Jump to content

paddy_fields

Members
  • Content Count

    172
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by paddy_fields

  1. paddy_fields

    Data from a table

    I haven't read back through all of the pages of posts so sorry if this has been coverered - but it seems more sensible to not use forms, and just put your viewing counter processing code on the page of wherever you're hosting the movie itself Just loop out a set of url's instead of submit buttons <?php while($row = mysql_fetch_array( $result )) { $output.= "<a href='alldaymovies.php?filename=$row[filename]' target='_blank'>$row['filename']</a>"; $output.= "<br>"; } echo $output; The use of '_blank' forces a new window to be opened in the browser. Then at the top of the actual movie page... $filename = $_GET['filename']; $result2 = mysql_query("UPDATE DayMovie SET Counter=Counter+1 WHERE FileName='$filename'") or die(mysql_error()); you need to escape $filename as it's open to SQL injection
  2. paddy_fields

    Being employable with PHP

    I code in my own time, have done for many years. Although degree level at Computer Science I found myself in an unrelated job, but now want to make the jump into being a web dev. From the job vacancy specifications I see, most dev jobs don't just require PHP, OO, etc, they specifically ask for framework experience like Zend, or experience in platforms such as Joomla, Magneto etc. I don't have experience in any frameworks. Could anyone give me some advice on what it is I should focus my attention on learning to begin with? Is a framework like Zend a worthwhile starting point?
  3. I've finished the front end design of my application and now intend to provide a version to my potential users to gain feedback. Does anyone have any experience with the best methods of capturing this feedback? What methods have you used in the past? Questionnaires? I want feedback on things like the colour scheme, layouts, ease of use etc. From what I've read I can do things like a 1-5 satisfaction scale on multiple questions, but this seems a little vague
  4. paddy_fields

    How would I go about doing this?

    You can use something like Whisk that allows you to add a widget to your site. It then sources the prices from the supermarkets.
  5. Hi. I have an HTML template that I'm going to use for my CMS, and need some advice on the best way to split it up into common elements used across all pages. I've identified the common HTML and have written functions to include each. I've used functions instead of directly including them on the page for flexibility in the future.(wise?) /* functions.php */ function show_style() { include_once 'module-style.php'; } function show_header() { include_once 'module-header.php'; } function show_sidebar() { include_once 'module-sidebar.php'; } function show_footer() { include_once 'module-footer.php'; } function show_js() { include_once 'module-js.php'; } And then on the page itself... <?php include_once 'functions.php'; ?> <!DOCTYPE html> <html lang="en"> <head> <title>My CMS</title> <meta charset="utf-8"> <?show_style()?> </head> <body> <?show_header()?> <!-- start section content--> <section class="section-content"> <?show_sidebar()?> <!-- start content --> <div class="content"> // PAGE CONTENT </div><!--/ end content --> </section> <!-- /end section content--> <?show_footer()?> <?show_js()?> </body> </html> A few questions - are there any issues with using the <? tag as opposed to <?php.... I've seen it used in templating before and want this to be as clean and readable as possible. Also would it be better to use a class for this, and include all of my functions within that class? Any advice or alternatives on the method used above would be great
  6. paddy_fields

    Migrating to MySQLi - not fetching data

    Turn on error reporting, and let us know which row is producing an error. error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1');
  7. paddy_fields

    Relational algebra expression for given queries in simple database

    You won't learn unless you try to do it yourself, otherwise there's no point
  8. paddy_fields

    Relational algebra expression for given queries in simple database

    Or you could try and learn, and then do your homework yourself.
  9. paddy_fields

    Keeping it Separately with Object Oriented Programming

    What exactly is it that you're struggling with? Do you want to know how to store information into a database? You need to read up on either Mysqli or PDO to learn how to insert the data. In terms of your script, you will make the database insert at the part where your validation returns no errors, ie the file type/size was accepted. You will then insert the variable which holds the file name into your database. Or create a flag such as $errors = FALSE at the start of the script; and any time the validation fails, make the flag TRUE. Then at the end simple do the following; if(!$errors){ // script to insert into database }
  10. paddy_fields

    Trying to get a simple PHP SQL search to work

    Disead, you're making a connection called $mysqli, and then using $db.... $mysqli = new mysqli("localhost", "guestuser", "guestuser", "SMQ"); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } Update your query to this.... $stmt = $mysqli->prepare Also, is the table called 'SMQ', the database, or both? As you connect to a database called 'SMQ' and use it in your query also.
  11. paddy_fields

