benanamen
-
Posts
2,134 -
Joined
-
Last visited
-
Days Won
42
Posts posted by benanamen
-
-
I don't want to make unnecesesarry changes on files.Then I guess you will be updating your code because it is very necessary. I thing the "will not work at all" part is enough reason all by itself, let alone the security implications.
-
@scootstah, Excellent starting point.
@rashidpathiyil, Stop crying
and go through that tutorial as well as the one for HTML & CSS https://www.codecademy.com/tracks/web How to make a website https://www.codecademy.com/skills/make-a-website and when your down on all that, the SQL tutorial https://www.codecademy.com/courses/learn-sqlAfter you understand all that, your likely to come back providing answers for people rather than asking for answers. Code on my brutha!
-
We know how to make it. But we are not going to do it for you. You need to go study some tutorials and learn the basics.
You're not ready to ask for help yet.
-
1
-
-
I have some free time on my hands today. If you can provide a zip of EVERTHING I need to run it, I will look into it. That also includes an sql dump of the db including create table sql and at least a few rows of sample data.
-
To properly secure WordPress, select the WordPress folder, then hold down the Shift key, now click Delete.
-
1
-
-
@valandor, speechless! Thanks for the LOL!
-
Duplicate Post of http://forums.phpfreaks.com/topic/298539-how-to-create-a-actionphp-page-for-html-form/
DO NOT POST THE SAME THING MORE THAN ONCE.
-
There is definitely something to do in the code. You are using obsolete Mysql code that does not work at all in the latest version of PHP. You need to use PDO with parameterized queries.
-
You commented out the error reporting and display. Start with un-commenting that and tell us what errors you get.
-
1
-
-
I suggest you install a local development server. There is xampp and wamp for starters. I don't use either one (I use Zend Server) so I couldn't tell you what to choose. I am sure others will be able to recommend one over the other
-
Does the name of the actual file with the Php code have a .php extension? If so, does it do the same thing when you view that file directly? Additionally, are you viewing this file through a web server local or otherwise?
-
First things first. You are using obsolete Mysql code that will not work at all in the current version of Php. You need to use PDO with parameterized queries.
Second, the whole thing can be done in ONE sql statement.
Third, your active and exempt columns should be tinyint with a lenth of 1 and use the values 1 or 0 for yes/no
Fourth, why are you re-selecting your database.
-
ATTN: Moderator
DUPLICATE POST OF http://forums.phpfreaks.com/topic/298507-creating-a-sub-and-sub-sub-menu-using-category-and-sub-categories/
@thara, Do not start a new thread on the same subject.
-
Dang it! Thanks @QuickOldCar, you are quick.
-
Typos is but a minute issue but is worth mentioning.
not worried about accidentally mixing up the order of parameters? It would be a very easy thing to do with more complicated queries.Actually, on longer queries I have done exactly that so you got me there. Working on my own stuff easy enough with question marks. Other peoples stuff the named parameters would definitely be the better option. I guess I have been lucky, I rarely work on someone else's application. All my projects are ground up builds. Even if they have an existing app, it ALWAYS has mysql_* and other bad code and is faster and cheaper to start from scratch.
-
That is a whole mess of echoing and escaping. Here ya go...
Option One
echo <<<EOT <tr valign='top'> <td width='45%'><b> House District: </b><font color='red'>{$row['district']}</font><br> {row['first_name']} {$row['last_name']}<br> {row['address']}<br> {row['csz']} </td> <td width='55%'> <b>County(ies): </b><font color='red'>{$row['county']}</font><br> Capitol Phone: <font color='green'>{$row['cap_phone']}</font><br> Office Phone: <font color='green'>{$row['bus_phone']}</font><br> Home Phone: <font color='green'>{$row['home_phone']}</font><br> Email: <a href='mailto:{$row['email']}'>{$row['email']}</a> </td> </tr> EOT;Option Two
<?php while ($row = $result->fetch_array(MYSQLI_ASSOC)): ?> <tr valign='top'> <td width='45%'> <b>House District: </b> <font color='red'><?= $row['district'] ?></font><br> <?= $row['first_name'] ?> <?= $row['last_name'] ?><br> <?= $row['address'] ?><br> <?= $row['csz'] ?> </td> <td width='55%'> <b>County(ies): </b><font color='red'><?= $row['county'] ?></font><br> Capitol Phone: <font color='green'><?= $row['cap_phone'] ?></font><br> Office Phone: <font color='green'><?= $row['bus_phone'] ?></font><br> Home Phone: <font color='green'><?= $row['home_phone'] ?></font><br> Email: <a href='mailto:$row['email']'><?= $row['email'] ?></a> </td> </tr> <?php endwhile;?> -
To answer your question, the first example by far. The values of the second example is just throwing a bunch of duplicate data at me. All I need to know is that in the first example, their needs to be the same amount of question marks. There is no need to "read" question marks, only count them.
It is also, 112 characters vs 170 characters. Times that over an entire application and that is a whole lot of extra typing. Also, your not likely to misspell a question mark.
-
I recommend you use named parameters in PDO instead of ?'s. Once you have a bunch of parameters it's a huge pain to keep track of the order of them and such.Could you elaborate on that please. I use question marks and have no problems whatsoever regardless of how much data is being inserted. Either way, you still have to know the order and if your POST data names/variablenames are the same as the DB columns it is clear what your dealing with. And if there are 20 pieces of data going in, you just count 20 question marks. Mysql is more than happy to tell you if your question mark count is off. Named parameters is just more typing which means more prone to typos. I also never create extra variables out of the post data as I see many doing, the OP included. It is just not necessary whatsoever. Nevertheless, this one really comes down to the coders preference IMO, they are both the right way to do it.
I am just happy our brother @jiros1 is not using Mysql_*.
EDIT* Uh, my response more geared to doing insert. OP is doing an update. Still not a problem ever for me.
-
UPDATE JTBL_Game_Category
SET Category_ID=?
WHERE Game_ID=? AND Category_ID=? -
As @QuickOldCar said, you need to validate/check your data first.
-
Try this:
if($adminString == "False"){ die(header("Location: /path_to_file/error.php")); }Another thing you could do is just redirect them back to your main page and not even show an error to the user.
-
I was on my phone when I first read your post so I didn't notice the parenthesis making up the Javascript.
@mac_gyver has given you what you need for the JS output.
-
The problem with your code for starters as a you're using obsolete code that will not work in the latest version of PHP. You need to use PDO or mysqli. The second problem is you're creating your own problem. Just echo out the full string you want without creating all those variables with the commas. That sure doesn't look like javaScript.
-
While that is good and sound advice, it should also be pointed out that those functions require Php version >=5.5.0
Many web hosts are only running versions 5.3.x or 5.4.x if the are even that current.
Help with arrays.
in PHP Coding Help
Posted
@hansford, nice, clean answer.