-
Posts
4,207 -
Joined
-
Last visited
-
Days Won
209
Everything posted by Jacques1
-
Fatal error: Call to a member function fetchALL()
Jacques1 replied to omardavinci's topic in PHP Coding Help
$users is the array of users. You cannot fetch from it again. -
Fatal error: Call to a member function fetchALL()
Jacques1 replied to omardavinci's topic in PHP Coding Help
The entire code is badly broken: “cahset=UTF” probably means charset=utf8 You neither have exceptions enabled nor care about return values, which means you're flying blind. Your query is broken. 'user' in single quotes is a string. You can't select from a string. Don't use the root account for an application. This account is strictly for administration tasks. Don't use wildcard selects (SELECT * ...). Always select the specific columns you actually need. Put the database connection part into a separate function or script. Don't repeat it on top of every page. A sanitized version: <?php const DB_HOST = 'localhost'; const DB_USER = '...'; const DB_PASSWORD = '...'; const DB_NAME = '...'; const DB_CHARSET = 'UTF8'; function database_connect() { $dsn = 'mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset='.DB_CHARSET; return new PDO($dsn, DB_USER, DB_PASSWORD, [ PDO::ATTR_EMULATE_PREPARES => false, // disable emulated prepared statements for increased security PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // enable exceptions PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // fetch associative arrays by default ]); } <?php require_once '/path/to/database.php'; $database_connection = database_connect(); $users = $database_connection->query('SELECT a_specific_column FROM users')->fetchAll(); $title = 'Home'; // ... -
No. The parameter for additional data is used when you have non-secret input together with secret input. Both have to be covered by the authentication tag, but only the secret data needs to be encrypted. That's why the algorithm has two separate parameters. If you only have secret data, you don't use the parameter at all (simply supply an empty string). If you do have non-secret data, you can pass it to the second parameter to exclude it from the encryption step. Or you simply encrypt the entire input and waste a few CPU cycles. As an example: When you encrypt a message, it can make sense to store the character encoding as meta data. The encoding information should not be manipulated, but it's perfectly fine for anybody to know it. So you would pass it as additional data rather than encrypt it together with the message.
-
This isn't funny behavior. The superglobal is simply horribly misnamed. $_GET has nothing to do with the GET method (or any particular method); it's the parsed query part of the URL and should have been called $_URL_PARAMS.
-
Magic methods
-
It's even dumber to insert user input straight into the page, because now anybody can inject malicious JavaScript code. You need to HTML-escape the input.
-
You start off with a static WHERE clause, and then you simply append your dynamic conditions: 'SELECT ... WHERE b.aliasID <> 22'.($where ? ' AND '.implode(' AND ', $where) : '') You should also consider using a query builder library or at least writing your own routines, because doing all those SQL gymnastics in the search script makes no sense.
-
Nothing wrong with that. My point is that a (would-be) WordPress programmer complaining about the lack of professionalism in PHP is like somebody who joins the KKK and then complains about the lack of cultural sensitivity. When you choose WordPress (for whatever reason), you are by definition in amateur hell. No, it means that I understand the differences between the various programming languages and when to choose one over the other. Why do you bother learning PHP and WordPress when C is such a great general-purpose language? Why don't you grab a low-level FastCGI library for C and get started right away? Because there's obviously a difference between what you can do with a language and what you want to do with it. I've used PHP for many different purposes like system scripts, CLI tools and warehouse management software. I've also used C and Java for many different purposes. Yet I don't think any of them is a one-size-fits-all language. You're entitled to your opinion. As somebody who actually knows a bit about web development, I'm simply saying that you that you're wrong.
-
No, it's as much of a general-purpose language as the other languages you've listed (see the command-line interface for the technical details). Sure, PHP is used a lot in web application, but the same applies to JavaScript (the only time I've ever seen JavaScript outside of a web context was when I had to do Photoshop scripting).
-
The real question is: Why are you so obsessed with dayling savings time? What's the actual problem you're trying to solve? Why can't your application handle DST? This whole discussion is just bizarre.
-
Yes, but I think the query is based on a misunderstanding. It assumes that the links are stored as individual VARCHARs (rather than being embedded in posts).
-
Using PHP-parser for wordpress (using composer)
Jacques1 replied to SamHobbs's topic in Applications
What exactly do you mean by “analyzing Wordpress”? WordPress and Composer have nothing to do with each other. Composer is a package manager which is commonly used (but not required) to install libraries like the above mentioned PHP-Parser. Where the WordPress code you want to parse comes from is entirely irrelevant. I've actually never heard of any WordPress package for Composer. -
Welcome to the forum. If you want to learn professional PHP, then WordPress is a poor choice. It's one of the worst mainstream PHP applications out there and involves coding practices that were barely acceptable in the 90s. Professional PHP can be seen in modern frameworks like Laravel or Symfony. You can use JavaScript on the server if you want to: Node.js. Personally, I'm glad that I can choose whatever language is appropriate for the job. The tasks of a server are vastly different than the tasks of a client, so the idea of a one-size-fits-all language has never made a lot of sense to me.
-
Nevermind, Ashish is busy spamming the Internet: http://www.gidforums.com/t-39668.html http://www.webhostingtalk.com/showthread.php?t=1597187 https://bytes.com/topic/html-css/answers/967237-password-validation-using-html5
-
This makes exactly zero sense, because now you're matching any numbers, not ISBNs. What a disappointment after this long discussion.
-
The data isn't stored as JSON, it's buried in Wikitext. To properly extract it, you'll have to find a Wikitext parser. But why do you even want to use Wikipedia to get coordinates? How about Google Maps?
-
Access variable inside function from another function ?!
Jacques1 replied to vivis933's topic in PHP Coding Help
Well, this is not how variables work. A local variable is only visible within that function and gets destroyed immediately when the function returns. I think what you actually want to do is return the result of the addition so that you can then use it outside of the function: <?php function add($number_1, $number_2) { return $number_1 + $number_2; // add the two numbers and return the result } function div($number_1, $number_2) { return $number_1 / $number_2; } $sum = add(6, 4); $quot = div($sum, 2); echo $quot; -
You're always printing $row in your inner loop. The output should actually be complete nonsense like “Array Array Array ...”.
-
Resolve what issue? Note that password policies can be very annoying for users who generate purely random passwords. A much more friendly approach is to only enforce a minimum length and set up a password strength meter. Also note the client-side validation with JavaScript or HTML can easily be circumvented.
-
First off, I would not use a global pool of IDs, because this is complex and makes it very difficult (if not impossible) to set up a proper database layout with foreign keys. Right now, your ratings don't point to any real entities, you're just storing arbitrary numbers. If I wanted to “rate” the ID −456, I could do that, which is obviously a problem. A far better approach would be to have plain old per-table IDs and different tables for the different ratings. Even a single table with a type column (i. e. no referential integrity) is better. If you absolutely must have global IDs, use random UUIDs (MySQL even has a function for that). Your uniqueness checks don't work.
-
find any combination in any order of specific characters.
Jacques1 replied to agahi's topic in Regex Help
'~\\A[\\d/]+\\z~' By the way, those are forward slashes, not backslashes. -
I have given you an example of how to correctly display two arrays of values. Where those arrays come from is entirely irrlevant. If you don't know how to get POST parameters in CodeIgniter, you're in the wrong forum. I can move your thread to the frameworks section.
-
implode() isn't recursive. When you apply it to an array of arrays, you get nonsense. Simply pass each array individually: <?php $values1 = ['foo', 'bar']; $values2 = ['qux', 'quux']; echo implode(',', $values1).' -- '.implode(',', $values2);