-
Posts
5,450 -
Joined
-
Days Won
175
Everything posted by mac_gyver
-
in one of the other php help sites you posted this on, someone went to the trouble of figuring out what the problem is and posted a reply. you are mixing up the student_username and student_name values. i suggest you read existing replies you have before posting your problem elsewhere.
-
for this specific case, msyqli_real_escape_string() does NOT protect against sql injection. the value isn't being used in a string context in the sql query statement. sql can be injected that contains absolutely no characters that mysqli_real_escape_string() or any other escape string function operates on, i.e. a hexadecimal encoded string, that the mysql database engine happily converts back to any injected sql it contains. this is typically used to inject sql that satisfies the current SELECT query, than appends a UNION query to select anything from any table the current db connection allows.
-
here are three important things to do when learning php, developing php code, debugging php code, or asking for help with php code - 1) we are not sitting there with you. we don't know what you saw that leads you to believe that something didn't work. you mentioned an error while inserting to the table, but you didn't state or show what error you got and the actual error helps pin down where and what is causing the problem. did you get a php error, a mysql database error, or one of your alert messages and what exactly was the error message and what line of code does it refer to? 2) you need to set php's error_reporting to E_ALL and display_errors to ON, in the php,ini on your development system, to get php to report and display ALL the errors it detects. putting these two settings into your code won't help with syntax errors in your main file since your code never runs in this case. you should also turn off php's output_buffering in the php.ini. 3) your code needs to ALWAYS test for and handle errors that can occur with statements. When developing and debugging code, you would display the errors, when running code on a live server, you would log the errors. By testing for and handling errors, your code will tell you when, where, and give you information about why it is failing. if the error you are getting is your alert with - error while registering you..., having error handling in your code for the database query would tell you why the query failed. the type of error handling you can use is dependent on what sort of statements you are using. the best choice is to use exceptions to handle errors. the mysql_ statements you are using should be converted to statements from the PDO extension, which does support exceptions. in addition to updating the code and the problems already mentioned, here is a list of things it needs to do or do differently - 1) your login test needs to just test if the session variable isset(). isset() returns a Boolean value, to be directly used by program logic. there's no point in testing if the value isset() returned is not equal to an empty string, which is probably left over from before the code had an isset() statement it in. 2) the header() redirect needs an exit; statement after it to STOP the code from running. your current code still runs when the session variable is set. 3) your form processing code should set any error messages in a php array. you would output the error messages at the appropriate point in your html markup. the code currently outputs the alert messages before the start of your <!DOCTYPE tag. 4) your form processing code should validate each input to insure it is not empty and that it contains a value with an expected format. 5) you should repopulate the form fields with previously entered values, so that if there is a validation error, the user doesn't have to reenter the data over and over. 6) while you are changing the code to use the PDO extension, use a prepared query to supply data values to the sql statement. this will eliminate the need to escape string data. 7) the best choice for password hashing is to use php's password_hash() and password_verify() functions. there are code examples in the php.net documentation.
-
when you have multiple sub-pieces of data for a particular main item, you would store the records as a sub-array using the main item value as the main array index. $array[$row->IdEmployee][] = array('id' => $row->IdEmployee, 'name' => $row->employeeName, 'date' => date("jS M Y", strtotime($row->Year.'W'.str_pad($row->Week, 2, 0, STR_PAD_LEFT).' +6 days')), 'week' => $row->Week, 'currency' => $row->CurrencySymbol, 'wage' => $row->Wage); you would loop over this using - foreach($array as $id=>$sub_array) { // $sub_array will be an array of the rows of data // start a new row in the output and output the name once here... // you can get a copy of the first row of data using $sub_array[0] // loop over the sub_array foreach($sub_array as $row) { // output the week information from each row } }
-
i'm going to guess, since the OP has still has not shown the include statement, that he is using a URL, rather than a file system path, to include the file and the variables don't exist, since they are in a completely separate process on the web server.
