Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,341
  • Joined

  • Days Won

    173

Everything posted by mac_gyver

  1. @Strider64, if you meant the pm from me, you were told not to put links to your site in replies, especially since the OP is already using the jquery timezone plugin and has a specific question about getting the time zone value to use in the php date_default_timezone_set() statement.
  2. you are putting a space on the end of the DB_USERNAME defined constant. if your code (for debugging/learning) was making use the php warning from that statement or the mysqli_connect_error() message you would probably be able to see it in the error message - Access denied for user 'root '@'localhost' (using password: YES) ^ in programming, every character matters and in this case an extra character that's not present in the actual value causes the connection to fail. this is no different than if your code had define("DB_USERNAME", "roota");. that's not what the username is.
  3. the short answer is you don't hide some of the rows that a query returns, you get the query to only return the rows you want. you would take the submitted make value from your select/option drop-down form, and if has a value that isn't isn't the 'make-any' value, use it in a WHERE make = ? clause in your first query, using a prepared query to help prevent sql injection or to prevent any special sql characters in the value from breaking the query.
  4. the code you found that's setting the session parameters is setting the session.cookie_secure setting to a true/1 value. this means that the session id cookie will ONLY be sent to the server when making a https request over an encrypted connection.
  5. there's no need for your days_week table. just use the existing relationship between the day numbers and day names that either mysql or php defines (there's four different choices, pick one, which you are likely already using in your calendar, and use it throughout your code.) next, you should store the day number, not the day name, in your available table. it will take less storage and if you are searching or manipulating the data using the day number, it will result in a faster query than operating on the day name string. your available table has a unique id. you would use that in your update form to identify which row the submitted data belongs with, typically as an array field name index value. since you haven't shown your update form, cannot specifically help you beyond telling you what you should be doing.
  6. create a new test .php file on your server with the following code in it and let us know what output it produced when you run it - <?php var_dump(ini_get('display_startup_errors')); var_dump(ini_get('display_errors')); var_dump(error_reporting()); echo '<br>'; ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); var_dump(ini_get('display_startup_errors')); var_dump(ini_get('display_errors')); var_dump(error_reporting());
  7. data you store should have a unique id, typically an auto-increment column, that you can reference it by. your update form would then submit the unique id/value for each row that was displayed for updating. your update logic would then loop over the data, getting the unique id and the value for each submitted row of data to use in the update query. you would also still need to enforce ownership in the query, by making sure that only rows that the currently logged in user 'owns' can be updated.
  8. you should store the category names in a database table along with an auto-increment id column, that becomes the category_id. you then need to add a category_id column to your videos table and store the correct category_id in it. once you have the category_id column in your videos database table, you would simply GROUP BY category - select count(1) as count FROM videos GROUP BY category_id to get the correct category name, you would write a JOIN query between the videos table and the category table using the category_id column in the two tables.
  9. one apparent reason for your program/query LOGIC to produce incorrect results is because your sql query that matches the row in the users table contains a logic error - select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2' this query will match rows where the user UserId is correct and Approved='1', but it will also match any row with Approved='-1' and it will also match any row with Approved='-2'. the correct query logic to match the Userid and any one of the three Approved values would be - select epasswd from Users where UserId='$UserId' and (Approved='1' or Approved='-1' or Approved='-2') or, more simply - select epasswd from Users where UserId='$UserId' and Approved IN('1','-1','-2') also, if your columns are numerical data types, don't put single-quotes around the values in the query.
  10. what have you tried? posting an image of your code is pointless on a programming help forum. we cannot read it and no one could copy/past any of it to point out things that are in error.
  11. what do you get when you do a 'view source' of the empty page in your browser?
  12. writing (building) a complete application requires that you have already mastered (learned and practiced) using the tools needed to build the application. unless you know how to produce a form for the browser and produce the .php code to take the submitted form data and insert it into a database table, you won't be able to do these things for your data. next, using ajax to submit a form, is an 'extra' feature, and in general, can be added to an existing working form by adding an event that calls a function that submits the data using an asynchronous http request and prevents the browser from submitting the form. the .php code that process the form data will be the same, regardless of using ajax or not. if you don't know how ajax works, you need to first learn and practice writing code that uses ajax to submit post data to a .php page. then, adding that functionality to a comment form will be the easy part.
  13. that you are not getting any application errors from the code to pin down where the problem is at, probably means that the code wasn't written with any application error checking logic in it. so, debugging what the code is doing to find where in it the problem is at will require that you have the ability to read and understand what the code is doing and to add debugging statements to display values and determine code execution paths to locate where in the code the problem is occurring at. if you don't have the skills and experience to do this, you are going to need to hire someone, because, unless you can narrow down the problem to just a small section of code or a database query that can be posted in the forum, we cannot help you. please don't expect to be able to post, attach, or link to your complete application code and get someone in a forum to debug the entire application for you for free. that's not what programming help is, that's asking someone else to do your work for you.
