Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,391
  • Joined

  • Days Won

    174

Everything posted by mac_gyver

  1. one of the great points of using exceptions for errors is that your main code will only 'see' error free execution. no discrete error checking logic will ever get executed upon an error and should be removed, simplifying the code. php's error_reporting should always be set to E_ALL. temporarily set display_errors to ON so that php will display all the reported errors, which will now include any uncaught database exceptions.
  2. the default setting now in php8+ is to use exceptions for errors for both the mysqli and PDO extensions. assuming you haven't turned this off or caught the mysqli exception yourself, but aren't handling it correctly, a database connection or query error wouldn't allow the code to finish. it would halt at the point of the database error. so, it's more likely that a query just isn't matching any data or is being skipped over. is your code testing if there is not any data from a query and outputting a message stating so? beyond this, there are just too many possible reasons your code might appear to being displaying nothing from a query. you would need to post all the code necessary to reproduce the problem, less the database connection credentials.
  3. here's a note about AddPage(), which does the same as the <pagebreak> tag - apparently WriteHtml() adds the first page at the beginning of a new document, so the specific <pagebreak> adds a second one.
  4. as far as i can tell, mpdf doesn't support writing-mode or text-orientation - https://mpdf.github.io/css-stylesheets/supported-css.html the only reason you have a case where the letters are vertical is because there's only horizontal space in the layout for a single letter at that point. i recommend that you just add a <br> tag between each letter using code.
  5. what data type are startTime and endTime? just date or datetime? when someone books a single night, what are the startTime and endTime values, for example if startTime is 2024-06-27 (today where i am at), what is the endTime value? based on the answer to these questions, the most likely cause is this - while ($start_date <= $end_date) {. when start_date has a day added to it and is equal to end date, you could be counting a row of data twice. some points about the code - don't run queries inside of loops. just use a single query to get all the data that you want at once. to produce output broken into sections by some value (product id), just index/pivot the data when you fetch it using that value as the main array index. you can then simply use two nested foreach loops to loop over the data to produce the output. if you use an array for the $month1, $month2, ... variables and use an array for the $month1_total, $month2_total, ... variables, with the array index being the month number, all the switch/case logic will go away. you can simply use the $month variable to directly reference the correct entry in these arrays. i'm not sure what the '$month3_endTime' and '$month1_startTime' values are doing in the query. they are not the cause of the current problem, but they could exclude data, producing lower quantities then expected.
  6. https://www.php.net/manual/en/function.array-merge.php
  7. sadly, a significant portion of the programming information found on the web is poor quality, in that it lacks security, for every context, provides a poor User eXperience, is filled with unnecessary code that doesn't contribute to a goal, some of which actually helps hackers/bots, and because it lacks error handling and validation logic, my work under prefect conditions, but won't work and won't tell you why when anything goes wrong. you can examine the code examples on the web to get the gist of how you can do things, but you must insure that the code you produce works in an expected way for all possible conditions. so, well written code is secure, in every context, provides a good User eXperience, making it clear what the user can do at each step, and if they do something that didn't work, that's under their control, what they can do to correct the problem, uses simple code that's not filled with unnecessary typing and logic, and has error handling and validation logic, so that it will log problems for you (the site owner/developer) and display relevant messages for the visitor when something doesn't work. you have three threads on this forum from the end of last year related to a contact form. did any of that lead to working code? in one of my replies, i posted a list of practices, one of which was a suggested layout of code for a single page solution. did you make use of any of that information?