-
when you build the query string part of links, you should use a function like http_build_query(). this will let you take any existing $_GET parameters, add/remove/modify any of them, then produce the part of the link after the ? - $get = $_GET; // get a copy of any existing get parameters. you only need to do this once // in your pagination link code, for each link you produce $get['currentpage'] =1; // set the current page to whatever value you want $qs = http_build_query($get, '', '&'); // produce the query string part of the link echo "<span class='rest'> <a href='?$qs><<</a> </span>"; // output the link. note: i removed the use of $_SERVER['HTTP_SELF'] since it is open to cross site scripting and it's not necessary in modern browsers
-
Arranging data from mysql in to a table sorted by users and dates
mac_gyver replied to unistake's topic in PHP Coding Help
$data = array(); // define the data array while($row=mysqli_fetch_assoc($result)) { $data[$row['Code']][$row['SectorDate']] = $row; } -
Arranging data from mysql in to a table sorted by users and dates
mac_gyver replied to unistake's topic in PHP Coding Help
you would query for the data you want BETWEEN a range of dates - WHERE SectorDate BETWEEN 'some start date' AND 'some end date'. you will reuse these start and end dates when you display the results, you would also ORDER BY the user name so that all the rows for each user name are together in the result set and the user names are in the order that you want to display them. the ordering of the dates in the result set is not important. you would retrieve the data that the query matches and store it into a multi-dimensional array, with the 1st array dimension/index being the user name and the 2nd array dimension/index being the date. to produce the output, you would loop over the array of data. this will give you the user name and a sub-array of dates and data for each date for that user. you would then loop over the dates from the start date to the end date and if there is data (the date array index value exists in the current sub-array of data) for any date, display it. if there is no data for any date, you would display whatever output you want for this condition (an empty cell, 'N/A', ...) -
^^^ while this may not have anything to do with what's going on, is the included file functions.php or is it lib.php? if it's lib.php, what else is in lib.php? what html output do you get if you comment out the first call to the getAlert() function or make the first $html line just an assignment statement? if you get the correct result, with no fatal run-time error, i would say you have found a php bug, because there's no way the contents of your function, with or without concatenation/an undefined variable error, should have an effect on the simple html dom class. if php's error_reporting was listed as having no value, where/how were you 'seeing' the fatal run-time error at the start of this thread? to try and rule out a php bug, use a different variable name, $result, inside your function definition. about the only interaction/affect prior output could have between your function and the simple html dom class, is if the class is using output buffering internally, which i just searched the source file for, and there is none. actually, i think i just found the problem. the simple html dom class is using error_get_last(), in the load_file() method, to check for errors, without checking what triggered the error. since your code is producing an error, this trips up the simplistic use of error_get_last() in the code. short-answer: always write code that DOESN'T throw any errors during normal execution, the undefined variable error in this case, and use proper application error handling logic, by actually testing values returned by function/method calls, rather than to blindly use error_get_last().
-
While it's possible you have found a bug in php, it's more likely something else is going on, such as errors being thrown in the actual data part of the code, and you are only seeing a part of the story. For the first version of the getAlert() function definition, you should be getting an undefined variable error - Notice: Undefined variable: html in your_file on line xxxx. if you are not seeing this error and it's not present in the 'view source' of the page either, either you don't have php's error_reporting set to E_ALL or you have something going on with error handling or output, such as a custom error handler or custom gzip/output buffer handler that's hiding what's really going on. make sure that php is reporting and displaying all errors. you should also turn off php's output_buffering setting (the default is on, in the php.ini.) next, is your full actual code doing any header() redirects to that same page? often, unusual symptoms like this are due to a page getting requested twice, either by the browser or by the code itself, and you are seeing the result of the second request, which won't necessarily have any input data. also, if your page is doing a header() redirect, does it have an exit; statement after the header() to stop program execution? lastly, where are $pause and $array coming from in the posted code? you could have some code which you haven't shown us that is the actual cause of the problem.
-
a) you could use an alias name for the select term, then use use the alias name when you reference the data in php b) you should normalize your data. you should not have columns like that, where you must alter your database table any time you add data for a new year. the way you have your table laid out now, is not normalize, and results in more complicated queries to do anything with or find any of data.
-
the join condition should be part of the JOIN, not as a WHERE clause anyway, which will also eliminate the error - SELECT * FROM company JOIN listing ON company.companyID = listing.companyID WHERE listing.type = Supplier LIMIT 0 , 30
-
it would take having enough of your code, that could be copy/pasted and ran as is (or put up on jsfiddle), that reproduces the problem, in order to help.
-
dynamically loaded events are not working properly
mac_gyver replied to shan2batman's topic in Javascript Help
does that mean that the thread you posted on the forum a little over two hours ago no longer needs help? if so, please post a reply in it and mark it as solved/answered so that forum members don't waste their time reading it. as to the problem in this thread. you haven't shown the javascript/jquery code that's attaching the events, but this is a common problem, and it's likely that you will need to use the .on() method, with the second parameter being the selector(s) you want to attach the event to. see the inormation about 'delegated events' at the following link - http://api.jquery.com/on/#direct-and-delegated-events -
Why do I keep getting the error echo message
mac_gyver replied to IllusiveBroker's topic in PHP Coding Help
upon further review (i stopped looking the first time when i discovered the OP wasn't operating on the value correctly), the only thing to OP should be doing in this code is running the INSERT query. the user_name column and the email column should be set up as unique indexes, to prevent duplicate values in those columns. the INSERT query will fail with a duplicate key error (you can look up what error number this is and then check what error number is returned when the query fails) if either the user_name or the email already exist in the table. you should also be hashing the password using the php password_hash() function and store the hashed password in the database table. -
@cl0482, there is something wrong with almost everything you have shown us about your database table design, your code, and your statement of what you are trying to do. programming requires a clear definition of what exactly the code is going to do, before you write any code. ignoring that you shouldn't even be inputting a credit card number * and that you shouldn't be storing things like subscription/order data in the users table, your code requires a $_SESSION['username'] value (you should actually be storing the user_id in the session variable) in order to do anything. this implies that the current visitor must already be registered and logged in. this would require there to already be a row for the current visitor in your users database table. to alter the value in the `sub` column for an existing row, you would use an UPDATE query, not an INSERT query. your form would also only have the necessary fields for the subscription data. all the other fields for the user 'registration' data don't belong. * if you need a realistic and safe example of some data to add/update for a user, do something like a date of birth. edit: the following post contains a recommend layout for your code on the page - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095 following this will group together like things, which will eliminate duplication, and separate the different concerns in the code.
