Jump to content

ajoo

Members
  • Content Count

    781
  • Joined

  • Last visited

Everything posted by ajoo

  1. You are using $item_Annual at one place and $itemAnnual at another.
  2. A simple for loop would do the trick.
  3. Hi NotionCommotion, The code analyzer I used is codacy. It's a static code analyzer. I do not think it is using any framework and I am not using any framework for my code either. I have never used any autoloader ever & have no idea about it. I have also never tried composer either. Are these not to be used with frameworks ? Or can I use them in my project which uses no framework or OOPS? If so , then a small example of their usage would be great and get me going. $_POST = array(); $_SESSION() = array(); I have used these just before destroying a session and logging out a user out. mysqli_close. I have used prepared statements throughout. Thanks for the response. I hope some more inputs on this will follow till something concrete can be used to replace the faulty code or it be proved that some of the errors may be superfluous & the code may be used safely as is. Thanks !
  4. Hi all ! I just passed my code through an analyzer and it showed that a lot of it was not following best practices. Some examples are below: 1.Direct use of $_SERVER Superglobal detected. if($_SERVER['REQUEST_METHOD']==="POST"){ if(!isset($_SESSION)) sess_start(); if(isset($_SESSION['timeout'])){ $_SESSION['user']=$user; 2. Direct use of $_POST Superglobal detected. if(isset($_POST['submit']) && $_POST['submit'] ==='Logoff'){ $_POST = array(); $usertype = fcheckRecruiter($_POST['usertype']); and many more like these concerning the use of SUPERGLOBALS. 3. Discouraged functions : header(), session_unset(), mysqli_close(), session destroy() & require_once to name a few besides a lot of other common php functions. header ("Location: donepage.php"); session_unset(); mysqli_close($link); session_destroy(); Well the question is obviously how to tackle these. The surprising part though is that prior to checking the code by an analyzer, I had no clue, like many other coders on this forum perhaps, especially the newbies, that my code was flawed or at least not following the best practices. I never found a single piece of code on the net, in examples, even in examples in the PHP manual that showed the correct usage of these as per best practices. The most surprising of these were of course the SUPERGLOBALS since they are used everywhere and by almost everybody. Googling the internet shows that hardly anyone is clear about these. People are debating on the direct usage of suberglobals where they are used for checking the existence of the variable. So it's all very moot and very grey it seems. Then there are common functions some of which i mentioned above. For example how would I reset the super global $_POST if not by setting it to a blank array? $_POST = array(); Why are these functions, enlisted above, being discouraged from use and what and how should the alternate functions be used ? How to achieve the same functionality in an alternate way? For the use of superglobals I found that it's proposed to use the filters or filter functions to sanatise or validate the input. If i recall correct, Guru Jacques strongly advised against sanitizing any user input. While I can understand validation of user input, sanitization of it seems to be wrong ?? I would be very grateful if someone can shed some light on these very basic and important questions and provide, if possible, some examples of the correct method of using these in code. Thanks all !
  5. Hi, Is this renark fellow hacking or attempting to hack the forum or what ??? I hope not. Thanks
  6. Hi ! What you guys are saying is that it is possible to submit form data to a server using a method other than GET OR POST submit. Would you please confirm if you are referring to submitting the form data using JSON format via an AJAX request using JS or JQ OR is this something else ? Thanks.
  7. Hi requinix, Oh great ! I wish you had told me in #7 to replace session with get, that would have solved it. tI did occur to me to do so, but then I thought choosing $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] was a better option because here I got the complete URL for comparison. Simply using the GET can be manipulated because then someone can send $_GET['childprints'] from a different page and trigger the PRINT menu. However you said that SERVER_NAME and REQUEST_URI was not a good idea. I wish you would tell me why that is not a good idea. In any case I have dropped using the print menu altogether and have instead created a PRINT button on childprints which would eliminate the need to go this route altogether. However I thank you for the discussion which is always there for learning. If you can answer the last question ( requested as a wish above ) I would be grateful. Thank you.
  8. ok I get what you want to know. The View submit is a part of the form therefore <form action='flogin.php?page=childprints' method='post' > the action takes it to that page. Then it falls through the code shown also shown previously user_pages.php which is included in flogin.php include "header.php"; include"navbar.html" // --- The menus are decided and displayed here. . . . if(isset($_GET['page']){ $page = $_GET['page']; swicth($page) { // all pages go here // ... case "home": ... break; case "gallery": ... break; case "childprints" include("fra_prints.php"); break; ... } } So correct it has to d\go through the $_GET['page']; hmmm With the menu already shown by navbar.php wouldn't the detection on childprints.php be futile ? The condition needs to be set before the navbar.php is encountered. Really sorry but i do not understand what you mean by this. Maybe you can show me how to go about it. Thanks.