  8. you haven't stated what the code does or does not do. the user interface (UI)/user experience (UX), after clicking on the Scan ID card button, shouldn't require the user to be navigating back and forth between pages. the user should be able to continue to scan id cards, with any result message being displayed on the current user interface. to do this, you would use ajax to submit the data, then display any response. you should also be using a post method request to submit the scanned student_id. whatever this function is doing, it is probably incorrect. you should only trim input data, mainly so that you can detect if it was all white-space characters, then validate the trimmed value. since this code requires a student_id input, at a minimum, you would validate that the trimmed value is not an empty string, before using it. the attendance table student_id and date columns should be defined as a composite unique index. you would then simply just attempt to insert the data. if the combination of student_id and date doesn't exist, the row will be inserted. you would setup and display a message stating that the data was inserted. if a row of matching data already exists, the query will throw an exception (you should be using exceptions for database statement errors, this is the default setting now in php8+.) in the exception catch code, you would test if the error number is for a duplicate index error. if it is, setup and display a message letting the user know that the data has already been inserted. if the error number is for anything else, which would include things like mistakes in the sql query statement, just rethrow the exception and let php handle it. i do see a possible problem, which would be producing a database error in the current code. you are not fetching the data from the SELECT query, so the INSERT query should be failing with an error (i don't know if the store_result() call prevents this), but since you will change your code to just use the INSERT query as described in the above paragraph, this potential problem will go away. your user login should store the user_id in the session variable, then query on each page request to get any other user data, such as the username, user permission. this insures that any changes made to the user data will take effect on the very next page request, without requiring the user to log out and back in again. the file upload handling in generate_id_card.php is not testing if there is any $_POST/$_FILES data before trying to use the form data. if the total size of the form data exceeds the post_max_size setting, both $_POST and $_FILES will be empty. after you test that a post method form has been submitted, you must test that there is data in $_POST/$_FILES before using it. also in generate_id_card.php (which is actually a student registration operation), you should be selecting from existing classes. you would submit the class_id, not the class name. you should have first name and last name columns, so that you can distinguish between names like Martin Ross and Ross Martin. if you store the uploaded file using the generated student_id/insert_id, as part of the filename, you will avoid the need to check for duplicate filenames, because student_id are unique. any time your code knows the student_id, you can directly find the uploaded photo using that id.
  9. also, don't use the actual filename in the download link, as this will allow directory traversal, with the current download.php code, to be used to download any file off of the server, such as your database connection credentials. instead, use an id in the link, then in the download.php code, query to find the actual filename, if any, based on the id. it's an error if the submitted id doesn't match a row of data or if there's no defined file for that id.
  10. for your last two errors, here are some possibilities - you copy/pasted the code from the web where it was 'published' and it doesn't contain only ascii characters. see if deleting and retyping the line(s) of code corrects the problem. because these frameworks have their own error reporting, you may only be seeing a snippet of the actual error information. assuming your code is something like - $this->setOutputCallback(...), what does using var_dump($this); show?
  11. this checks the datatype of the variable, not what's in the variable. get, post, cookies are by definition strings, regardless of what value they hold. change this to is_numeric().
  12. how about clicking on the testdate.php row?
  13. the main point of server-side scripting languages, such as php, is that they dynamically produced web pages, that can have content that changes on each page request, such as displaying the current date/time. if you have web hosting that provides server-side scripting, the web server should already be configured to cause .php pages to not be cached in the browser/client (this is accomplished by outputting headers in each response that tells the browser/client to not cache the page - you can look at the response headers in the browser's developer tools, network tab, to see what is being sent), or not on the server when the content on a page changes. the varnish cache should (already) be configured to detect when the content of a requested page changes (this is accomplished by hashing the web page being served and looking for a change in the hash value) and serve the new content, not stale previously cached content. if the varnish cache is only configured to update the cache based on a timeout, it is configured incorrectly for use with server-side scripting languages.
  14. this is the problem. a zero is a false value and the code is performing the header redirect. as to why it 'worked' before, something was probably preventing the header() from working (output being sent, which would have been producing a php error, should you have been able to display/log it) but since there's no exit/die statement after the redirect, the rest of the code on the page still ran in this case, so, you got the expected output for a zero value. something probably changed in the server configuration, such as php's output_buffing setting getting turned on, which would now buffer whatever the output is, allowing the header() to work. i wonder if your login access check code has exit/die statements after redirects to stop the rest of the code on the page from being executed? you should also not put any external data directly into sql queries, where any sql special characters can break the sql query syntax, which is how sql injection is accomplished.
