Jacques1

C'mon now.
 
Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.
 
Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

Get rid of all error checks, try statements etc. Just let PHP and mysqli do their work. If a query fails, mysqli will throw an exception, and if you leave that exception alone, PHP will properly abort the whole transaction.
 
Freeing nonexistent result sets and closing statements which will be closed anyway also seems rather pointless. Manual resource management can make sense for resource-heavy and persistent scripts. But there's no point in cleaning up a simple short-lived script which barely runs for a second.

Let me google that for you.

Your mysqli error reporting is still broken. Please scan your entire code for all connections that don't have exceptions enabled, and fix this once and for all. When a query fails, you want a proper error message, not this boolean stuff.
 
Then post the error message here.
 
The query again makes no sense to me, but that's another story.

How is this supposed to work? You're writing a constant query string which is passed straight to MySQL, and MySQL of course doesn't know your PHP constants.
 
If you want the constant to be resolved, you need to do it in PHP:
$query = "SELECT ... WHERE sum = " . YOUR_CONSTANT; But this is a bad approach to begin with. Constants should be passed via statement parameters like all other values. The risk of an SQL injection may be low, but you can still screw up your query if the constant happens to contain special characters.

The documentation is very clear: There's an error if and only if the function returns false. It doesn't matter what kind of error messages you're pulling out of the library; they say nothing about the result of this function call.
 
My guess is that the message is simply coming from a sloppy implementation. The function supports many different input formats, and it looks like the extension authors use trial-and-error to figure out the right one. Chances are they aren't properly clearing the errors in between.
 
And then of course you need to realize that the error storage is global, which means it will be affected by all prior actions. You can't just grab a message and assume it's related to the last function call.

You did. That's what the error message you've posted means.
 
A properly configured mysqli would have thrown an exception and stopped the entire script after failing to create the prepared statement. But your script kept running until it crashed when it tried to call bind_param() on the boolean value false.
 
Again, something is wrong with your mysqli. It should not continue after an error, and you should not have to manually pull error messages out of $link->error.

If the client explicitly connects to the proxy for the sake of reaching another server, then it's a forward proxy.
 
 
 
 
You will need a forward proxy. nginx isn't one, and Apache needs additional modules. Consider using a dedicated proxy like squid.

No, you definitely don't want that.
 
I haven't followed your project, but if all you want to do is make an SSH connection through that firewall, this shouldn't be an issue.
# on a small machine: establish tunnel to the big machine # if the big machine sends data to its local port 2222, it will be forwarded to port 22 of the small machine ssh -R 2222:localhost:22 user@big-machine # on the big machine: establish SSH connection to small machine through existing tunnel ssh -p 2222 user@localhost Since the connection is initiated by the small machine, it should go through the firewall.
 
Surely there are existing tools which make this more streamlined, reconnect if the connection is lost etc. It's also possible to restrict the shell by sending all commands to a "proxy" script/program which then decides what to do. This is how some custom remote shells are implemented: They use standard SSH, but you cannot actually execute arbitrary commands, only predefined ones.

The right thing to do is to repair the query.
 
Listing columns which aren't in the GROUP BY clause is simply wrong, because the result is undefined. Other database systems won't even allow this and immediately trigger an error. MySQL does allow it depending on the configuration, but that doesn't change the fact that it's a hack which shouldn't be used (except maybe for very, very special cases).

No. The operator automatically passes the arguments by-value or by-reference according to the function definition. And that's all you need to make bind_param() work:
// a simple array of values; no references here $args = ['foo', 'bar']; $databaseConnection = mysqli_connect($host, $user, $password, $database); $stmt = $databaseConnection->prepare('SELECT ?, ?'); $stmt->bind_param('ss', ...$args); $stmt->execute(); $stmt->bind_result($res_1, $res_2); $stmt->fetch(); var_dump($res_1, $res_2); // foo, bar I've used this in practice.

You cannot put the script outside of the document root, because then it isn't accessible for the client.
 
“Ajax requests” are just plain old HTTP requests. They work exactly like any other request.

When you write code, you have to adhere to the exact syntax rules. Something like “$speed < 100 and >=60” may be understandable for humans as a colloquialism, but it neither exists in mathematics nor in PHP. The “and” operator connects two logical expressions, but “>= 60” is no expression of any kind. It's a fragment of a comparison. Actually, “and” has a different purpose in PHP. It has a very low precedence and is used primarily for the control flow (do X, and if that succeeds, do Y). The logical operator you're looking for is “&&”.
... elseif ($speed >= 60 && $speed < 100) ... Your “$speed + ...” expressions have no effect at all. They yield a result, but you don't do anything at all with that result. If you want to change the $speed variable, you need an assignment:
$speed = $speed + 10; Or shorter:
$speed += 10;

What makes you think the class is “too big” for a single file? I can see how a class may become too complex, but “too big” sounds like you use really bad tools for programming.
 
