-
Posts
5,528 -
Joined
-
Days Won
188
Everything posted by mac_gyver
-
there's two problems with what you are asking/doing. 1) you should not have a database table with columns with same meaning data spread out like that. database tables are not spreadsheets. all the code and queries to store, find, update, delete, or make use of any of the values in a any column is more complicated. each same meaning piece of data should be stored in a separate row in a database table. 2) an average is derived data. it should not be stored, but instead calculated any time it is needed.
-
you need to look at the web server access log to find out where the requests are coming from and/or add logic in your php script to log all the information you are getting with the request. i looked at your previous thread, and the code isn't even checking if a form was submitted, so anything like a search engine spider or a bot script making a get or post request for the page will cause the code to run. once you have made sure a post method form has submitted, you need to properly validate each input to make sure that it is not empty and that it only contains data of the expected format. you are also putting form data into the header field. this will allow a hacker to do anything he wants to the email that gets sent by your server. without proper validation, this will allow any to:, from:, cc: , bcc:, subject, message body, attachments.... to be send through your mail server. and an fyi - the email is not being sent from the person who entered the information in the form. the email is being sent from your sending mail server. the From: mail header needs to be an email address at the domain of your sending mail server or you need an SPF DNS zone record at the domain being used in the from address that says your sending mail server is authorized to send email for that domain. the Reply-to: mail header is where you would put the email address from the person who filled in the form, after you have validated that it only contains an email address and no mail header injection content.
-
Is it worth storing database results in a session
mac_gyver replied to NotionCommotion's topic in PHP Coding Help
the query cache, in the database engine, will do this for you. for any particular query statement, if the tables referenced in the query haven't changed (insert, update, delete), the result is gotten from the query cache, assuming the result is already in the query cache. if any table referenced by the query statement has changed, the new data is retrieved and cached. -
Trying to generate a random number whilst waiting for a future date
mac_gyver replied to Paulp51d's topic in PHP Coding Help
web servers are not designed to work this way. they are designed to accept a http request from a client (browser) and output the requested page. to do what you are asking would require that the server side code test if the current time is less than the designated end time and just output a random number if it is. it would be up to the client/browser to periodically make http requests to the server to get and display the random number. -
the bind statements (pdo or mysqli) don't belong inside the loop. the loop only populates the variables that were bound and calls the execute method.
-
if multiple 'orders' can be added to a cart, you would create a sub-array in the cart for each order - $_SESSION['cart'][order_number][pid] = quantity // an example, assuming white bread ends up with a pid of 12 and brown bread has a pid of 13 - $_SESSION['cart'][1][1] = 1; // order #1, menu item pid 1, qty 1 $_SESSION['cart'][1][12] = 2; // order #1, white bread, qty 2 $_SESSION['cart'][2][1] = 1; // order #2, menu item pid 1, qty 1 $_SESSION['cart'][2][13] = 2; // order #2, brown bread, qty 2
-
your code should ALWAYS test if database statements worked or not and when they fail, display a user message (sorry this page isn't working now) and display (during development) or log (on a live server) the actual error information, and then prevent the remainder of the database dependent code from running so as to not throw follow-on errors. code that contains error checking and error reporting logic for statements that can fail, will tell you when, where, and why it has failed.
-
my recommendation is to store the bread choices in your database table, along with all the other items that can be added to the cart. to organize the type of items in the database table, you would have a category table that defines the category_id and the category name, then in the table holding data about all the items, you would have a category_id column. the bread choices would get whatever category_id is assigned to the bread category name. once you do this, your hard-coded bread menu can be dynamically built, the bread choice can be added to the cart just like any of the other items, and displaying the contents of the cart will just involve getting the item id's from the cart, retrieving the information about the items from the database table, and displaying the information as you loop over the rows that the database query matched.
-
when you display the cart, you would also retrieve the category information for the items in the cart and pre-process the retrieved data to get a list of the bread(s) in the order (you may in fact want to retrieve and save the results from the query by category so that similar items are listed together when displayed.) then display the bread information the way you want when you display the contents of the cart. in order you specifically help you, we would need an example of your database table data showing how you know if an item is from the 'bread' category? at the point of displaying the cart, you cannot use any $_POST data, because there will only be $_POST data after you submit a form. you should also post an example of how you want the output to appear when there is a bread item(s) in the cart. short-answer - at the point of displaying the cart, you have as input data - 1) a page request to display the cart 2) the contents of the cart. the product id and the quantity are all you need to store in the cart. this results in the simplest and cleanest general purpose code. 3) the data about the items that is stored your database table(s). your task is to produce the result you want using the available input data.