  15. what does the session variable 'Survalance', have to do with this code? it's not present in any of the posted code. i didn't specifically list it above, but the code for any page should be laid out in this general order - initialization post method form processing get method business logic - get/produce data needed to display the page html document the initialization section should contain the session_start() statement, before any use of session variables, it should require the things that the page needs, such as the SecureFunctionsBankPDO.php file, and it should do things like get user data/permissions, perform whole-page access tests, ... when php executes the shut-down code at the end of processing a request or you specifically call session_write_close(), it (should) write the session data to the file, which updates the modified time of the session data file. if you are asking this because it seems like session data is being deleted now in cases where it previously wasn't (where you have a single user on a site), i seem to recall that it was stated in the documentation (currently nowhere to be found), and through observation of operation, that the session_start() that triggers garbage collection would not delete its own session data. i tested this not too long ago (within the past year), and the session data for the session_start() that triggers garbage collection is now being deleted. so, either i was mistaken about this operation, it has been changed (probably when the massive amount of register globals code was removed from the session handling), or the version i was using when i tested this wasn't updating the session data file if no changes were made to the session data.
  16. i have looked at your code further and it has a logic 'hole' that is probably related to the error and incorrect operation. in SecureFunctionsBankPDO, you have the following lines (these 'operational' lines of code should be in statement.php and be after the session_start() statement) - $View = 'Show'; if (isset($_SESSION['CounterValue'])) $View = $_SESSION['CounterValue']; this is being included_once (you should use require for things your code must have) before the session_start() statement. therefore, that session variable cannot be set at that point and the conditional logic is always false. this leave $View set to 'Show'. however, $View is not directly used in the posted code. that session variable is being used. so, unless the Session_Init() function is setting that session variable, there's no code setting that session variable and the GetAllData() function cannot, well, function. if the Session_Init() function is responsible for setting that session variable, it is likely where the problem is at. you would need to post the code for Session_Init(). you could also have a problem with your code failing the session PK tests and redirecting to index.php, then perhaps redirecting back to the statement.php page? i have a list of points for the posted code, many of which will simplify it - the error related settings should be in the php.ini on your system, so that they can be set or changed at a single point. if you do put them into your code, put them in only once per page. use require for things your code must have. require/include/include_once are not functions. leave out the () around the path/filename. don't copy variables to other variables for nothing. just use the original variable(s) that data is in. the doctype is out of date. you need to validate the resulting web pages at validator.w3.org don't use a post method form for navigation. if a query doesn't match any data, output a message stating so, instead of an empty section on the page. functions should use call-time parameters for all input data, e.g. the $View input should be a call-time parameter to the GetAllData() function. when you have a list of possible values, instead of writing out conditional logic to test for each value, put the values into an array and test using in_array(). you should use prepared queries, even in the case of using internally generated values with a query. all the operational code should be in the main file, e.g. the code setting $View (which isn't actually used) from the session variable should be in the main file, not in the function definition file. don't run queries inside of loops. e.g. the reason name. get this value in the main query by using a JOIN query, with the bank_reason table. you should list out the columns you are SELECTing in a query. this is even more important when using JOIN queries.
  17. the most likely reason that GetAllData() returns a null is because $_SESSION['CounterValue'] isn't one of the expected values and none of the conditional code in the function is being executed. since there's no corresponding undefined index error massage, the session variable is set, but is probably an empty string. what does using var_dump($_SESSION['CounterValue']); show? note: session variables are inputs to the code for a page. you need to validate them before using them. if they are not valid, you either need to use a default value and continue or prevent running any code that's dependent on their value. if they are due to a user action, you need to setup and display a message for the user letting them know what to do to correct the problem. if they are set internally, you have a programming mistake somewhere that needs to be found and fixed. edit: the global keyword only has meaning inside a function. the global $View; line in your main code does nothing and should be removed.
  18. while zero is a valid number, it should have never been used as a data identifier. any chance you can go through and change to use the next higher unused id? this could be anything from redirects without exit/die statements through to the database (strict) mode. this could even be due to obsolete html markup interacting with the latest version of a browser. if you cannot determine the cause of the problem, you will need to post all the code, less the database credentials, needed to reproduce the problem. you state this reverts to the home page. what exactly does that mean, ap/index.php? you could be seeing the result of the last of multiple page requests/redirects, i.e. it could have displayed the expected output, but then redirected to the 'home page'.
