Jump to content

Jacques1

Members
  • Posts

    4,207
  • Joined

  • Last visited

  • Days Won

    209

Everything posted by Jacques1

  1. Frankly, I have no idea what you're doing there. You run the exact same query over and over again, each time you generate the same HTML table, and then you try to pretend that this HTML table is an Excel spreadsheet. What do you expect from this other than a collection of identical files all containing gibberish?
  2. You don't seem to understand how HTTP works. You can send a single response with a single file*. If you want the user to download multiple files, you have to either put them into an archive or display a page where the files can be downloaded one by one. * In theory, there are multipart messages, but I would stay away from those experiments.
  3. HTML fragments scattered all over the application code are even worse. As far as old school PHP templating goes (which is inherently messy), switchting between the modes is fine. That's why they exist. You should use the verbose syntax for control structures, though. <?php $age = 44; ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Title</title> </head> <body> <div> <?php if ($age >= 21): ?> Welcome to the site. <?php else: ?> You're too young to visit this site. <?php endif; ?> </div> </body> </html> If you want to do it properly, use a template engine like Twig. This not only gives you a much better syntax and plenty of useful features. It also prevents a large amount of security problems which PHP code notoriously suffers from.
  4. No, it doesn't look like that. You need to understand the fundamental difference between code and data. You cannot put strings (i. e. data) with PHP fragments in the middle of your script and assume they magically turn into code. This is like writing the word “cat” on a piece of paper and assuming you now have a living cat. A string is dead text. It doesn't “do” anything. If you want to pass a variable number of arguments to a function, then you need to build an array and use the splat operator. You cannot write down a string of comma-separated values and pass it to fhe function, because that gives you a single argument (the string) with gibberish in it. But as you've already been told multiple times, the 60-column design is suspect to begin with.
  5. You need to learn the basics of programming. It makes to sense to jump to complex applications when you have no idea how a function works. Pick any programming introduction (does't have to be PHP-related), open the chapter about functions and read up on parameters, return values and scope.
  6. If you want to learn PHP, come up with your own examples instead of waiting for somebody to spoonfeed you. You've been provided with plenty of ideas and explanations, and the concept of splitting a string isn't exactly rocket science. The confused-newbie game may work for a while, but at some point, it's time to grow up.
  7. So what is your concrete question? PHP basics like form handling and dealing with arrays are explained in the manual as well as in countless online tutorials, videos and books. If you just want somebody to do the conversion for you, there's the hire-a-programmer section.
  8. You mean you've copied and pasted random code snippets you found somewhere on the Internet, mixed them without understanding what they do, and now you wonder why this Frankenstein code doesn't magically become alive. Because programming doesn't work like this. Programming requires an actual understanding of the language and the concrete problem. You clearly don't have that, and most of us are not interested in this lazy Plz-fix-my-copypasta game.
  9. You realize that the options are executing two different scripts, right?
  10. Programming is all about text. If you don't like to read and don't enjoy writing code yourself, that's a problem. Video tutorials are usually made by amateurs who barely know PHP, and even if you find a good one (I'm not aware of any), this is a bonus at best. You cannot learn PHP through random YouTube videos and copying and pasting code.
  11. Before you jump to PHP, you should learn to write valid, semantic HTML markup. Mainstream browsers are fairly robust and will render almost anything, but that doesn't mean errors are fine. They can still cause major usability problems. Always validate your markup before you publish it. Void elements like <input> cannot have content or an end tag. They consist of a single start tag. When you're not sure how an element works, use a reference like the Mozilla Developer Network. Don't abuse <br> elements for layout purposes. Styling is done with CSS only. Use the proper input types instead of the generic text type, and mark required fields with the required attribute. This allows the browser to immediately validate the field and assist the user. You still need server-side validation, but wrong input should be caught as early as possible. Use <label> elements to bind input labels to <input> elements. The code has problems as well. All values must be HTML-escaped before they're inserted into an HTML context. The only exception is when you explicitly want to insert (safe) markup. Treating missing parameters like empty values is a bad idea. When an expected parameter isn't present at all, there's something seriously wrong. Either there's a server-side problem with the form, or the client is broken. This needs to be reported and should also be logged. It's also bad to respond with a “200 OK” status code when the request is not OK. The average human user may be able to deduce this information from the error messages, but that's no excuse for poor usability. <?php // collect error messages $errors = []; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $expected_params = ['name', 'email']; // if a parameter is missing entirely, something is wrong; display an error message, log the error and set an // appropriate status code foreach ($expected_params as $param) { if (!isset($_POST[$param])) { echo 'Missing POST parameter: '.html_escape($param, 'UTF-8'); // feel free to show a pretty error page instead trigger_error('Missing POST parameter: '.$param, E_USER_NOTICE); http_response_code(HTTP_STATUS_BAD_REQUEST); exit; } } if ($_POST['name'] == '') { $errors['name'] = 'Please enter your name.'; } if ($_POST['email'] == '') { $errors['email'] = 'Please enter your e-mail address.'; } // if everything is fine, process the input; otherwise set the appropriate HTTP error code if (!$errors) { echo 'OK'; exit; } else { http_response_code(HTTP_STATUS_BAD_REQUEST); } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Title</title> </head> <body> <form method="post"> <?php if (isset($errors['name'])): ?> <em class="error"><?= html_escape($errors['name'], 'UTF-8') ?></em> <?php endif; ?> <label>Name: <input type="text" name="name" required></label> <?php if (isset($errors['email'])): ?> <em class="error"><?= html_escape($errors['email'], 'UTF-8') ?></em> <?php endif; ?> <label>E-mail address: <input type="email" name="email" required></label> <input type="submit"> </form> </body> </html> <?php function html_escape($raw_input, $encoding) { return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, $encoding); } <?php const HTTP_STATUS_BAD_REQUEST = 400;