-
{HELP} Need someone to help me with project
mac_gyver replied to FatesCall's topic in PHP Coding Help
you would do that so that you can have a separate random salt per user so that any bruit-force password determination would have to be done separately for each password. the hash produced by the password_hash() function contains information on the hashing algorithm used, the cost/iteration factor, the random salt string that was produced when the password was hashed, along with the hashed value. all these are needed to hash an incoming password to see if it compares to the original password. -
{HELP} Need someone to help me with project
mac_gyver replied to FatesCall's topic in PHP Coding Help
the suggest password hashing method, using password_hash()/password_verify(), cannot be accomplished without retrieving the hashed password value from the database table. -
the code that QuickOldCar posted, using the session_id as an array key, is overly complex and problematic. a single session_regenerate_id() statement (which you would be using if you are concerned about session security) will loose the contents stored in the cart. there was nothing wrong with the original definition of your cart and in fact it looked like something that would have been suggested here on phpfreaks. part of what i recommend would have separated your main program logic from the unchanging part of the page, so that you can POST JUST THE RELEVANT part of your code that you need help with. no one will try to sift through hundreds of non-relevant lines of code to just locate, then figure out the code you are having a problem with. besides the error about the session_id variable, that you shouldn't have changed your code to use anyway, what sort of problem is your code having that you need to fix? and please, just post the relevant part of your code.
-
some recommendations - 1) you should be using css instead of inline styling. this will simplify and clean up all your html makeup and get your page up to 21st century programming standards. if you are trying to develop programming skills, you must start with current coding standards, not something that is out of date. 2) Don't Repeat Yourself (DRY). both of your pages repeat about half of the code, because you are trying to produce a constant page layout (you even have an error between the pages, where you corrected something only on one page.) you can and should actually have just one page, but if you are not up to this point in your programming, you should make the common part of the page layout a php based template that you include on each page that needs it. the main content that's different between the pages would be produced and stored in a php variable, that you just echo at the appropriate place in the 'template' code. 3) your form processing code should come near the top of your file, before any html markup. your code should be laid out in this general order - initialization, post method form processing, get method processing, html page/template. the post method processing code, when it has successfully ran without any errors, should do a header() redirect back to the same url of the page. if you want to display a 'success' message, pass it in a session variable that will be tested and used in the html page/template code. the get method processing code is the php code that gets/produces the data that the html page/template needs to display the dynamic information on the page. 4) your add to cart code contains a typo in - $_session. this should be $_SESSION. your add to cart code should not be testing a variable named - $_POST['Bread'] as that doesn't tell anyone reading the code what the purpose of the variable is. you should have a variable that identifies what the submitted form was for. how about using - $_POST['add_to_cart'] ? all of your add to cart form processing code should be inside the conditional statement that tests if the correct form was submitted. see the following example code for what your add to cart from processing can/should be - // post method form processing code if($_SERVER['REQUEST_METHOD'] == 'POST') { // add to cart if (isset($_POST['add_to_cart'])) { $pid = (int)$_POST['prodid']; if(!isset($_SESSION['cart'][$pid])){ $_SESSION['cart'][$pid] = 0; // create an entry (it will be incremented in the following code) } $_SESSION['cart'][$pid]++; // increment whatever the existing quantity is $_SESSION['message'] = "Your product has been added to your cart"; // uses in the html page/template code } // other form processing code would go here... // after successfully (no errors) processing all post data, do a header() redirect to the exact same url that the form submitted to if(empty($errors)){ $host = $_SERVER['HTTP_HOST']; $uri = $_SERVER['REQUEST_URI']; header("Location: http://$host$uri"); die; } // if there were errors in any of the above form processing code, continue on this page, displaying any errors, redisplay form... } 5) if you are learning php now, you should be using either the mysqli or PDO database library of functions. the mysql functions are obsolete and will be removed from php soon. again, you should start with current coding standards, not something that is out of date. i would also recommend that your config settings be assigned to an array - $config, so that you can distinguish them from other variables. your navigation menus on the page should also be dynamically produced (from configuration settings), rather than hard coded html.
-
the example that boompa posted wasn't copy/paste code for you to use. it was an example for you to look at, learn from, and modify your code to make use of. the line - $result = $pdo->query(); needs to include your $query variable as a parameter. you also need to change the foreach() statement to use $result, rather than to run the query again.
-
if you enable pdo exceptions, you can catch and handle all the database statement errors in one place without having to add logic for each individual database statement.