  9. Hi requinix, My answer #7 describe the precise conditions which I will put down again for your convenience. I have a page layout like this HOME GAMES GALLERY // Menu User1 --- data1 --- data2 --- data3 ---- VIEW // Table with View Buttons. On page say Gallery. User2 --- data4 --- data5 --- data6 ---- VIEW . . UserN --- dataX --- dataY --- dataZ ---- VIEW When the view submit button is pressed, the user lands on childprints page, which has information laid out for printing and the PRINT menu needs to appear when it lands on this page. I hope that is clear. Please let me know if you need any further clarification. Thank you.
  10. hmmm, you see this is the last and the only one page of it's sort that requires this conditional menu appearance / disappearance, as of now, that I need to fix before I put up the application. So the question of longer really doesn't arise. I am at the last. Could you please elaborate? If you are saying that I should do as I have been doing for the pages to display the menu so far, then that cannot work for this, because the menus are set for the user on login and remain the same for the length of the session. This print page is the only rogue page in that sense. Then how do I do it ? Thanks loads !
  11. Hi requinix, Thanks for the reply ! Would it be a problem if I instead check for the Page URL like i did earlier because your suggestion, must definitely be better, is a bit long drawn out it at this stage of the project. If the above solution, of checking the url and displaying the menu, has no security implications I would rather use that for this page and maybe come back to it later and make the changes you recommend. That solution works fine but i don't know if there is a serious downside to it. Please let me know. Thank you !
  12. HI requinix, I do not think that this, as you suggested, would work in my case requinix because my program structure and page flow is like this. include "header.php"; include"navbar.html" // --- The menus are decided and displayed here. . . . if(isset($_GET['page']){ $page = $_GET['page']; swicth($page) { // all pages go here // ... case "home": ... break; case "gallery": ... break; case "childprints" include("fra_prints.php"); break; ... } } The menu is displayed before the page is included. So setting the variable in the relevant case comes after the menu is already displayed. What do you think ? Is that correct or am i reading you wrong ? Thanks !
  13. The way to check for the landing page URL and display the print menu accordingly. Thanks.
  14. Hi Requinix, I really do wish that sometimes you would solve the problem without handing me out another one to work on !!😊 This $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] seems to be the way to go about it. Is this what you had in mind ? It does as required. Thanks
  15. Ya all right, I'll try and be clearer. When a user logsin say as an admin, his menu is set for all pages. As of now he has this menu : HOME GAMES GALLERY with submenus. There is one page print page that is invoked not via menu but via a submit button on a form as below User1 --- data1 --- data2 --- data3 ---- VIEW User2 --- data4 --- data5 --- data6 ---- VIEW . . UserN --- dataX --- dataY --- dataZ ---- VIEW Now when the Admin presses the VIEW submit button , he lands an a page which can be printed and so now I want the menu on this page to be HOME GAMES GALLERY PRINT. I feel that here when the button is submitted i have to use JS or JQ to set the session variable to print so that the following code can invoke the PRINT menu <li> <a href='index.php?page=page1'>Home</a> </li> <li> <a href='index.php?page=page2'>Games</a> </li> <li> <a href='index.php?page=page3'>Gallery</a> </li> <?php if(isset($_SESSION['print']) && $_SESSION['print'] == "print"): ?> <li> <a href='flogin.php?page=childprints'>Print</a> <?php endif; ?> Is that correct? I hope I have been able to make it clear. Also is there an all PHP way to do this ? Thanks !
  16. HI requinix, Thanks for the reply My menus are set on user login and depend upon the user login. Like separately for the admin and other users. The are set using a navbar and then the pages are included in the page area below it. In order for the additional menu to display on a required page and not on any other I had thought i would use a session variable. However this would have to be set and evoked on a button submit which includes the printable page. Wouldn't I still have to use jQuery to set the value of the session variable on a button submit for the menu to be displayed on the landing page? I know this is a different strategy from the one in the question above although it would still useJQ or JS. Is there a better all PHP way to do this ? Thank you.
  17. HI requinix, Thanks for the reply. That's how i had left that page a long time ago with a $_SESSION['print'] for enabling and disabling the menu, but that did not seem to work when i came back to finishing the print page now. I'll look into my earlier logic and see if I can debug it and implement it using PHP. Just for the sake of discussion, isn't using JQuery a good way to go about this ? Thanks !
  18. Hi all, I have the following menu : <li> <a href='index.php?page=page1'>Home</a> </li> <li> <a href='index.php?page=page2'>Games</a> </li> <li> <a href='index.php?page=page3'>Gallery</a> </li> <li> <a href='index.php?page=page4'>Print</a></li> Of these, I want the Print menu to be disabled and invisible for all pages except when it is invoked via a button called View on the Gallery page. The landing page / URL in that case would be index.php?page=page4 and I want the Print menu to be disabled (the link )and made invisible when the user navigates away from the Print page. I know I have to use something like the following for disabling the link but all variations i tried on it seem to fail. $(window).on('hashchange', function(e){ $('a #page4').bind('click', function(e){ e.preventDefault(); }); . . . }); Kindly help to resolve this. Thanks !
  19. ajoo

