ajoo

Hi all ! Here's a small piece of code that seems to work fine and returned data via ajax seems to be fine. However the include that's supposed to load the file based on the returned data value is not showing up in its own div. The loaded page displaces the Links and heading making them disappear from the page altogether. So the included file is showing up as its own page which is not what is intended. Here's the code for testLink3.php <DOCTYPE html> <head> <style> #controls{ width: 200px; min-height: 35px; color: #333; text-align: left; background: #c1c1c1; } .pages{ width: 200px; min-height: 60px; color: #fff; text-align: left; background: #fff000; } </style> </head> <body> <div id="myLink"><h2>GIG</h2></div> <div id="controls"> <a href="Page1.php" class="testClick">Link 1</a> <a href="Page2.php" class="testClick">Link 2</a> <a href="Page3.php" class="testClick">Link 3</a> </div> <div class = "pages"> <?php if(isset($_GET['dataval'])) { switch($_GET['dataval']) { case Page1: include_once("Page1.php"); break; case Page2: include_once("Page2.php"); break; case Page3: include_once("Page3.php"); break; } } ?> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <script type="text/javascript"> $(".testClick").click(function () { var dataval = $(this).attr("href"); var myhttp; if(window.XMLHttpRequest) { myhttp = new XMLHttpRequest(); } else { myhttp = new ActiveXObject("Microsoft.XMLHTTP"); } myhttp.onreadystatechange = function() { if(myhttp.readyState==4 && myhttp.status==200) { document.getElementById("myLink").innerHTML = myhttp.responseText; } } myhttp.open("GET",dataval,true); myhttp.send(); alert(dataval); // return(false); }); </script> </body> </html> Page1.php <?php echo "Hi! This is Page 1"; ?> Page2.php (same) <?php echo "Hello! This is Page 2"; ?> In this particular example I feel there is no need for the line document.getElementById("myLink").innerHTML = myhttp.responseText in my code. I came across it in a tutorial where the DIV contents needed to be changed / replaced by the myHttp.ResponseText. What I would like to know is that in this case (example above ) where I just need to return a value would the following code be the correct usage: myhttp.onreadystatechange = function() { if(myhttp.readyState==4 && myhttp.status==200) { myhttp.open("GET",dataval,true); myhttp.send(); alert(dataval); } } The alert, ofcourse, can be done away with. Thanks all !

Thank you Guru Barand for looking into this. I have written in my reply how the table is processing information. Namely the information is updated in 9 groups of about 10 scores each. Scores are recorded every day. They are then retrieved to be displayed as a graph. So a user can just see his or her progress for the number of days elapsed since the current day. What more information would you like me to provide about the processing of the tables data that could help you answer this in some more detail? I would be glad to provide. Thanks very much.

Hi Guru Barand, Thanks very much ! Please may I request you to kindly take a look at another of my earlier questions with the heading : 100+ Columns in a table. Good or Bad? Would be much obliged. Thanks again !

Thanks Guru Barand, One last thing, how to read this JS variable from within PHP to retrieve and use it's value ? Thanks again!

Hi Guru Barand, Thank you very much for the help. Very silly of me to overlook the js library. I would like to ask that If we cannot use <?php $_SESSION['hide'] = true; ?> inside JS to notify php that the buttons are now hidden, then where should this information be inserted so that on a page refresh or reload this information may be looked up, even if only to check the state of the buttons. Thanks loads !

Hi all ! The following piece of code, I believe , is supposed to hide the links when any of them is clicked. The links should reappear when the window is refreshed or reloaded. This however is not happening. Can someone please see the code and get it working. Also kindly explain the code action since I don't have much knowledge about JS or Jquery. The code: <?php //start the session session_start(); //set the attribute $_SESSION['hide'] = false; ?> <!DOCTYPE html> <html> <head> <script> //function to hide all class='test' elements function hide(h){ if(h){ $('.test').hide(); } else { $('.test').show(); } } /*do this always when page loads * verify with the value stored in session to hide or not the links */ window.onload = hide(<?php echo $_SESSION['hide']; ?>); //onready $(function() { //when link class='test' is clicked $('.test').click(function(){ //fadeOut or just $(this).hide(); $(this).hide(); //set the session to hide = true <?php $_SESSION['hide'] = true; ?> }); }); </script> </head> <body> <div class = "button"> <ul> <li> <a href="#" title="Link" class="test">I am link 1</a> </li> <li> <a href="#" title="Link" class="test">I am link 2</a> </li> <li> <a href="#" title="Link" class="test">I am link 3</a> </li> <li> <a href="#" title="Link" class="test">I am link 4</a> </li> </ul> </div> </body> </html> Thanks loads !

