vbconz

Connect to the internet via a router. Close all incoming ports. this means you will only get data from connections you have made via an outgoing request. Microsoft firewalls are generally set so all ports are closed and then exceptions added. As long as you dont allow exceptions nothing can start a session from outside. Lastly, there is a lot of emphasis by antivirus vendors on inspecting outgoing packets as well as incoming. In my opinion if an outgoing packet is virused you are already in the poo. In short, close incoming ports in your router. Remove all exceptions in the windows firewall and you should be right. Anymore is serious paranoia (IMHO) Go to GRC.com, find their sheilds up servie and check your firewall. It will let you know if there ar eposrts open.

Awesome site here - examples and tutorials -> http://www.w3schools.com/

My $0.02 One of the basic ideas about coding database applications is to make it n-teir (where n is a number). Basically what that means is that you split the application development into distinct sections and code them that way. Normally a db application is coded as a 3-teir application. http://en.wikipedia.org/wiki/Multitier_architecture The three layers of coding are: 1 - Data access 2 - Logic 3 - Display By coding this way you protect yourself from several things: 1 - Data corruption (e.g. if changes to the display change some rules they wont hurt your data as the data and logic teirs wont let them through). 2 - Tie in to one architecture - coding display, logic and data seperately means you can change one of the layers without duisrupting other layers One example would be - I was tasked to work on a Microsfot Access DB project which had turned to custard (for a large govt organisation). When I got there I found they had forms that you entered data into. The forms had code behind each field which triggered workflow processes and also did checking to see busienss logic was adhered to. However, changes to the data and form layout meant they had to change the forms regularly and because the busienss logic was tied in with the form and layout that got messed up as well introducing bugs all the time. One example of the hassles was - field A contained data needed by field B. However field A got moved so it was after field B. On exiting field B logic would be triggered which required input from field A (which the user had not yet entered). Thus a logic error. My first move was to remove all the business / workflow logic from the forms and just let the forms act as a dumb display. Once all the data was entered into the fields, an action was triggered which involked the seprerate logic module and this performed its roles. This business logic then sent the information to the data teir which checked it was suitable and met database constraints before putting it into the system . Coming back to your question: Where possible seperate data, business / logic / workflow and display from each other. In general logic / busieness rules / workflow belong on the server after the data is posted back. this helps protect you from hacking (ie someone cirumventing your logic on the client side) and means you only need to change one file to enforce busienss logic. Where possible put validation / display message / display logic as close to the user (ie on the browser) as possible .This will save you server load by removing round trips to the server to check display and validation, as well and speed up the application by havng error messages etc display instanateneously in the broswer instead of wating for a posted form to receive a response. As for mixing html / php etc. Be pragmatic. The PHP is only going to runon the server side and the html will be needed to help layout forms etc. There are a lot of rules aobut what people SHOULD do but the reality is that Ive never seen a pure implementation of any system in any application. Do what is best for your application For me the golden rules are 1 - NTeir. Protect yourself against change and simplify your job. Think about either data, logic or dispay - noty all three at the same time. Seperating them out also forces pre-planning and focuses you on ther needs of each area forcing better practice. 2 - Security - code against the prats who want to screw you up, code against human kind who will find different ways to break your apps. Keep your data safe. 3 - Pragmatism - How do I get this application working as fast as possible for the user, with the least load on CPU, network, client PC etc. Apply coding rules and processes and then break them to make an application the best it can be. An example - Cods laws of databasse normalisation are aplpied at planning stage until a Db is normalised. Then the Db is de-normalised to make it faster and less complex. Best practice involves application of best standards and ideals and then breaking those rules to meet the real world. 4 - Dont get religious. People who say they wont code in xxx language as it is wrong / not pure / not the best way - often discard the opportunity to use a better tool. No one tools or system is the ebst. Use the best of everything available. The question is not should you mix php and html, the question is when should you and shuoldn't you mix php and html etc. Shane

To get a count add SELECT ID, Name, Manufacturer count(1) as numberOfItemsInThisCategory etc GROUP BY Name, Manufacturer to not show duplictates!