  12. Then that's your problem, isn't it? The code you've posted is wrong on every single level. Even if you manage to find somebody who's masochistic enough to debug this mess, that doesn't get you anywhere. You're just polishing a turd. That's why you've been offered a valid approach which actually solves the underlying problem. You don't want that? Then enjoy the code you have.
  13. I like to think the people on this forum are adults who understand how a hyperlink works. In your case, that expectation was obviously unrealistic.
  14. Read the manual. Can you see the big red warning sign which says that the function has been removed? This is not a joke. All mysql_* functions are absolete since almost 15(!) years. Whatever tutorial or book told you got this from, throw it away and look for recent information. We're using PDO now.
  15. What is the exclamation mark doing there: if (!$_SERVER['REQUEST_METHOD'] == "POST") ^^^
  16. So, what happened with your previous problem? Have you followed my recommendation and fixed it? Then you should go back, write a quick follow-up and mark the thread as solved. Several people have invested quite a lot of time to help you, so I think it's only fair if you give some feedback for future users. If you're still running around with the same issue you had two weeks ago, then I suggest you actually read the replies, especially the part about minimal examples. When you just post a big collection of broken scripts, most users will ignore you, because nobody has the time to debug your entire stuff for free. Contrary to popular belief, we do not have magic powers which would allow us to immediately “see” every bug. We have to actually read the code, just like you. Long story short: Take care of your old thread. Reduce the problem. It's generally a good idea to write code step by step and commit each working part. Then you at least have a vague idea of where the problem might be. Fix your error reporting. Enable it in your php.ini, not at runtime. When you change the configuration at runtime, you're going to miss all problems which happen before the code is executed (syntax problems etc.).
  17. How about you stop posting “blah blah blah” and actually get to the point? So, what's your problem? The manual clearly says that you need at least version 10.2.1 for the above feature. That's a hard fact. Since you don't want triggers, this leaves you with exactly two choices: Upgrade your MariaDB. Give up and simply store the current timestamp. You can still add the 10 minutes in your application.
  18. First off, learn how to use mysqli correctly. Or even better: Switch to PDO. As long as you have a big SQL injection vulnerability in your code (which can also be triggered purely by accident), it makes no sense to argue about rendering details. When that's done, I suggest you approach the problem more systematically. There are effectively four different cases: The game ID is missing altogether. The ID is present but malformed. Use ctype_digit() for validation, not is_numeric(). The is_numeric() function accepts all kinds of input formats, including strings like "+0123.45e6". The ID is present and formally valid but doesn't point to any existing game. The ID is completely valid. Those cases need to be checked one after another. If the ID is missing or invalid, you should emit a 400 status code (“Bad Request”) and show an error page. If there is no record for the ID, that's a classical 404 case (“Not Found”). <?php if (!isset($_GET['game_id'])) { show_error_page('Missing URL parameter: game_id', HTTP_CODE_BAD_REQUEST); exit; } if (!ctype_digit($_GET['game_id'])) { show_error_page('Invalid URL parameter: game_id', HTTP_CODE_BAD_REQUEST); exit; } // the game_id is formally valid, try to get the game from the database $game_stmt = $dbconnect->prepare(' SELECT game, -- always select *specific* rows developer, image, description FROM games WHERE game_id = ? '); $game_stmt->bind_param('i', $_GET['game_id']); $game_stmt->execute(); $game_stmt->bind_result($game, $developer, $image, $description); // if no record is present, show 404 page if (!$game_stmt->fetch()) { show_error_page('No game found.', HTTP_CODE_NOT_FOUND); exit; } // *now* you can display the game Extensive validation may be tedious, but it will massively improve the code quality, debuggability and usability. When there's a problem (and there will be problems), you'll be thankful for every piece of information you can get.
  19. So you have a test environment right in front of you, but you're asking us whether that query is possible? That's a bit strange, don't you think? If you're terrified that the query might break something, there's also the manual. This is where the developers write down what is and what isn't possible.
  20. I'm afraid that assuming you've now solved the problem is even more stupid.
  21. How about you concentrate on one problem at a time? You now have three threads pending, and it's entirely unclear which answers you've read and what you actually understand. The code is syntactically invalid. Turn your error reporting up, and PHP will tell you exactly what's wrong. If you want to know how to insert array values into strings, read the manual.
  22. Because $_COOKIE contains the parsed cookies from the request. It does not include new cookies you're trying to set -- which wouldn't make a lot of sense, because you have no idea whether the client will even accept your cookie.
  23. I don't think you understand what unset() does. When you unset() the $bar variable in your function, then you completely destroy the reference to the outer $bar variable -- that's the whole point of unset(). There's no longer any connection between the two. Setting a new value to $bar is now purely local and doesn't affect the global $bar variable. I think this will become a lot clearer if you use two different names for the variables.
  24. If you're still trying to download copyrighted material, you better do that elsewhere. This will not be tolerated in any shape or form.
  25. It's generally a good idea to give some context rather than pull the problem out of nowhere. Where is the data coming from? Comma-separated values can be valid in some cases, but a lot of times, they're a very poor choice or even plain wrong (like when you store them in a database table). When you naively connect strings with no escaping and no quoting, you're also likely to run into trouble.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.