zid

Hi, aiight, gonna give it a go and see if I can understand the code and if it works the way im trying to describe. havent used implode or array_map before...

Hi, having a form that have unique name value so a submitted post would look like this if i run print_r($_POST): Array ( [19_y] => 1 [19_c] => this is a text message [18_y] => 1 [18_c] => this is another text message [17_n] => 1 [16_dn] => 1 [16_c] => [submit_questions] => ) Usually i have static values on the posts like $_POST['username']; But this is a survey so one can create a bunch of questions and each object like 19_y is uniqe. How can I bind this to something that I can post into mysql?

Hi, If I want to let users update a post (title or text), what would be the best approach if I want to preserve the original data as browsable history? Example: Original Post containing tables: post_id, post_title, post_text, post_author If a user want to Edit/Update this post: - the new input should replace the post_title and post_text (preserving the post_id since it got comments associated with it). - the old input should be posted as a new history post, with a new post_id, old post_text, old post_title and have a refferal to the original post_id. Is this a good approach or should I go for something else?

Hi, running my page at a hosting provider that does not support PHP 5.5 so I cannot use the new hashing feature. As of now Im using sha256 with a pretty long and complex salt, the salt is the same for every user which is not the best approach I know but this is for a hoppy project of mine, but still some sort of security thinking in the correct direction. The salt is not stored within the database, its just stored in a variable in a PHP file. Is this sufficient? If my database get hacked they don't get the salt. They have to hack the server itself to be able to get the PHP file containing this salt.

Hi, trying to build a little page where users can login, and if a user is member of group 1, its an admin, group 2 moderator and group 3 a contributor. As of now I set a $_SESSION['userid'] and the membership as a session...$_SESSION['group'], is this a BAD BIG NO NO? And when the page renders I use an if statement to see if a user is logged in $_SESSION['userid'] is set and if he/she belongs to a group if the session group is set. Should I reconsider this? Might have a feeling its wrong approach, but was easy to create.

Hi again guys, so with this GeSHi I should or should not use the special chars or whatever when users are inputing code? Somehow the HTML must identify what is code on the output? Or should I just let users post <code>This is a test</code> into the database and GeSHi secures the output?

Thanks requinix, that worked perfect!

Hi, Trying to get a query list posts that starts with A for example. straight up in the php file it works like a sharm as regular code. $string = 'A'; $stmt = $db->prepare("SELECT page_id, page_title FROM pages WHERE page_title LIKE :page_title"); $stmt->bindValue(':page_title', $string . '%', PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $row) { echo "<a href='index?page=". $row['page_id'] ."'>". $row['page_title'] ."</a>"; } but when trying to get this into a function, nothig is displayed. Please advice! What have I missed. // calling the function letterIndex('A'); // the function function letterIndex($string) { $stmt = $db->prepare("SELECT page_id, page_title FROM pages WHERE page_title LIKE :page_title"); $stmt->bindValue(':page_title', $string . '%', PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $row) { echo "<a href='index?page=". $row['page_id'] ."'>". $row['page_title'] ."</a>"; } }

Hi, I use PDO and prepared statements, would it be safe then to store it in the database?

Hi, have a question. Creating a site where I can post content and users can comment on them. If want to create a post that contains <code> or <pre> to display some code for users that the css file identifies and adds some nice colors to it. How can I make sure that the content is handled in a securely fashion? shall I use strip_tags(); / htmlentities(); / htmlspecialchars(); when inserting to the database? or shall things be stored in the database with the <code> tags and taken care of when it comes to presenting/displaying the information for the users? The same goes for users who wants to comment on some script or whatever, I wanna make sure that <code> does get presented correctly and that <script>alert('hacked');</script> for example does not execute. How can I accomplish this?

Hi guys, trying to acchieve a search query on mutiple tables using prepared statements and the query it self seems a bit confusing for me, have been searching and found the UNION feature but I still cannot get this to work. Please advice. pages - page.title - page.text posts - post.title - post.text This one works, single table using two rows: $stmt = $db->prepare("SELECT * FROM pages WHERE page_title LIKE :search_string OR page_text LIKE :search_string"); This one does not work with the UNION feature: $stmt = $db->prepare(" SELECT * FROM pages.page_title, WHERE pages.page_title LIKE :search_string UNION SELECT * FROM pages.page_text, WHERE pages.page_text LIKE :search_string UNION SELECT * FROM posts.post_title, WHERE posts.post_title LIKE :search_string UNION SELECT * FROM posts.post_text, WHERE posts.post_text LIKE :search_string "); And the bound: $stmt->bindValue(':search_string', '%'.$query.'%');

Hi Christian, Hmm what does it do? Saves all the dates and costs in various variables for easier printing? hmmm

Hi guys, I need help to understand and get this to work. I'm trying to lean php/mysql so this is a small script of mine. I wanna try get a webpage tell me what type of cost I have each month for water, electricity and so forth. I also want it to be displayed into a table like this: Jan Feb Mars --------------------------------------- Water 1200 340 550 El 1100 300 600 ...you get my point. So started to read about how to have a good MySQL setup so started small using only three rows: type, date and cost type = water, electricity, ensurance... date = 2012-08-16 (dont know if thats a god way of doing it- only want to have that cost for that month displayed) cost = the cost As you can see in my code below im not off for a good start. Im a tru' rookie and I've read tons of guides online but I cant find a way of putting things where I want them into my table... ?> <table> <tr> <th>Cost</th> <th>Jan</th> <th>Feb</th> <th>Mar</th> </tr> <?php $query = 'SELECT * FROM test_data'; $result = mysql_query($query, $connect); while ($row = mysql_fetch_assoc($result)) { echo "<tr>\n"; echo "<td>".$row['type']."</td>\n"; echo "<td>".$row['cost']."</td>\n"; echo "<td>".$row['cost']."</td>\n"; echo "<td>".$row['cost']."</td>\n"; echo "</tr>\n"; } ?> </table> My quesions are: 1. Have I completely misunderstood how I should start out with the SQL layout? maybee should have another "layout"? 2. In my loop I want to put the correct cost for that month in the correct place 3. I don't want to display the date any where, just for a query to know for what month that cost belongs to... Please help me out, and describe what things are for what - or I can never learn... Any help appreciated!