In any case: If you have plenty of hand-coded getters and setters, consider a more intelligent approach like virtual methods. Then there are traits which allow you to outsource methods. But don't abuse this to fix tool-related problems.

Standard recommended permissions for web applications

“Very unsafe” is an understatement. This is malware. It allows anybody to (over)write arbitrary files at arbitrary locations, because you blindly accept any path. Unless you want to demonstrate how easily bad software can be compromised (which is already well-known), you're doing it wrong.
 
Then your code is full of typographic quotes which PHP cannot process. Appearently you use something like Microsoft Word instead of an actual code editor to write your programs.

I don't think so. $_SESSION isn't $_POST.

$p = $o->{'p'};

Network classes are obsolete and have been mostly replaced with classless routing (CIDR).
 
Historically, the private address ranges are indeed based on the class concept. The first block is equivalent to one big class-A network. The second block can be interpreted as 16 medium-sized class-B networks. And the last block contains 256 small class-C networks.
 
But in practice, none of this matters. You just have to know the available ranges, and then you can define your own address structure. With CIDR, the length of the network prefix is arbitrary and must be specified together with the network identifier. For example:
10.2.3.0/24 This means the first 24 bits are the network prefix, and the remaining 8 bits are for the hosts identifiers. So within this network, you can have 254 hosts (10.2.3.1 … 10.2.3.254).
 
If you want bigger networks, you make the network prefix shorter. For example:
10.1.0.0/16 This network can have up to ~65,000 hosts (10.1.0.1 … 10.1.255.254).
 
You could also define /11 or /23 networks – whatever you need.
 
Conflicts are only prevented in the sense that private addresses aren‘t used on the public Internet. So as long as your LAN isn‘t connected to my LAN, we can use the same addresses. However, there will be conflicts if you merge LANs which use the same private addresses.

The code is completely fudged up, and it seems you blindly copied and pasted it from Stackoverflow without understanding how it works.
 
If you want to be a programmer, you need to understand what you're doing. Writing down random code and relying on people on the Internet doesn't help.
 
The form you want looks like this:
<!-- Just send the data to the current script; no need for an extra file --> <form method="post"> <!-- TODO: add an anti-CSRF token--> <input type="hidden" value="<?= html_escape($csrf_token) ?>"> <table> <thead> <tr> <th>ID</th> <th>name</th> <th>status</th> </tr> </thead> <tbody> <?php foreach ($items as $item): ?> <tr> <td><?= html_escape($item['stu_no']) ?></td> <td><?= html_escape($item['stu_name']) ?></td> <td> <select name="status[<?= html_escape($item['stu_no']) ?>]"> <option value="open" <?php if ($item['stu_status'] == 'open'): ?>selected<?php endif; ?>>open</option> <option value="closed" <?php if ($item['stu_status'] == 'closed'): ?>selected<?php endif; ?>>closed</option> </select> </td> </tr> <?php endforeach; ?> </tbody> </table> <input type="submit"> </form> Do you understand the structure? Each status is stored under the ID of the item. For example, the new status for the item #42 would be $_POST['status']['42']. There's no need for this hidden field stuff.
 
Depending on the current status in the database, one of the two options is preselected with the selected attribute.
 
Note that all dynamic input must be HTML-escaped to prevent cross-site scripting attacks, and you need an anti-CSRF token. Also note that if the only possible status values are “open” and “closed”, then you should have a boolean field instead.

We've already discussed this at great length, so when in doubt, just reread the thread.
 
The short version: Create an administrative account, make that the owner of the directory, make the webserver's group the owning group.
chown -R name-of-admin-user:name-of-www-group /path/to/uploads The webserver obviously needs write permissions as well as the execute bit, so that's
chmod -R 730 /path/to/uploads Note that I'm talking about the permissions in the VM, not the host machine. So you'll have to log into the VM and execute the commands there (or use whatever mechanism Vagrant offers).

There's no such thing as an URL parameter array or even multidimensional array. URL parameters are simple key-value pairs. Anything build on top of that (like the param[] syntax in PHP) is nonstandard and must be assembled manually for the target application.

Your approach doesn't make a lot of sense.
 
Using titles as IDs is clumsy and forces you to have unique titles, which is rather silly for a blog. It means that you can't use a title ever again, even if the previous post was 10 years ago.
 
A much smarter approach (which is also used in this forum) is to concatenate a numeric ID with the title. In this case, the title is only used for readability and SEO purposes, so it can simply be cut off:
/blog/521-today-i-visited-my-grandmother -> /blog/post.php?id=521 Your slugs should also be improved. There are many other special characters which look weird when they get URL-encoded, not just spaces. You should use a proper library instead of reinventing the wheel.

Sounds like you want to put the test ID into a hidden field within the form. Then you'll receive it together with the answers.

Whatever phpmyadmin is doing, it's obviously not doing the right thing. So forget about it for now and use the standard backup tool.
 
mysqldump creates a full backup, including all keys, counters and whatnot. You generally don't have to set any special options (only --routines if you have stored procedures).