benanamen
-
Posts
2,134 -
Joined
-
Last visited
-
Days Won
42
Posts posted by benanamen
-
-
I understand what your asking. My question is, why do you want to do this? What is the overall task you are trying to accomplish? And I don't mean how you are trying to accomplish it. I sense an XY Problem. See my signature for explanation.
-
Perhaps you should refer to the manual. You have buried yourself in so much code you can't think straight.
http://php.net/manual/en/datetime.diff.php
<?php $datetime1 = new DateTime('2009-10-11'); $datetime2 = new DateTime('2009-10-13'); $interval = $datetime1->diff($datetime2); echo $interval->format('%R%a days'); ?> -
While you are at it, stop using
if(isset($_POST['btn_submit'])){
And start using
$_SERVER['REQUEST_METHOD'] == 'POST'
You can research on your own why. There is detailed info on the subject in this website.
-
I disagree.
To be clear, you do agree $_SERVER['PHP_SELF'] is vulnerable to an XSS Attack right?
not switching to some other parameter which you hope is safe.
In your experience, have you ever known $_SERVER['SCRIPT_NAME'] to be unsafe in any cases, edge or otherwise?
In this specific case
That would seem key. What about in the case where an index.php includes all the pages from $_GET?
i.e. index.php?p=contact (Code reference: https://forums.phpfreaks.com/topic/302370-router-any-issues-comments/)
Would you advocate always hard coding the index.php name instead of the following:
<form action="<?= $_SERVER['SCRIPT_NAME'] ?>?p=<?= $_GET['p'] ?>" method="post">
As soon as you implement URL rewriting, physical names become meaningless and will likely break the frontend.
You specifically mention the frontend. I pretty much only do backends with the previously noted code link so I don't do URL rewriting. Is there any case with the previous style AND Url rewriting that would be a problem?
-
Your code is all sorts of wrong. I will just point out a couple things.
$_SERVER['PHP_SELF'] is vulnerable to an XSS Attack. You need to use $_SERVER['SCRIPT_NAME']
It appears you are sending user supplied data directly to the database. That is a huge no-no.
You have quite a bit of redundant SQL
-
Why are you querying the users table twice. You are just overwriting the first query. You need to ORDER BY on the column you want sorted by. You don't need to manually close the DB connection. It will close automatically when the script finishes running.
Also, select specific column names, not SELECT * and use the column name results, not row[0]. Who the heck is going to know what you're dealing with when reading the script?
-
http://sims.net/ ????
All that is there is a useless broken outdated site with next to no information or a contact number. Is this a third party company that you do business with or does it belong to you?
If it's third party I would be highly sceptical of trusting my business to them based on what I see there.
As long as we are at it, how about attaching a zip of those php files you listed. Some people on here don't like to download zips but I will sandbox it before I open it.
How locked into this "System" are you? There are much better booking systems available.
* Does this have anything to do with the SIM's reality simulator game?
-
You have a much bigger problem. You are using obsolete insecure Mysql code that has been completely removed from Php.
You need to use PDO with prepared statements.
-
The problem is you have class='row' in the foreach loop so it creates a new row for each record.
-
Ok, got it. Long day in front of the computer.
Could you please attach the entire script.
Are these the certain events and is this the order of display?
Tornado Warning, Severe Thunderstorm Warning, Flash Flood Warning, Flood Warning
-
What are the specific nodes that you want?
-
What is the URL to the XML file?
-
You only created one column. You need this...
<div class="row"> <div class="col-md-3">col 1</div> <div class="col-md-3">col 2</div> <div class="col-md-3">col 3</div> <div class="col-md-3">col 4</div> </div>
-
You know, a link to SIMS would be helpful. A search for SIMS booking gives 466,000 results. The script you use to get the data could also helpful.
-
Are you really going to make us drag info out of you post by post?
WHAT MIS?
IS THERE AN API?
Getting this right starts with the datasource, not your attempt at how to handle it. See the XY Problem in my signature.
-
What I'm referring to can be accomplished with plain HTML and PHP. Basically, a user is presented with a blank form. They fill it out and hit submit. Then PHP processes the submission. If it finds a required field that was left blank, PHP builds the form again and incorporates everything the visitor entered before, along with an error about the missing data
All fine and good and as it should be. What I am saying and others would say, is use CSS for the layout you want, not HTML.
i.e: <table><tr><td>.....
There is nothing more I can say other than that.
-
As previously asked, What MIS system and is their an API available?
Is that the complete DB schema? If so, you are missing tables and have other problems to fix to get it right.
-
You are using obsolete Mysql code that has been completely removed from PHP. You need to use PDO with prepared statements. Post your current DB schema. I cannot tell if you just posted random MIS data or if that is your DB structure as well. If that is your DB it is not correct and needs to be fixed before going further.
* More details on exactly which MIS would be helpful. I assume it means Managment Information System, which one? Is there an API?
-
What you are talking about sounds more like Ajax inline table editing with dynamic table row creation. Of course this can be done if it's what you really want.
This is what I believe you are referring to but I dont think this is what the OP is trying to do.
-
How is a FORM tabular data? Let's not lose sight of where we started. The OP is using a table for LAYOUT/PRESENTATION when he should be using CSS.
-
using HTML tables to layout a page is no longer the best option
I would say that about sums it up. Just like you "could" use <font size = "" color=""></font> or mysql_*, but you know not to.
-
-
You seemed to have missed the "General Form Accessibility" from page 1.
"Make sure that the order in which form elements are accessed is logical and easy. This can sometimes be problematic if tables are used to control layout of form items."
From what I briefly read, that site is not advocating using tables for form layout for accessibility and in fact leans to the opposite. As far as tables in the link you provided, that sections focus is "Handling Multiple Labels" and not about using a table for ease of accessibility. There is nothing about using a table for accessibility leverage.
The answer is still no, do not use tables for form layout.
-
For gawd sake cyber, really?
Get INDEX error message once the page loads
in PHP Coding Help
Posted
@Jaques1,
I like what you did with the foreach for missing parameters. That saves a lot of repetitive error checks.
In your example you go with if not errors continue/else show errors. Any reason not to do the opposite and go with if errors display them/else continue processing. Thinking in logical and positive order (if errors), if there are errors, it seems handling the errors would be step two and not step three. Does it even matter?