ajoo

Thanks Guru Barand, Will do so as suggested. Was expecting a reply from none other !

Hi friends, I am still awaiting a reply, comment to these issue. I hope someone will be forthcoming. Thanks

Thanks guys ! Well I too came across the fact that its a bug. Like I said it worked just fine on phpfiddle but not on my local host. Taking a wayaround. Thanks all.

Hi to all ! While i await some reply to my earlier query, here's another one - a simpler one perhaps but it has me baffled. The following is the code I tested on phpfiddle and it works great. Gives the correct time difference in days. <?php $date1 =date_create("2013-12-07"); $date2 = date("Y-m-d"); $date2 = date_create("$date2"); echo "<br>"; $Gap = date_diff($date1, $date2); echo $Gap->format("%a days"); ?> However when i actually implement it on my localhost running version 5.3 of php i get the difference as a multiple of 6015. So if there is a 1 day difference, instead of getting 1, i get 6015. for 3 days i got 18045 which is 6015 * 3. I have tried but i am unable to figure it out. Any suggestions anyone. Thanks.

Hi all ! I have been learning MySQL and the gurus have been so patient and helpful. So here are some more queries from a beginner. First is regarding the SQL query procedure from PHP. Every time a query is created and we have to go thru the following: ////////////////////////////////////////////////////////////////// query 1 query = "Select * from club"; $result = mysqli_query($link, $query); if ($result) { do whatever for a successful query; } else { display or log an error } ///////////////////////////////////////////////////////// query 2 query = "Update club SET visit = '2'; $result = mysqli_query($link, $query); if($result) ... So my first question is that if we are accessing the same Table , namely clubs, in the above example, then is it not possible to avoid repetitive steps. Can't both & more statements be processed at one go or must each and every query be checked for successful execution? Is there no way to send a group query and have it processed at one go. It would greatly reduce the coding size and therefore chances of errors. The second question is that if more than one person is accessing a database at the same time, trying to read or write into the tables, and there is a time clash, how will mysql handle it? Would it automatically queue the entries or would some of the entries be lost ? If the entries are lost, then how can this be prevented ? Thanks all the gurus for all the help so far and that which would ensue. Cheers !

Hi Barand, Thanks for this. Ofcourse I see your point and I am sure i'll be able to utilize this when it comes to more than one student in a the table but i'ld be glad if you'ld be able to explain these, if only from a totally academic & learning point of view, the working of the query especially these two lines @row:=IF(@prev=subjectID, @row+1, 1) as row, @prev:=subjectId as subjectId Also in the model that I am pursuing, ( again only from an academic point of view) I don't need to have a subject column because since there is only one student, I can have the subject as the field label instead and thereby save an entire field. In that case it would be feasible to come up with a solution that I have been trying in my previous reply. I am putting it down again below for convenience. Would it then be possible to get this working with the correct calculations of the row variable and if so how. Thanks. I hope you'll appreciate that I wish to learn and not just pick the code from one place and put it in another. Thank you for all the help. SELECT MAX(testdate) as DateEnding, AVG(score) as average FROM ( SELECT testdate, score, FROM testresult ORDER BY testdate ) as rows GROUP BY FLOOR((row-1)/5), ORDER BY DateEnding

Hi barand, I have been sitting and trying to dissect the query piecemeal to understand it. I'll be grateful if you can explain it so that it's easy for me to understand. Since my database has only one subject which is default, all I need is the score averaged over testdate, I tried to do away with the following lines @row:=IF(@prev=subjectID, @row+1, 1) as row, @prev:=subjectId as subjectId as well as the ensuing JOIN command but obviously that's a mistake since GROUP BY FLOOR((row-1)/5) uses row to get the block of 5 values to be averaged. I am therefore not getting how the above two or I think just the 1st line should be modified to get the correct row value. This is what I tried and it's faulty. But I think if i can calculate the rows value correctly, it would most probably work. Your help is sought again and thanks loads. SELECT MAX(testdate) as DateEnding, AVG(score) as average FROM ( SELECT testdate, score, FROM testresult ORDER BY testdate ) as rows GROUP BY FLOOR((row-1)/5), ORDER BY DateEnding

Hi Barand, Thanks loads for the example. I'll take time to look into it and dissect and assimilate it. Then I'll adopt it to my situation and I am sure it would work. I will revert in some time. Thanks again.