Hi Genesis730. Two things: 1 - There is a solution further down the page 2 - There is a logic error in your code. $explode = explode(":", $arg_list[$i]); $field = $explode[0]; $value = $explode[1]; if($field == "username"){ checkUsername($value); } if($field == "password"){ checkUsername($value); // ******** } if($field == "email"){ checkUsername($value); //******** } } I think the code should look like: if($field == "username"){ checkUsername($value); } if($field == "password"){ checkPassword($value); //***** changed here } if($field == "email"){ checkEmail($value); //***** changed here } } 1 - A solution - Now i am still coming to grips with php but to get around the issue you have with full colons ( : ) either a) Dont use explode - Parse along the argument and as soon as you get to the first : in the string you know you have the field name and the values are everything to the right of the first full colon e.g. $numargs = func_num_args(); $arg_list = func_get_args(); for ($i = 0; $i < $numargs; $i++) { $colonPosition = strpos ( arg_List[i], ':') ; $field = substr( arg_List[i], 0, $colonPosition -1); //functionally a left$ $value = substr( arg_List[i], $colonPosition +1); // functionally a mid$ .... } b) Make your seperator between field and value really out there ie e.g. $password = "password~~!~".$password; ... $explode = explode("~~!~", $arg_list[$i]); c) Change your code so instead of calling three or four functions deep (which is harder to debug and maintain and read etc) call it all in oe line from your php page. At present <?PHP calls checkLogin checkLogin calls errorCheck errorcheck calls checkUserName and checkPassword and checkEmail. but you could change your php page to <?php> .... $username = $_POST['quickUser']; $password = $_POST['quickPass']; $rememberMe = $_POST['rememberMe']; if(checkUserName && CheckPassword && checkEmail )) = true { // Functions.php -> checkLogin function // Login Successful! Set session variables $_SESSION['loggedIn'] = true; At present if you add another parameter to check you need to change / maintain three or four functions. Here you only have to maintain the php and add another checkAAAAAA function as required. If you do use the above then you will nedd to get checkEmail to return true as at present it is just blank

The php server side language only generates the client side page. The client side page (example given above) is what is presented to the browser. If you want a response to your clicks / check box to hide a row you have two options: 1 - Client side code as shown above (or similar) 2 - php server side only If you go for php server side only then each time someone clicked a check box to hide a row you would need to submit the form with the check box clicked back to the php server, get the server to figure out which row was now hidden, the server would have to re-send the page back out to the browser minus the hidden row. That means every click of a check box to hide a row would require a round trip from the browser, to the server and back to the browser with page details amended. It would be a very slow and server intensive way of doing it. The only time you should need to go back to the server and use PHP (IMHO) is if there is data updating to do in the back end or if part of a work flow that interacts with your data needs to be set off. Where possible keep your teir three code (display and layout code) as close to the browser as possible unless it affects security ( and layout almost never affects security) or data integrity. By using browser based code such as javascript, dhtml, css etc you increase speed of response, reduce network traffic and reduce server load. An example would be if you had a simple contact form on your web page to be filled out: Say your contact form contained name, address, email , phone number and message fields. The name and email address fields are mandatory / required but the others are optional. If the client fills in only name and a message but leaves no email address you want to ensure you have an email address so you can return their message. If you have only php / server side code, they fill in the name and message and submit the form. The form travels back to the server, it is processed by the server, the missing email address is discovered, a reposnse page is generated (with a warning about a missing email address) it travels back across the internet and then is displayed as an error to the user. Two slow network trips, server load etc. If you have client side code (e.g. javascript) Client pushed the submit button, javascript checks are all three fields filled in, finds no they aren't, changes the colour of the email field to red, pops a message box saying - hey dumb ass - how about an email address and cancels the submit. No server load , no round trip across the network to the server and an instantaeneous response for the client. The strength of php is its ability to be mixed in with other w3 languages. HTh Shane

http://sourceforge.net/projects/paypal/ Good for examples and also pre-made scripts

