Jump to content

dalecosp

Members
  • Content Count

    471
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by dalecosp

  1. You need "grep" or some equivalent (e.g. a text search in an IDE or editor). Enter the web root directory (or download the entire site) and search for the filenames as Jacques suggests.
  2. EDIT: the whole thing is maybe a tad convoluted. You could type coerce: if ($name && $email && $phone_number && $contact_method && $phone_consent && $best_time && $referrer && $message) { $error_msg = ''; } else { handle_error_with_a_function_or_exception(); }You could check for empty using OR: if (empty($name) || empty($email) || empty($phone_number) || empty($contact_method)) { bad(); } else { good(); }Also, end-users of the world would love it if you do them a favor and verify the form on the client-side prior to submission.
  3. dalecosp

    Newbie

    Welcome to PHPFreaks!
  4. Did you remove the "?" from your pattern in your second post? At any rate, he's right, it works with $pattern in a single line as he typed it. I think this might be what got you:
  5. For the reader: first line is "There is a line i next to the pictures where the format of the last picture differs".
  6. Indeed, welcome, fellow freak!
  7. With further thought, try commenting the 2nd line out? It appears (I'm not an HTACCESS expert) to me that your 3rd rule is applying to all cases because the 2nd one if being assigned to the RewriteCond class....
  8. You've verified that the UA string being sent is indeed correct?
  9. An extendable Loan class seems a fine idea. Also a Form_Validator class ... but, of course, you should also do verification in JavaScript to ease server processing load and for convenience in the UX. As a matter of fact, it sounds as if the entire thing could be an AJAX-based single-page application, to some extent. In which case you'd need PHP mostly for a back-end API ... ?
  10. "given competition" ? I only see "Season ID" ... so you could probably aggregate appearances and goals for a given season, but if by "competition" you mean "particular game/contest" ... I don't see that happening with this data.
  11. Is mail() returning true? I assume you're receiving nothing at a relatively open test address? What about the server ... can you access the mail logs? Do you have SPF, DKIM set up properly? There literally tons of potential issues with email, which is why it's often recommended to use a 3rd party solution (a la Swiftmailer, PHPMailer) for such things.
  12. There's a note in a very old bug ticket at PHP net ... "I reset the field to MEDIUMBLOB and this went away", basically: https://bugs.php.net/bug.php?id=10420 Might be worth a shot?
  13. fwrite() expects a valid file handle ('resource') ... If possible, I'd recommend file_put_contents() instead ... it avoids most of the complexity of the lower-level file writing operations.
  14. Have you tried commenting out each of the "RedirectMatch 403" lines in turn, and trying the request again? Perhaps one of those lines is blocking FB's auth server ...
  15. Could you make a 2nd payment authorization for the amount of the difference between the initial bid and the final price at the time the auction closes? (Forgive me if it's stupid ... coder, musician, farmer not much of a business guy ...)
  16. Welcome back. Webhost for personal site down today?
  17. If I can offer some unsolicited advice first: 1. While PHP can parse conditionals in both the "Shell Script Style" and the "Curly Brace" style, mixing them is "Not Good Style". 2. A better way to concatenate strings: // instead of this $foo = "Text"; $foo .= " and more text"; $foo .= " and still more text"; // try this $foo = "Text" . " and more text" . " and still more text"; As for the main question, I wonder if the sections for displaying an error and displaying a warning could be placed in custom functions, say, "show_error()" and "show_warning($warning_data)". You could then loop through the XML, placing the data in arrays and sorting them by "warning type" prior to output. That might even allow you to separate the logic of the program from the display of the information more fully, a concept that falls under the grand title "Separation of Concerns", and is fairly common practice among well-engineered software projects. By the same token, anyone who says they've never had logic and output mixed in the same area before is either lying, has a bad memory, or was privileged to be both a freakin' genius and working on a large team of similarly-brained individuals. Not that this idea/design might not scale if you're doing a large geographical area or a large time window, but for one local region and current or fairly recent data, that shouldn't be a big problem. Hope that this helps you a little.
  18. SQL injection is when an attacker accesses the database in a way you don't intend; it can be from a form, from the URL/GET, from any number of holes in security (as an example, a well-known RDBMS runs on port 3306 and must be secured by various means against outside attacks, etc.) Please read up on it, as I'm not an expert on security. And these vulnerabilities are hard to predict. Hence the voices calling for you to use PDO. So, by all means, if PDO is available on your server, and your project/project leader will give you time to learn it, check it out. I find in the real world that PDO isn't always installed, however. In addition, I've seen attacks that attempt to inject information into a document itself. I'm going to continue sanitizing inputs whether I use PDO or not. Well, I wouldn't doubt it. I've not read much of his stuff, but I don't think one gets a GURU tag here without showing some mental muscle. And to some extent I understand the desire, even the demand, to shout out loud when we encounter bad code; we're trying to absolve ourselves of any responsibility for the state of the PHP language's popular image in the minds of many IT personnel. By the same token, I'm not sure that we help ourselves if the community can't try and explain this a tad more humanely at times.
  19. I didn't mention filter_var() ... I mentioned filter_input(). Granted, they are related and do the same sort of thing. To suggest they're less than useful, however, either implies that you have a depth of security knowledge that's way beyond most (including perhaps the engineers who wrote the Filter extension), or that you've not used it much, or deeply(?)
  20. Please don't aim your paintbrush this direction! I provided an example algorithm; I didn't write his code for him. He didn't say at the time what he was building; a locking system would be a Good Idea if high concurrency is expected. An in-house system, on the other hand ... it would be very unlikely you'd have two "Bob Jones" registering at the same time unless your company's the size of IBM or Google, and even then ... Security? My example used MySQLi code and a hard-coded variable; no particular dangers from that. Of course for a public web application you would sanitize inputs. Dear Gimple, please read about SQL injection attacks and read the PHP Manual's page on filter_input(), for starters. To you Gurus, is it really necessary to make every question/answer thread here a complete treatise on software engineering? I can do better, but it seems like a ton of wasted breath/overkill in many situations.
  21. My first advice would be skip AJAX for now and get the form and form handler working with a "good, old fashioned" page load. Once you are sure that POSTing to your form will update the DB as you require, then convert the form to use AJAX. (And, actually, what I usually do in these cases is write a simple but *separate* form to POST to the handler, and then discard it once I'm sure my handler's good). As for what is wrong otherwise, I don't know, but the first thing I'd check is what $_POST contains when the form is submitted.
  22. Hmm. It certainly should be thought about. A public system that uses real names as usernames isn't too common. Although anonymity on the Web is less common than it used to be.... There's a wealth of law and standard industry practices. Of course, Gimple doesn't say exactly what (s)he's building, either ... Let's assume all those questions are solved ... how DO we check if a name exists? Without knowing details of your DB name, DB table names, etc. can't say exactly. But food for thought would be something similar to: // assuming MySQLi, "user_table" is the user table, username is the name field and the primary key is "id" function isUsername($name) { $s = "select id from user_table where username = '$name';"; $r = $db->query($s); if ($r && $r->num_rows > 0) return true; return false; } $proposed_name = "Bob_Jones"; // this comes from your form, actually $c = 0; // counter while (isUsername($proposed_name)) { $c++; $proposed_name .= $c; } // et voilĂ ! $username = $proposed_name;
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.