Hi gizmola ! Thanks for the reply. Well here are a few more details. 1. It is a big table indeed, but I don;t think it's lacking DB design since only related data is scored in it. Most of this data is scores (floats)-about 90, a few ( 3 ) dates, a session ID field and a few ( 3 more) logical (int) fields. This is not the only table. Other tables score the personal details and details related to the games being played etc. There is no repetition of data and relational DB rules are being followed. The Table is of the type InnoDB 2. During each session, the last row is accessed from the table and a new row (using INSERT and UPDATE ) is created during the game. The scores are read to display the data in a tabular form. So each user in his or her own session can read from the table using a specific ID which insures that there is no conflict in reading the rows by users. Same for updation. When a user logs into a new session and there is no record (row) for the new day, it is requested on first Insert of the data.(1st set of data is inserted and the inserted row ID obtained using $InsertedrowID = $stmt->insert_id; Subsequent sets of columns for the day use this ID for inserting the rest of the columns (the remaining 80). Hopefully there are no conflicts. Simultaneous testing on 4 users works great. ( I know its too low compared to what would be in actual terms ). I think there would be no read or write conflicts. 3. Simultaneous users can run into thousands. 4. I used the wrong word maybe crash. What I meant was what you said about the server being too occupied for some time. Would that be enough information to guide me a bit more on this. Thanks again for the information. Looking forward to some more !!

Hi all ! I was told by someone today that it's a bad idea to have more than 7 columns in a table in a MySql database ???! Is that true? I am using tables which have about a 130 columns and I was told that that was a bad idea and would cause the application to crash once the number of simultaneous users exceed a certain number , namely about a 100. I request the Guru's to kindly clarify on this. Thanks all !

Hi Guru Barand, Thanks for the reply. Somehow it fails to display the graph. I have used your files almost as is. I am appending my code below. I do not get any errors either. index1.php: ( same as yours) <?php $data_1 = array(1,2,3,4,5,6,7); $data_2 = array(5,6,7,7,7,6,5); $g1_data = json_encode($data_1); // convert to a string $g2_data = json_encode($data_2); // convert to a string echo "<img src='graph1.php?caption=chart_1&data=$g1_data' />"; // echo "<img src='testGraph1.php?caption=chart_2&data=$g2_data' />"; ?> Graph1.php: <?php include('../phpgraphlib-master/phpgraphlib.php'); $mysqli_driver = new mysqli_driver(); $mysqli_driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; // For error handling as pointed by guru barand try { $data_array = json_decode($_GET['data'], 1); // reconstruct data array print_r($data_array); $caption = $_GET['caption']; } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; } $graph = new PHPGraphLib(650,350); $graph->addData($data_array); $graph->setLineColor("#ff0000"); $graph->setGradient('Red', 'maroon'); $graph->setTitle('caption'); $graph->setBars(true); $graph->setLine(true); $graph->setDataValues(true); $graph->setDataValueColor('maroon'); $graph->createGraph(); ?> I cannot spot the error. Please help. phpgraphlib was downloaded from : http://www.ebrueggeman.com/phpgraphlib/download Thanks loads !

Hi, I am creating charts using phpgraphlib - a very easy to use graphing library. once the graph is created in graph.php it just needs to be called from the HTML as follows:- <html> <img src="graph.php" /> </html> and the graph is plotted. Within graph.php a data array is required which carries the values to be plotted. Now I need to plot about 10 graphs and in my HTML file I have created a 10 Tabbed layout that should each display one of the 10 graphs. In my Graph.php I have have also created the 10 data arrays from mysql that I require for the 10 graphs. So almost all the work has been done in graph.php and all I need to do is to configure the graph and display the 10 graphs like this. //configure graph $graph->addData($dataArray); $graph->setTitle("Sales by Group"); $graph->setGradient("lime", "green"); $graph->setBarOutlineColor("black"); $graph->createGraph(); ?> But then I need the 10 graphs in 10 files like graph1.php, graph2.php and so on which can be called from their respective tabbed HTML and I need to pass each of these 10 files their data array calculated in graph.php. If I was to repeat the entire code of graph.php in graph1.php, graph2.php and so on for all 10 files & each of these files had to calculate their own data and invoke the graph it will work but it would be a lot of ( 10 times of ) recalculation of the data arrays. ( All data for the 10 graphs can be calculated from the same single query). I was just wondering if there can be some method by which I can somehow achieve this without repeating the same process 10 times. I hope I was able to explain the issue well. Looking for some way out of this. Thanks all.