  19. and if you validate the resulting web page, you will find all the broken and obsolete markup -
  20. you can put a complete html table inside a single form and you can put a complete form inside a single table cell (th or td), but you cannot spread forms out, inside of multiple cells, in a single html table. also, all the html you are outputting inside the html table, that is not inside of a table cell is being rendered above the table. i recommend that you validate the resulting html markup at validator.w3.org either all the markup in your first example didn't get posted or it is broken and only seems to produce the correct result because there's a single form and a single table row (tr.) your second example, in addition to what @dodgeitorelse3 has posted, has no opening or closing <tr> </tr> tags, and the select tag and form tag will need to be closed in each pass through the details loop.
  21. if $_SERVER['DOCUMENT_ROOT'] doesn't contain the correct value to the (public) document root folder and you cannot correct the server configuration so that it does, you can simply set it to the value you want (it's just a variable) in a common configuration .php file that you require (you should use require for things you code must have) at the start of your code.
  22. this is a common assignment, the U (Update) part of - Create, Read, Update, Delete (CRUD) data operations. what did you find when you searched on the web? wouldn't you create an edit link with the id (autoincrement primary index) as a get parameter on the end of the url? the code for your 'edit' form would use the id to query to get the single row of matching data to populate form fields with. then, when that form is submitted, you would detect if a post method form was submitted, trim the submitted data, validate the data, then use the data in an UPDATE query. some suggestions for the posted code - the code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document. the existing SELECT query and php code to fetch that data should go in item #3 in the suggest code layout. this will make it easier to test, debug, and maintain your code. use 'require' for things your code must have. if you have more than 2-3 data fields, don't write out line after line of markup/code for every field. this is just an error prone waste of typing. instead, dynamically produce the repeated output, by using a data structure (array, database table) to hold the definition of the fields, then loop over this defining data structure to produce the markup, display the data, validate the input data, and build the UPDATE query. doing this will also let you leave out fields that are not being Updated in the query, such as the password field when a new one hasn't been entered. any field that must be unique, such as the email, must be defined as a unique index in the database table. you must then have exception error handling for any insert/update query to detect if a duplicate index error (number) has occurred for that field(s). if it has, setup a message for the user letting them know that a duplicate value was summitted, let them enter a different value, then submit the form again. the stored password should be hashed. see php's password_hash() and password_verify() functions. therefore, you cannot display the actual password in this code or in the edit form code. you can only, optionally, accept a new password from the edit form. almost every SELECT query that can march more than one row of data should have an ORDER BY ... term so that the rows in the result set are in a specified order. if a select query doesn't match any data, you should output a message stating so, instead of leaving a blank section in the output. don't copy variables to other variables for nothing. just use the original variable(s) that data is in. btw - you have repeated the $euro variable assignment. any dynamic value you output in a html context should have htmlentities() applied to them to help prevent cross site scripting. if you use the short php echo tag - <?= it saves typing in the html document, e.g. <?=$account_type?>
  23. an OOP new mysqli() call always returns an object, regardless of if the connection worked or failed. @charlie321, you must always have error handling for database statements that can fail - connection, query, exec, prepare, and execute. adding the mysqli_report() statement i showed should (unknown if this works for such an old php version) enable exceptions for mysqli errors. if that doesn't work for your php version, you will need to add logic to test the value returned by mysqli_connect_error() (even the OOP mysqli::$connect_error property didn't initially work.) you also need to have post method form detecting and error handling for the file upload. if the size of the form data is greater than the post_max_size setting, both the $_POST and $_FILES arrays will be empty. once your has detected that there is $_FILES data, you must test the ['error'] element of the uploaded file information to make sure that the file was successfully uploaded before using the uploaded file data. because you are directly reading the temporary file data, you need to use is_uploaded_file() first, before opening and reading the file.
  24. those errors are because the database connection is failing or you have some code that's closing the connection, and you are on a php version so old that's there's no default error handling for database statements that can fail. i also doubt that's the code where these error are coming from, because only the procedural mysqli_query() calls produce warnings. The OOP $connect->query() calls would result in fatal runtime errors (or perhaps the php version is so old that this hasn't been implemented yet.) to get error handling for all the mysqli database statements that can fail - connection, query, exec, prepare, and execute, add the following line of code before the point where you make the database connection (wonder if this has the desired effect on such an old version of php) - mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); also, after you make the database connection, you need to set the character set to match your database tables. add this code after the point where you make the database connection - $connect->set_charset('utf8mb4'); // repleace as needed if this is not the character set you are using
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.