AJAX (and also see jquery) This site has everything you need. http://www.w3schools.com/ajax/default.asp

It sounds more like a client side function than a server side function unless you want the form to be submitted back to the server for (php) processing after the user clicks a check box. My suggestion is add in a java script function to do what you want. An untested but 90% complete example In the example html page: the minus.gif is a picture of a minus symbol. <html> <head> <script type="text/javascript"> function unhide(divID) { var item = document.getElementById(divID); if (item) { item.className=(item.className=='visibleLine')?'hiddenLine':'visibleLine'; } } </script> </head> <body> <h1>my purchased goods page</h1> <!-- Start laying oput the lines of purchased goods here --> <div id="item_1" class="visibleLine"> <a href="javascript:unhide('item_1');"> <img style="float:left;margin-right:10px;" src="img/minus.gif" /> </a> Item_1 Name: Item_1 Description: Item_1 Price : Item_1 Tax </div> <br /> <div id="item_2" class="visibleLine"> <a href="javascript:unhide('item_2');"> <img style="float:left;margin-right:10px;" src="img/minus.gif" /> </a> Item_2 Name: Item_2 Description: Item_2 Price : Item_2 Tax </div> etc etc etc </body> </html> The css that needs to go with it is as follows: .hiddenLine { display: none; } .visibleLine{ display: block; } Clicking on the minus sign (or the whole row if you move the </a> tag - sets off the java script which then changes the class making the css hide or unhide that div. Setting the item name in the href="javascript:unhide('item_1'); lines is a matter of appending the row number to each item e.g. <?php> echo 'href="javascript:unhide("item_'.$rowNum.'1");'; </php> Lastly - you can use the javascript you run to remove quantity ordered in that div line using firstItem or firstChild or something similar - you may want to also look at how to let the customer re-add the line (e.g. move the quantity from textbox_item1_quantity to textbox_item1_old_quantity when the line is deleted / hidden and then put it back if it is restored. changing the minus.gof to a plus.gif as well or similar. I used similar code to hide and unhide paragraphs of text in a Cv / bio. If you want to use check boxes instead of a minus.gif then dont use <a href=...> but capture the onclick of a check box instead. HTH Shane

FYI - the above ASP is also badly written. field names containing '$' spaces, plus symbols etc are being sent through as posted data. Even if you convert to php you will either: a) have to escape a lof of characters in field names b) Have the fields fail to be recognised as they probably contain illeagal chars in field names c) run a huge risk of somebody hacking things as you will be allowing really dodgy chars through as field names. e.g. field name: '500pcs Vouchers + Voucher Design + Free Website at $250', field name: "4000pcs A5 Flyers at $230" you need to ditch the $, spaces and plus symbols out of the field names which means your html file needs to be re-written as well. Also if (check <> "" or check <> null) and check = "Submit" then The bracketed checks are redundent as if Check="submit" then check <> "" is always true and check<>null is always true. If you are worried about a null return causing an error, then use if isNull(check) then 'do something as no submit sent elseif check="Submit" then 'do stuff ehre else 'throw an error and clean up here as check <> 'Submit' end if

Hi, thanks for replying. My webhost is linux platform therefore the asp cant worked. I already amended the asp script and added variables i needed but when i placed it in my host, it din worked. Then i read online that asp cannot work on linux. This asp script i used in another host which is window shared server and it works perfectly fine. And this form works well without spam emails. Any advice? Some facts you need to know: ASP - runs on an IIS server (e.g. microsoft server) PHP - runs whereever a php server is set up - normally linux ASP will not run on a linux server* PHP will not run on an IIS server* Both ASP and PHP run ON THE SERVER so - Whatever the form looks like that is presented to the customer via your asp form will need to capture the customers email address, return it as part of a post , get captured by the php server, used to create an email on the SERVER SIDE and then send an email from there. You will need two pages at least. Page 1 - showForm - Present the form to the client and get them to fill in info and push a submit button. Page 2 - Get details from the forms return run whatever logic you want run against it and also create an email and get the server to send it out. if you do not understand server side processing, posts, what languages run on what servers etc then you need to engage a web developer to sort this out for you Shane * Unless a special add in or thrid party app has been installed and configured etc etc etc.

