Strider64

I would go fixing the HTML and styling it with good old CSS first. That is what I would do. For example I created an online trivia game and created where a user can add questions/answers to the database table. I first created a HTML Form styling it with CSS then I added the necessary PHP to it. Here's the form: <form id="addQuestions"action="<?php echo $basename; ?>" method="post"> <fieldset> <legend><?php echo isset($errorMsg) ? $errorMsg : "Add Question"; ?></legend> <input type="hidden" name="status" value="<?php echo ($user && $user->security_level === "sysop") ? "approved" : "pending"; ?>"> <label class="questionLabel" for="question">Question</label> <textarea id="question" name="question" placeholder="Enter question here..."></textarea> <label class="questionData" for="answer1">Answer One</label> <input id="answer1" type="text" name="answer1" value=""> <label class="questionData" for="answer2">Answer Two</label> <input id="answer2" type="text" name="answer2" value=""> <label class="questionData" for="answer3">Answer Three</label> <input id="answer3" type="text" name="answer3" value=""> <label class="questionData" for="answer4">Answer Four</label> <input id="answer4" type="text" name="answer4" value=""> <label class="questionData" for="correct">Correct Answer</label> <input id="correct" type="text" name="correct" placeholder="Enter 1, 2, 3, or 4 for the correct answer!" value=""> <input type="submit" name="submit" value="submit"> </fieldset> </form> as you can see not much in the way of PHP was added to it and the form also carried nicely over to the edit form (on a different web page) <form id="addQuestions"action="<?php echo $basename; ?>" method="post"> <fieldset> <legend><?php echo isset($errorMsg) ? $errorMsg : "Edit Question"; ?></legend> <input type="hidden" name="id" value="<?php echo $total_ids[$_SESSION['page']]['id']; ?>"> <label class="questionLabel" for="question">Question</label> <textarea id="question" name="question" placeholder="Enter question here..."><?php echo $record->question; ?></textarea> <label class="questionData" for="answer1">Answer One</label> <input id="answer1" type="text" name="answer1" value="<?php echo $record->answer1; ?>"> <label class="questionData" for="answer2">Answer Two</label> <input id="answer2" type="text" name="answer2" value="<?php echo $record->answer2; ?>"> <label class="questionData" for="answer3">Answer Three</label> <input id="answer3" type="text" name="answer3" value="<?php echo $record->answer3; ?>"> <label class="questionData" for="answer4">Answer Four</label> <input id="answer4" type="text" name="answer4" value="<?php echo $record->answer4; ?>"> <label class="questionData" for="correct">Correct Answer</label> <input id="correct" type="text" name="correct" value="<?php echo $record->correct; ?>"> <label class="questionData" for="status">Status</label> <select id="status" <?php echo ($record->status === "approved") ? 'class="statusGreen"' : 'class="statusRed"'; ?> name="status"> <?php foreach ($statusArray as $key => $value) { if ( $value === $record->status) { echo '<option value="' . $record->status . '" selected>' . $record->status . '</option>'; } else { echo '<option value="'. $value . '">' . $value . '</option>'; } } ?> </select> <input type="submit" name="submit" value="submit"> </fieldset> </form> as you can see a little more PHP was needed for the edit form and a few minor modifications need to be done to the HTML/CSS. My suggestion for you and/or anyone getting started in web design and development is get HTML/CSS and maybe JavaScript portion down pat first. Even if person considers him/her a developer, it's still very important to learn the design aspect of building a website even if someone else might be doing that portion. Like I already stated that is where I would start first. HTH John

I will give my .02 cents about this. I don't think I would be very pleased if I were one of the 500 users using that website to find out that the password and other information that I entered wasn't secured at all. Sure they don't know anything about programming, but Hackers do. If there isn't any valuable information in the first place why have a login system? I have logged into the a website from more than one computer (Heck I even logged onto the same computer more than once using different browsers), I really don't see what the big deal is. It's just like visiting the same web page on multiple computers in my book.