    Trying to get a simple PHP SQL search to work

    The rows have been fetched and stored in $result?
  12. paddy_fields

    Trying to get a simple PHP SQL search to work

    Sorry, they were both typo's on my behalf while($row = $result->fetch_assoc()){ As CroNiX says you need to turn your error reporting on to see what the problem is... from what I can see you have a stray closing bracket in your bind_param() $stmt->bind_param('s',$validScott]);
  13. paddy_fields

    Trying to get a simple PHP SQL search to work

    Actually, the table I've made is wrong, as the <tr> should be in the loop. But regardless you could also build the HTML immediately after the query like this: while($row = $result->fetch_accos()){ $queryResult.= " <tr> <td>$row[Scott]</td> <td>$row[Den]</td> <td>$row[Color]</td> </tr> "; } And then in the HMTL just echo out the $queryResult <table> <tr> <td>Scott</td> <td>Den</td> <td>Color</td> <tr> <?php echo $queryResult; ?> </table>
  14. paddy_fields

    Trying to get a simple PHP SQL search to work

    Hi Firstly mysql_query is deprecated, so use a newer method like mysqli As this is just a search form and their doesn't appear to be any password data etc being queried i'd suggest using GET instead of POST for this (uses the URL instead) Here's something to get you started... it's untested but should give you an idea of how it works the form <form name="searchForm" method="GET" action="#"> <input type="text" name="scott"> <input type="submit" name="submit" value="Search"> </form> Put your processing PHP before the HTML, as it will need to execute first and then display the data within the HTML. To get the results (using prepared statements) // $db is the database connection, which you'll need to read up on // note: you need to validate the $_GET['scott'], this is just an example so i've left that out $validScott = $_GET['scott']; $stmt = $db->prepare('SELECT Scott, Den, Color FROM SMQ WHERE Scott = ?'); $stmt->bind_param('s',$validScott]); $stmt->execute; $result = $stmt->get_result(); $stmt->close(); Within the body of HTML <table> <tr> <td>Scott</td> <td>Den</td> <td>Color</td> </tr> <tr> <?php while($row = $result->fetch_assoc()){ ?> <td><?php echo $row['Scott']?></td> <td><?php echo $row['Den']?></td> <td><?php echo $row['Color']?></td> <?php } ?> </tr> </table>
  15. paddy_fields

    How do I echo results in alphabetical order?

    You could do something like this? $documentaries = array("A Great Film","A Not So Great Film","Brilliant Film","Chirpy Film"); $currentHeader = ''; foreach($documentaries as $documentary){ $headerCheck = substr($documentary,0,1); if($currentHeader!==$headerCheck){ echo '<h2>'.$headerCheck.'</h2>'; } $currentHeader = $headerCheck; echo $documentary; echo "</br>"; }
  16. paddy_fields

    Correct use of functions

    Hi, just a quick question. Should functions really be used for tasks such as in my example below? I’m attempting to use some for smaller tasks to improve readability and reduce code repetition. Or should they be used for larger tasks? functions.php function accessDenied(){ $_SESSION[‘error’] = "You cannot view that page, you wally"; header(‘location: error.php’); exit; } page.php if(!$loggedin){ accessDenied(); }
  17. paddy_fields

    Correct use of functions

    With regards to accessing scripts outside of the webroot, is it safe/the correct way of doing it by just moving up a step in the directory like below? Assuming you're in public_html/index.php include_once '../db_connect.php';
  18. paddy_fields

    Correct use of functions

    A very interesting and detailed explanation - thank you. It's going to help massively to have this logic in my mind going forward with the project.
  19. paddy_fields

    Correct use of functions

    That's great, thank you. Luckily I've realised this only 20 pages in...
  20. paddy_fields

    post to the same page

    I want my form to POST to the same page, but not have the 'document expired' problem when sessions are being used somewhere in the script (when I hit press the back button in the browser). I know this can be avoided by posting to a different PHP page, and then use a header(location) to redirect, but I ideally want to keep it on the same page as I use some of the variables produced from within the processing section. Please excuse the crude examples, This works: session_start(); /*HEADER*/ if(isset($_POST['test']){ //do some validation $validated= true; if($validated){ //process the form $_SESSION['notification'] = 'form submitted successfully'; header('location: samepage.php'); exit; } else{ $_SESSION['notification'] = 'there was an error'; header('location: samepage.php'); exit; } } /*BODY*/ if(!isset($_SESSION['notification'])){ //show the form.. posts 'test' to current page } else { echo $_SESSION['notification']; unset($_SESSION['notification']); } And this method shows the document expired when the page is refreshed... session_start(); /*HEADER*/ if(isset($_POST['test']){ //do some validation $validated= true; if($validated){ //process the form $success = true; } else{ $success = false; } } /*BODY*/ if(!isset($success)){ //show the form.. posts 'test' to current page } else if($success){ echo 'form submitted successfully'; } else{ echo 'there was an error'; } I've read that I can edit the php.ini file to allow caching, which should solve the issue for example 2. Is example 1 the correct way to be doing this? It's been pointed out that I shouldn't be using 'exit' so much so I'm trying to explore the correct methods
  21. paddy_fields

