempts or say anything if the mail is NOT sent. 4. If the message is being copied, the 1st copy (to $destinaire), will not have correctly formed html because the table ending code is outside the foreach loop. 5. More importantly, the message will not be sent to both $destinaire and $email because the send routine (call to mail()) is also outside the loop. 6. Error checking is almost nil. The script doesn't check to see if $email has value; it does check if it's valid but if not it doesn't set any error condition and blindly continues on its way. Ditto $sujet and $message, so someone could send an empty subject and empty message. Furthermore, as Sepodati points out, it's likely vulnerable to a header injection attack, which will turn your web form into a way for spammers to send junk email to whomever they wish. I hope you'll get it fixed before it goes public.
  22. They're looking for assurance they can trust you. Depending on how big/strict they are, it could be fairly small, like a few pages that say things like you've said above, or it could be a lot bigger. As an example of "bigger", you might take a look at the Incident Response Plan docs produced by the American Institute of Certified Public Accountants (aicpa.org). One reason to do so is that they think like accountants, and accountants are usually the people that pay the bill$ you'll be sending them ... It includes discussion of an Incident Response Plan, the Incident Response Team and its members, their roles & responsibilities, notification policies, incident types, and some steps to mitigate incident effects. https://duckduckgo.com/?q=security+incident+response+site%3Aaicpa.org&atb=v58-3_a&ia=web
  23. I've had good luck with Discounttire.com, but I don't know if my experience was "average" or "exceptional", and it was a few years ago. As far as "what tires are the best", you might do well to check out Consumer Reports. IIRC, General Altimax, Pirelli P4 Four Seasons+, and Michelin Defenders are top-ranked for most vehicles these days. I've got some sporty Kumho's on my little red pocket rocket, and they've done well, too.
  24. The good news: most all business need a web presence these days. The OK news: some of them will pay for it. The bad news: lots of people have jobs in IT already, or are getting degrees. And some "superstar" development shops get a lot of work and their personnel loop is fairly closed. Still, there's going to be programmer demand for quite a while, at least until we figure out how to get machines to program themselves.... If you don't want to do university, you might consider a certificate program, (Zend certification, MS Ceritifcation, Oracle, Puppet Labs, A+, etc.), if such exists in your locale. Also you might look for paid or unpaid internships with IT departments or companies ... it seems that everyone loves to make people work for peanuts.
  25. dalecosp

    New here

    Welcome to PHPFreaks!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.