Agreed. However, I have yet to encounter anything programmed in Java that didn't require me to install Java on the client. That is what I was referring to. Not sure I follow. why would you need to install on the client.. thought as a web application it will be server side, and any client side applications ran on java runtime already installed on the clients machine (well hopefully unless they just came out from a rock) When he says you need to install java on the client, I believe he is referring to the JVM which must be installed on the client, as you mention. In most cases, yes it will already be installed. He is talking more about the fact that while the java code is stored server side, when the applet is run, it is processed by the jvm on the client side. Or at least thats how I interpreted it. My $.02 worth. PHP for server side logic is perfect in that it is specifically designed to work with web sites / web servers. JSP - Java Server Pages, is also designed to work with servers on the server side but requires a less common server to run it (e.g. Tomcat / Domino / Websphere ....) Java - will allow you to run autonomous apps that dont require a web browser but can get data from remote (e.g. web servers). Java is more secure running in a sandbox / jvm than running web apps in a non-sand boxed web browser. (e.g. applets) Java script - allows you to script stuff inside of a web browser on the client side. My thought - If you only want to learn one langguage and work with the web then php. You can write complete cross browser / cross platform apps just using php. however dont fool yourself that what ever you write, if it is web based will be one language only. To write web apps you will neeed a minimum of: HTML CSS Java Script One server side language (php or JSP) Possibly SQL No web app will get written without knowing the top three - well maybe without knowing css but the site will get ugly to maintain really quickly. Think of a web app as an n-tier app. Teir 1 - Database Teir 2 - Logic Teir 3 - Display / layout Teir 1 you will need sql. to use sql and access it you will need an sql capable server side language such as php or jsp. Teir 2 - Split it in two - Logic on the server side (stored procedures, business logic in returned / posted forms, work flow) JSP/ PHP / SQL - Logic in the browser - button clicks, validation, display, browser identification etc - JavaScript / VBScript Teir 3 - HTML and CSS - Required to layout the pages, present and format data. Also some server side input for getting queried data laid out in tables etc. If you want to write applets or other java applications (beans, applets etc are ideal for quick and dirty or small development pieces) then you will need to learn a whole new subset of java, over and above jsp / javascript. (yes I know javascript != java but it is syntactically similar) including jdbc / swing / soap / corba / xml etc. Believe me that is far more painful than knowing php and javascript. Java gui is a whole new level of headache. PHP, html / java script are close enough in use to think of them as complimentary. They are all implemented in html like pages, they have similar syntax in many cases, they are untyped (ie no really fixed data types) and work in with web apps. If you are going to go through the pain of learning and using html / css you are already doing teir 3 work using similar / same languages as teir 2. Doing teir 3 with java you need to add a whole layer of complexity AND will still have to learn jscript, html, sql, css etc. Also dont forget that JavaScript, HTML DOM, DHTML, VBScript, AJAX, jQuery, E4X, svg are also likely to be needed to get web apps working. PHP is much kinder to do that stuff with than java apps. my $0.02 shane

I see this as mysql_'s merit. At least it forces the user to unambiguously name the columns of his/her result set. Hope it helps. While I do agree - mostly - in the practical sense, working in the real world, having an option to access an attribute via a tablename.columnId at least gives some options. when I get better at PHP I will try to re-write or superClass?!? the mysql_fetch_array to accept table.ColID. At worst it will be a good learning experience.

