Jump to content

Gimple

Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by Gimple

  1. I'm creating a content site where I show previews of the articles. In the HTML (which is stored as a TEXT row in my database) there is a <a name="continue"></a> tag in it. I want to end up with a variable that has everything before that tag to display to my user, and cut off everything after it (and including it). What's the best, or a good way, to accomplish this?
  2. Where do you get a free SSL? It has to be signed by a trusted third-party to avoid being blocked by browsers and blacklisted from the search engines, right?
  3. Whoops. I kinda figured that, but I was so set on making my site secure, I changed every query to a prepared statement. I guess I wasted a few hours of my time. Oh well.
  4. Never mind. I should have Googled before asking. I just realized I needed to use a foreach() loop instead of a while(). EDIT: By the way, I've looked but can't seem to find where I change the thread to "Answered". How do I do that?
  5. Hi, With Jacques1's MAJOR help I've been updating my code and changing all queries to run with prepared statements. But it looks like I've run into what will probably be my last problem before this project is complete. After I query my database, how do I run a while() loop to return the data? Here's what I've got, and it's not working: $prospects = $conn->prepare("SELECT * FROM prospects WHERE decline=:decline"); $prospects->execute([ 'decline' => false ]); while($prospect = $prospects->fetchAll()){ //code } I've also tried just fetch(), but no go. Do you know why this isn't work and how I can fix it?
  6. Hi again. I seem to have encountered a problem. My code was using mysql_insert_id() to get the id of the inserted row, but now that I've changed the query to prepared statements that doesn't seem to be working. Doesn't mysql_insert_id() work with prepared statements? If not, how can I get the id of the row I just inserted in my database?
  7. Ah ha! Bingo! It's all working now. Wow, this is great. Thanks so much for your help!
  8. I'm trying to use fetch(), but clearly I'm getting it wrong, because nothing's happening. Here's my code: $users = $conn->prepare("SELECT * FROM users WHERE email=:email"); $users->execute([ 'email' => $email ]); if(!$users->rowCount()){ header("Location: ?error=3"); } else{ $user = fetch($users); if($password == $user['password']){ //code } else{ header("Location: ?error=4"); } } Where am I going wrong?
  9. Great. I actually figured out I could use rowCount() doing some Googling. Now I've encountered another problem I haven't had any luck with Google yet. I was using mysql_fetch_array() to fetch an array from my query, but that doesn't seem to be working now. Is that old mysql too? If that doesn't work, how would I go about fetching an array from my database? Once I got that figured out, I think I'm good.
  10. OK, I'll update my connection using PDO. One question about that. In your example, what does $dsn stand for? Is that host name? Also, what would I know use instead of mysql_num_rows() to check if the query returned any results?
  11. The script still isn't running. Here's all of my code, just in case there's a problem elsewhere. $dbHost = 'localhost'; $dbUser = 'gimple'; $dbPass = 'XCw3@#'; $dbName = 'gimple'; $conn = new mysqli($dbHost, $dbUser, $dbpass, $dbName); $users = $conn->prepare("SELECT * FROM users WHERE email=:email"); $users->execute([ 'email' => $_POST['email'] ]); if(!mysql_num_rows($users)){ //code } else{ //code } Any idea?
  12. I seem to be having a problem with the correct syntax. Been trying to change my queries to prepared statements, but the script does nothing. Here's an example of my code: $users = $conn->prepare("SELECT * FROM users WHERE email=?"); $stmt->bind_param("s", $email); $email = $_POST['email']; $users->execute(); if(!mysql_num_rows($users)){ //code } else{ //code } What am I doing wrong?
  13. Thanks Benanamen! Very helpful. I didn't think the solution was going to be only a few lines of short code!
  14. Jacques1, thanks for that example of a prepared statement. Very helpful. But would you please also give me examples of prepared statements for SELECT and UPDATE queries too? All the examples I've found searching the net are of INSERT queries. But I'd like to know how those two others work as well.
  15. Hi again, I'm here with another question... I want to be able to let a user type their full name (first and last, separated by a space obviously), in one input field, then I want my code to separate the first and last name into two different strings when it's executed. Anyone have any idea how I would do that?
  16. dalecosp, SQL injection is when people insert code into a form on the site that can mess with the database, right?
  17. My only focus is to built a site that serves 10s of thousands of people and generates a million dollars in revenue per year, and if being an expert programmer isn't required to accomplish that, I could care less if my code doesn't appease any old random hacking perfectionist.
  18. benanamen, you're probably right about all the things you mentioned in your last post, but you're still wrong about using a person's first and last name for their username. And that's what I was addressing. I wasn't questioning your hacking skills, just your judgment and rashness. I know I'm a crappy programmer. But I do what works to get the result I want. That's all I care about at this point. Anyway, I figured out a solution to my last problem. So this thread is solved.
  19. dalecosp, wow, thanks so much! I've basically got it working now with your help. However, the results I'm getting are these: name name1 name12 name123 etc. Instead of: name name1 name2 name3 etc. I'm an amateur coder, and I coded it a bit different than you did. Here's my code: function checkname($url){ $users = mysql_query("SELECT * FROM users WHERE url='$url'") or die(mysql_error()); if(mysql_num_rows($users) > 0){ return true; } else{ return false; } } while(checkname($url)){ $num++; $url = $url. $num; } Any idea where I'm going wrong? benanamen, your advice is useless. Most unsolicited advice is. Your sig says you're never wrong. Well, guess what. In this case, you are!
  20. When a new user signs up, they're assigned a user name (their first name and last name combined in a single string). Because there may be two or more people with the same name, how do I create a loop that will check my database to see if that username already exists, and if it does add a number on the end to make it different, then run another query to see if that one exists too. And keep doing this until a free one is found.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.