Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,335
  • Joined

  • Days Won

    173

mac_gyver last won the day on February 23

mac_gyver had the most liked content!

3 Followers

About mac_gyver

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

152,719 profile views

mac_gyver's Achievements

Prolific Member

Prolific Member (5/5)

620

Reputation

132

Community Answers

  1. except, that's only the last field definition, not all of them, because you are reassigning $fieldSelection each pass through the loop. you want to add a new array entry to $fieldSelection each pass through the loop. you have a typo/spelling mistake in the :fieldSection place-holder in the sql vs :fieldSelection in the execute() call.
  2. if you name the sets of fields differently, with the same root name, an incrementing numerical index, then the element name, the submitted data will already be in a format that you can json_encode(). assuming these are all text fields, the markup would look like - <input type='text' name='fieldSelection[0][field]'> <input type='text' name='fieldSelection[0][fieldName]'> <input type='text' name='fieldSelection[0][fieldLabel]'> <input type='text' name='fieldSelection[0][fieldType]'> <input type='text' name='fieldSelection[0][fieldWidth]'> <input type='text' name='fieldSelection[1][field]'> <input type='text' name='fieldSelection[1][fieldName]'> <input type='text' name='fieldSelection[1][fieldLabel]'> <input type='text' name='fieldSelection[1][fieldType]'> <input type='text' name='fieldSelection[1][fieldWidth]'> you can then simply loop over $_POST['fieldSelection'] and use each set of values - foreach($_POST['fieldSelection'] as $row) { echo '<pre>'; print_r($row); echo '</pre>'; echo json_encode($row); echo '<br>'; }
  3. OR you can use the complement - select count(*) as CustomerActual, Month from sbms.customerdata WHERE EmpID='83201858' AND (VisitType = 'No Due' OR VisitDate !='') group by Month
  4. yes, for any dynamic value that is output in a html context (web page, email), if it could contain html entities (html, css, javascript.) here's a story about SMF (Simple Machines Forum) software. their programmers didn't apply htmlentities() to some user profile data when it was output on a web page. when administrators viewed the profiles of user's who had their posts reported in the 'administrator' area on the site, javascript in the data was executed, performing any action that the administrator is capable of, and was promoting the bad users to be administrators. SMF sent out an emergency email to everyone who had ever registered on their site to immediately update the SMF software to close this security hole. no. didn't you just ask that in a thread? where is your $data array coming from? arrays are for sets of data, where you will operate on every member in the set in the same/similar way. by keeping data as an array, you can operate on the data using php array functions - https://www.php.net/manual/en/ref.array.php the submitted form data is a set, originally in the $_POST array. you should trim the data in it, mainly so that you can detect if any value is all white-space characters, before validating it. since the trimmed data has a different meaning from the original and since you should leave the original data as is, in case you need it, you should put the trimmed data in a different array variable, such as $data. because it is a set, you can operate on it using php array functions. to trim all the data at once: $data = array_map('trim',$_POST). the existing data you are going to edit is also a set. when you fetch it, keep it in an array variable, such as $data, which is what everyone reading this thread assumed you are doing with the $data array you have shown in this code. user/validation errors are also a set of data. your validation logic should add user/validation errors to an array using the form field name as the array index. you can then test if there are or are not any errors, simply by testing if the array holding the errors is !empty(...) or is empty(...). you can output the error messages all at once, either by imploding the array or looping over it. you can output the error messages individually, such as placing them next to the correspond form field, by referencing the array index, which is the form field name. keeping these sets of data as arrays will allow you to use a data-driven design to dynamically validate and process the data, and dynamically produce the form. the example i showed is functionally what template engines do. you have an array of data and a template with tags in it corresponding to the array indexes. when you tell the template engine to render the template, it replaces the tags with the same name elements from the array of data, applying htmlentities() to each value (there's a special tag syntax to override this if you must use the raw data.)
  5. you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting. if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this - <div class='col-12'> <label>Form Name <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label> </div> also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with.
  6. not really. you are doing the same operation, only the name/meaning of the data is different. you should have a booking/reservation/order table, that holds the unique/one-time booking data. a single row is inserted into this table when someone submits an order. this row produces a booking id (the autoincrement primary index.) you would use this booking id to store the related booking item data, one row per item, which in this case is the seat id, screening id, ...
  7. to get php to cause a http 500 status for fatal syntax/runtime errors, php's display_errors setting needs to be set to OFF. you would then want the log_errors setting to be set to ON, so that you have a record of what errors are occurring. also, php's error_reporting needs to always be set to E_ALL or a -1.
  8. what is your overall goal here? OOP is not about wrapping your main code in class(es), adding $var-> in front of everything, and making a wall of code that takes 10x the number of lines of code to accomplish a task.
  9. are you doing this as a learning exercise? what is your goal? some pointers - the code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document. the post method form processing should not attempt to detect if the submit button is set, there are cases where it won't be. instead, detect if a post method form was submitted before referencing any of the form data. keep all the form data as a set, in a php array variable, then operate on elements in this array variable throughout the rest of the code. trim all the input data before validating it, mainly so that you can detect if all white-space characters were entered. validate all the trimmed input data at once, storing user/validation errors in an array, using the field name as the main array index. after the end of the validation logic, if there are no errors (the array holding the user/validation errors is empty), use the input data. since all you are doing is comparing an input value with the correct answer, you can do this as part of the validation logic. if you were storing data in a database, authenticating a user, sending an email, ... you would put the code needed to perform these actions here. after using the input data, if