Could you explain this more thoroughly? I can't see why tables/relvars joined with itself is a problem, considering today's SQL standards. To be sure, a table/relvar can be joined with itself without much problems, using today's leading RDBMs. It is not the join but the way that PHP mysql_fetch_array presents data. In VB as an example you can access as ADO / ADODB record set (array object) with rs[tablename.fieldname] in querys that may have ambiguous names caused by joining two tables with a similar column / field ID or by performing a self join on a table. e.g ' Below returns t1.id, t2.id, t1.name, t2.lastname query$ = 'Select t1.id, t2.id, t1.name, t2.lastname from myTable as t1 left join myTable as t2 on t1.id=t2.id' ... set rs = new adodb.recordset(myDbObj) .... while id1$ = rs[t1.id] id2$ = rs[t2.id] rs.eof ..... In PHP it is not possible to do that. The best you can hope for is to remember what order the ambiguus col / field names are returned as and call the fieldName twice e.g. // Below returns t1.id, t2.id, t1.name, t2.lastname $query = 'Select t1.id, t2.id, t1.name, t2.lastname from myTable as t1 left join myTable as t2 on t1.id=t2.id'; //connect db etc here - and run query - get reasults,. $sql = mysql_query($query); //display results while ($row = mysql_fetch_array($sql)){ .... id1$ = $row['id']; //this will get t1.id as it is rthe first col with label = id id2$ = $roiw['id']; // this wil get t2.id as it is the second call to get row['id'] and the cursor has moved across a column - dont ask me why it has but it has .... } If the query changes (e.g. it is in a stored proc, is called dybnamically from a text version of the query stored in a db, etc. where users can change things ..) and the t2.id is now returned prior to t1.id then your code is screwed. In the VB version it is explictly referenced - making the code more robust. Now I agree with unambigous naming schemes ... mostly, but they are a stylistic choice not a hard and fast rule. Also as a coder I often dont have access or control of the underlaying tables / data layer - that is up to the customer or RDBMS Admin person. I once spent 18 months working with Sybase stored procs with out once getting to see the code underneath them. Large corporate - division of labour. I was tweir two and three , not tier one coder. In a situation like that explicit coding is a defensive technique to make code robust and durable. Assuming t1, alsways comes before t2, is not a robust assumption. Anyway - the other arguments againt the unambigous namings: 1 - Some DB systems have a very limited col_length / field name length. 8 chars for old dbase type Dbs. Abnd yes - they still exist. Trying to make a uniue field name while keeping symantec context and readability becomes very difficult. 2 - Knowing that a table always cas a unique key of type number, in an ascending sequence / auto number / and it is always called ID makes life a lot easier when you are trying to access 100s of tables and may need to run adhoc querys with no data dictionary at your shoulder. E.g. Bob - record 123456 on table foo has strange data. Ok ROB - I'll select * from foo where ID=123456; job done - otherwise you end up going - ok rob, whats the table primary index / column / field name? Hang on bob I'll find a data dictionary and look it up. - Its QWGTZRYU Say what Rob? why the weird name? Well Bob - its our unique naming convention - makes them unambiguous.... Rob, it certasinluy makes them something that for sure. and before anyone leaps on me - I've worked with a Db2 DB, on an AS400 that had 400 tables, each with over 20 fields, all named using an unambiguous system with 8 char names like QFGTRWEB It was a coding nightmare and a maintenance sod of the first order. Getting unambigous names can be really really hard in a large RDBMS. E.g. staff, client, supplier, contact, customer, dept head, all likely to have firstname, lastname, DOB in it. Purchase orders, invoices, quotes, receipts etc all have reference, PO numbers, quote type numbers, lines, headers, dates, clientID, payer ID etc in it. In practical terms the best way to show unambiguous field names without creating a data duictionary nightmare is by pre-pending table names before col names in a query or result set. The mysql_fetch_array() doesn't allow you to pull col names using tablename.fieldname. It there fore makes more work / more risk. My $0.02 for what it is worth.

Thanks. but it is a bit of a begger.. I agree with most of what you are saying but it is a semi regular thing to have a table joined to itself (self join) so the un-ambiguous column ids cannot be avoided in that case.