JonnoTheDev
-
Posts
3,584 -
Joined
-
Last visited
-
Days Won
3
Posts posted by JonnoTheDev
-
-
The problem with switching errors off completely is that if your app does produce an error then it may take you a long time to realize it is occuring. If you are experienced enough then the best method (one that can be implemented into all your projects) is to write an error handler (if using PHP5 you could extend the Exception class for example). Obvoiusly this cannot catch syntax errors but you should have tested the app before going live anyway. An error handler could log the errors in a database or email them to you. From the users point of view the app may display a page that states, "the application has performed an error, sorry, blah, blah, etc" and then cleanly redirect them to another part of the app.
-
It depends on how you are using this.
Are you encrypting passwords to store in a database? If you are using a form to authenticate users i.e. username and password then taking the password value, running it through your function and comparing it to a database value to authenticate then there is still an element of insecurity. Because POST requests are made in name=>value pairs in clear text the password that a user types in can be intercepted before it gets to the server via a packet sniffer. The most secure way is to encrypt the password on the client side before it is sent to the server.
Take a look at http://pajhome.org.uk/crypt/md5/
This uses MD5 encryption
-
Yes this is correct. Setup another domain with a web service API that can query your database and return values. A third party may send requests with something similar to:
$socket = fsockopen("www.yourapidomain.com", 80, $errno, $errstr); fputs($socket, "GET /auth.php?user=user&pwd=pass&typ=login HTTP/1.1\r\n"); fputs($socket, "HOST: www.yourapidomain.com\r\n"); fputs($socket, "Connection: close\r\n\r\n"); $response = ""; while(!feof($socket)) { $response .= @fread($socket, 1024); } fclose($socket); switch($response) { case "ok": // logged in break; case "fail": // failed request break; } -
You are best running from a server cron job and get it to email you when the domain is available. The above script works from a form input on a web page so this is not needed for an automated process.
You better check that the whois server you are using allows the number of requests you are going to make or they will just block you.
Loads of domain reg companies offer drop catching services to make sure you get the domain name you are after if it has not yet expired.
-
MFHJoe's code is also good
-
If this is a standalone string then a simple string replace on the letter l would do it but i'm guessing you have a series of strings so a function would be best.
function capitalizeName($name) { $name = str_replace("'", " ' ", $name); $name = ucwords($name); $name = str_replace(" ' ", "'", $name); return $name; } print capitalizeName("joe bloggs")."<br />"; print capitalizeName("mike o'leary"); -
OK. It seems that this is a confusion for many programmers regarding OO techniques. OO programming is NOT about putting all your functions
inside class files.
I'm just having a hard time finding the point. It's extra code. When I roll a function into a class, I have to add lots of $this-> in front of variables. Sure you can just call a class when you need it, but you can call a function list as well.This is so far from the case! By simply "wrapping" functions inside a class i.e. class databaseQueries { } does not give you any or little benefit
from using a standard include functions file approach and may even add time to developing your application.
OO programming is about identifying the different parts of your application and how they relate to each other. Each part "or object" is created as a class
or a set of classes that may inherit or use functionality from other objects. I will give some examples further down.
Switching from a procedural style approach to an OO approach in your applications is another misconception for many developers.
It sucks that OO PHP is becoming sort of a standardWhether you decide on an OO or procedural approach should be dependent on the type and scale of application being developed.
Also is the application going to grow with many new features being added or will it remain small with little modification?
If the application is small then a procedural approach is often the best, most cost effective and easy to implement. If the application is
intended to grow then a procedural approach may mean a less cost effective approach as it may take much longer to make modifications and additions
as appose to an OO designed application. Simply using an OO approach for the sake of it can also lead to issues withot proper design.
You firstly need to examine your previous applications and decide if they would have been better with an OO approach. Is there tons of if, else statements
in your functions and procedural code? Is there much code duplication in various files? How easy is it to add additional features to the application?
Lets take a couple of examples.
If I have an application that requires connections to more than 1 type of database lets say SQL and MYSQL. In the future this application may also need to
connect to more databases. This is the perfect case for an OO approach. If I did this procedurally I will probably end up with loads of if, else clauses
for each type of database. An OO approach may incorporate a Database super class and sub classes of MySQL and SQL. The type of object created or "instantiated"
in the code is dependent on the database connection string so:
$database = new database($connectionString);
$database->sendQuery(parameters);
The $database variable will contain either a MySQL or SQL object dependent on the value of $connectionString. New databases can be added by creating a
sub-class. There would be no need to modify any of the current code to deal with this unlike a procedural approach where functions and conditional
statements may need to be modified.
Another example may be a user system with different users having different levels of access. More types of users may need to be added for example admins,
accounts, sales, temps, etc. Adding new user types to a procedural system may be a nightmare if this is a common additional feature. In an OO approach you
may have a User super class that contains common details such as firstname, password, etc.. Then sub-classes of AdminUser, TempUser, SalesUser. The type
of object created may depend on the login details that the user supplied so:
$user = user::login($loginDetails);
$user->printSalesReport();
$user could be any type of user but this method would return false for TempUser meaning that they do not have access to the sales reports.
So in a nutshell if your applications require these sort of features and need to be extensible then an OO approach is the best. Good OO design is
not always easy to acheive and a knowledge of polymorphism, inheritence, interfaces, abstract classes, static methods and variables is required to create
the best design that fits your requirements.
On a final note for PHP development an OO approach is best implemented in PHP5. It is worth scrapping PHP4 and upgrading if not done already.
-
You could just remove the last comma
while ($row = @mysql_fetch_array($query))
{
$variable2=$row['Color'];
//table layout for results
//prints extra comma at the end of results
$str .= "$variable2, ";
}
print substr($str, strlen($str)-1);
MySQL query not updating
in PHP Coding Help
Posted
Im guessing that you are checking if a record exists in the database with a certain value and if not then update it.
Some similar code but it may not fit entirely:
if(isset($_POST['go'])) { // escape server vars for database query $_POST['id'] = mysql_escape_string($_POST['id']); $_SESSION['login'] = mysql_escape_string($_SESSION['login']); $result = mysql_query("SELECT * FROM challengeid WHERE challengeid = '".$_POST['id']."' AND username != '".$_SESSION['login']."' LIMIT 1"); // secord already exists if(mysql_num_rows($result)) { print "Record already exists"; } else { $_POST['result'] = mysql_escape_string($_POST['result']); mysql_query("UPDATE challengeid SET userresult = '".$_POST['result']."' WHERE challengeid = '".$_POST['id']."' AND username = '".$_SESSION['login']."'"); print "Record Updated"; } }Your first step in debugging is to check that your POST values are actually created from your form. You should always test/escape your post values before placing in any database query otherwise you are wide open to attack and could end up with unexpected results. Has there been a value entered for $_POST['result'] and $_POST['id']? Is there a value set for $_POST['go'], I assume this is a hidden form field. Rather than running the initial query, change your code to print it to the screen and then test with mysql. Is the query correct with the correct values? The first query that you have written is running through a loop indicating that there may be more than 1 record in the challengeid table with a challengeid of x and a username of X, is this the case? If not using a loop is incorrect, check for a single record as in my example.