Hey guys, while this seems simple I am sure that Its complex. I have had a few ideas that I have tried without success. Pls I request the gurus to take a look at this and help me out of this fix. I tried this example below but it does not give the desired result though it does seem to be the way. I am sure one of you gurus can fix it just by looking at it. Please help me out. Thanks loads. SET @i := 0; SELECT @i:=@i+1 as rownum, FLOOR(@i/5) AS `datagrp`, AVG(`tmptbl`.`score`) FROM ( SELECT `score` FROM testresult ) as `tmptbl` GROUP BY `tmptbl`.`score`

HI Barand, Hope you are doing good. Nice to be interacting and learning from you once again. Thanks for the effort above , however my problem is slightly different. The table contains data for only one student to begin with and instead has one or more subjects that he / she is tested for like maybe English and Maths. The student takes a test for each subject everyday and we have to average averages for each 5 day slots. Not moving averages but simple 5 or n day slot averages. So for eg if we have the following table then averages for 5 days ( which may or may not be consecutive ) have to be taken out as indicated by their color slots. So the output will give 3 average values for each color block. Of-course their may be additional columns for scores of other subjects. Thanks and looking forward to your response. +-------+------------+-------+ | name | testdate | score | +-------+------------+-------+ | Mary | 2013-06-03 | 58 | | Mary | 2013-06-04 | 99 | | Mary | 2013-06-05 | 34 | | Mary | 2013-06-06 | 56 | | Mary | 2013-06-07 | 37 | | Mary | 2013-06-10 | 22 | | Mary | 2013-06-11 | 45 | | Mary | 2013-06-12 | 30 | | Mary | 2013-06-13 | 58 | | Mary | 2013-06-14 | 31 | | Mary | 2013-06-17 | 98 | | Mary | 2013-06-18 | 42 | | Mary | 2013-06-19 | 55 | | Mary | 2013-06-20 | 47 | | Mary | 2013-06-21 | 100 |

Hi I have this very simple averaging problem. Since I am almost a newbie with MySql, any help would be appreciated. I have a table which stores the results of a student's test conducted on a daily basis for 3 months. I want to record the average score after each 5 days. So the first average score should be calculated after 5 days have passed and then after every 5 days. So I should have 2 average scores after 10 days and 3 after 15 days and so on. How can I achieve this in Mysql. I want to use these average scores to display a graph. Ofcourse in general I would like it to calculate it for any n number of days. Thank you

Hi ! Here's another thing that is more flash specific that I wish to ask. I have in my flash game actionscript on various frames that I have written on those particular frames. Would it be any help to take that actionscript off those frames there and put it in a seperate file in the sense that now if someone decompiles the swf file the actionscript would be safe. Would seperating the code from the movie save the code? If so then how can i do this seperation. For e.g. If i have code on frames 10 and 30 and at 50 then how can i seperate the code and make sure that it would be executed as is being done now when it is written on those frames. So I don't know if separating the code from the flash swf will save it in case the file is decomiled. 2) if yes, i.e. if this is the safer route - then how can i separate the code and from the movie and ensure the movie runs the same as before. Thanks !

Thanks dalecosp, I'll take that into consideration and do the data validation and sanitizing there. I would be glad to get some more answers on some of the other issues that I have mentioned in this post. Thanks all for their valuable time and helpful comments.

Hi all, I am developing an application that involves php and flash. Flash is on the server too in the form of swf file running inside an HTML page. I would like to know what security issues loom large with such applications. I would be happy if someone can come out with some known security issues and also point to some that could occur and should be looked into. I am using Flash 8.0 with actionscript 2.0. I am aware that swf can be disassembled. How easy is that and what can be done to prevent someone from doing so? The interaction of Flash and PHP occurs as follows: Once the client is logged in he can activate the flash movie page which is like a game. The game gets its stored values from a database so the flash connects to php and is fed from it the initialisation values for the movie to start. The movie plays and some values are generated during the game ( almost all integers & 1,2 dates). Once the game ends these values are stored back into the database by flash calling the php and POSTing data into the database through it (php). One question that i wanna ask is that since the program is generating the values, do i need to take the security measures on the posted data and validate and escape it before storing it into the Mysql database? Can these values also be intercepted by a malicious user and changed before the php stores them in the DB? Any knowledge on this that anyone here considers relevant is very welcome,. I would be happy for any and all responses on this issue from all the gurus here and thank you all in advance. Have a great day all !

