ajoo

Hi thanks cyberRobort. No i have not so I'll take a look atit and revert. Thanks for the reply.

Hi all. I have just created a login page which logs a person into a page with menu buttons. However, i have noticed that if, inadvertently, i double click any of the menu buttons or the other form submit buttons, i get logged out. I think this is because of the session_regenerate_id that i used for the login purpose and which I don't want to change. So I would like to know if there is some way to ignore subsequent clicks for a certain period of time once the button has been clicked. For e.g. if i have clicked a submit button, then i want that any further clicks on the same button be ignored if they occur within say 500ms of the 1st one. Something like that. Or better still if the subsequent clicks are ignored until the previous button action has been completetd once it is clicked. Again for e.g. if i a submit button is accessing a database and takes say 300ms to retrive and display that information, then once that button has been clicked, subsequent clicks on it should be ignored - in this eg. for 300 ms - till the previous button action is complete. Implore all the gurus for their invaluable inputs and guidance. Thanks all !

Hi guys ! thanks for both the replies. Ginerjim, you were right. leaving the quotes off the variable did the trick. Surprising thing is that I tried that before posting this question and for some reason it did not work. After your suggestion I tried it again just now and it worked !! Thanks loads both of you. Very grateful. Ajoo.

Hi all ! I wish to build a mysql query which is very simple. An example of the query I want is as follows: $query = "Select * FROM $table WHERE tables=1 OR tables=2 AND Member_status = 'D' "; The problem is that the conditions Where tables=1 or tables=2 can vary and i can have tables=3 , tables=4 etc. as well. So basically the OR condition is ramdom and must be constructed in a loop. I constructed a loop which stores the result in a variable $tablescnt. i.e. echo .$tablescnt; gives tables=1 OR tables=2 OR tables=3 and so on depending upon the loop iterations. However i don't know i am going to substitute this ($tablescnt) into $query above. I tried $query = "Select * FROM $table WHERE '$tablescnt' AND Member_status = 'D' "; where i hoped that $tablescnt would expand as desired. However it did not work. So any suggestions on how I may proceed would be very helpful. Thanks all for your time to check this out and help me.

Hi, I am stuck trying to get the link/href statement to work. I have tried so many variations but i get a very persistent error. Kindly help while($rows=mysqli_fetch_array($result)) { $count = $count+1; $field[$count] = $rows['Member_ID']; echo "<tr> <td>".$count."</td> <td> &nbsp ".$rows['fname'].' '.$rows['lname']."</td> <td> < a href = "$_SERVER['PHP_SELF']?id = $count "> Update </a> </td> </tr>"; } It results in this error "Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in D:\xampp\htdocs\xampp\MagicLogin\includes\fra_register1.php on line 84". I have tried the following variations: < a href = "$_SERVER['PHP_SELF']? id = <? echo $count; ?> "> Update </a> < a href = "$_SERVER['PHP_SELF']?id = <? echo $count; ?> "> Update </a> < a href = "$_SERVER['PHP_SELF']? id = <?php echo '.$count.'; "> Update </a> < a href = "$_SERVER['PHP_SELF']? id = <? echo '$count'; "> Update </a> and maybe a few more I did not keep track of but the error persists and I can't figure it out. Please note that there is no actual variable like "id" that i am using in the statement ($_SERVER['PHP_SELF']? id= ) . So far as I know that only used to pass a value back to the program. This could be very stupid but could someone help me out. Thanks.

Thanks Kicken, That gave me a lot of confidence. I'll try the alias again now. I have tried it twice but it did not work but maybe i did make some mistake. Thanks loads. Gurus are great !

Hi Barand, I have another small question. I have the following query : Select Distance, SUM((Score/10)*100)/MAX(ID) as Racetime FROM Race, Here the Racetime is an alias. While the value of Racetime calculated is perfect, I am unable to access this value from php using the usual procedure, $query = "Select Distance, SUM((Score/10)*100)/MAX(ID) as Racetime FROM Race"; $result = mysqli_query($link,$query); $row=mysqli_fetch_assoc($result); $dis = $row['Distance']; $RT = $row['Racetime']; I have left out some commands for checking the status of the query's output for brevity. So please explain how can a calculated alias field like 'Racetime' be received into PHP. Thanks