    insane code

    Thank you Guru Barand ! I'll look it up and revert. Thanks.
  20. ajoo

    insane code

    Hi all ! I have the following code that works perfectly well. However I know that this is not the best way to code php and HTML together. I really want to clean up this code and make it as clean as possible. I have no clue how to proceed. <?php echo "<table border=0 cellpadding=0 cellspacing=0 width=600pt style='border-collapse:collapse;table-layout:fixed;width:600pt'>"; if($selected === 'Zu'|| $selected === 'unZu') { $c = 0; $rowcnt = 0; for($rows=0; $rows<2; $rows++) { if($rows ===0) $p = $rows*$sl1; if($rows ===1) $p = $rows*$sl2; echo "<tr>"; for($j=0; $j<$colCount1; $j++) { if(($j+1+$rows*$colCount1)== $miss[$c]) { $c++; echo "<td class=sum_number style='background-color:pink;' > ".($j+1)."</td>"; }else { echo "<td class=sum_number >".($j+1)."</td>"; } } echo "</tr>"; for($i=0;$i<$sumlen[$rows];$i++) { echo "<tr>"; for($a=1; $a<=$colCount1; $a++) { echo "<td class=sum_1st_column_3 >"; if($pr[$rowcnt][$a]>0) echo " ".$pr[$rowcnt][$a]; else echo $pr[$rowcnt][$a]; echo "</td>"; } echo "</tr>"; $rowcnt += 1; } echo "<tr>"; for($j=0; $j<$colCount1; $j++) { echo "<td class=result > </td>"; } echo "</tr>"; echo "<tr>"; for($j=0; $j<$colCount1; $j++) { echo "<td class=space_between_rows ></td>"; } echo "</tr>"; } echo "</table>"; ?> Thanks all !
  21. hi Ginerjim, Thanks for your interest in this. Sorry for the delay in reply since I saw it just now. OK so these are as follows: The cn__no represents a center is a session variable defined on user login. dd_Stream is the value of the dropdown box that is sent as a post variable when it is selected. once selected, it is also assigned to the Session variable $_SESSION['dd_Stream']. If next time around, if rank dropdown is chosen and submitted, the last value of dd_Stream will be held in the session variable and will be used as such, the rank value is now sent as a post variable. Together these two variable are needed and are fed to a query to generate the results to be displayed. The first time around, on the home page, there are default values for these two variables that are used to invoke the query and display the results. Yes the code now works just fine. I hope that clears it. In case you want any further clarification, i'll be glad to provide. Thanks loads !
  22. Hi Benanamen !! Thanks again for the reply. Right so I call the drop downs a form because their selection causes a submit and both are actually enclosed in <form> tags. So yes they are the forms. Of-course I can choose only one at a time and so only one would be submitted. I put the code for all of you to see. I have managed to sort it out though. It's working great now. I did club the posts together under $_SERVER['method_request'] like you suggested. Yes the logic needed a little twisting though because it needs values from previous session as well. Thanks a ton for pursuing this with me. Regards to all !
