Jump to content

maxxd

Gurus
  • Content Count

    919
  • Joined

  • Last visited

  • Days Won

    24

Everything posted by maxxd

  1. maxxd

    Help on this code please.

    Couple things to add to mac_gyver's answer. First, ID in a table is typically (not always, so I'm making an assumption) an auto-increment field, which means you won't insert a value into that field at all. Drop it from the column and values lists. It also looks like you're missing the closing parenthesis in the values list of your query. Finally, strings need to be quoted, so $coment would be '$coment', etc. Turn on error reporting - it'll help.
  2. Yeah, 32 characters for the hashed password value is not enough. I'd up that to 64 or 128, then - as mac_guyver suggests - go back to the beginning and revisit your logic. Also, make sure you've got error reporting enabled.
  3. So what exactly is the purpose of the form? If it doesn't really do anything, why is it there? What is the not much that it does? For instance, a contact form may not insert any data into the database, but a malicious user could inject to: and from: headers into the comment section and use your contact form as a spam launcher to send mail to users. If the actual body of the spam mail contains malicious code, then yes. This could be a problem. I think what Jacques1 is saying is that any and all data needs to be carefully considered before anything is done with it, regardless of its eventual purpose - whether it's stored in the database, displayed to the current user, or e-mailed anywhere. I don't know that you need to validate the contents of the specific form element because I don't know the purpose of your form, but you should definitely handle all the other data - which I'm sure you're considering, given the fact that you've asked this question. Jacques1, please correct me if I'm wrong regarding my understanding of your post.
  4. Possibly a dumb question, but what's your mySQL column settings for both salt and password? Make sure they're able to hold the complete strings of both values and aren't truncating upon insert. The code looks fine to me (admittedly, I haven't had my second cup of coffee yet), so I'd start there.
  5. Try assigning the return value of the function to a variable, then dump that. $thumb = get_field('thumbnail'); print("<pre>".print_r($thumb,true)."</pre>"); die(); That should show you what you're dealing with, assuming get_field() is returning anything.
  6. maxxd

    Single Input Name and Multiple Values

    You need to reconsider your approach. By trying to 'make things as simple as possible', you're twisting things way out of control. Consider using comboboxes for the your filters. <select name='type'> <option value='newcars'>New Cars</option> <option value='new'>New Whatever</option> <option value='newmake'>New Make</option> </select> <select name='year'> <option>2014</option> <option>2013</option> <option>2012</option> </select> <select name='color'> <option value='blue'>Blue</option> <option value='red'>Red</option> <option value='rusted'>Rusted Out</option> </select> Then you build it in php $link = "http://ebay.com/{$_GET['type']}/{$_GET['year']}/{$_GET['color']}/"; I've honestly never used ebay so I don't know if that link makes any sense at all to it, but I think it's close to what you're trying to do?
  7. maxxd

    Single Input Name and Multiple Values

    A couple options in addition to cyberRobot's suggestion come to mind. You could use a checkbox group and a per-determined list of options, which is probably the safest and most controllable method. Or you can explode the $_POST['brand'] value on a comma (or other character). This, however, leaves you at the mercy of your users and whether or not they're going to read and follow the instructions.
  8. maxxd

    cant log-in with unique id

    Actually, that's not what's going on. The only value returned on line 7 is the last_login_date - student_id is pulled from _POST on line 16. The problem is this assumes that the submitting form (the log in form) already knows the student_id. Which it quite literally can't. The solution to this specific problem is to add student_id to the list of fields returned from the query on line 7, then assign that value to $_SESSION['student_id']. The security issues and outdated mysql_ functions are other matters entirely.
  9. If running the query in phpMyAdmin only returns 1 row when you're expecting 3, you need to re-evaluate your query. Only 1 row is matching the criteria, so something is amiss. Work on the query in phpMyAdmin until you're actually getting back all the results you know you should have, then worry about getting those results from and into php.
  10. I didn't even think about array_map() - much better for readability.
  11. '&&' is a logical operator - it doesn't work the way you're trying to use it. Check http://us3.php.net/manual/en/language.operators.logical.php for more details. In the meantime, try foreach($fields_to_cap as $field){ $cap_fields[] = strtoupper(str_replace(' ','',rgpost($each))); } I'm assuming rgpost() is a custom function that should be called on the raw data?
  12. There could be any number of reasons this isn't returning what you expect - a little more detail would help. If you run the query in phpMyAdmin or MySQLWorkbench, is it returning 1 row or 3? Is there some php display code - obviously, if there is display code we'd need to see that as well.
  13. maxxd