Hi Barand, Thanks. I'll try and clarify. OK his refers to the players own. To clarify, I'll take your example of 2 players A and B. Lets say player A logs in first. As mentioned, the game accesses player A's initial values and settings and he plays his game for 10 minutes all the while he's connected to the DB i.e. the program does not use a command like mysqli_close to close the connection with the database for those 10 minutes A is playing the game. Now if player B tries to log into the same game / program/ application after say 2 minutes of player A's login and the program / application tries to access the database to get player Bs settings, would the program be able to do so or would the fact that the database is already opened by player As instance of the game / prog/ application be a hindrance? Surely the program will update both player As and player Bs scores and add it to the database. No question of the players updating their own or another person's score. The program will update their scores into a common database once they have played their games because it would need those to rank the players. Finally I have also read some articles on database locking and what I have gathered is that just because a database connection is opened by one player, it does not mean that it cannot be accessed by another especially if we define the SQL commands using NOLOCK or ROWLOCK commands if we are sure that it would be just one or 2 rows that would be affected by our SQL commands. And for some commands we don't even have to have a lock and so we can use NOLOCK. However the programmer should be clear of the amount of database entries that his SQL commands are affecting. So I'll be happy if you can confirm what i have construed is correct regarding locks and also look into the players example and answer that as well. Thanks especially Barand and all gurus on this forum. You guys rock !

Hi Barand, I read through that which you suggested and am none the wiser. Gurus like yourself are able to understand such complex noob stuff but i just felt sleepy !! I'ld be grateful if you can answer my two questions yourself in a simplified language. I'll take an example for the 2nd question. Suppose I have a game being played by 100's of persons simultaneously and their scores are recorded in a database. Now when each person logs into the game he accesses the database for his initial settings ( READ ONLY) like level etc and maintains his connection with the DB ( mysqli_connect). Once he finishes the game he updates his score and quits. If the entire process lasted for 10 minutes, from login to playing the game, updating the score and logging out, would another gamer be not able to update his score to the same database in those 10 minutes. Is it that bad? Couldn't be. I don't think so and certainly certainly hope not. For my first question, i read through the MySql chapter 19 as suggested by you, but did not find any practical example of using the procedures/functions using php. Will try and look up on the net still even after i write this mail. Please help. Thanks loads !!

Thanks Guru Barand, Will do so as suggested. Was expecting a reply from none other !

Hi friends, I am still awaiting a reply, comment to these issue. I hope someone will be forthcoming. Thanks

Thanks guys ! Well I too came across the fact that its a bug. Like I said it worked just fine on phpfiddle but not on my local host. Taking a wayaround. Thanks all.

Hi to all ! While i await some reply to my earlier query, here's another one - a simpler one perhaps but it has me baffled. The following is the code I tested on phpfiddle and it works great. Gives the correct time difference in days. <?php $date1 =date_create("2013-12-07"); $date2 = date("Y-m-d"); $date2 = date_create("$date2"); echo "<br>"; $Gap = date_diff($date1, $date2); echo $Gap->format("%a days"); ?> However when i actually implement it on my localhost running version 5.3 of php i get the difference as a multiple of 6015. So if there is a 1 day difference, instead of getting 1, i get 6015. for 3 days i got 18045 which is 6015 * 3. I have tried but i am unable to figure it out. Any suggestions anyone. Thanks.

Hi all ! I have been learning MySQL and the gurus have been so patient and helpful. So here are some more queries from a beginner. First is regarding the SQL query procedure from PHP. Every time a query is created and we have to go thru the following: ////////////////////////////////////////////////////////////////// query 1 query = "Select * from club"; $result = mysqli_query($link, $query); if ($result) { do whatever for a successful query; } else { display or log an error } ///////////////////////////////////////////////////////// query 2 query = "Update club SET visit = '2'; $result = mysqli_query($link, $query); if($result) ... So my first question is that if we are accessing the same Table , namely clubs, in the above example, then is it not possible to avoid repetitive steps. Can't both & more statements be processed at one go or must each and every query be checked for successful execution? Is there no way to send a group query and have it processed at one go. It would greatly reduce the coding size and therefore chances of errors. The second question is that if more than one person is accessing a database at the same time, trying to read or write into the tables, and there is a time clash, how will mysql handle it? Would it automatically queue the entries or would some of the entries be lost ? If the entries are lost, then how can this be prevented ? Thanks all the gurus for all the help so far and that which would ensue. Cheers !

