-
Posts
5,450 -
Joined
-
Days Won
175
Everything posted by mac_gyver
-
this is a common activity, i.e. getting the row of data in each group matching a specific condition. see - https://dev.mysql.com/doc/refman/8.0/en/example-maximum-column-group-row.html not listed in that information is adding a term to the WHERE clause with id IN(a sub-query that gets the max(id) per group) (essentially what your query would be if it was just getting the max quote id per job_id group.) i cannot vouch for the efficiency of this method, but it is fairly easy to understand when you write/read it.
-
the issue of any external, unknown, dynamic value being output on a web page, possibly containing html special characters that would break the html syntax, should be handled by applying htmlentities, with the ENT_QUOTES flag, to value when it is output. this will allow any single-quote, double-quote, <, >, or & in the actual value to work. they will be converted, by the browser, back to the actual literal character when the value is submitted.
-
How do you list two columns but not show duplicates from first column?
mac_gyver replied to Plugnz13's topic in MySQL Help
when you fetch the data from the query, you would index/pivot it using the maincat as the main array index. this will give you a sub-array of rows for each maincat value. when you loop to display the result, you can use php’s count() function to get the number of rows for each maincat value and use this as a rowspan attribute in the column where you are displaying the maincat value. -
LOL, i see that the same/similar information as above was given in one of your previous threads.
-
no. do not update quantities or delete data to accomplish this. databases are for recording information. by updating/deleting data, you lose an audit trail that would let you know if a programming mistake, an accidental key was pressed, or nefarious activity changed a value. you would INSERT data for every order/transaction that affects a value. a sale would insert a row into an order/transaction table with a 'type' indicating it is for a sale, then insert row(s) into an order_item table for each item that was sold with the order_id, item_id, and quantity. to void a sale, you would insert another row into the order/transaction table with a 'type' indicating it is for a void/return, with a reference to the original order_id, then insert row(s) into the order_item table, with a negative quantity for the items that are returned and will be restocked (some of the items might have been kept, some might have been damaged, and won't be restocked.) to get the total quantity you would just SUM() the quantities per item_id.
-
data driven example - <?php // file to save output in // note: when storing data in a file, you must use file locking to make this concurrent safe (a database automatically does this for you) $file_name = "file.txt"; // define fields - the array index is the field name, since these must be unique $fields = []; $fields['firstName'] = ['label'=>'First Name', 'type'=>'text', 'placeholder'=>'First Name', 'required'=>true, 'choices'=>[],]; $fields['lastName'] = ['label'=>'Last Name', 'type'=>'text', 'placeholder'=>'Last Name', 'required'=>true, 'choices'=>[],]; $fields['sex'] = ['label'=>'Sex', 'type'=>'radio', 'placeholder'=>'', 'required'=>false, 'choices'=>['male'=>'Male','female'=>'Female'],]; $fields['fruit'] = ['label'=>'Fav Fruit', 'type'=>'checkbox', 'placeholder'=>'', 'required'=>false, 'choices'=>['apple'=>'Apple','orange'=>'Orange','berry'=>'Berry'],]; // examine form data // echo '<pre>'; print_r($_POST); echo '</pre>'; // post method form processing if($_SERVER['REQUEST_METHOD'] == 'POST') { // array to hold output lines $output = []; foreach($fields as $field=>$arr) { switch($arr['type']) { case "text": // add validation logic as needed $output[] = "{$arr['label']}: $_POST[$field]\n"; break; case "radio": // add validation logic as needed $val = $_POST[$field] ?? 'not selected'; $output[] = "{$arr['label']}: $val\n"; break; case "checkbox": // add validation logic as needed $val = $_POST[$field] ?? 'not selected'; $val = is_array($val) ? implode(', ',$val) : $val; $output[] = "{$arr['label']}: $val\n"; break; } } // add separator $output[] = "------------------\n"; file_put_contents($file_name,$output,FILE_APPEND); } ?> <form method="post"> <?php foreach($fields as $field=>$arr) { switch($arr['type']) { case "text": $req = ($arr['required'] ?? false) ? ' required' : ''; echo "{$arr['label']}: <input type='{$arr['type']}' name='$field' placeholder='{$arr['placeholder']}'$req autocomplete='off'><br>\n"; break; case "radio": echo "{$arr['label']}:"; foreach($arr['choices'] as $value=>$label) { echo "<input type='radio' name='$field' value='$value'>$label "; } echo "<br>\n"; break; case "checkbox": echo "{$arr['label']}:"; foreach($arr['choices'] as $value=>$label) { echo "<input type='checkbox' name='{$field}[]' value='$value'>$label "; } echo "<br>\n"; break; } } ?> <input type="submit" name="submit" value="Submit"> </form>
-
you should use a data driven design, where you have an array that defines the label, field type, placeholder text, choices (for checkbox/radio fields), and any other unique data per field. you would then loop over this defining data structure to dynamically produce the form, also use this when validating the submitted data, and use it when storing the data to a file/database, so that you can have some general-purpose code do the work, rather than writing out bespoke code for every field.