Thanks guru Barand, Great solution !

Hi Guru Barand, Thanks for the reply. Is there a function to then merge the corresponding values derived from mySql into this array of all date keys with values 0? Or would I need to use a for loop again and replace each key- value pair from the mysql result into this all dates array? Thank you very much.

Hi all ! I wish to create a graph from data collected in two columns of a table. The two columns are Date(dd-mm-yyyy), AvgScore. ====================== | Date | AvgScore | ====================== | 26-02-2015 | 40 | | 28-02-2015 | 45 | | 01-03-2015 | 45 | | 04-03-2015 | 46 | | 05-03-2015 | 45 | | 06-03-2015 | 47 | | 12-03-2015 | 47 | | 18-03-2015 | 46 | | 26-03-2015 | 45 | ====================== As can be seen there are gaps in the dates when the user came in to play. Those dates have to be accounted for. The scores on the dates when the user did not come in to play will be counted as zero. Therefore I need to create an array which will have all dates from 26-02-2015 till 26-03-2015 with AvgScore as '0'(zero) on days when the user did not come to play. Further the data needs to be presented to the charting API as Array("26-02-2015"=>40, "28-02-2015"=>45, "01-03-2015"=>45, ...); I would be glad if someone can tell what would be the simplest and possibly the fastest way to achieve this? Thanks !

HI ! Thanks for the reply. That pretty much takes care of the issue except that it allows Warnings to go through without being caught by the Catch block. For e.g. if there is a mismatch in the number of parameters in the line $stmt->bind_result($db_id,$db_user,$db_pw); a warning is issued about the mismatch by php but the execution continues. This I found is solved by using MYSQLI_REPORT_ALL. This ofcourse is just an observation. I am not saying that we should use MYSQLI_REPORT_ALL because such errors can be found and removed while in the development stage. Further BOTH ALL & STRICT fails to catch an exception if there is no connection to the server. I included the include_once 'dataconnect.php' within the catch block but it failed to catch the exception. Instead php echoed out that there was an undefined $connection variable. How can I have the try block catch this final ( I think n hope) error. Thank you so much.

Yes Guru Barand, I agree on that but otherwise is the code block above good enough to be put in production code as is ? I have also seen code such as $query = "SELECT Id, User, Pass, FROM $table WHERE User = ?"; if($stmt = $con->prepare($query)) { $stmt->bind_param('s',$user); if($stmt->execute()) { $stmt->bind_result($db_id,$db_user,$db_pw); $stmt->fetch(); } } along with a comment that said since each of the statements could fail , they should all be tested. I think that that is most cumbersome especially if there were a large number of queries. Hence my confusion. Kindly suggest what's the way to go. Thank you very much for all your replies. Much obliged.

Hi Guru Barand, Yes I have tested out the lines of code as suggested by you and yes they give out warnings in addition to the default php error reporting. The warnings are more precise about the errors. So I guess this is great during testing. However in production all error reporting would have to be turned off. Coming back to the original block of code, $query = "SELECT Id, User, Pass, FROM $table WHERE User = ?"; $stmt = $con->prepare($query); $stmt->bind_param('s',$user); $stmt->execute(); $stmt->bind_result($db_id,$db_user,$db_pw); $stmt->fetch(); I would like to ask another question and that is How fit/good would be these lines of code in production? Is there any improvement that I could make to make this code more robust? Thanks loads

No it's not Guru Barand. In fact after posting the question I am doing the same very thing. Just thought I would get a nod from you and be sure. Thanks. Will revert with the result and any further issues.

Hi Guru Barand and Fastsol, Thanks for the response. I would request you both to please elaborate the explanation of the two different solutions suggested. Guru Barand, would doing what you suggested halt / kill/ the further execution of the script if $query = "SELECT Id, User, Pass, FROM $table WHERE User = ?"; had, say, a syntax error? In case my question is not clear I'll restate it. What I am looking for is a simple way that would test each line in the block of code. In fact such that the next line would execute only if the previous one executed successfully or else it would quit further processing with an error. Kindly clarify. Grateful for the reply.

Hi all ! Here is a small piece of code that I wrote to Select from a DB:- $query = "SELECT Id, User, Pass, FROM $table WHERE User = ?"; $stmt = $con->prepare($query); $stmt->bind_param('s',$user); $stmt->execute(); $stmt->bind_result($db_id,$db_user,$db_pw); $stmt->fetch(); ... Each of these statements warrant that they be checked for failure and for possible exceptions since each of these can fail. However such similar blocks of code may be present at 100's of places in a large application and so checking for failure after each line of code would be make it a very lengthy & cumbersome procedure. I was wondering if there is a simpler, elegant way to handle these kind of failures or exceptions. And that's what I wish to ask. Thanks loads everyone.