-
the syntax for a function call would be validateForm() the syntax you current have would be interpreted as a reference to a defined constant and if you had php's error_reporting set to E_ALL and display_errors set to ON, you would be getting an error to help point out the problem.
-
What's the best way to remove spaces and replace them with dash?
mac_gyver replied to man5's topic in Javascript Help
the chained select script you are using has a 'remote' version that uses ajax to retrieve the data. see the example at the site you posted a link to.- 10 replies
-
- remove spaces
- replace
-
(and 3 more)
Tagged with:
-
there's nothing in the query that's using any date/time functions, on a column or otherwise. the LITERAL date value (a string in this case) that's being supplied in/to the sql query statement (as part of the sql syntax or via a prepared query parameter) is evaluated by the database engine and converted into a DATE value for the comparison.
-
^^^^ literal mysql date/datetime/timestamp values in a query can use any punctuation character as a separator or none at all. the literal values shown are valid and will be parsed to a mysql date value.
-
your code, on each page of a website, must check if the current visitor is logged in and what if any permissions they have for the duration of the request for that page.
-
since you didn't share what result you are actually getting, we have no idea which of the many possible things could be wrong. what output did you get and if it's not obvious from looking at it what's wrong with it, tell us what the output should have been. next, we have no idea what the paging class code is, so we have no idea if you are using it correctly. however, it would seem that calling methods like $page->selectQuery(); and $sales = $page->fetchQuery();, before you have set up the paging information is probably wrong. edit: also, processing the form's start_date and end_data values is not mutually exclusive from processing the pagination page number. you should not have the pagination logic, in the first section of code, inside of that particular else {} statement. you should not be putting external data directly into the sql query statement. if this paging class doesn't support using prepared queries, you will need to validate that any external data is exactly and only of the expected format and use the escape string function, from whatever php database extension this paging classing is using, on the data before putting it into the sql query statement. lastly, your form should use method='get', since the dates are determining what will be gotten/displayed on the page. the pagination links should also include any existing $_GET data, so that things like the start_date and end_data will be propagated between page requests. the easiest way of building links is to use http_build_query() for the query-string part of the link.
-
Why do I keep getting the error echo message
mac_gyver replied to IllusiveBroker's topic in PHP Coding Help
the mysqli result object returned by a select query ISN'T the data from the query. you would need to test the num_rows property of that object to find how many rows the query matched. -
mysqli_fetch_array() expects parameter 1 to be mysqli_result
mac_gyver replied to WeBBy421's topic in PHP Coding Help
the error is because you are reusing the loop control variable, $result, inside the loop. specifically in the line that when you comment it out, the loop runs. the update query returns a Boolean true when the update query runs without any errors. since you are not using the result from the update query that you are assigning to that variable, why are you even assigning it to a variable? also, mysqli_error(....) requires the database connection link as a parameters. if either of your queries would fail for some reason, you would just be getting another error due to the incorrect usage of the mysqli_error() statement. you should actually be using exceptions to handle query errors and avoid using all the or die() logic in your code. your main code will only deal with error free execution of the database statements. -
^^^^ i have a similar recommendation. before you worry about modifying how this code does something or have someone in a help forum look at it to try to help you with what it is doing, you need to greatly simplify it and update it - 1) use the PDO database extension. 2) use css to style elements. 3) don't suppress errors (if those fetch statement were producing errors, it means that your queries are failing due to a problem with the database connection, database table, or the query syntax.) edit: 3b) only fetch the data you need/use the simplest syntax that accomplishes a task (KISS - keep it simple...). you are just using associative data from the query, just use a fetch statement that retrieves the data in that format. your current code is fetching both numerical and associative data, which is the default for the statement you are using AND you are also supplying the optional parameter telling it to fetch exactly what the default is. 4) don't loop to retrieve query results when there's only one row. there's only one place in this code where the query can match more than one row. that's the only place where there should be a loop. 5) separate your database 'business' logic from your 'presentation' logic. this will also help you avoid trying to run queries inside the presentation logic, who's responsibility is to produce output. 6) don't run queries inside of loops and DRY (Don't Repeat Yourself). the main part of that repetitive logic can all be replaced with simple code. there won't be a TON of related products for any selected product. just run one JOINed query to get all the related product information at once and retrieve it into an array. if there's more than 4 results, shuffle the array, then split off the first 4 entries. then, just loop over the 4 random entries or the original data, in the case where there were 4 or less results. you would produce the final output in this loop. edit: 7) the input to this code is an id. you should make sure it was supplied before trying to use it.