benanamen

This is all you need to get the last image. You are only getting one row. There is no loop needed. SELECT image FROM test_image ORDER BY id DESC LIMIT 1 <?php $sql = "SELECT image FROM test_image ORDER BY id DESC LIMIT 1"; $result = mysqli_query($conn, $sql); $row = mysqli_fetch_row($result); ?> <img src="<?= {$row['image']} ?>">

What has not been mentioned is that you are using obsolete Mysql code that does not work in the latest version of Php. You need to be using PDO with parameterized queries or at the least Mysqli

Thats not the query I gave you. So what is it you want? You want to display the last 12 images or the last single image? What I gave you will give you the last 12 images.

Have you checked to see if there is any data in $actual_image_name? In the following line you have $id, but I dont see it anwhere in your code gettting a value. $actual_image_name = time().$id.".".$ext;

You are using obsolete Mysql code that will not work in the latest version of php and are open to SQL injection. You need to use PDO with prepared statements. But to answer your question: SELECT image FROM test_image ORDER BY id DESC LIMIT 12

Your group_by is in the wrong place.

The funny thing about people talking about their app security is that their server itself is almost always insecure. I mean just basic stuff like being vulnerable to click-jacking, exposing php and apache version, not setting XSS protection etc. 99.9999% of all websites I check can be click-jacked and it is a simple 2 second fix. +1 on using PDO

Thanks to @Jacques1, set_exception_handler is my new best friend. I unloaded a ton of unnecessary try/catch blocks on a very large project I am doing.

Anything free is just going obfuscate your code which basically means to make it humanly unreadable. It is by no means encoded. It is referred to as "Security Through Obscurity". It will keep the average Joe from knowing your code but is easily circumvented by anyone with a little knowledge. You can get godaddy hosting for a dollar a month. Why would you put your site on your partners server if you are worried about him seeing your source code?

Just what is the end result of what your trying to do with your data? I cant think of any reason you would want or need to do this. A lot of times what the code someone presents to us for an answer to is not the code that should be used to reach the ultimate goal.

Zend Encoder and IonCube are two of the top options. https://www.zend.com/en/products/zend-guard http://www.ioncube.com/

There is no point doing the same screenshot for this site. I already told you it is vulnerable just as yours is. @Jacques1 gave you the correct answer how to fix it. It takes like two seconds. Optimally you want to do the fix in the server config rather than application level. Depends on whether you have root access to the server or not. Shared hosting, you will have to do it in the app unless you have .htaccess privleges. I could have just gave you the simple fix, but my belief is you would do better for yourself to look it up and learn about it. On complicated matters I don't mind providing the answers. The Owasp link is probably just going to confuse you. Just do what @Jacques1 said.

Creating multiple forms on the same page is not going to work. As soon as you submit one question/answer set the page is going to refresh. You would also need to identify which one of the many forms you submited (I assume the page createquestions.php you are submitting to is also the page you are creating the questions on. Might work with Ajax) The opening and closing form element need to come out of the loop. You would then need to create the X amount of question/answer sets as an array and loop through it for your insert. Simplest thing to do is just create one Q&A set at a time. Here is similar example of what I mean <?php if ($_POST) { $db = new PDO("mysql:host=localhost;dbname=phphelp_form_array", "user", "pass"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $insertStmt = $db->prepare("INSERT INTO datatable (field1, field2) VALUES (?,?)"); for ($i = 0; $i < count($_POST['field1']); $i++) { $insertStmt->execute(array( $_POST['field1'][$i], $_POST['field2'][$i] )); } } ?> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> <b>field1 1</b><br> <label>field1 <input type="text" name="field1[]"></label> <br> <label>field2 <input type="text" name="field2[]"></label> <br> <b>field1 2</b><br> <label>field1 <input type="text" name="field1[]"></label> <br> <label>field2 <input type="text" name="field2[]"></label> <input name="" type="submit" value="Submit"> </form>

What is the point of my post? Is it not clear that I notified you of a security issue you were not aware of? I have not implied anything. I have straight up told you your server has security issues that should be fixed and provided you a screenshot of your site click jacked. There was no code stripped from anywhere. What you should have done if you don't know what click jacking is, is do a 2 second google search on what it is and how to fix it.

+1 I personally prefer an underscore separator as well. first_name Much more readable to me than firstname. Sticking to lowercase will completely eliminate an errors due to wrong case. If you develop on windows (IIS) it is dumb when it comes to case and thinks FIRSTNAME, firstname and FirstName is all the same, then you move it to Linux and run into problems since Linux says they are all different.

Post an SQL dump of your data (Just a couple rows, only need signature column). @Barand's code is correct and works. Need to see how your data actually is in the DB.

I am hoping you mean credentials to the application as in a users table in the app DB, which if the case, $_SESSION is how you would do it although putting the password in a session is not what you would do. You could do like $_SESSION['login'] = 1; And then on your pages check to to see if $_SESSION['login'] isset . If you actually mean credentials for a Mysql connection (Yikes! ) then you have some work to do. (As in $con = mysqli_connect("localhost","my_user","my_password","my_db")

What thread are you referring too? If you mean this forum thread, then yes. See attached image for your site.

$cars = array ( array("Volvo",22,18), array("BMW",15,13), array("Saab",5,2), array("Land Rover",17,15) ); function r_implode( $glue, $pieces ) { foreach( $pieces as $r_pieces ) { if( is_array( $r_pieces ) ) { $retVal[] = r_implode( $glue, $r_pieces ); } else { $retVal[] = $r_pieces; } } return implode( $glue, $retVal ); } echo r_implode( '||', $cars ) Result: Volvo||22||18||BMW||15||13||Saab||5||2||Land Rover||17||15 Source:http://www.craiglotter.co.za/2010/04/09/php-implode-a-multi-dimensional-array/

As @cobusbo said, remove StudentID and the NULL entry. What you have is old school Mysql functionality as far as using the null on an auto-increment column as you have it. Newer version Mysql wont work, dont remember what version that changed, nevertheless, it is completely unnecessary.

Additionally, I don't see you doing anything at all with the subjects posted from the form at the top of the page. When you do this up right, you will have another table called subjects or categories and pull from that for your drop down using the subject_id as the drop down value, not the subject description as you have now. Same thing for question types. Also, there is no need to have the mc_id:value = null in your insert query. I am assuming you have it correctly set as auto-increment.

Your server has several security issues and you are vulnerable to click-Jacking.

Your DB structure is not scale-able. You should have separate tables for questions and answers with a foreign key tying them together.

Actually there are several problems with it. Your code is obsolete and will not work in PHP7. It is insecure and you should not be using it. You need to use PDO with prepared statements or at the least Mysqli with prepared statements. SHA1 is not secure, you should be using Brypt.

Okay @Jacques1, We have a winner! After a little research and testing, set_exception_handler is clearly the better way to my global error handling and does eliminate the need for all the try/catch blocks and will still allow me to handle my errors the custom way I need to. Since I already have a config file that is required everywhere, I dont really need to prepend anything. I can just call set_exception_handler from there In all honesty, that is a function I was unaware of. I will be updating my code accordingly. I know a lot but I dont know everything. Always willing to learn.