Hi requinix, Thanks for the reply. I think I get it but just to be doubly sure I'ld like to ask some more. Do you mean like log into using phpMyAdmin? Would setting a password in code affect my logging into phpMyAdmin ?? I don't think so but please confirm. What if my application is altering or updating the tables based on the user interaction - for eg. inserting the scores of the user in a database or altering them? Now that would tantamount to a write operation and so would I need to allow INSERT and UPDATE privilege to the user? Thanks for the reply and look forward to some more clarifications.

Hi all, An article on wikihow on Secure Login Script, in Part 2, under the heading Configure the MySql Database states that we can create previliges for users. It then goes on to create a user with details : USER : "sec_user". Password "eKcGZr... WU" It then states that "Remember it doesn't need to be a password that you can remember so make it as complicated as possible." The question is regarding this last statement. Why don't we need to remember this password? Also I would like to ask what other security measure do we need to take as regards the MySql database? Also things like settings in the config files etc. Thanks all !

HI scootstah ! Thanks for the reply. Definitely I am removing the sec_session_start() from all my page starts. No the reason I am asking this is that I want to be as sure as possible on Sessions. I am asking this to remove all my doubts about sessions regenerate id. So thanks again for the reply. PS. I also wish to add to anyone looking for similar information that last year I had asked a near similar question on this very forum and Advanced Member Jacques1 had also provided a most complete & comprehensive answer to it. Searching in My Content in my account today came across it and could really appreciate the answer provided by Jacques1. This would be incomplete without a link to that answer. Please find attached the heading under which I had asked the question and Jacques1 had replied: The answer I marked as the best answer. secure login, strong(est) session ID's and secure site navigationThanks scootstah and Jacques1

Hi scootstah ! Thanks for that reply once again. I have read through all that information. phpsec.article was really nice though not conclusive. But then I guess any solution related to sessions security cannot be 100% conclusive. Still Thank you. Just one or two points that I would still like to clear. 1. Supposing my script uses php_regenerate_id() at the beginning of each page, then it would leave a trail of phpsessid's in the tmp folder which are not deleted. Now would these pose a security threat 1. While the user is still browising the website? 2. Even after the user has logged out ? 3. The user has not logged out but simply closed the browser? How would that threat be posed or how can these phpsessid's be used to gain unauthorized access? Thanks loads.

Thanks ! That was really clear, concise & informative. Will go through the related articles. Much obliged. Thanks again !

Hi , try this : Caution : I changed the database name and the field username to suit my own testing. It works and gives no errors index100.php <?php include('login100.php'); // Includes Login Script session_start(); ?> <!DOCTYPE html> <html> <head> <title>Login Form in PHP with Session</title> <link href="style100.css" rel="stylesheet" type="text/css"> </head> <body> <div id="main"> <h1>PHP Login Session Example</h1> <div id="login"> <h2>Login Form</h2> <form action="" method="post"> <label>UserName :</label> <input id="name" name="username" placeholder="username" type="text"> <label>Password :</label> <input id="password" name="password" placeholder="**********" type="password"> <input name="submit" type="submit" value=" Login "> <span><?php echo $error; ?></span> </form> </div> </div> </body> </html> login100.php <?php session_start(); // Starting Session $error=''; // Variable To Store Error Message if (isset($_POST['submit'])) { if (empty($_POST['username']) || empty($_POST['password'])) { $error = "Username or Password is invalid"; } else { // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // Establishing Connection with Server by passing server_name, user_id and password as a parameter $connection = mysqli_connect("localhost", "root", "", "test"); // To protect MySQL injection for Security purpose $username = stripslashes($username); $password = stripslashes($password); $username = mysqli_real_escape_string($connection, $username); $password = mysqli_real_escape_string($connection, $password); // SQL query to fetch information of registerd users and finds user match. $sql = "SELECT * FROM users where password='$password' AND name='$username'"; $result = mysqli_query($connection, $sql); if ($result === false) { echo mysqli_error($connection); } $rows = mysqli_num_rows($result); if ($rows == 1) { $_SESSION['login_user']=$username; // Initializing Session header("location: secure100.php"); // Redirecting To Other Page } else { $error = "Username or Password is invalid"; } mysqli_close($connection); // Closing Connection } } ?> secure100.php <?php session_start(); echo " Welcome ".$_SESSION['login_user']; echo " You are logged in."; ?>