-
Define fields to be returned with PDO variables
mac_gyver replied to Adamhumbug's topic in PHP Coding Help
of course you can do this, by supplying an array of the column names as an input to the function, then dynamically building the select list (see php's implode() function). -
you should be learning and developing on a localhost development system. it is a waste of time and a security risk trying to learn and develop code/query(ies) on a live/public server. your posted code IS using the mysqli database extension. the line of code i posted IS a mysqli statement. all you have to do is add that line in your code before the point where you make the database connection. if your statement means that the web host has disabled that particular function/statement, this is all the more reason to be doing this on a localhost development system.
-
if you add the line of code that i gave to use exceptions for errors for the mysqli extension, you will get an sql error telling you why the query is failing, assuming that you have php's error_reporting set to E_ALL and display_errors set to ON. having error handling like this is a fundamental troubleshooting step, i.e. trying to teach you how to fish, rather than giving you a fish to eat every time you are hungry. please take the time to learn and use the fundamentals for this task.
-
it's not. you don't have a clear definition of what the work-flow/steps are, so you haven't been successful at writing code that does what you want. the work-flow/steps are - a user sits down at a computer/device and logs in. this stores the logged in user id in a session variable. a logged in user can now see and do things that requires a logged in user. this tests/uses the user id in the session variable. one of the things they can see and do is see/navigate to the formulaire form, fill it in, and submit it. this also tests/uses the user id in the session variable. the form processing code for each form should be on the same page as the form. this results in the simplest code and the best user experience (you can repopulate the form field values upon an error so that the user doesn't need to keep reentering data over and over.) the way to get the form to submit to the same page it is on is to lever the entire action='...' attribute out of the form tag.
-
your code is filled with unnecessary logic (copying variables to other variables, cryptic error handling), that doesn't help you, and you are missing needed logic, such as trimming and validate input data before using it. the current error is because you have a syntax error in the sql query statement, but the current error handling would only tell a hacker when they managed to trigger a query error. it doesn't help you when learning, developing, and debugging. when you are learning, developing, and debugging code/query(ies), you want to display all php errors and display the actual raw database statement errors. when you put your application onto a live/public server, you want to log this same information. the simple way of doing this, without adding or editing code at each database statement that can fail - connection, query, prepare, and execute, is to use exceptions for database statements and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) you would then remove all the existing database statement error handling since it will no longer get executed upon an error, simplifying the code. to enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection - mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
-
it's pretty apparent that your url rewriting is not working (is probably a redirect) and there's no $_POST data for the code to use. No. the end result of the login process is to remember who the logged in user is, by storing the user id in a session variable. you would then use the existence of a remembered, logged in user to display any logged in specific navigation links, form, and enable the form processing code on a page.
-
have you checked in formulaire.php if there's $_POST data at all? add var_dump($_POST); next, why do you have a form in the login.php page that's going to another page with more form fields? you are creating a bad user experience, requiring the user to push more buttons and fill in fields, then if the username/password is not valid, you will need to go back to the login form, then go to the formulaire form to reenter the data again. also, the php code is dealing with the user/username. you have now stated this field in the second form is for a password value. please clarify? in short, what is the overall stated purpose of doing this? it looks like the formulaire data is profile information, that would be requested when a user registers, not when a user logs in.
