lush_rainforest

I'm well aware of that. That's why I made this topic and asking these questions. So it's best to store the password in a PHP file and require it from the source code and then place the PHP file outside of the root directory correct?

Ok, so that is what I was guessing then. The idea is to store it in a PHP file seperate from source code. Alright thanks. Should I stop storing it as plain text in the database then? I'm using prepared statements and I'm escaping on output so is that all I need to do?

I was thinking about just storing it so that PHPMailer can access the password and send the emails accordingly. I'm not sure which is the safest way to do so. So I'm guessing that the first step would be to protect regular users from seeing it or breaking into the code and seeing the password.

What is the most safest way to store SMTP passwords? I was thinking about storing it in a database however I don't want to store it as plain text and I don't know if using the password_hash() functions will help. How would PHPMailer send any mails if I have to use password_verify()? I want the mail to be sent automactially without any manual modifications to it. Then I also had another thought, what if I store it directly in a PHP file. Is it any safe? But this thought may seem pretty breakable since I was thinking about storing it via plain text. What do you guys think?

Well, I was trying to debug it and see why it wasn't doing what I wanted it to. Yes, these are all in functions so that's the reason why I am returning them so I can retreive them from a different page. I did it the same exact way I did it with the second code. I called for the function using OOP and I assign that call with a variable, I check to make sure that result doesn't return false. If it doesn't, then I loop the data in a foreach loop. No breaks and no dies. So I don't understand why it only displayed 1 result while the second code displayed all 5 results when they are basically almost the same exact code, except I use print_r instead of returning it in the second code. Thank you. Your suggestion worked like a charm. I appricate it.

So I'm trying to get my posts to show for a specific person using separate tables. Here is how my table structure looks like. For posts_member it looks like +----+--------+---------+ | id | userid | post_id | +----+--------+---------+ | 1 | 1 | 1 | +----+--------+---------+ For posts it looks like +----+-------------+------------------------------+ | id | title | description | +----+-------------+------------------------------+ | 1 | First Post! | I just posted my first post! | +----+-------------+------------------------------+ The very strange behavior starts when I try to retreive the data. I'll explain what I mean. Here is my code first. $sql = "SELECT post_id FROM post_members WHERE userid = :userid"; $prepare = $db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $parameters = array(':userid' => $userid); $prepare->execute($parameters); if($prepare->rowCount()) { while($row = $prepare->fetch(PDO::FETCH_ASSOC)) { $post_id = $row['post_id']; $sql = "SELECT id, title, description FROM posts WHERE id = :id"; $stmt = $db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $params = array(':id' => $post_id); $stmt->execute($params); if($stmt->rowCount()) { return $stmt->fetchAll(); } else { return false; } } } else { return false; } In this code, it looks ok. It looks like it'll return what I am expecting which is a bunch of records. However, that is not the case. It returns 1 row when I have 5 rows. But when I do this. $sql = "SELECT post_id FROM post_members WHERE userid = :userid"; $prepare = $this->db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $parameters = array(':userid' => $userid); $prepare->execute($parameters); if($prepare->rowCount()) { while($row = $prepare->fetch(PDO::FETCH_ASSOC)) { $post_id = $row['post_id']; $sql = "SELECT id, title, description FROM posts WHERE id = :id"; $stmt = $this->db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $params = array(':id' => $post_id); $stmt->execute($params); if($stmt->rowCount()) { print_r($stmt->fetchAll()); } else { return false; } } } else { return false; } It returns all 5 records. What the heck is going on? On the page I am retreiving the records on, I'm using foreach loop which should return what I am expecting, but it doesn't. Can anyone explain to me why this is happening? I suspect the FETCH_ASSOC part, but then again. When I use print_r on the $stmt->fetchAll();. it returned all data so I don't think that's the case.

I've used charset=UTF8 on PDO connection before and let me tell you something. It doesn't even insert the proper character encodes. All it does is insert a bunch of ?????? in place of the characters. You can use charset=UTF8 if you want foreign characters to be inserted as a bunch of ??????. Just telling you now.

500 error usually means you configured your .htaccess wrong.

Why not just use password_hash? I don't get why all of these new PHP developers think re-inventing the wheel is a good idea.

I don't even think you are using MySQLi_* properly. That's why you are having problems. Even if you are using PDO rather than MySQLi_*, your logic will still fail in PDO. First off. You are stuffing the actual variable $params["reference"] in the query. You shouldn't need to do this because you should already know which column you want to use in your WHERE clause. Not to mention we don't ever see $individual_code being used ever in that whole code. Then, I'm not even sure if you can use $fetch_data[] for assigning variables in your bind_result (correct me if I'm wrong). I'm pretty sure you'll receive an undefined index error from those variables. Next, you throw the whole store_result and num_rows at the very end of your code which is bad pratcice. You should be putting store_result and num_rows right after your execute function. Next, where does $stmt come from? There is no where in your code where you call the $stmt variable ever (until your num_rows). Lastly, don't use num_rows > 0. num_rows itself should already be false or true when your query is corrected and written properly. Basically, MySQLi_* is the least of your worries. The whole logic and improper usage of functions and variables are what you need to focus on before you start to diss on something you have no clue of using.

If you're talking about protecting the actual PHP files from being seen, I don't think it's really possible. However if you're referring to the source codes that are shown on a website when the page is done loading, you can do this using a mixture of random encoders. I think you can also set the permissions on the files if you understand how they work.

I really love the idea. However it looks like this code will produce an error. I am thinking it's because you might have to use end and explode on seperate lines. Like $suffix = explode(".", $url); $suffix = end($suffix); I have no idea why this happens, but it just does.

Thank you so much. That worked.

Yes, I know what I have is correct, but I need it in OOP style. If I try combining that with OOP, I get thrown Fatal error: Class 'test' not found in I need to escape the namespace before I can get into the class. If I remove the namespace, I get the correct results which doesn't throw me that fatal error. But if I have the namespace in there, I get the fatal error. This is what I have so far. test.php <?php namespace test; class test { function __construct() { print('This is a test construct'); } } index.php <?php $class = isset($_GET['url']) ? $_GET['url'] : 'notAFile'; //check to make sure the value of $_GET['url'] isn't mainpulating the file path to allow the user // to hijack system files, etc... if(file_exists("{$this->_pathToIncludes}/{$class}.php")) { require("{$this->_pathToIncludes}/{$class}.php"); $this->_inst = new $class(); } $this->_inst->method();

Thanks that helped me out. Is it possible to make \foo\foo_bar dynamic? I used to be able to do something like $dynamic = $_GET['url']; $foo = new $dynamic(); $foo->foo(); But it's a little different with OOP. Is there anything that is equivalent to that in OOP? Trying to call for different classes using the same file.

Why can't I use __construct while namespaces are present? I am trying to use $this, but it needs the constructor function to work. However I want to use namespaces, but when I use namespaces, the constructor function won't work at all. Here's my example. <?php namespace foo; use foo as foo; \foo\foo_bar::foo(); class foo_bar { function __construct() { $this->foobar(); } public static function foo() { print('This is foo'); } public function foobar() { print('<br />This is foobar'); } } Is the constructor being ignored while namespaces are present or something? I need help with this because I want to use both constructor and namespaces at the same time. Basically, I want to use the constructor to call the parent constructor from the main file first before I call the foo function. However, I guess I could just stuff everything in the foo function and call the foobar function within the foo function. I don't know. modified ---------------------- I guess it does matter. I am trying split the URL into 3 parts then assign the 3 parts with a variable using $this. Without that, I would have to assign a variable without $this.