PrinceTaz

It's a SQL query which selects an argument to check against the same argument value in the database to check if they are the same?

Hey so I made a ToDo List as my first php script after starting to learn. I want you guys to just look at my code and tell me where I can improve. I want to drop any bad habits early on so they don't move forward with me. Also tell me where I can optimize and minimize the code so I don't write unnecessary code. Thanks! I'm going to omit things like some html that isn't crucial. You can see it live here: https://taziamoma.com/ToDoList/ . Also try to do an SQL injection so I can see if I protected myself from it properly. Thank you! index.php <?php include_once("includes/connection.php"); $errors = ""; if (isset($_POST['submit'])) { if (empty($_POST['task'])) { $errors = "You must fill in the task"; } else { try { $task = $_POST['task']; $sql = "INSERT INTO todopost (title) VALUES ('$task')"; $db->exec($sql);; header('Location: index.php'); } catch(PDOException $e) { echo $sql. "<br>". $e->getMessage(); } } } if (isset($_GET['del_task'])) { $stmt = $db->prepare("DELETE FROM todopost WHERE id = :id"); $stmt->execute(array(':id' => $_GET['del_task'])); header('Location: index.php'); } <body> <div class="outside"> <div class="container"> <div id="myDIV" class="header"> <h2 style="margin:5px">My To Do List</h2> <form method="post" action="index.php" class="input_form"> <?php if (isset($errors)) { ?> <p><?php echo $errors; ?></p> <?php } ?> <input type="text" name="task" class="input"> <button type="submit" name="submit" class="addBtn">Add</button> </form> </div> <ul id="myUL"> <?php try { $stmt = $db->query('SELECT id, title FROM todopost ORDER BY id DESC'); while($row = $stmt->fetch()) { ?> <div class="li_cont"> <li><?php echo $row['title']; ?></li> <a class="right" href="index.php?del_task=<?php echo $row['id'] ?>">x</a> </div> <?php } } catch(PDOException $e) { echo $e->getMessage(); } ?> </ul> </div> </div> </body> </html> connection.php <?php ob_start(); session_start(); $host = "localhost"; $username = "root"; $password = ""; try { $db = new PDO("mysql:host=$host;dbname=tazejesa_todo", $username, $password); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e) { echo "Connection failed: ". $e->getMessage(); } ?>

Okay so now with that, how would I check if the username AND email already exists? I have this for the username: if($row['userNum'] >0) { die("That username already exists!"); } How do I update it to check for email as well?

Yes! So I went home and installed my blog on my XAMP server and now the its recognizing my login and I get this error "Notice: Undefined index: postID". I'm assuming error reporting IS indeed turned of on my cpanel because now I'm getting tons of error messages! In fact, none of my $rows is working becuase it keeps saying they are undefined. Thank you for this, I shall read up on that.

So I'm calling those echo's on the viewpost page. The url will say "?id=5" and so on that page normally i would just echo out the content that corresponds with that ID but nothing happens. It's just whitespace. But there is data in the database so it should be displaying.

Yes, right under the dump code you gave me, I have this. echo $row['postID']; echo $row['title']; echo $_GET['postID']; echo $_GET['title'] None of it is return anything. Should I upload my source code so you can get a better understanding?

So I checked again and it's still doing the same. I replaced my code with yours but it's still not working. Is it a server issue? Because everything was working but then I waited an hour and came back to it and it stopped working. Then I made this post. I'm hosting it on Siteground. Also when I echo $row['postID'], I get a nothing. It's blank. But the url shows the correct postID. How can I check if its pulling the information from the database?

bool(false)

I'm pretty sure exceptions are being thrown. And I've received errors before so they should be on.

I get "31st Dec 1969"

Yes, I've confirmed that it was accurately set up. I also went through and changed all for "ID" to "postID" in all "articles" related queries. So it won't get confused with "id" which is used for the user id.

Ah my bad. This is my viewpost.php <?php require_once("includes/config.php"); $stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID'); $stmt->execute(array(':postID' => $_GET['postID'])); $row = $stmt->fetch(); if($row['postID'] == '') { header('Location: ./'); exit; } ?> When I remove the redirect when that Post id is empty, I can view the post but nothing shows up except the date. Here is the form: <div class="article-left"> <h1><?php echo $row['title']; ?></h1> <div class="article-block"> <?php echo '<div>'; echo '<p>Posted on '.date('jS M Y', strtotime($row['date'])).'</p>'; echo '<p>'.$row['content'].'</p>'; echo '</div>'; echo $row['postID']; ?> </div> </div> The only thing that gets outputted is the date. Nothing else.

okay I'll use the function.

So after some checking, it turns out, $row is storing the id, title, or content. It's only storing date. When I try to view a post, only the date shows, nothing else. Is there something wrong with my session?

So I should check if it equals " "? Or should I check if it equals false? Would it be if(is_logged_in == false) { }

When I manually run the logout.php, it logs me out and shows me the same output I was seeing before when I was logged in. When I'm logged in, the sidebar links only show on "addpost.php", so the script is only working on that page. Okay, I removed the "?>" tags from "config.php". Now do I remove it from the other pages as well? Even though I write php code inside the html? I also replaced the session check from the other pages with just "is_logged_in". So the code is: if (!is_logged_in) { header("Location: ../login.php"); } I also replaced all of the "include_once" and "require" with "require_once". I was using "ob_start()" because I had originally seen that in a tutorial but I don't exactly know what its used for, I'll remove it. I also removed all of the session_start calls. What is FUBAR? The admin/index.php sends them to login.php if they ARE NOT logged in.