Thanks Ch0cu3r for the confirmation of my thoughts. You have helped me render some form to the formless HTML by making things a bit clear about sessions and cookies. I really wish you can shed some more detail on the security aspects that i have asked in the last message. And additionally as to your remark about changing PHPSESSID name to something else ,would that be of any particular use or in any way enhance the security ? Thanks loads all !

Hi all ! So i read more about issues with sessions and cookies and my god how many times have i read them now ! In fact I am coming back to this one after sometime now but yes I read session & cookies and all and yet I am still not 100% clear. Still better though. The gurus were right as they always are. I wish Sir, that you had told me something more about the PHPSESSID variable that automatically stores a session ID cookie on the client machine. So until I got that piece of information I was quite confused. So while I was not EXPLICITLY setting a cookie on the client side, its been done automatically by the sessions mechanism. AND That's the reason why I thought i did not need to use a cookie ( or any other form of data passing with the client ) because i was not doing so explicitly myself with a setcookie() command, while all the time using one set by the sessions. If there is still something that I have missed I would be glad if the Gurus here would fill that for me. If not, then I have some more questions :- 1. Is this cookie, set automatically via PHPSESSID, good for uniquely identifying different users or would I need to create a specific cookie again for each user identification? I mean if more than one client is exploring the website then hopefully the sessions would not confuse one for the other and mix up their data. 2. Is this cookie mechanism as safe as another that I have seen in some tutorials where a session cookie is hashed and stored along with a user cookie similarly hashed. These are then rehashed on the server and compared to values stored on a database. When I say as safe i mean against attack of session hijack or session fixation. What are the security implications with these two types of cookies. Is one better than the other? Anything else that I may be unaware of ! 3. Could you please propose some safeguards against these threats preferably with some code. 4. I came across session_set_cookie_params command and it said that this should be used before session_start. I just wanna know if someone has set a cookie and already set the time parameter to say 1 week (7*24*60*60) then why should this be invoked on each page before the session_start() ??. In fact if the parameters were set in say the set cookie command, then why use this command at all anywhere in the program? hmmm Am i asking something stupid here ? Thanks !

Ok so i'ld like to ask if a user has logged in with his username and password and the server sets a session variable in the database & on every page request on the site, this session variable is checked to see if its still set & a request for and the login status is also stored and checked, where and why is the need for a cookie? each user has his or her own session ID. Would it goof up if more than one person is logged in ? But then all variables are again uniquely identifiable for each user since session ID's are unique for each.

Hi! WelI I identify the client through a login ID & password, and for the duration that the client is logged in I have his Session_ID stored in a session's variable. The session ID is also stored in a database upon each login . The session_ID is destroyed either when the client logs out or if the session is inactive for a certain length of time. I am relatively new to sessions so please bear with me if I ask something stupid. But yes i really wanna figure all this out.

Hi guys !! If ever a guys was confused, I am today, having read sessions and security and realizing nothing is secure with sessions. There is no such thing as absolute security in sessions and login scripts. So today I read about about the common types of attacks - especially session fixing. This is what I could make ( I think I must have understood just about 15% of it ) out and I have some questions accordingly which I'll be glad to have sorted by the Gurus here !! 1. Sessions fixation involves there being a Session_ID stored either as cookie, sent as a URL or as a hidden field. The cookie being the most secure yet prone to maximum tampering. ( ironic - that's what the article said). Not withstanding the other hazards, I would like to question what if i designed a login session using only sessions and not involving any cookies or URL or hidden fields, how secure would that be against session fixation? I hope there's nothing stupid about that statement. I just want to know if that prevents session fixation. I think that's all I want to know for now and will come out with other questions as and when I proceed on this issue and read more. Thanks very much.

That's the place I got it from too. OK Thanks once again. I'll check out the css again and see whats the issue. Will revert again

Thanks Barand, that worked great. It was also getting the null record which i managed to eliminate by adding to the end of the query "AND dues IS NOT NULL"; Now i'll check out the earlier reply from you ( some things work better in code) and get back with the results. You have been awesome help and guide. Thanks loads.