there are no errors, perform a redirect to the exact same URL of the current page to cause a get request for the page. this will prevent the browser from trying to resubmit the form data should the page get reloaded or browsed back to. to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document. if there are user/validation errors, the code will continue on to display the html document, display any errors, redisplay the form, populating the field values with any existing data, so that the user doesn't need to keep reentering values over and over. any dynamic value you output in a html context needs to have htmlentities() applied to it to help prevent cross site scripting. there's a programming issue with the division operator and computers. this operation can result in a fractional part that cannot be represented exactly in a computer and then cannot be easily compared. you may want to test the answer produced is this case and limit the question/answer to those which only have whole integer answers, i.e. keep something like 9/3, but not 7/6, and also don't allow division by 0. if you do all of that, except for handling the division cases, you would end up with code that looks like this - <?php // initialization // the error related settings should be in the php.ini on your system error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); $post = []; // array to hold a trimmed working copy of the form data $errors = []; // array to hold user/validation errors // post method form processing if($_SERVER['REQUEST_METHOD'] === 'POST') { // inputs: number_entered, $_SESSION['answer'] // trim all the post data at once $post = array_map('trim',$_POST); // if any input is a array, use a recursive trim call-back function here instead of php's trim // validate inputs if($post['number_entered'] === '') { $errors['number_entered'] = 'You must enter a number'; } // note: this assumes that only integer answers are permitted (in the case of the division operator) else if((int)$post['number_entered'] !== (int)$_SESSION['answer']) { $errors['number_entered'] = "Incorrect guess<br>The correct<br>number was <b>{$_SESSION['answer']}</b> <br><img src='sorry-tryagain.png'><br>"; // since you are displaying the correct answer, you would want to generated a new question in this case? //unset($_SESSION['question']); } // if no errors, success if(empty($errors)) { $_SESSION['success_message'] = "<img src='you-win.png'><br><b>{$_SESSION['answer']}</b> IS THE<br>CORRECT GUESS!</b><br>"; // to continue, you would generated a new question //unset($_SESSION['question']); // redirect to the exact same url of the current page to cause a get request - PRG Post, Redirect, Get. die(header("Refresh:0")); } } // get method business logic - get/produce data needed to display the page // if there's no question/answer, generate one if(!isset($_SESSION['question'])) { $rand1 = rand(0, 9); $rand2 = rand(0, 9); $operator = array('*', '/', '+', '-'); $randoperator = $operator[rand(0, 3)]; switch ($randoperator) { case "+": $finaalvalue = $rand1 + $rand2; break; case "-": $finaalvalue = $rand1 - $rand2; break; case "*": $finaalvalue = $rand1 * $rand2; break; case "/": // note: this can produce a fractional number, which you must take care with when performing comparisons. // also division by zero. $finaalvalue = $rand1 / $rand2; break; } $_SESSION['question'] = "$rand1 $randoperator $rand2 = "; $_SESSION['answer'] = $finaalvalue; } // html document - this is an incomplete document. it only shows the necessary parts for the demonstration. ?> <?php // display any success message if(isset($_SESSION['success_message'])) { echo $_SESSION['success_message']; unset($_SESSION['success_message']); } ?> <?php // display any errors if(!empty($errors)) { echo "<p>".implode('<br>',$errors)."</p>"; } ?> <?php // display the form if(!empty($_SESSION['question'])) { ?> <form method="POST"> <br><b>Level 1<br>Do The Math</b><br><br> <?=$_SESSION['question']?> <input type="text" name="number_entered" value="<?=htmlentities($post['number_entered']??'',ENT_QUOTES)?>" autocomplete="off"><br><br> <input class="button" type="submit" value="Enter Guess"><br><br> </form> <?php }
  10. web servers are stateless. they don't know or care what has happened outside of the current request. each time your code runs, it generates new random values. if you want to remember these values, from one request to the next, you need to store them in session variables, and only generate new ones if the session variables are empty/not-set.
  11. lol. all the javascript posted for this problem is unnecessary. upon the DOM being loaded/rendered, it's getting data that's known at the time of the request for the map2.php page (the value being sent to getBookedSeats.php is coming from a js variable that's being set to a php value echoed on the page.) this is just a roundabout wall of code and data churn. here's a list of why this is not working - 1. you are making a POST request to getBookedSeats.php. the value won't be in any $_GET variable and adding an isset() won't make it work. all that did is hide the problem and caused the php code to be skipped over. 2. you are sending JSON encoded data to getBookedSeats.php. you would need to use the following to read and decode the data - $json = file_get_contents('php://input'); $data = json_decode($json,true); 3. the value will then be in $data['screeningId'], because that's the name of the javascript variable holding the value that you are sending in the ajax fetch request, which is a value that is coming from php in the first place.
  12. this code is apparently sending either a text or email with a one-time-pin. my guess is it isn't displaying the pin entry page, eventually times out, and redirects to the dashboard page. you would need to show or state what exactly does happen and what you expect to happen. the only things I can tell you based on the posted code are - don't use the @ error suppressor. If you want to test if a variable is set, either use isset()/!isset() or use the Null coalescing operator to condition the input to a default false value. the first header() redirect needs an exit/die statement to stop php code execution, like the rest of the code is using. whatever your inputValidation() function does, it probably doesn't make a value safe to put directly into an sql query. correctly use a prepared query, like the rest of the code is using.
  13. you probably have a redirect-loop or code that's caught in a loop in php. you would need to post all the code, less any database connection credentials, for the login operation and at least the login check code from one of the other pages. btw - the only redirect you should have in your login code should be to the exact same URL of the login page to cause a get request for that page. this will prevent the browser from trying to resubmit the form data should that page get reloaded or browsed back to, where someone can use the browser's developer tools to see what the form data is, even if you prevent the form from being displayed. to allow someone to go to another page, provide navigation links, or put the login form processing/form on any page that needs it.
  14. is this line in getBookedSeats.php or map2.php? at the point where you posted it, the subject was "things being output by getBookedSeats.php"?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.