Jump to content

mac_gyver

Staff Alumni
  • Content Count

    4,239
  • Joined

  • Last visited

  • Days Won

    107

Everything posted by mac_gyver

  1. mac_gyver

    Database of Show Times

    there are some special cases for the logic that need to be addressed. special shows can cause a regular show to end up with zero length, i.e. its start and end times are the same. these would either need to be filtered out or displayed with a notation that they are superseded by special show(s). if a regular show is exactly the same as or contained within the span of a special show, it should have its end time set to its start time. this will result in a zero length regular show and it would be filtered out or displayed as mentioned above.
  2. mac_gyver

    Database of Show Times

    the logic i would try would be - retrieve the regular show times into one array. retrieve the special show times into a second array. if the special show times array is empty, do nothing. loop over the regular show times array. for each regular show entry, loop over the array of special show times. if a special show time start is between the regular show time start and end, change the end to be the special show time start. if a special show time end is between the regular show time start and end, change the start to be the special show time end. this will take two nested foreach(){} loops with two conditional statements inside the inner most loop. merge the resultant regular and the special show time arrays and sort by the start time.
  3. mac_gyver

    TRIM quotation marks

    no. sql can be injected that contains no quotes, for which your proposed method won't protect against. do what was stated and use prepared queries, with place-holders for the data values in the sql query statement, then provide the data values when the query gets executed. this will also greatly simplify your sql query statement, because the php variables, single quotes around the values. and the concatenation dots will be removed.
  4. mac_gyver

    PHP mysql display row of data one single page

    the mysqli stmt fetch method doesn't return the row of data. it fetches the data into the bound result variables. you can find examples in the php.net documentation. if you had php's error_reporting set to E_ALL and display_errors set to ON, you would be getting an undefined index error at the $row['hotelname'] reference. the php mysqli extension is overly complicated. it's biggest problem is that everything to do with prepared queries requires more statements and is a different programming interface then for non-prepared queries. i/we recommend that you use the much simpler and more consistent php PDO extension. it requires less statements and it has the same programming interface for prepared and non-prepared queries. an added benefit of the PDO extension is that once you learn the php statements, you can use those same php statements with any of the supported database types. you would only have to make any necessary sql syntax changes, not learn a whole new php extension for each different database type. even some of the things that were added to the mysqli extension to make it more usable are dependent on the mysqlnd driver being used, which you cannot guarantee unless you manage your own servers, and so results in non-portable code.
  5. mac_gyver

    optimizing script with heavy select/update

    from a 'data keeping' standpoint, what you state you are doing doesn't make sense to me (and perhaps others?) each order that gets placed is a separate occurrence. it should result in a row being inserted into an 'orders' table, with the unique information about the order, each item that is part of that order should cause a row to be inserted into an 'order_items' table, related back to the order it corresponds to through an order_id, from an auto-increment column in the 'orders' table, and if i recall correctly, you are inserting a row for each count of an item, to allow tracking of each individual piece that's part of an order. no data should be UPDATEd unless you are correcting information, such as someone calling in after placing an order, but before it has been acted upon, and needs to change a quantity, or add or delete an item. the above is the input data that you have available, for each order. you should not be trying to insert/update records based on this and dates. all reporting, tracking, ... should be based on the original input data. so, the question i have is what exact reporting are you trying to accomplish?
  6. mac_gyver

    Most common value from associative array

    your current scheme would require that you retrieve ALL the data for any consumer, decode the json data, sum the quantities for each product, then find the highest sums. storing multiple values in a single database table column is a bad design, regardless of the format being used, making it difficult to perform any operation on the data. you need to normalize the data and store it as one row per data item, using the order id to relate the rows back to the order they correspond to. you would then be able to craft a simple sql query that gets the result you want.
  7. mac_gyver

    query output to php variables

    there is no mysqli result ->fetch() method. you would be seeing a php runtime error to alert you to the problem if you set php's error_reporting to E_ALL and display_errors to ON.
  8. the error handling for the connection is non-functional and should just be removed. mysqli_errno() and mysqli_error(), even if coded correctly, cannot be used to report connection errors.
  9. mac_gyver

    multisort; flags (defines) v/s variables

    the php defined constants are integer values. if you put the actual value into a variable, this will work. you have a string now, the name of the defined constant, not its value. Use - $field_one_order = SORT_ASC; You probably have this now - $field_one_order = 'SORT_ASC';
  10. the way to convert code to use a new database extension, is to learn enough about the new extension to be able to make a connection, execute a query, and fetch data from a query. note: php automatically closes database connections when the script ends, so you don't need to and can remove, rather than convert, any code that's closing a connection. next, forget about the mysqli extension. it is inconsistent and more complicated then needed. instead, learn and use the much simpler and more consistent PDO extension. the PDO extension has an added advantage in that once you learn the php statements to perform the database operations, you can use those same php statements with other database types, rather than to learn a new set of statements for each different database type. you sill have to make any sql changes for each different database type, but the php code remains the same. also, your error handling should NOT unconditionally output the raw error information when on a live/public site. this gives hackers information they can use when they intentionally cause connection/query errors. you also don't have any error handling for the queries. if you use exceptions to handle database connection/query errors, and let php catch the exception, it will use its error_reporting, display_errors, and log_errors settings to control what happens with the actual error information. this will let display errors when developing and debugging code and log errors on a live/public site. this will also let you eliminate any existing error handling logic (you won't have to convert it) and it will give you error handling for the statements that doesn't have it now. lastly, if any rows of data have been deleted from the table, your current method of getting a random row (which should use SELECT COUNT(*), rather than querying for all the rows), will exclude data with higher id's. you should instead query for the minimum and maximum id, get a random number between those two values, then because there can be holes in the id's, use WHERE id >= $rannum LIMIT 1 in the second query.
  11. mac_gyver