  23. Hi all, Grateful for all the responses. I have managed to solve the issue as far as I could test. Find attached the code below that I had to jiggle with to get the correct order for the logic to work. The complexity arose because of the session values that need to come in a certain order for the logic to work. <?php if(isset($_POST['cn_no'])) { if(($cn_no = fcheckNumber($_POST['cn_no'])) !== false){ $_SESSION['f_error'] = "Center No = ".$cn_no; } else $_SESSION['f_error'] = "Center Error"; } else $cn_no = $_SESSION['cn_no']; ////////////// Stream DropDown /////////////// if(isset($_POST['ddStream'])) { if(($dd_Stream = fcheckStream($_POST['ddStream']))===false) { $dd_Stream = false; $_SESSION['f_error'] = "invalid Stream1"; } elseif($dd_Stream ==='All') { $_SESSION['ddStream'] = $dd_Stream; $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } else // $dd_Stream === 'Regular' || $dd_Stream === 'Beginners' { $_SESSION['ddStream'] = $dd_Stream; $pp = "userstatus.Stream = ?"; $strTypes = 'isi'; $mm = $dd_Stream; $values = array($cn_no,$mm); // echo $pp; } } elseif(isset($_SESSION['ddStream'])) { if(($_SESSION['ddStream'])==='All') { $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } elseif($_SESSION['ddStream'] === 'Regular' || $_SESSION['ddStream'] === 'Beginners') { // echo"A1"; $dd_Stream = $_SESSION['ddStream']; $pp = "userstatus.Stream = ?"; $strTypes = 'isi'; $mm = $dd_Stream; $values = array($cn_no,$mm); } else { $dd_Stream = false; $_SESSION['f_error'] = "Invalid Stream2"; } } else { $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } if(isset($_POST['ddrank'])) { if($_POST['ddrank']==='All') $dd_rank = 'All'; else $dd_rank = fcheckNumber($_POST['ddrank']); if($dd_rank===false){$dd_rank=false; $f_error = "rank Error";} if($dd_rank && $dd_rank==='All') { $_SESSION['ddrank']=$dd_rank; $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } else { $_SESSION['ddrank']=$dd_rank; $qq = "userstatus.rank = ?"; $ll = $dd_rank; array_push($values,$ll); } } elseif(isset($_SESSION['ddrank'])) { if(($_SESSION['ddrank'])==='All') { $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } else { $dd_rank = $_SESSION['ddrank']; $qq = "userstatus.rank = ?"; $ll = $dd_rank; array_push($values,$ll); } } else { $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } . . . ?> By the way I do have CSRF token checking in place in case someone should point that out. I removed that since with a common post block it would be much simpler. Thank you all very much. Much obliged. @ Benanamen: The overall task is to take values of two drop downs. One is sent via post and the other is from a session, the previous value, and using these 2, execute a query and display the results. For ex. in my program, it allows a choice of a stream ( like a subject) and the grade or rank of the user and based on these 2 it creates a query and displays the results. The block structure you gave was absolutely correct. The sessions and their placement in the overall code was the problem. Thanks again !
  24. Hi all ! Thanks for all the responses. I think that which was suggested by you all is correct and the problem lies in a bit of complication in my code and the manner in which $_POST and $_SESSION have been used in the if else blocks to get the current and session values. I will fix that, hopefully soon, and then check / test the code again and revert if the problem still remains. Thanks loads !
  25. Hi ! @Benanaman The problem that I wish to solve is to get the submits to find the correct block and avoid interception by the wrong block. @ Kicken. Correct. I made that mistake here. It's perfect in the actual code though. Thanks.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.