-
Posts
2,134 -
Joined
-
Last visited
-
Days Won
42
Everything posted by benanamen
-
Is this "Array" coming from a Database? If so, why are you not just querying the DB for the specific data you want?
-
mail returns true or false, neither of which you check for.
-
Need this code to demote user role if points fall below minimum
benanamen replied to Cybercli's topic in PHP Coding Help
You are over complicating the whole thing. Simply determine the role on the fly instead of storing it. -
You pretty much answered your question. Without seeing what you are actually including it is hard to say if what YOU are doing is good or not. Your repeated code may be a good candidate for a function or a class, or an include may be the right solution. Just cant say without seeing what you have. If you are able, put your project on a public GitHub repo so we can review it as a whole. You will get much better and specific answers to what you are doing.
-
Take one line at a time....see it? $articleTable new DatabaseTable($pdo, 'article', 'id');
-
Do these lines look right to you? A lot of careless mistakes. Aside from that, this is a very poorly written class. I suspect you didn't write this. $articleTable new DatabaseTable($pdo, 'article', 'id'); $usersTable new DatabaseTable($pdo, 'users', 'id'); $page = Controller->edit(); $controller = new articleController($articlesTable, $usersTable); $page $Controller->delete(); include __DIR__ '/../classes/controllers/registerController.php'; return $page output = $this->loadTemplate($page['template']);
-
How to sum columns that is in SQL, to table that use php
benanamen replied to hendrikbez's topic in PHP Coding Help
Whenever you have consecutively numbered columns that is a big red flag that you have a bad database design. Stop what you're doing and learn database normalization. -
First and foremost, NEVER EVER use plaintext passwords. You need to use password_hash and password_verify. Second, you need to use Prepared Statements. Never ever put variables in your query. This tutorial should get you going in the right direction https://phpdelusions.net/pdo
-
In this instance, here is the race condition... When two or more users make a simultaneous availability check for the same username, the code will "lie" to all the requests and say it is available but only the first request to complete the insert will be valid, the rest of the requests will fail provided you have set a required unique constraint on the DB column. In a low traffic site, you are not likely to encounter simultaneous requests for the same exact username, nevertheless, no point in building in the the race condition when a simple solution exists.
-
You obviously haven't read the whole thread. I showed EXACTLY that. https://forums.phpfreaks.com/topic/315071-sending-visitors-to-an-error-page/?do=findComment&comment=1598471 And at no point in this thread was there ever any mention of SELECT * so there is no "instead of", but now it is just pointless arguing. OP has been given the solution.
-
Ok, I agree. @requinix was saying the same thing.
-
Surprised you are saying that. It makes no sense to select the ENTIRE database table when all you want is to edit one SPECIFIC Id record.
-
Then you would be doing it wrong. The right way has been provided in earlier threads. //do stuff to the record that was found //and since an id is unique, it will either exist or not What record? You just selected every single one of them.
-
Php should not be verifying that a username is unique. You create a race condition by doing that. Set a Unique constraint on the DB, Attempt the insert, catch the duplicate error if any. This is one of the few instances to use a try/catch block.
-
Your "logic" is all over the place. The bottom line is you want to edit a customers record based on the customer_id. (Which, by the way is the high level overview I was looking for, not the steps you think you should be taking to do it.) I showed you how to do it. If there are no results to the specific customer_id query, then show your error page or whatever. You might want to read my signature about the "XY Problem".
-
I am lost then. How about you give us the high level overview that I asked you for.
-
This is basically it... * Your biggest problem is that you are selecting ALL the customer_id's. Only SELECT the one you want. if ($_SERVER['REQUEST_METHOD'] === 'GET') { // check if GET customer_id isset // if customer_id isset validate (check format) // if no problem // query db - USE A PREPARED QUERY HERE. THIS IS JUST FOR DEMONSTRATION SELECT customer_id FROM customer_details WHERE customer_id = $_GET['customer_id'] // Do something with result. * You likely need to SELECT more columns than just the customer_id }
-
Entered how? A high level overview of what you are doing would be helpful to give you the best and more specific advice.
-
First, you should validate that you have a GET id at all and if so that it is a proper id format, i.e all numbers. If you have a GET id, then you should use that in a WHERE condition in your query and go from there. Your error response could be a problem though. If this is public facing you are building in a user id enumeration attack. In the case of a blog page or something a not found error is fine, but you are using customer_id's. If this is behind a secured admin then not a problem, but then you have to ask how you would end up with a non-existent customer_id to even get the error which really should only be able to happen by manually manipulating the URL.
-
Your double variable assignment is pointless and just litters the codebase. You already have the POST array, just use it. Also, the code could use some validation.
-
As @kicken mentioned, you need to set up a local development environment. Editing directly on the production server is just a bad idea for many reasons. If you are on Windows, the best local dev setup is Laragon. https://laragon.org/
-
For Laragon, this is the download link https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-8.0.29-winx64.zip Just set it in packages.conf and use the Laragon GUI to do the install. This may also be helpful https://forum.laragon.org/topic/2017/mysql-8-upgrade-instructions/2