    Why isn't this function updating table?

    the two test cases are identical (i copied and compared them.) i suspect the second one only had a single term in the WHERE clause? the reason for this is due to using bindParam() inside of a loop, which is binding the single variable, $v, both times, and then evaluates that variable at the ->execute() statement. This resulted in the last value in $v after the end of the loop, "1", being used for both the word and id columns, which resulted in a false WHERE clause. bindParam() should only be used when you are going to execute the query multiple times, which you are not doing AND you need to specify the data type, which is rare. you should instead forget about binding input data and just build an array of all the input parameters and supply it to the ->execute() call (note: this can be used when executing the query multiple times.) next, if you build arrays of the set terms and the where terms and implode() them, which will work correctly for one or more terms, a lot of this code will disappear. you won't have to have logic to detect the last term.
  12. mac_gyver

    Finding a variable in an array

    a) you should be using a database for this, it will be much easier to handle new data and get the results you want, and b) even if not using a database, your data should be normalized and have an audit trail, where each different type of data is stored in its own array/table and each transaction/round that affects a value is a separate entry in the array/table, not just a number that gets updated. you would have a hero array/table that defines the hero names and assigns them unique ids. the points should be a separate array/table with a hero id, a round number, and point value. to get the total points for any/all heroes, you would sum up the point values for each hero id. if you want the results sorted by the total points, you apply the array sort function to the result array holding the sums. all pretty much the same way that a database engine would do this based on an sql query.
  13. mac_gyver

    Sessions being lost very intermittently

    is your web hosting shared (several accounts on the same server) and using the default /tmp location for the session data files?
  14. mac_gyver

    Acting on variables from a MySQL Query

    the blank page is due to php syntax errors. to get php to help you find these type of errors, you must have php's error_reporting set to E_ALL and display_errors set to ON, in the php.ini on your development system. you cannot put these settings into your code and have them report/display php syntax errors in the same file because your code never runs to cause the settings to take effect. next, when all you are doing is mapping input values to output values, don't write out conditional logic for each possible value. just map the inputs to outputs using either a database table (and write a JOIN query) or a php array (and get the name/label using the element_id to index into the array.) doing this will eliminate all the conditional logic, which will also eliminate the current syntax errors (you have unnecessary quotes around the "$row["..."]" variables and have double-quotes around the associative index names.) also, there no good reason to create individual variables from this data. either build the email message inside the while(){} loop or if you do have a need to create variables, build an array of data, with the array associative index name being the element name/label.
  15. mac_gyver

    My app is constantly being hacked. Please help!

    what user based security do you have in the application to control who the form processing code is accessible to? Edit: also, it appears that your sql queries have NO protection against sql injection, so it's possible that some of the junk you are seeing is the after math of attempts to inject sql, which can be used to dump all the contents of any of your database tables out to the whoever submitted the data.
  16. mac_gyver

    Array in for or foreach from database

    i recommend a programming practice called separation of concerns. the database specific code, that knows how to execute the query and fetch the data, is one concern, and the presentation code, that knows how to produce the output from the data, is a separate concern. the way to separate these is to just fetch the data into an appropriately named php variable, then use that variable as the input to the presentation code. doing this will make it easier to design, write, and test code, because you can display the output from the first step to make sure it is correct, before going on to the next step. see the the following pseudo code - // database specific code $sql = the_sql_query_statement; $result = mysqli_query($GaryDB, $sql); $table_result = []; while($row = mysqli_fetch_array($result)) { $table_result[] = $row; } // examine the data print_r($table_result); // presentation code foreach($table_result as $row) { // use elements in $row to produce the output }
  17. mac_gyver

    php sql syntax error

    the WHERE clause in the sql statement is probably FALSE, because you are still checking if the number 104 is equal to some value. before you go any farther on your programming journey, don't use numbed or letter-numbed database columns or variables. you won't get very far, because people you are expecting to look at your code/queries won't waste their time trying to figure out what your code and queries are doing. your code should be self-documenting. anyone reading a section of your code should be able to figure out what it is doing. database columns and variables should be named as to the meaning of the data in them. your code is testing if the query execute without any errors. that doesn't mean that the query affected any row(s). if you want to specifically know if an row was updated, check the number of affected rows. if you are using the php mysqli extension, see the ->affected_rows property. you should also be hashing passwords (see php's password_hash() and password_verify() functions) and you should not put data directly into sql query statements. use prepared queries when supplying data to an sql query statement.
  18. mac_gyver

    move_uploaded_file not working

    if you set php's error_reporting to E_ALL and display_errors to ON (preferably in the php.ini on your development system), php would help you find the exact reason that the move_uploaded_file() statement is failing.
  19. mac_gyver