Hi Barand, Thanks for this. Ofcourse I see your point and I am sure i'll be able to utilize this when it comes to more than one student in a the table but i'ld be glad if you'ld be able to explain these, if only from a totally academic & learning point of view, the working of the query especially these two lines @row:=IF(@prev=subjectID, @row+1, 1) as row, @prev:=subjectId as subjectId Also in the model that I am pursuing, ( again only from an academic point of view) I don't need to have a subject column because since there is only one student, I can have the subject as the field label instead and thereby save an entire field. In that case it would be feasible to come up with a solution that I have been trying in my previous reply. I am putting it down again below for convenience. Would it then be possible to get this working with the correct calculations of the row variable and if so how. Thanks. I hope you'll appreciate that I wish to learn and not just pick the code from one place and put it in another. Thank you for all the help. SELECT MAX(testdate) as DateEnding, AVG(score) as average FROM ( SELECT testdate, score, FROM testresult ORDER BY testdate ) as rows GROUP BY FLOOR((row-1)/5), ORDER BY DateEnding

Hi barand, I have been sitting and trying to dissect the query piecemeal to understand it. I'll be grateful if you can explain it so that it's easy for me to understand. Since my database has only one subject which is default, all I need is the score averaged over testdate, I tried to do away with the following lines @row:=IF(@prev=subjectID, @row+1, 1) as row, @prev:=subjectId as subjectId as well as the ensuing JOIN command but obviously that's a mistake since GROUP BY FLOOR((row-1)/5) uses row to get the block of 5 values to be averaged. I am therefore not getting how the above two or I think just the 1st line should be modified to get the correct row value. This is what I tried and it's faulty. But I think if i can calculate the rows value correctly, it would most probably work. Your help is sought again and thanks loads. SELECT MAX(testdate) as DateEnding, AVG(score) as average FROM ( SELECT testdate, score, FROM testresult ORDER BY testdate ) as rows GROUP BY FLOOR((row-1)/5), ORDER BY DateEnding

Hi Barand, Thanks loads for the example. I'll take time to look into it and dissect and assimilate it. Then I'll adopt it to my situation and I am sure it would work. I will revert in some time. Thanks again.

Hey guys, while this seems simple I am sure that Its complex. I have had a few ideas that I have tried without success. Pls I request the gurus to take a look at this and help me out of this fix. I tried this example below but it does not give the desired result though it does seem to be the way. I am sure one of you gurus can fix it just by looking at it. Please help me out. Thanks loads. SET @i := 0; SELECT @i:=@i+1 as rownum, FLOOR(@i/5) AS `datagrp`, AVG(`tmptbl`.`score`) FROM ( SELECT `score` FROM testresult ) as `tmptbl` GROUP BY `tmptbl`.`score`

HI Barand, Hope you are doing good. Nice to be interacting and learning from you once again. Thanks for the effort above , however my problem is slightly different. The table contains data for only one student to begin with and instead has one or more subjects that he / she is tested for like maybe English and Maths. The student takes a test for each subject everyday and we have to average averages for each 5 day slots. Not moving averages but simple 5 or n day slot averages. So for eg if we have the following table then averages for 5 days ( which may or may not be consecutive ) have to be taken out as indicated by their color slots. So the output will give 3 average values for each color block. Of-course their may be additional columns for scores of other subjects. Thanks and looking forward to your response. +-------+------------+-------+ | name | testdate | score | +-------+------------+-------+ | Mary | 2013-06-03 | 58 | | Mary | 2013-06-04 | 99 | | Mary | 2013-06-05 | 34 | | Mary | 2013-06-06 | 56 | | Mary | 2013-06-07 | 37 | | Mary | 2013-06-10 | 22 | | Mary | 2013-06-11 | 45 | | Mary | 2013-06-12 | 30 | | Mary | 2013-06-13 | 58 | | Mary | 2013-06-14 | 31 | | Mary | 2013-06-17 | 98 | | Mary | 2013-06-18 | 42 | | Mary | 2013-06-19 | 55 | | Mary | 2013-06-20 | 47 | | Mary | 2013-06-21 | 100 |

Hi I have this very simple averaging problem. Since I am almost a newbie with MySql, any help would be appreciated. I have a table which stores the results of a student's test conducted on a daily basis for 3 months. I want to record the average score after each 5 days. So the first average score should be calculated after 5 days have passed and then after every 5 days. So I should have 2 average scores after 10 days and 3 after 15 days and so on. How can I achieve this in Mysql. I want to use these average scores to display a graph. Ofcourse in general I would like it to calculate it for any n number of days. Thank you

