Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,450
  • Joined

  • Days Won

    175

Everything posted by mac_gyver

  1. assuming that your class methods (functions) are closely related so that they belong in the one class, you would use dependency injection to get the instance of the database class into your class. class some_class { private $mysqli; // instance of the injected database class public function __construct($mysqli){ $this->mysqli = $mysqli; // store the instance of the injected database class } // method to run a prepared query that returns a result set public function prquery($query,$data){ $stmt = $this->mysqli->prepare($query); // use the instance of the database class ... return $result; // return result set or false } } $mysqli = new mysqli(''); // instance of the database class $a = new some_class($mysqli); // instance of your class, injecting the instance of the db class in the constructor // form and run a select query $query = 'SELECT areaCountry FROM events WHERE strId = ? AND dateTime < CURDATE() GROUP BY areaCountry ORDER BY areaCountry'; $result = $a->prquery($query,array($id));
  2. functions have their own local program scope (in most programming languages, javascript didn't follow this convention, making for messier code). all code and variables inside a function only exist inside of that function. this causes a function to behave as if it is an autonomous "black box". it doesn't directly use or modify anything outside of the function's scope. you input the data it needs at one end, the function uses any code and local variables it needs to preform its task, and the result comes out the other end (the function call is replaced by the data the function returns.) in your first example, the $mysqli variable inside your function isn't the $mysqli variable in your main code. you need to pass the $mysqli variable, along to any of the data you are putting into the query, as parameters to the function when you call it. $mysqli = new mysqli(''); function addressArea($mysqli, other parameters as needed){ $addressAreaStmt = $mysqli->prepare("SELECT addressArea FROM events WHERE strId = ? AND dateTime < CURDATE() AND areaCountry = '$areaCountry' GROUP BY addressArea ORDER BY addressArea"); } addressArea($mysqli, other parameters as needed); in your second example, the $query1 variable only exists inside the function. to use it outside the function you would need to return the value from the function (doesn't have to be an actual variable inside the function). the function call is replaced by the value it returned. you can either assign the returned value to a variable where it was called at or directly use the returned value. function areaCountry(){ return 'SELECT areaCountry FROM events WHERE strId = ? AND dateTime < CURDATE() GROUP BY areaCountry ORDER BY areaCountry'; } $stmt = $mysqli->prepare(areaCountry()); a general word about functions. they should be low-level building-blocks that do something useful. a function that executes any arbitrary SELECT query (where you pass the sql query statement into the function), uses a prepared statement, performs error checking, and returns the result set or a false value if no result set would be a building block that you can call any place you need to run a SELECT query (any query that returns a result set.) another function to do the same for an INSERT/UPDATE query (doesn't return a result set) would be useful. because using mysqli (or PDO) to access a database needs an instance of the database class, it is actually better to use a class (instead of functions) to do what you are trying, since the instance of the mysqli/pdo database class can be passed into a class once and used in any of the class methods without needing to be passed as a call time parameter to each method.
  3. the browser is urlencoding all non-alphanumeric characters except -_. (dash, underscore, dot). a space becomes a + in the url. the $_GET data is automatically urldecoded before it is passed to your script - you shouldn't need to do anything special to get the data to work as expected.
  4. i don't recall what that structure is called, but if someone knows the name of it, i would bet that someone has solved this before and a search would turn up a solution. i would retrieve ALL the data into an array, manipulate the data in the array (using a recursive function), then write all the data back into the database table using a multi value REPLACE query.
  5. you are supplying a database connection in the mysql_query() statement. you need to use that same connection in mysql_error() statement to insure you are getting any mysql error for the query you just ran. are you sure you have a row WHERE id = 161241 AND id_kalkulacija = 2 and what are the datatypes of those two columns?
  6. you can use array_intersect to find out if an array has ANY values found in another array. $match = array(1,2,3,4); // list of values to match $result = array_intersect($acc_s,$match); if(empty($result)){ echo 'no access'; } else { echo 'access allowed'; }
  7. your code doesn't produce that fatal error for me for an id that exists (after coping the code together from all the snippets the ONE class is posted as). when the id doesn't exist the query doesn't match any rows and your code returns a false value instead of an instance of the user class. you ALWAYS, not just for debugging but ALWAYS, need to have logic in your code to check if any step worked (produced the result you expect) before trying to use the result from that step. you also don't have php's error reporting set to E_ALL. there is warning about "Creating default object from empty value" at the ->password = ''; line. you are working on ONE class. when you have a problem with the code in that class, why not just post the whole class so that someone could see (or test) all the code needed in one place?
  8. that's not correct. it requires someone with enough understanding of the php language (and of the security implications) that they can identify where in the login code to add the logic to do the first step of what lemmin stated and where in the logged-in session check code to add the logic to do the second part of what lemmin stated. it would also require someone to add the checkbox to the form, to add a column to the database table to hold the unique token value, to modify the logout code so that it clears the unique token in the database table, along with creating or identifying those parts of the remember me logic.
  9. the page on your site that the download link goes to, must be a php script that checks if the current logged in visitor is allowed to download the file. if the visitor is allowed to download the file, the php script reads and outputs the actual file contents from a protected folder that visitors cannot directly access. the way that your php script knows if a visitor is allowed to download a file is because you have stored information on your site that indicates the payment was successful. the way you get that information is to use the IPN process. just being redirected back from paypal to your site's "success" page only means that the checkout process was successful, not that the payment will be successful and anyone can browse to your site's success page.
  10. are you trying to include the code from a file at a different one of your sites into your site that's the subject in this thread or are you trying to include code from a file that is on the same site?