This is something that I done over a year and half ago for fun, there are few things that I would change though it gives a good example of using json: The PHP file : sendCountDown.02.php <?php date_default_timezone_set('America/Detroit'); // Set the Default Time Zone: session_start(); $future = (isset($_SESSION['future'])) ? $_SESSION['future'] : '2015-12-25 00:00:00'; $expired = new DateTime($future); $now = new DateTime(); $e['countDown'] = $now->diff($expired, true); print json_encode($e); // JSON web.countdown.ajax.02.js $(function () { /* The Countdown Timer to call the Ajax Method */ var updateTime = setInterval(displayTime, 1000); /* The Ajax Method of Getting Time */ function displayTime() { var $clock = $('.clock'); $.ajax({// Start of ajax: url: 'sendCountDown.02.php', // Pulling time from the server: dataType: "json", // Format type: success: function (info) { // Grab the data from php and then display it: // Variables * Self-Explanatory * var days = info.countDown.days, // Grab total days till expiration: hours = info.countDown.h, // Grab total hours till expiration: minutes = info.countDown.i, // Grab total mins till expiration: seconds = info.countDown.s, // Grab total secs till expiration: $msg = ''; if (hours < 10) { hours = '0' + hours; } if (minutes < 10) { minutes = '0' + minutes; } if (seconds < 10) { seconds = '0' + seconds; } $msg = days + ' Days ' + hours + ' Hours ' + minutes + ' Minutes ' + seconds + ' Seconds'; /* Display Time in Message */ $clock.text($msg); }, error: function (response) { var r = jQuery.parseJSON(response.responseText); alert("Message: " + r.Message); alert("StackTrace: " + r.StackTrace); alert("ExceptionType: " + r.ExceptionType); } }); // End of ajax call: } // End of Function: }); // END OF DOC READY: and the main file countDownClock.php <?php session_start(); date_default_timezone_set('America/Detroit'); // Set the Default Time Zone: if (isset($_POST['action']) && $_POST['action'] == 'enter') { $futureDate = date('Y-m-d H:i:s',strtotime($_POST['futureDate'])); $_SESSION['future'] = $futureDate; } ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>The Count Down Clock</title> <link rel="stylesheet" href="css/style.css"> </head> <body> <?php echo (isset($futureDate)) ? '<h1 class="container headingDate">' . $futureDate . '</h1>' : '<h1 class="container headingDate">Christmas Day is 2015-12-25</h1>'; ?> <form id="countDownForm" class="container rounded shadow" action="countDownClock.php" method="post"> <input type="hidden" name="action" value="enter"> <label for="countDownStyle" class="cmsLabel">Enter Future Date: </label> <input id="countDownStyle" name="futureDate" value="" type="datetime" placeholder="0000-00-00 00:00:00" required> <input type="submit" name="submit" value="Submit" class="submitBtn"> </form> <div class="container clockBox rounded shadow"> <p class="clock"></p> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <script src="web.countdown.ajax.02.js"></script> </body> </html> I think it shows how one can pull the time from php; which in my opinion that the PHP language has better date/time functions/methods that jQuery/JavaScript in the first place. That can be pulled from a database or what have you.

Maybe this will shed some light on your problem: <form id="trivia_quiz" action="<?php echo $basename; ?>" method="post"> <?php $counter = 1; foreach ($_SESSION['daily_questions'] as $key => $value) { if (strlen($counter) < 2) { $counter = "0" . $counter; } echo "<h1 class=\"question\">" . $counter . ". " . $value['question'] . "</h1>\n"; echo '<div class="answers"><input id="button' . $key . '_1" type="radio" name="answer[' . $key . ']" value="1"><label for="button' . $key . '_1">' . $value['answer1'] . '</label>' . "</div>\n"; echo '<div class="answers"><input id="button' . $key . '_2" type="radio" name="answer[' . $key . ']" value="2"><label for="button' . $key . '_2">' . $value['answer2'] . '</label>' . "</div>\n"; echo '<div class="answers"><input id="button' . $key . '_3" type="radio" name="answer[' . $key . ']" value="3"><label for="button' . $key . '_3">' . $value['answer3'] . '</label>' . "</div>\n"; echo '<div class="answers"><input id="button' . $key . '_4" type="radio" name="answer[' . $key . ']" value="4"><label for="button' . $key . '_4">' . $value['answer4'] . '</label>' . "</div><br><hr><br>\n"; $counter += 1; } ?> <input type="submit" name="submit" value="submit"> </form> I find reading 10 questions in at a time and spitting them out at once is the easiest or you can use JavaScript (I use jQuery) to have only one question displayed at a time. Though there are many ways of doing it.

