Jump to content

benanamen

Members
  • Posts

    2,117
  • Joined

  • Last visited

  • Days Won

    42

Everything posted by benanamen

  1. @Strider64, you have been posting that insertData function in various forums for some time now. It doesn't work the way you think it does. HINT: Try passing in an array that has "id". ­čÖé
  2. You should not be checking for duplicates. Set a unique constraint on the relevant column and then attempt the insert. Catch the duplicate error if any and handle however you want.
  3. <?php function doThis($num = 4) { for ($i = 0; $i < $num; $i++) { $seq[] = $i; } return $seq; } $arr = doThis(); echo $arr[1]; echo $arr[2]; echo $arr[3];
  4. Is BIN actually a Constant? I suspect it is not. $owew[BIN]
  5. No. You are building in a race condition by checking availability.
  6. I was just going to point that out. The if should be if ($e->getCode() == 23000) { // Duplicate user } 1062 is held in the errorInfo array
  7. Stop using the @ error suppressor. Do not put variables in your query. Use Prepared Statements. Your code is vulnerable to an XSS Attack. Never trust user supplied data Stop changing the case of your variables. Just always use lowercase You need to kill the script after a header redirect or the code will keep running that follows.
  8. Why are you adding another array to your post variables/form element names?
  9. Small bit of code but several issues with it. Do not create variables for nothing. You already have the POST variables, just use them You need to check the REQUEST METHOD, not the name of a button. This can completely fail in certain cases. Also, in a properly coded form, ALL form elements save for checkboxes will be submitted (true) A blank space will get past your empty check. You need to trim the entire POST array all at once and THEN check for empty Never ever trust user supplied data. The code is vulnerable to an XSS Attack
  10. You are mixing Database Engines. (MyISAM, InnoDB) Just use InnoDB and add foreign keys while you are at it.
  11. Aside from your posted question, STOP prefixing tables with tbl. Just stop it.
  12. OP, before you post again, I highly recommend you read this page. http://www.catb.org/~esr/faqs/smart-questions.html
  13. Is this "Array" coming from a Database? If so, why are you not just querying the DB for the specific data you want?
  14. mail returns true or false, neither of which you check for.
  15. You are over complicating the whole thing. Simply determine the role on the fly instead of storing it.
  16. You pretty much answered your question. Without seeing what you are actually including it is hard to say if what YOU are doing is good or not. Your repeated code may be a good candidate for a function or a class, or an include may be the right solution. Just cant say without seeing what you have. If you are able, put your project on a public GitHub repo so we can review it as a whole. You will get much better and specific answers to what you are doing.
  17. Take one line at a time....see it? $articleTable new DatabaseTable($pdo, 'article', 'id');
  18. Do these lines look right to you? A lot of careless mistakes. Aside from that, this is a very poorly written class. I suspect you didn't write this. $articleTable new DatabaseTable($pdo, 'article', 'id'); $usersTable new DatabaseTable($pdo, 'users', 'id'); $page = Controller->edit(); $controller = new articleController($articlesTable, $usersTable); $page $Controller->delete(); include __DIR__ '/../classes/controllers/registerController.php'; return $page output = $this->loadTemplate($page['template']);
  19. Whenever you have consecutively numbered columns that is a big red flag that you have a bad database design. Stop what you're doing and learn database normalization.
  20. First and foremost, NEVER EVER use plaintext passwords. You need to use password_hash and password_verify. Second, you need to use Prepared Statements. Never ever put variables in your query. This tutorial should get you going in the right direction https://phpdelusions.net/pdo
  21. In this instance, here is the race condition... When two or more users make a simultaneous availability check for the same username, the code will "lie" to all the requests and say it is available but only the first request to complete the insert will be valid, the rest of the requests will fail provided you have set a required unique constraint on the DB column. In a low traffic site, you are not likely to encounter simultaneous requests for the same exact username, nevertheless, no point in building in the the race condition when a simple solution exists.
  22. You obviously haven't read the whole thread. I showed EXACTLY that. https://forums.phpfreaks.com/topic/315071-sending-visitors-to-an-error-page/?do=findComment&comment=1598471 And at no point in this thread was there ever any mention of SELECT * so there is no "instead of", but now it is just pointless arguing. OP has been given the solution.
  23. Ok, I agree. @requinix was saying the same thing.
  24. Surprised you are saying that. It makes no sense to select the ENTIRE database table when all you want is to edit one SPECIFIC Id record.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.