I'm having a problem. My index.php is no longer displaying the proper logic. I have it checking if the user is logged in and to display whatever but the index.php doesn't register if I'm logged in or not. But the admin/index.php does. index.php: <?php session_start(); include_once("includes/config.php"); ?> The Menu: <div class="sidebar">Sidebar <ul> <?php if(is_logged_in()) { ?> <li><a href="/index.php">Home</a></li> <li><a href="admin/index.php">Admin</a></li> <li><a href="admin/addpost.php">Add Post</a></li> <li><a href="admin/editpost.php">Edit Post</a></li> <li><a href="logout.php">Logout</a></li> <?php } else { ?> <li><a href="login.php">Login</a></li> <li><a href="register.php">Register</a></li> <?php } ?> </ul> </div> admin/index.php <?php session_start(); include_once("../includes/config.php"); if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == false) { header("Location: ../login.php"); } ?> Admin Menu: <div class="sidebar">Sidebar <ul> <?php if(is_logged_in()) { ?> <li><a href="../admin">Admin</a></li> <li><a href="addpost.php">Add Post</a></li> <li><a href="editpost.php">Edit Post</a></li> <li><a href="logout.php">Logout</a></li> <?php } else { ?> <li><a href="login.php">Login</a></li> <li><a href="register.php">Register</a></li> <?php } ?> </ul> </div> This is my config.php just in case: <?php ob_start(); session_start(); $host = "localhost"; $dbname = ""; $user = ""; $pass = ""; try { $db = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e) { echo "Connection failed: ". $e->getMessage(); } date_default_timezone_set('America/Chicago'); function is_logged_in() { if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { return true; } } ?> I feel like I'm missing something so simple. UPDATE: I refreshed the page working on something else but not the admin page doesn't register from the session either. UPDATE: It seems the session is the issue because all functions have stopped working but I'm not receiving any error messages. I can't even add new posts or edit posts.

Yes. Check if either the username or email has already been taken. So they are both already unique. Is the problem with my query? I'm still pretty new at this so I'm having a hard time understanding what you're saying. Where exactly in my code should I start from in terms of rewriting? $sql = "SELECT COUNT(username) AS userNum FROM users WHERE username = :username"; $sql = "SELECT COUNT(email) AS emailNum FROM users WHERE email = :email"; Is this the issue here? Does $sql get rewritten as a email query and not as a username?

Hey, so I'm trying to check the database if the user and email already exists when registering. <?php include_once('includes/config.php'); if(isset($_POST['submit'])) { $username = $_POST['username'] ? trim($_POST['username']) : null; $password = md5($_POST['password']) ? trim($_POST['password']) : null;; $email = ($_POST['email']); $message = ""; if(empty($username) || empty($password) || empty($email)) { $message = "All fields required"; } else { $sql = "SELECT COUNT(username) AS userNum FROM users WHERE username = :username"; $sql = "SELECT COUNT(email) AS emailNum FROM users WHERE email = :email"; $stmt = $db->prepare($sql); $stmt->bindValue(':username', $username); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if($row['userNum'] >0) { die("That username already exists!"); } elseif($row['emailNum'] > 0) { die("That email already exists!"); } $sql = "INSERT INTO users (username, password, email) VALUES (:username, :password, :email)"; $stmt = $db->prepare($sql); $stmt->bindValue(':username', $username); $stmt->bindValue(':password', $password); $stmt->bindValue(':email', $email); $result = $stmt->execute(); if($result) { $message = "Registration was successful"; } } } ?> If I remove this line " $sql = "SELECT COUNT(email) AS emailNum FROM users WHERE email = :email"; the code works but only checks the username. How can I check both?

Actually, I am also looking for this, seems like it would be a great way to learn PHP by interaction. I am an interactive hands on learner.

Aha, thank you, it works now. Well I already have a <ul> and I want to add the <li> in there.

I am trying to create a webpage and I've added some jQuery to it but it is not working, can you help me out? JS File: $(document).ready(function() { $('#button').click(function() { var toAdd = $('input[name=add]').val(); $('.message').append("<li>" + toAdd + "</li>") }); }); HTML: <html> <head> <title> Test page </title> <link rel="stylesheet" type="text/css" href="style.css"> <script src="http://code.jquery.com/jquery-2.1.1.min.js"></script> <script type='text/javascript' src='script.js'></script> </head> <body> <div class="top-section"> <div class="top-back"> <div class="tcontent"> <div class="tcontent-body"> <h1>Welcome to the Forum Pioneer Test Page</h1> <ul> <li>This will be a list of to do's.</li> <li>Add your own list below</li> </ul> <form> <input type="text" name="add" value="Type Here"> </form> <div id="button">Add</div> <div id="message">d</div> </div> </div> </div> </div> </body> </html> I've put only the elements that are affected. I try clicking the button, but the content isn't appended.

Anybody got this link for download?

Is it in English? Can you download it an upload it somewhere? It won't let me register.

Is there an updated version of the meeting Mod? It was a really amazing mod to have, can someone make something like this for 3.0.12?