    post to the same page

    There isn't any particular reason why i'd want the back button used on a form, it's just that when a user updates their details with a form for example, and then decides to use the back button for whatever reason, i don't like the 'document expired' screen coming up. Or is this what should really happen anyway. Am I making an issue out of nothing? With validation yes I wouldn't redirect, so I suppose it's always going to happen if a user clicks back afterwards then? Sorry I'm think I'm confusing myself with this for the sake of it edit: thanks for the example davidannis I'll have a play around with that this evening
  22. paddy_fields

    post to the same page

    Thank you. So the method I have in example 1 is the right way to go? Albeit I need to rearrange the logic as you have suggested
  23. paddy_fields

    Group based permissions

    Hi, I've written the function below to check the permissions of a user based on the table structure of.... staff staff_roles_id (foreign) staff_roles id roleName staff_roles_permissions staff_roles_id (foreign) staff_permissions_id (foreign) staff_permissions id permissionName function checkPerm($permission){ global $db; $user = $_SESSION['userid']; if(!$stmt = $db->prepare("SELECT * FROM staff LEFT JOIN staff_roles ON staff.staff_roles_id = staff_roles.id LEFT JOIN staff_role_permissions ON staff_roles.id = staff_role_permissions.staff_roles_id LEFT JOIN staff_permissions ON staff_role_permissions.staff_permissions_id = staff_permissions.id WHERE staff.id = ? AND staff_permissions.permissionsName = ?")){ echo $db->error; exit; } $stmt->bind_param('is',$user,$permission); if(!$stmt->execute()){ echo $db->error(); exit; }; $stmt->store_result(); $authenticate = $stmt->num_rows; $stmt->close(); return $authenticate; } So for example if I then had the permission of 'adminAccess', I would use the code below to check access, referring to the 'staff_permissions' table if(checkPerm('adminAccess')){ echo 'you are authorised'; exit; } else { echo 'you are not authorised'; exit; } This works, but Is this the correct way to be going about access for group based permissions or am I missing a glaring security vulnerability here? If this is suitable then I intend to turn it into a class, and add checkRole() which would just check the user against the 'staff_roles' table. This would then be called by $security->checkRole('example'); $security->checkPermission('example'). Would that be a good idea? Any advice would be great - I'm not great with functions (and just starting to learn classes!) Cheers.
  24. paddy_fields

    Group based permissions

    Thank you very much, I really appreciate your help with this. Now you've pointed out the flaw with using sessions for this I do feel quite stupid for not realising that to start with... I've tweaked your code slightly and got it working like a charm and I've learned a lot from the way you've written it, cheers buddy. I wasn't aware of the EXISTS query in MySQL but I'll read up in more detail now. I'm sure there is some code I can go back to and clean up with that in mind. I've got a lot of learning to do. The MySQL error reporting and use of 'exit' was just something I had in there for testing purposes while I was writing/playing with it, it was going to be taken out as soon as it was working as expected. But yes you're right of course I should just turn on error reporting! Also I didn't realise in_array returned a boolan... face palm. I've never used it before but I obviously should have referred to the manual. Thanks again.
  25. paddy_fields

    Group based permissions

    I've given this another go, using a session to store an array of user permissions during the login script - so there is only one query as suggested; The function then uses 'in_array' to see if the permission is allowed. /* permissions */ // find the staff members permissions and store as session array if(!$stmt = $db->prepare("SELECT permissionsName FROM staff_permissions LEFT JOIN staff_role_permissions ON staff_role_permissions.staff_permissions_id = staff_permissions.id LEFT JOIN staff_roles ON staff_role_permissions.staff_roles_id = staff_roles.id LEFT JOIN staff ON staff.staff_roles_id = staff_roles.id WHERE staff.id = ?")){ echo $db->error; exit; } $stmt->bind_param('i',$user_id); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $permissionsArray[] = NULL; while($row = $result->fetch_assoc()){ $permissionsArray[] = $row['permissionsName']; } $_SESSION['permissionsArray'] = $permissionsArray; function checkPerm($permission){ if(in_array($permission, $_SESSION['permissionsArray'])) { $auth = TRUE; } else { $auth = FALSE; } // return true if authenticated, otherwise false return $auth; } This works ok... can anyone see any security issues with this at all?
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.