  11. the name of your select menu - name='NexternalStocker' isn't the same as what you are using in the php code - $_POST['Nexternal_Stocker]
  12. now might be a good time to learn how to use databases. all the code you have just posted is hard coded with source/destination information, decisions, and amounts. using a database based design, all of that could become just a source selection and a destination selection. some ways that the code could be reduced by using a database based solution - 1) if you know what the source and destination are, you don't need to have a form to input the type of journey. the stored data for any location would tell you if when it is used as a source location what the pickup amount is (some amount for airports, zero for everything else.) 2) indexa.php really isn't needed at all. 3) the if/else logic in index2.php isn't needed. if $airportpickup is a zero, both of those calculations are identical and you will have the correct pickup value for any source location out of the database table storing the information about each location. 4) all (i'm sure you have those lines of code repeated for each possible $postcode) the prices.php code will disappear and become data in a source/destination cost database table.
  13. variable names and array index names are case sensitive. firstName is the not same as firstname
  14. use an array for each check box. the array name is purpose of the check box and the array index is something that IDentifies who the check box is for, such as a user id - name='admin[1]' name='suspended[1]' name='admin[2]' name='suspended[2]' name='admin[3]' name='suspended[3]' the "checked" boxes will be the index values in the arrays. loop though the submitted arrays or use array_keys to extract the index values.
  15. you would want to store random generated values in an array, use array_unique to remove duplicates and keep generating them until you have 50000 unique values or just generate a larger incrementing series, two to three times the needed number of values, shuffle the result and use the first 50000 of them. trying to insert the values into the database as they are generated, ignoring duplicates using a unique key and keeping a count of how many values have been inserted would take a very long time to run using a query inside of a loop. once you have the 50000 unique values in an array, insert them as many at a time as you can using a multivalue insert query.
  16. try this - SOUNDEX(column) = SOUNDEX('$user_value')
  17. change your database table column to an integer datatype. it's a character type now and that's how strings sort/order themselves.
  18. the actual query statement that is inserting your email value probably has a space in it before the variable name. i was going to mention the output buffering in your previous thread as it cause nothing but problems. the only time you should use output buffering is if you want to buffer output. by using it and outputting php error messages or the messages your code produces, then unconditionally redirecting, you won't see any of that output and in the case of one of the messages your code produces, you should not be redirecting in those cases anyway. you should not use ob_start and you should organize the logic on your page so that all the php code that decides what to do on the page (the business logic) comes first before you try to output any of the html on the page.
  19. i would store the ip, username, and datetime of each failed login attempt (one row for each attempt) so that you will know the timing (how old they are and how close together they are) of each attempt. you could eventually add logic to detect attempts too close together that are from a bot script and "hard" (without an automatic reset) lockout an ip/username combination. to "soft" (with an automatic reset) lockout an ip/username combination you would get a count x of the rows in the last y amount of time. this "soft" lockout method would allow new attempts from an ip address as the datetime of the stored attempts "age" and become older than the y amount of time. you would probably want to have a backup "hard" lockout for this method to detect when someone is making a large number of attempts that are slow enough to not trigger a "soft" lockout at all or if there have been a number of "soft" lockouts triggered. if you want to only "hard" lockout an ip/username combination, just get a total count of the rows (not looking at the datetime). if it's over x, consider the ip/username combination locked out. a "hard" lockout would require some administrative action to clear it, such as an actual administrator on the site to unlock the ip/username combination or perhaps send an email to the actual user when an ip/username lockout occurs that would both alert him that this is happening to his account and if it is the actual user that got locked out to provide him with a reset link in the email.
  20. your page is being requested two times. it's not going to index.php directly. the first time it is requested $_GET['mode'] is set and it runs the code you expect it to. the code then redirects to that same page with $_GET['success'] set. that causes it to skip the if() logic and goto the else part where you have a redirect to index.php.
  21. there's a whole section in the documentation with different methods of encrypting the information, using only the price stored in your paypal account for each item, or of confirming that the actual submitted purchase matches the selected items - https://www.x.com/developers/paypal/documentation-tools/paypal-payments-standard/integration-guide/encryptedwebpayments#id08A3I0MK05Z
  22. when recover.php redirects using - header('Location: recover.php?success'); it goes to that same page and the only get parameter that is set will be $_GET['success']. the first if() statement is false, it's testing $_GET['mode'], and the code goes to the else part. your code is doing exactly what it is written to do. what do you want to happen?
  23. 1) you should bind each input variable/value to its placeholder. this allows you to specify the correct data type for type checking. all data put into the pdo ->execute() statement is treated as a string. 2) you should not open and close a database connection inside of a loop (never do this) and you should not run a query inside of a loop. you also cannot use placeholders for table (and column) names. only literal data (numbers, strings) can use placeholders in a prepared query. running a prepared query (mysqli or pdo) in a loop takes almost the same amount of time as running a non-prepared query in a loop (the time to prepare most queries is small compared to the time to run the query.) so with a prepared query or not, it is usually best to make one query to operate on all the data at once. to make one delete query operate on all the id's, the where term needs to be WHERE id in(?,?,?,...). there must be a placeholder for each id value. you can make the list of place holders to put into the query by counting the number of id's and you would run a pdo stmt bindValue statement inside of a loop to bind each id value to its placeholder after you prepare the query.
  24. one of the original purposes of php was to be a "Forms Interpreter" FI. there's probably 2,000,000 examples of php code that checks submitted form data posted all over the place on the Internet for you to find.
  25. what result are you trying to achieve? comparing them using what condition or rule?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.