What I do is use placeholder names then try to keep everything constant (prepared statements, variables and what have you). for example $query = "UPDATE users SET username=:username WHERE id=:id"; $stmt = $pdo->prepare($query); $result = $stmt->execute([':username' => $_POST['username'], ':id' => $_POST['id']]); That way is easier to spot a syntax error easier in my opinion.

I think what parkerj was trying to tell you is to put your script in a code tag that is in the editor and properly formatted. for example: <?php class DbConn { private $_conn = ''; public function __construct() { $this->_conn = mysqli_connect('localhost', 'root', '', 'sito'); if ($this->_conn->errno) { echo "errore di conessione" . $this->_conn->error; } } public function select($fields, $tables, $conditions = '1') { $query = "SELECT "; $query .= implode(', ', $fields); $query .= " FROM "; $query .= implode(', ', $tables); $query .= " WHERE "; $query .= $conditions; error_log(var_export($query, true)); return mysqli_query($this->_conn, $query); } public function update($table, $values, $conditions = '1') { $first = true; $query = "UPDATE " . $table; $query .= " SET "; foreach ($values as $name => $value) { if (!$first) { $query .= ", "; } $query .= $name . " = " . $value; $first = false; } $query .= " WHERE "; $query .= $conditions; return mysqli_query($this->_conn, $query); } public function delete($table, $conditions = '0') { $query = "DELETE FROM " . $table; $query .= " WHERE "; $query .= $conditions; return mysqli_query($this->_conn, $query); } public function fetch_assoc($res) { return mysqli_fetch_assoc($res); } public function escape($string) { return mysqli_escape_string($this->_conn, $string); } public function __destruct() { $this->_conn->close(); } } if you can help you put also the view <?php require_once ($_SERVER['DOCUMENT_ROOT'] . "/controllers/controller_admin.php"); require_once ($_SERVER['DOCUMENT_ROOT'] . "/modules/module_admin.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/libreria/DbConn.php"); $action = (isset($_GET['action'])) ? $_GET['action'] : null; $id = (isset($_GET['id'])) ? $_GET['id'] : null; $controllerAdmin = new controller_admin($action, $id); $result = $controllerAdmin->menuAdmin(); ?> <?php if (!empty($result)): ?> <h2>gestione menu</h2> <table> <thead> <tr> <th>nome Categoria</th> <th>Visibilita</th> <th colspan="2">Modifica</th> </tr> </thead> <?php foreach ($result as $risultato): ?> <?php if ($risultato['menu_visibol'] == 1) { $action = "?menu&action=novisibol"; $text = "novisibol"; $class = "novisibol"; } else { $action = "?menu&action=visibol"; $text = "visibol"; $class = "visibol"; } ?> <tr> <td><a href="?menu&action=edit&id=<?php echo $risultato['menu_id']; ?>" title="<?php echo $risultato['menu_title']; ?>"><?php echo $risultato['menu_name']; ?></a> </td> <td><a title="<?php echo $text; ?>" class="<?php echo $class; ?>" href="<?php echo $action . '&id=' . $risultato['menu_id']; ?>"><?php echo $text; ?></a> </td> <td><a href="?menu&action=edit&id=<?php echo $risultato['menu_id']; ?>" title="modifica">Modifica</a></td> <td><a href="?menu&action=delete&id=<?php echo $risultato['menu_id']; ?>" title="elimina">Elimina</a></td> </tr> <?php endforeach; ?> </table> <?php endif; ?>

Well if a company's website is hacked, it's isn't the web developer who takes the blame in the eyes of the public, it's the company. Though the company that is taking the blame isn't going to give the web developer a free pass and just let it slide by without taking a hit. So it should be the web developer, but a web designer might get thrown under the bus if the company doesn't distinguish between developer and designer. Though I think that is highly unlikely for most companies are smart enough to realize it's the coding that causes the problems. So my answer is who ever developed the script is the party at fault. However, the company that gets hacked isn't going to be very pleased with anyone that had anything to do with the website.

Still using obsolete code, trying search for mysqli or PDO login tutorials....I'm sure you find plenty.