Hi ! Here's another thing that is more flash specific that I wish to ask. I have in my flash game actionscript on various frames that I have written on those particular frames. Would it be any help to take that actionscript off those frames there and put it in a seperate file in the sense that now if someone decompiles the swf file the actionscript would be safe. Would seperating the code from the movie save the code? If so then how can i do this seperation. For e.g. If i have code on frames 10 and 30 and at 50 then how can i seperate the code and make sure that it would be executed as is being done now when it is written on those frames. So I don't know if separating the code from the flash swf will save it in case the file is decomiled. 2) if yes, i.e. if this is the safer route - then how can i separate the code and from the movie and ensure the movie runs the same as before. Thanks !

Thanks dalecosp, I'll take that into consideration and do the data validation and sanitizing there. I would be glad to get some more answers on some of the other issues that I have mentioned in this post. Thanks all for their valuable time and helpful comments.

Hi all, I am developing an application that involves php and flash. Flash is on the server too in the form of swf file running inside an HTML page. I would like to know what security issues loom large with such applications. I would be happy if someone can come out with some known security issues and also point to some that could occur and should be looked into. I am using Flash 8.0 with actionscript 2.0. I am aware that swf can be disassembled. How easy is that and what can be done to prevent someone from doing so? The interaction of Flash and PHP occurs as follows: Once the client is logged in he can activate the flash movie page which is like a game. The game gets its stored values from a database so the flash connects to php and is fed from it the initialisation values for the movie to start. The movie plays and some values are generated during the game ( almost all integers & 1,2 dates). Once the game ends these values are stored back into the database by flash calling the php and POSTing data into the database through it (php). One question that i wanna ask is that since the program is generating the values, do i need to take the security measures on the posted data and validate and escape it before storing it into the Mysql database? Can these values also be intercepted by a malicious user and changed before the php stores them in the DB? Any knowledge on this that anyone here considers relevant is very welcome,. I would be happy for any and all responses on this issue from all the gurus here and thank you all in advance. Have a great day all !

Thanks Ch0cu3r for the confirmation of my thoughts. You have helped me render some form to the formless HTML by making things a bit clear about sessions and cookies. I really wish you can shed some more detail on the security aspects that i have asked in the last message. And additionally as to your remark about changing PHPSESSID name to something else ,would that be of any particular use or in any way enhance the security ? Thanks loads all !

Hi all ! So i read more about issues with sessions and cookies and my god how many times have i read them now ! In fact I am coming back to this one after sometime now but yes I read session & cookies and all and yet I am still not 100% clear. Still better though. The gurus were right as they always are. I wish Sir, that you had told me something more about the PHPSESSID variable that automatically stores a session ID cookie on the client machine. So until I got that piece of information I was quite confused. So while I was not EXPLICITLY setting a cookie on the client side, its been done automatically by the sessions mechanism. AND That's the reason why I thought i did not need to use a cookie ( or any other form of data passing with the client ) because i was not doing so explicitly myself with a setcookie() command, while all the time using one set by the sessions. If there is still something that I have missed I would be glad if the Gurus here would fill that for me. If not, then I have some more questions :- 1. Is this cookie, set automatically via PHPSESSID, good for uniquely identifying different users or would I need to create a specific cookie again for each user identification? I mean if more than one client is exploring the website then hopefully the sessions would not confuse one for the other and mix up their data. 2. Is this cookie mechanism as safe as another that I have seen in some tutorials where a session cookie is hashed and stored along with a user cookie similarly hashed. These are then rehashed on the server and compared to values stored on a database. When I say as safe i mean against attack of session hijack or session fixation. What are the security implications with these two types of cookies. Is one better than the other? Anything else that I may be unaware of ! 3. Could you please propose some safeguards against these threats preferably with some code. 4. I came across session_set_cookie_params command and it said that this should be used before session_start. I just wanna know if someone has set a cookie and already set the time parameter to say 1 week (7*24*60*60) then why should this be invoked on each page before the session_start() ??. In fact if the parameters were set in say the set cookie command, then why use this command at all anywhere in the program? hmmm Am i asking something stupid here ? Thanks !