-
Posts
2,134 -
Joined
-
Last visited
-
Days Won
42
Everything posted by benanamen
-
pdo db connection use try-catch or not?
benanamen replied to dudleylearning's topic in PHP Coding Help
It's probably because every PDO tutorial out there does the "Try/Catch show user the system error " way of doing it. I used to do that as well until I was schooled by @Jaques1 on the proper way with set_error_handler. The only place I use a try/catch now is on duplicate username on registration. -
You have a typo in your data-target for the details button. There is a dash that does not belong there after the #. WRONG data-target="#-details-1" CORRECT data-target="#details-1" You also have a separate bracket problem in the scroll JS. And next time use the code tags.
-
And that's our fault? Too bad you are not wise enough to take advantage of our "superior knowledge". Buh Bye!
-
I have been following this thread from the beginning. What you have is an XY problem. See my signature for an explanation. You claim to have been in security for several years yet you don't even know the most basic of form handling and you're attempting to write some anti-hacking script? Whatever you're trying to solve is not the problem and your approach is just nonsense. Why don't you tell us what the actual real problem is exactly, not your attempted solution to it.
-
[PAID] Need a PHP lover to help me update my PHP Tracker.
benanamen replied to MiaTanaka's topic in Job Offerings
Email me the files and I will respond with my skype. -
[PAID] Need a PHP lover to help me update my PHP Tracker.
benanamen replied to MiaTanaka's topic in Job Offerings
I am available. My contact is in my profile. -
How did you "inspect it"? Try this and see what happens. If it works when you hard code the value, the problem is before the edit page. if(!empty($_POST['id'])){ # set form input fields $sql = 'SELECT id, name, email FROM author WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $_POST['id']); $query->execute(); $row = $query->fetch(); $name = $row['name']; $email = $row['email']; $id = $row['id']; } else{ echo 'ID is missing'; }
-
Have you verified $data['id'] actually has a value? Easiest way is to just view the page source in your browser. Your problems may actually start before you even get to the last form you posted
-
You have not done any checks to see if the ID exists before you try to use it. You are also not sending the id value when you submit your form. Use a hidden id field in your form to POST the id value when the form is submitted. How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? if so, is the ID attached to it as in edit.php?id=myid If so, change POST to GET. $query->bindValue(':id', $_GET['id']); Then in your form set a hidden id field to the value of GET. Then in the script check if the Server request method = POST then do your edit. That is the basics. There is a security consideration that needs to be addressed with the hidden field though. You don't want to allow any user supplied data to be injected directly into your page. I will leave that part for others to tell you about.
-
Ok, now we are getting somewhere. Let's start from the beginning. You shouldn't be using sha256. You need to use password_hash. Line 13 should be if ($_SERVER['REQUEST_METHOD'] == 'POST') Depending on getting the name of a button to be submitted for your script to work can be problematic in certain instances. Do not SELECT *. Specify the exact columns you want. $_SERVER['PHP_SELF'] is vulnerable to an XSS Attack. Just leave the action out to submit to the same page. You need to kill the script at the header redirect. die(header("Location: index.php")); You need to use prepared statements On the index page, there is no need for another query. You have already set the fname session on login. Just use it now. index.php <?php session_start(); ?> <p>Hello <?= $_SESSION['fname'] ?> You are logged in as Admin!</p> I highly recommend you use PDO https://phpdelusions.net/pdo
-
No. What you have is nothing close to login code. I will let someone else take it from here.
-
How do you expect to login a particular user without a WHERE condition? Of course you are going to keep getting the same user.
-
please review critically on my new social network
benanamen replied to shan2batman's topic in Website Critique
Your server is vulnerable to a Clickjacking Attack. You have NUMEROUS stray tag html errors. You are running an outdated version of Apache Server and are announcing it to the entire world.- 2 replies
-
- socialnetwork
- social
-
(and 1 more)
Tagged with:
-
If you want a real critique from programmers you should post your code on github.
-
With Laravel as a starting reference, what have you done that improves on it? What do you plan to do in the future to improve on it?
-
You don't need two queries. Perhaps @Barand will show you.
-
@cyberRobot, the OP has mysqli_select_db () bass akwards.
-
Using a DB is overkill for this. You should also be using the month number for the key, not the month name. <?php $months = [ "1" => "January", "2" => "February", "3" => "March", "4" => "April", "5" => "May", "6" => "June", "7" => "July", "8" => "August", "9" => "September", "10" => "October", "11" => "November", "12" => "December" ]; ?> <select name="month"> <option>Select Month</option> <?php foreach ($months as $month_number => $month_name):?> <option value='<?= $month_number ?>'><?= $month_name ?></option> <?php endforeach;?> </select>
-
I have to jump in as well. Your post is probably the #1 worst way to ask for help. The only thing that is missing is the "Urgent, I need it fixed by tommorow".
-
Not sure where to begin... I`m stuck. PHP of course.
benanamen replied to KommerSnart's topic in Job Offerings
I am available for hire. My contact is in my profile. -
Instead of doing the includes, why don't you start with a single page of code and get that to work first. The index error is because you are trying to use a POST variable before it is set. You need to make sure it is set before you try to use it. Your code is so all over the place I can't even follow it well. I will leave it to others to take it from here unless you can post revised single page code.
-
HELP needed on this simple code no output no error
benanamen replied to newbaba's topic in PHP Coding Help
You are using print_r wrong and several of them are formatted wrong anyways. Replace all the print_r's with echo but even then, the code is still badly written. There is no need to echo/print $100% HTML. http://php.net/manual/en/function.print-r.php -
Contact form - success message in the same page
benanamen replied to adex1's topic in Javascript Help
There is no need for Ajax. Basic form handling is all you need. <?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ // Send email code die('Thank You!'); } ?> <form method="POST"> <label>Name</label><br > <input name="Name"> <input type="submit" value="Submit" > </form>