    Call to a member function query() on null

    you are trying to convert procedural mysqli to OO mysqli, which will take a bunch of time. when you get around to using prepared queries, you will have to convert the code again, because the programming interface for non-prepared mysqli queries and prepared mysqli queries is completely different. save yourself the time and just convert the code once, to use PDO. the programming interface for non-prepared and prepared PDO queries is the same. i recommend that you review your thread where you asked if you should switch to PDO.
  20. mac_gyver

    Call to a member function query() on null

    adding a database 'wrapper' class around another class (the mysqli class) is a waste of time (unless you are doing this as part of a typing class ) next, forget about the mysqli extension. you should be spending your time learning and using the much simpler and more consistent PDO extension, especially since you should be using prepared queries when supplying data values to the sql query statements, and the mysqli extension is overly complicated when doing prepared queries.
  21. mac_gyver

    Displaying records in weekly format

    because your data is not normalized and stored one data item per row, it is not possible to (easily) do this in the sql query. you will need to pre-process the retrieved data and pivot/index it first by the week number, then the no_one/no_two/no_three column name, then the day of the week number. you would then be able to loop over the pre-processed data and output it the way you want. if your data was normalized, it would be possible to do this in the query by ordering the data by - week_number (using week()), position_number (a column holding the 1,2,or 3 value), day_number (using either dayofweek() or weekday()).
  22. mac_gyver

    keeping users logged in.

    if by this, you mean the database table column type and default value or the NOW() function in a query, the database server has a timezone setting too. you would need to set it to the value you want, immediately after making the database connection.
  23. mac_gyver

    keeping users logged in.

    php picked an arbitrary and short default session garbage collection maxlifetime value of 1440 seconds (24 minutes.) you will want to set this to a more reasonable value to match how your site gets used. this must be set before every session_start() statement, so you will want to set it 'globally', either in your master/local php.ini, in a .htaccess file (when php is running as a server module), or in a common 'required' configure file that all your scripts use. per the note in the session.gc_maxlifetime documentation, the shortest session.gc_maxlifetime value of all the scripts being executed will be used, so if you are using shared web hosting and are using the default/common /tmp location for the session.save_path setting, you will want to set the session.save_path setting to be to a folder within your own account's directory tree, so that only your scripts will affect (and have access to) your session data files. if you are using a session based login and someone leaves and returns to your site, your code should display the correct current state. if it doesn't, you either have a caching problem (dynamic .php pages have been cached somewhere - server, browser) or a logic problem in your code (your code isn't testing/displaying the logged in state correctly.)
  24. mac_gyver

    Any problems with this code?

    some points for your code - 1) i recommend that you use an array ($errors for example) to hold validation errors. you can test at any point in your logic if there are errors or not by testing if the array is not empty() or is empty(). this will allow all non-dependent validation tests to be preformed at once. after you check for upload errors (see the next two points) and validate all input data, you would use the submitted form data if the $errors array is empty(). you would display validation errors by displaying the the contents of the $errors array at the appropriate point in the html document. 2) if the total size of the submitted form data is greater than the post_max_size setting, both the $_POST and $_FILES arrays will be empty. you need to detect this condition first, before running the rest of the form processing code. 3) you need to test if the upload(s) worked, without any upload errors, before referencing any of the uploaded file information. 4) this test - } else if (!$allowed) { (in two places) makes no sense. $allowed is an array of the extensions from the 1st uploaded file code. for your existing logic, this should just be an } else { statement. however, there's no point in testing the file extension if the upload didn't work at all. testing any specific uploaded data values must come after you determined that the upload worked without error. 5) is_uploaded_file() operates on the source uploaded file, i.e. the ['tmp_name'] element, not the ['name'] element. 6) you have a bunch of lines of code copying variables to other variables, repeated for each possible uploaded file, and you also copied the first uploaded file information to another variable $file, but are not using that to simplify the code. if you are going to perform the same operation multiple times, at a minimum, you should copy the data to a short variable name, then use that variable name in the rest of the code. edit: it's not clear if the form and form processing code are on the same page. if they are, the form processing code needs to be above the start of the html document. this will allow you to perform the header() redirect if the form processing code was successful, to display the errors when you re-display the form, and to re-populate the $_POST form fields with the submitted values so that the user doesn't need to keep re-entering data when there are errors.
  25. mac_gyver

    3 logical operators not working.

    the $id_product variable probably doesn't contain what you think (white-space, null, a completely different value..) what does adding var_dump($id_product); die; immediately before the if(...) statement show? also, what exact symptom or error are you getting that leads you to believe this isn't working? there could be a problem somewhere else that's causing you to incorrectly conclude this statement is the source of a problem.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.