Hi Barand, Thanks for this. I have to check it out yet cos you've used the earlier table. I have studied the code and got the drift though. Still I'll try it out and revert. Meanwhile I have another twist on the previous Query that you solved below: SELECT cv.day_id, cv.dues, cv.last_visit, cv.points FROM clubvisit cv WHERE last_visit > ( SELECT MAX(last_visit) FROM clubvisit --+ WHERE points <> | ( | find the SELECT points as lastpoints --+ | latest date FROM clubvisit | find points | that had a JOIN | value from | point value ( | the record that | not equal to SELECT MAX(last_visit) as last_visit --+ get | matches the | points value FROM clubvisit | latest | latest date in | found in the ) --+ date | the subquery by | latest record as latest USING (last_visit) --+ JOIN on the date --+ ) ) This works great. However what if the MAX(last_visit) had to check for and ensure that the dues on this day was not NULL. If the dues was NULL in the last row ( highest date)then this row had not to be considered in the rest of the query. So i tried to get the latest date as follows:- JOIN ( SELECT MAX(last_visit) as last_visit FROM (SELECT* FROM clubvisit as cv WHERE dues IS NOT NULL) ) as latest USING (last_visit); But this gave an error " #1248 - Every derived table must have its own alias" . even though "SELECT* FROM clubvisit as cv WHERE dues IS NOT NULL" gave me the subset i wanted. So i don;t know how to eliminate this error though I tried. I even tried to use this statement as the first statement in the query and then work with the alias but that gave an error too. So how do i get there now ? Just for clarity if the Table is as below : (1 , 900 , '2012-12-01' , 6), (2 , 700 , '2012-12-04' , 7), (3 , 600 , '2012-12-07' , 5), (4 , 600 , '2012-12-09' , 6), (5 , 600 , '2012-12-10' , 6), (6 , 600 , '2012-12-14' , 6), (7 , NULL, '2012-12-14' , NULL); Then the last_value has to be that of date 14-12-2012 or day_id = 7 and the desired table should be calculated with corresponding point value of 6. The output should be as before :- +--------+------+------------+--------+ | day_id | dues | last_visit | points | +--------+------+------------+--------+ | 4 | 600 | 2012-12-09 | 6 | | 5 | 600 | 2012-12-10 | 6 | | 6 | 600 | 2012-12-14 | 6 | +--------+------+------------+--------+ Thanks !

Hi ! Thanks for attempting Ch0cu3r. The panel is fine if you slide it. Its only when you click on the registration and login buttons a few times ( more so on the registration button) without entering any information in the input fields, the page refreshes and then redraws. Its at that time just before the panel is redrawn correctly, it distorts. The distortion occurs with the curved edge of the panels being redrawn 1. at the wrong location and 2 the curved edge becomes straight, abrupt and sharp. It's actually the elements of the panel being drawn wrongly. The left element of the panel ( the left curve ) being placed at the position of the right curve. I will try and capture a picture of this though I don't think i'll manage cos its so temporary. I am not sure what code I may have changed. Maybe something in the CSS though it seems just fine, I have tried to locate the change without success. Thanks. I hope you'll try it again.

MacGyver is right but Thanks none the less, gives me something else to check and read about.

Hi barand, Thanks for this but i forgot to change the dues values when i changed the table order earlier. So it kind of changed the entire sense of what was needed. So I am just going to put the table back here corrected and which is as follows: Day_ID -- Dues --- Last_Visit --- Points. 1 --------- 900 -------- 1/12 -------- 9 2 --------- 600 -------- 4/12 -------- 6 3 --------- 400 -------- 7/12 -------- 4 4 --------- 500 -------- 9/12 -------- 5 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 11/12 ------- 6 7 --------- 600 -------- 13/12 ------- 6 8 --------- 500 -------- 15/12 ------- 5 9 --------- 500 -------- 19/12 ------- 5 Ok so here's the modified table and I have changed the dates to be unique ( I understood that here we should have a date and time format for multiple entries on the same day) just to keep it simple. So now I am looking for the latest value of dues (500) . Then we move back on dates and the next is also 500, so we want that and then we come to dues value of 600 on Day_ID 7. Here the dues have changed. But now I want to know for how many earlier days were the dues 600. So we move back and find that till Day_ID = 5 or till on 10/12 the dues were same and equal to the value 600. That's it. Those are all the values I want. So my output should be : 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 11/12 ------- 6 7 --------- 600 -------- 13/12 ------- 6 8 --------- 500 -------- 15/12 ------- 5 9 --------- 500 -------- 19/12 ------- 5 I have checked and rechecked the table. Its correct. Please guide how this may be achieve achieved. Thanks loads !