    Grab new $id on recently uploaded

    That's how I would handle it, yes. Something along the lines of the following: $query = mysql_query("SELECT id ,location ,description ,name FROM `images` ORDER BY `id` DESC LIMIT 4"); while($row = mysql_fetch_assoc($query)) { echo "<img src='{$row['location']}' alt='{$row['description']}' name='image_{$id}' id='image_{$row['id']}' title='{$row['name']}' />\n"; } Of course, I'd also recommend you use either the PDO or MySQLi libraries instead of mysql_* functions as those are well and truly deprecated and slated to be removed from the language soon.
  14. maxxd

    Setting Table column widths

    Remove the width attribute in your table opening tag.
  15. maxxd

    Grab new $id on recently uploaded

    You're overwriting $imageData on each loop through the 4 returned rows from the database and only outputting the results after the loop. Are you actually storing the image in the database, or a path to the file on the server? I'm not sure how the browser's going to respond to trying to write the image header for each of the images, but you'd need to put the lines header("content-type: image/jpeg"); echo $imageData; before the closing curly brace of your while() loop. Also, if you're trying to display 4 images, why do you care if $_GET['id'] is set? If you're only trying to display the selected image (the image corresponding to 'id' in $_GET['id']), the user Ch0cu3r's code.
  16. maxxd

    Understanding OOP How Does My Script Look?

    OK - it's actually not a bad start at all for a beginner. Couple things (please keep in mind that this is how I code and there are a million other opinions and ways of working) First, your constructor method actually was doing what it was supposed to do, it just wasn't storing the result anywhere or returning anything so it looked like it wasn't doing anything. Notice in the code below that there are two property declarations before the constructor - these set up object-scope variables (also called properties). The scoping here means that the methods in the Greeting class can access the values in the properties, but, because they're declared private, an external class will *not* be able to access them directly. The same visibility caveat applies to the functions (called methods) in the class itself - an external class won't be able to call setGreetingPhrase() without an error. Now, I have a tendency to break my functionality into the smallest units I can think of when I create my methods. Some would say they're too small, but I like to know exactly what I'm looking at when I have to debug a method. So, in this example, your constructor explicitly calls setTime() to set the hour of the day in the local property, then explicitly calls setGreetingPhrase() which uses the value in hour_of_day to set the string value you eventually want to return. Finally, you've got the getGreetingPhrase() method which acts as the public access point in order to return the string built by the constructor. Obviously, there's a ton of different things you can do here - it's just a quick and dirty example. For instance, make setGreetingPhrase() and setTime() public and other objects can modify the eventual output, you can do value checking, etc. class Greeting{ /** * The hour * @var int */ private $hour_of_day = 0; /** * The actual greeting phrase * @var string */ private $greeting_phrase; /** * Class constructor. * @param string $dateString Date string */ public function __construct($dateString=null){ if(!is_null($dateString)){ $this->setTime($dateString); $this->setGreetingPhrase(); } } /** * Sets the time of day. * @param string $value Valid date string to parse and store * @return void|string Error code and message on DateTime exception */ private function setTime($value){ try{ $dt = new DateTime($value); }catch(Exception $e){ print("<p>Error: {$e->getCode()} :: {$e->getMessage()}</p>"); die(); } $this->hour_of_day = $dt->format('G'); } /** * Sets the actual phrase to return as a greeting. * @return void */ private function setGreetingPhrase(){ if($this->hour_of_day < 12){ $this->greeting_phrase = 'Good morning!'; }elseif($this->hour_of_day >= 12 && $this->hour_of_day < 18){ $this->greeting_phrase = 'Good afternoon!'; }else{ $this->greeting_phrase = 'Good evening!'; } } /** * Returns the greeting phrase if set up. * @return string|null */ public function getGreetingPhrase(){ if(!empty($this->greeting_phrase)){ return $this->greeting_phrase; } return null; } } $greeting = new Greeting('2014-06-19 12:45:00'); //$greeting = new Greeting('12:45pm today'); echo $greeting->getGreetingPhrase(); So, that's my two cents - hope it helps!
  17. maxxd