-
wamp need to authenticate something with vhost.sourceforge.net
mac_gyver replied to Supervan's topic in Apache HTTP Server
i'm wondering if one of your previous installations of an amp package didn't include this vhost application and now its got a service running that is being triggered by tcp/ip traffic from newly installed apache/mysql services. check in your list of installed programs and in the services for anything related to vhost. -
How would I remove an instance of a class inside a array
mac_gyver replied to Supervan's topic in PHP Coding Help
sounds like a path/include_path setting problem. -
Looking for Easy setup apache PHP MYSQL on windows
mac_gyver replied to Supervan's topic in PHP Coding Help
you are blaming the amp stack, without first finding the cause of the problem. randomly trying different things as a way of solving problems is a huge time killer when dealing with an exact science like programming. programming requires that you find what's causing a problem before you can fix it. see the latest reply in your code thread. -
How would I remove an instance of a class inside a array
mac_gyver replied to Supervan's topic in PHP Coding Help
based on the fatal error, i'm guessing that your item class is being included, but it's not before the session_start() statement, which it will need to be in order to restore the instances of the item class in the session data. -
How would I remove an instance of a class inside a array
mac_gyver replied to Supervan's topic in PHP Coding Help
i recommend clearing your $_SESSION['cart'] (it wouldn't hurt to have an 'empty cart' function in your code.) your code works for me and i suspect what you are seeing in the print_r() output is left over from what previous coding stored in the session variable. some of your code is still out of order. this - if ($productid->count()) { is the logic statement that's verifying that the submitted id was found in the database. ALL the code dependent on verifying that the id exists should be within the scope of that conditional block. -
How would I remove an instance of a class inside a array
mac_gyver replied to Supervan's topic in PHP Coding Help
the following line of code is incorrect usage. it is overwriting the item in the cart with whatever value the updateQuantity() method returns - $_SESSION['cart'][$result->id] = $item->updateQuantity(10); to modify the quantity of the item in the cart, the code would look like - $_SESSION['cart'][$result->id]->updateQuantity(10); $_SESSION['cart'][$result->id] is (when you don't overwrite it) an instance of the item class. your goal would be to call the updateQuantity() method for that instance/item. you are still creating an instance of the item class in the wrong place and there's no point in looping over $productid->results() when there is at most only one matching result from the query. i think it will probably help you if you first define what a block of code is going to accomplish, then put that definition in as comments in the code. for example, the $_GET['prodid'] block of code appears to be an 'add' to cart process. what steps do you need - 1) validate the id/retrieve the corresponding product information for the id. if found, continue. if not found, output an error message. 2.a.) if the item is not in the cart, create an instance of the item class, with the submitted quantity (or a quantity of 1) and add it (assign it) to the cart. 2.b.) if the item is already in the cart, modify the quantity according to the submitted quantity. -
How would I remove an instance of a class inside a array
mac_gyver replied to Supervan's topic in PHP Coding Help
without the actual error message and where it is occurring at in the code, there's not much chance at helping. the only two things that are apparent from the posted code are - 1) you should only be making an new instance of an item if the item doesn't exist in the cart. the $item = new item(....); belongs inside the else {...} block of code. 2) your total won't work. you are assigning the sub-total to $total. you should be adding it. -
if your intent is just for someone to troubleshoot and fix the problem for you, you would want to post in the freelancing - Job Offerings forum section. the programming help forum sections are for coders, and those learning to code, to get help with code they have written. these forum sections are not here to get free programming services.
-
Making multiple products show in a cart
mac_gyver replied to jimleeder123's topic in PHP Coding Help
you would use a multi-dimensional array. firstly, you should separate the cart session data from other session data by giving it a primary array associative index name - $_SESSION['cart'] secondly, your id should uniquely identify an item, it should be the auto-increment id from your database table where you have defined the items, and the id should be used as the next array dimension's index - $_SESSION['cart'][id_value] lastly, to allow multiple of any item to be stored in a cart, the value stored should be the quantity - $_SESSION['cart'][id_value] = quantity to add a quantity of one (1) to the cart for any id, the basic code would look like - session_start(); if(!isset($_SESSION['cart'])){ $_SESSION['cart'] = array(); // create an empty cart } // form processing code if($_SERVER['REQUEST_METHOD'] == 'POST'){ // add quantity one to cart if(isset($_POST['add'])){ // validate/cast input data $id = (int)$_POST['hiddenid']; // the validation logic will produce a 'safe' $id to use if(!isset($_SESSION['cart'][$id])){ $_SESSION['cart'][$id] = 0; // create an empty item (it will be incremented next) } $_SESSION['cart'][$id]++; // increment - add one to whatever the existing quantity is } // code for other form processing operations would go here.... } -
the code you have is not looping over anything. it's also (still) using the $event->nodeValue, which is just the last event that was added to the $events array. example that takes the statement of what to do and produces the code to do it - // i would loop over the $alertValues array, checking if each value in turn is in the $events array (see in_array()) and stop on the first match. $message = ''; // default to an empty string for the result foreach($alertValues as $value){ // loop over the $alertValues array if(in_array($value,$events)){ // checking if each value in turn is in the $events array $message = $value; // a match was found, save it as the result break; // stop on the first match } } after the above code runs, $message will either be an empty string or the highest type event found in the $events array.