chrisrulez001

Hi I'm reading from a MySQL database and then looping though the results with PHP. I'm having an issue of using a progress bar within the loop, it's showing the progress bar but it isn't reading the value of a hidden field with the value. The value of the progress bar should be 200 (value in hidden field) but it's just not showing I've uploaded an image of what's happened. Is there something obvious that I'm not seeing? PHP: <?php $List = $this->conn->query("SELECT users.username as Username, challenge.item as Item, SUM(challenge.cost) as Cost FROM users LEFT JOIN challenge ON users.ID = challenge.user_id GROUP BY users.username"); $List->execute(); $row = $List->fetchAll(PDO::FETCH_ASSOC); echo "<div id=\"Challenge\">"; foreach($row as $user) { echo "<div class=\"ChallengeHeader\">"; echo $user['Username']; echo "<span id=\"ChallengeAction\"><input data-index=\"".$user['Username']."\" type=\"submit\" class=\"ChallengeExpand\" id=\"Expand\" value=\"Expand\" /></span>"; echo "</div>"; echo "<div id=\"".$user['Username']."\">"; echo "<div class=\"ProgressBar\"></div>"; echo "<input class=\"Value\" type=\"hidden\" value=\"".$user['Cost']."\">"; echo "</div>"; } echo "</div>"; ?> jQuery: $(document).ready(function(){ $("#Challenge").each(function(){ var $div = $(this); var val = $div.find(".Value").val(); $div.find(".ProgressBar").progressbar({ max: 600, value : val }); if($div.find(".ProgressBar").progressbar("value") <= 500) { $div.find(".ProgressBar").css({ 'background': 'White' }); $div.find(".ProgressBar > div").css({ 'background': 'LightGreen' }); } else { $div.find(".ProgressBar").css({ 'background': 'White' }); $div.find(".ProgressBar > div").css({ 'background': 'Red' }); } }); })

Ok thanks your your help

Ok thank you for your informative post Jacques1 I'll have a look at Twig and implementing a Content Security Policy. With regards to htmlspecialchars(), I see from your other post you use ENT_QUOTES | ENT_SUBSITITUTE are these the best flags to use?

Hi there, It's been a few months since I've touched PHP. I've read that you only use htmlspecialchars() when outputting data (for example from a database). Is that the correct way of doing it? Put to prevent XSS from getting into the database from the form, could you not use preg_match() to whitelist what you can actually enter into the field? Thanks

Thank you very much for helping me out with this. I'll probably use the ->query() method to run this query. EDIT: As I need to pass values to the query, I would probably be best setting PDO prepared query to emulated as suggested EDIT 2: Just tried this with what was suggested above and it works. Thanks again

Thanks for your reply, I'm connecting to the database at the moment through the root account, although that probably makes sense why it isn't creating events. The PDO connection is set to throw any exceptions but I'm not catching any exceptions for this query through a try catch, I'll try that. PHP's error reporting is set to E_ALL. Edit: I tried creating a new user with global privileges and re-ran the query, unfortunately this hasn't worked. I also tried a try catch on the query, no exceptions are thrown, PHP doesn't report any errors either.

Hi there, I'm trying to create a MySQL event using the built-in MySQL event scheduler. This is so that in an hour the users account can be automatically unlocked. The following is the query I'm trying to run: CREATE EVENT update_locked ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR DO UPDATE `check_locked` SET `is_locked` = :locked WHERE `check_locked`.`username` = :username; Now if I take out the :username and replace it with a valid user from the database, example 'admin' and also replacing the :locked with 0, the query is run fine from PHPMyAdmin and the event is created. But when I run the query from PHP I get no errors and the query supposedly runs but when I check the events table in the MySQL database. Here is the code I'm trying to run in a function: protected function Lock_Account($username) { //Reset the login attempts to 0 $this->Reset_Login_Attempts($username); //Lock the users account //Use prepared query $Lock = $this->db->prepare("UPDATE check_locked SET is_locked=:locked WHERE username=:username"); //Bind values to prepared query //Execute the lock user prepared query $Lock->execute(array(":locked" => 1, ":username" => $username)); //Create event to unlock the users account after an hour //Use prepared query $Lock_Event = $this->db->prepare("CREATE EVENT update_locked ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR DO UPDATE `check_locked` SET `is_locked` = :locked WHERE `check_locked`.`username` = :username;"); //Bind values to prepared query and execute the set the lock event prepared query $Lock_Event->execute(array(":locked" => 0, ":username" => $username)); } I've tried just running the query from PHP with the :locked replaced with 0 and :username replaced with 'admin', that didn't create the event. Thanks in advance.