  14. i didn't look at the specific data, but the following should work - array_push($arrayFPTitle, (string)$temp->title); // cast the element as a string
  15. the receiving mail server @gmail.com probably blacklisted the sending mail server at your web host. the email is NOT being sent by or From: the email address that is being input in your form. the email is being sent from the mail server at your web host. the From: address in the email, at a minimum, needs to be a real mail box at your sending mail server. in addition to just helping to insure that an email will be processed, the From: email address is used as the return-path for bounce/error messages back from the receiving mail server when you haven't specifically supplied a Return-path email address in the mail headers. the email addressed entered in your form should be put into a Reply-to: mail header. what likely happens in these cases, is that enough people have entered xxxxx@gmail.com addresses in your form, which your code then used as the From: email address, and since gmail knows the sending mail server at your web host isn't a gmail mail server, all those emails saying they were From; xxxxx@gmail.com addresses eventually get your sending mail server blacklisted. another possibility, is that the receiving mail server received a 'flood' of emails from your sending mail server in a short time and blacklisted it. edit: another possibility, since you are NOT validating the user submitted data that you are currently putting into the mail header, which allows spammers to set any thing in the email message to anything they want, it that your script is being used to send huge volumes of spam, and has been blacklisted by numerous receiving isp's. in addition to fixing the mail headers, you will need to track down if your sending mail server is actually sending the email or if the receiving mail serve is discarding them them. after you can determine that your sending mail server is actually sending the emails, you can contact the 'postmaster' at @gmail.com to try and find out if/why they may be discarding emails you sending mail server has sent to their mail servers. an alternative that would allow you to send emails directly to your @gmail.com mail box, would be to use one of the php mailer classes and use smtp authentication against your mail box (you would use your email name and password in the script.) this would allow your php script to send the email directly to your mail box, without going through the mail server at your web host.
  16. the error is most likely in your main.php/sesstest() method - $count = $this->db->exec('SELECT * FROM sessions'); the pdo ->exec() method does NOT return results for a SELECT query and since a select query does not affect any rows, this usage will always return a zero, which is probably what you are basing the statement that the table is empty on. only insert, delete, update, and replace queries affect rows. you would need to get a row count using a method available for PostgreSQL (which i am not well versed with.) if you cannot get a count in the query statement, doing a pdo fetchall() of the result set and using php count() of the resultant array is the most universal method that would work with all database types. edit: if the PDOStatement::rowCount() method works for PostgreSQL, you would use the pdo query() method to run the query and get a count of the number of rows.
  17. you should probably post an example of the incorrect data the query is matching and an example of the data the query should match, along with the table definition. if your order by isn't returning the correct value, it's likely that your table definition is storing numbers as a character/text type.
  18. in the html <img ...> tag, you need to actually have php code that echos the variable - <img class="profile-photo" align="middle" src="uploads/<?php echo $actual_image_name; ?>" />
  19. there's no guarantee that any of those statements are still in the code. edit: it's also possible that the OP is on some web hosting that has disabled the error_reporting/ini_set statements.
  20. the 500 http error may be due to a php execution timeout or some other fatal php runtime error. set php's error_reporting to E_ALL and display_errors to ON to cause php to report and display the errors it detects when your code runs.
  21. ^^^ that's not the problem. that is a follow-on error. it is caused by a query that failed due to an error of some kind and your code didn't stop the rest of the code, the mysqli_fetch_assoc() statement, from trying to use the result from the failed query. to find out why the query failed, you can echo mysqli_error($link_id); after the line where you used the mysqli_query() statement.
  22. if that's the query statement that was formed, then you are not handling the $_GET variable correct, since it shows injected sql along with the numerical value. that particular sql injection attempt may have failed, but you can inject sql that doesn't contain any characters that are affected by an escape function, that isn't failing, isn't producing any errors, and does allow the hacker to dump the contents of your database tables. short-answer - that the sql statement you posted doesn't have any ' before the number, means that no amount of using an escape function will protect it, and that it shows injected sql with the id number, says you are not handling the value correctly. if you post your code showing how you are handling the $_GET variable before putting it into the sql statement, someone can help with it. an alternative would be to use prepared queries, where values are bound to place holders in the sql query statement, supplied when the query is executed, and cannot be used for sql injection.
  23. you didn't even bother to try and change your code to use the $points data that Barand's code extracts. this is a copy/paste fail on your part. i suggest that you look at the print_r() output from his code so that you know what format the name/point value is in, then remove all your existing code for the insert into points values ... query, and actually WRITE some new code that uses the $points array, keys/value pairs, to form and run the insert into points values ... query.
  24. that's too vague to help you. we can only answer specific questions.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.