    Legacy Code & Code Under Test

    I've always considered legacy code to be existing code in a project - class code written for version 1.0 and not updated for 1.2 is legacy code. And, honestly, version 1.2 code is legacy as soon as development on 1.3 starts. Legacy code can be ugly or pretty, as can code under test, code in development, or deployed code. Ugly is ugly regardless of state or stage. That's the way I've always thought about it, anyway.
  18. maxxd

    Using Ajax with Wordpress

    .bind() has been deprecated as of JQuery 1.7, with .on() being the preferred method of binding events to potentially non-existing dom objects at page load. That may have something to do with it - check which version of JQuery is being used in each case. Also, I've run across a couple odd occurrences where using the dom element selector doesn't actually work, and it needed to be something along the lines of $(document).on('click','#main_menu_id',function(){ ... }); Don't quote me on the actual syntax above - I've only run across the situation once or twice, so I can't pull it out of my brain right now. I'll look tomorrow morning and see if I can find a concrete example.
  19. maxxd

    cant log-in with unique id

    OK. First off, do what ginerjm suggests. Always turn on error reporting on your development server. Now, fun times. You're assigning $student_id the value from $_REQUEST['id'], using $_GET['id'] in the query, assigning $_SESSION['student_id'] the value from $_POST['student_id'], and using $student_id in the redirect header. It also seems that the database contains a learner_id field, which you compare to $_POST['learner_id']. The sheer volume of inconsistent data sources, names, and data transfer methods makes debugging a nightmare. I would recommend selecting the student id from the student_information when you select last_login_date. The id should be an auto-incremented primary key for the table, so you'll know it's an integer and safe for CRUD operations. Compare that to either $_GET['id'] or $_POST['id'] (I'd recommend you choose a transfer method and stick with it - as you can see, it's easy to get confused if you don't know where the data is coming from) to make sure you're dealing with the right student, then you can a) assign the database-retrieved value to $_SESSION['student_id'], b) use the database-retrieved value to update the student_information table, and c) append the database-retrieved value to the location header. All of that aside, print out the value of $student_id before and after the htmlentities() call and see what the value actually is. From the documentation: If the input string contains an invalid code unit sequence within the given encoding an empty string will be returned, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set.
  20. maxxd

    PHP Session variables unavailable

    OK - Looks the the SECURE constant is undefined. What's the purpose of it - I don't see where you've used it anywhere else in the code.
  21. maxxd

    cant log-in with unique id

    Several things going on, but the one that's probably tripping you up is that you're not hashing your password before comparing it to the one in the database. I'm assuming (hoping, really) that the stored passwords are all hashed and not just plain-text. Ignoring the deprecated mysql_ functions, the invitation to SQL injection, and undeclared variables, this is probably why you're not logging in correctly even with legit credentials.
  22. maxxd

    PHP Session variables unavailable

    You stated this in reply #7: Then the next age thatdisplays calls the login_check function which is shown below and at the point the session variables have no values. I'm assuming a bit of a typo on 'the next age thatdisplays' that was meant to read 'the next page that displays'. If you're redirecting, are you restarting the session on the target page with session_start()? If not, usually php will throw an error, but if your error reporting is off you'll never know that. Insert the lines jazzman1 suggests on the page to which you redirect and see if it give you an error about undefined variable $_SESSION. If so, start the session again and let us know what happens.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.