-
this code is very bad, and doesn't even contain any comments, useful or otherwise. however, now that you have posted some information, your description makes sense. the wording for that column is in $checkSqlRow["LEGIT"]. is the stored wording consistent, i.e. are there only three values and are they always spelled and capitalized the same? next, for each possible wording, you need to map the value to the image path/name. the simplest way of doing this is to store this mapping in an array variable, with the wording as the array index, and the image path/name as the array value. at the current point of echoing $checkSqlRow["LEGIT"], you would instead test if the value/index is in the array. if it is, get the image path/name and output it in an <img ...> tag. if it is not, you would either output the wording, some default text, such as n/a, or output a default image.
-
we don't know what your data is and don't know what result you want to produce from that data, so, your description doesn't make any sense. please post some sample data (not a picture of your data) and show or describe what result you want to produce from that data. as to the posted php code - validate all input data before using it. what should your code do if $_GET['COIN_ID'] isn't set, is empty, or doesn't contain an integer value greater than zero? since this is a required input for the code to work, you need to setup a user message stating that a required coin id was not supplied, and then not run the rest of the code that's dependent on that input. don't copy variables to other variables for nothing. this just a waste of your time typing. just use the original variables. don't put external, unknown, dynamic values directly into an sql query statement. use a prepared query instead. if this query will match at most one row of data, just directly fetch it, no loop is needed. if this query can match a set of zero or more rows of data, you would need to fetch the data into an array, then test/loop over the array to produce the output. the current code overwrites each row of fetched data with the next row, leaving you with only the last row of data. generally, do/while loops are not used since you must test if there's data to fetch at all, requiring more code. the current code will produce php errors if the query didn't match a row, and leave you needing to still add missing logic at the point of producing the output to display a message for the case where there is no matching data.
-
give this a try - <script> $(document).on("change", ".itemQty,.itemSelected", function(){ var parent = $(this).closest('.completeLine'); var qty = parent.find('.itemQty option:selected').val(); var price = parent.find('.itemSelected option:selected').data('priceuk'); parent.find('.line-total').val(qty*price); }); </script> also, the first option choice is usually a instructional prompt, with an empty value, so that the user must make a deliberate selection. this also allows the 'required' attribute to work.
-
without complete copy/paste code to run this ourselves, no one here can help. anything we do to get the snippets of code to the point of even running, may be different enough that it won't help you.
-
so, now it is in the documentation. that's only in the latest. all previous, for the past ~17 years (i just checked), shows only the : usage and there's no change note for when the documentation change was made, only the now, optional comments in the examples. use at your own risk. i don't know why people are still typing out the names, multiple times, for each place-holder in each query. named place holders only exist inside the PDO driver, where php converts them to positional place holders before sending the information to the database server. it's a lot of unnecessary typing and then extra processing for php. Edit: here's something even more sad about this documentation change. in the bindParam and bindValue documentation, this same change was made in the examples, but the definition of the parameter wasn't changed and still states -
-
using an undocumented php short-cut will bite you in the ass like all the past ones when php finally fixes/removes it.
-
Wordpress template code, i.e. make it look like you are doing a lot of work that's worthy of getting paid for.
-
PDO - Uncaught Error: Call to a member function
mac_gyver replied to Adamhumbug's topic in PHP Coding Help
$pdo will be an object, a true value, even if the connection fails. -
PDO - Uncaught Error: Call to a member function
mac_gyver replied to Adamhumbug's topic in PHP Coding Help
when you make the database connection, you should also set the character set and some more options. see this post - also, for catching database exceptions in your code, there's no point in doing this except for user recoverable errors, such as when inserting/updating duplicate or out of range values, where the catch logic would test for the appropriate sql error numbers and setup messages telling the user what was wrong with the data that they submitted. in all other cases, there's nothing the user can do to recover from the type of error that would be occurring and even letting a hacker know that they were able to trigger a database error is not something you want to do, so, you might as well just let php catch the exceptions in these cases, simplifying your code. also, outputting the raw error message, like you are doing in the connection code, will only help hackers, when they intentionally do things to trigger errors, e.g. you can trigger a connection error by making a large number of requests that use connections, and the connection error message contains your database host name/ip, the connection username, if you are using a password or not, and web server path information. you DON'T want hackers to see this type of information. -
Show a percentage based on values from a table
mac_gyver replied to AndyJones's topic in PHP Coding Help
the last issue above, the mismatched variable names, would have been producing php errors. is php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system, so that php would help you by reporting and displaying all the errors it detects?