Jump to content

Phi11W

Members
  • Content Count

    84
  • Joined

  • Last visited

  • Days Won

    6

Phi11W last won the day on June 18

Phi11W had the most liked content!

Community Reputation

17 Neutral

About Phi11W

  • Rank
    Regular Member

Recent Profile Visitors

1,070 profile views
  1. Depends on how many "levels" you need to work with. If you only need, say, immediately related parent or child records, or even as far as grandparent or grandchild, you can do that with a regular query, just joining the table to itself the required number of times. select ... from table1 parent inner join tabel1 child on parent.child = child.parent inner join table1 grandchild on child.child = grandchild.parent ; But, as soon as you start getting arbitrary depth of nesting, a CTE is the way to go. Also, bear in mind that you want some way of stopping this
  2. Over the lifetime of this (or any other) Application, you will spend far more time reading its code than you will writing any of it so go for whichever form expresses your intention most clearly. Personally, I'd go with the former or, perhaps, an even more concise one: if ( ! isset( $_SESSION['user'] ) ) exit ; if ( 'SiteOwner' !== $_SESSION['user'] ) exit ; I'm not sure of the context in which this runs - perhaps a redirect to another page might be more appropriate than the "exit"? YMMV. Regards, Phill W.
  3. Excellent! If anyone asks, you're now applying the Principle of Least Privilege, getting your application work with the minimum level of permissions - just what it needs and nothing more. Also, you are now qualified to laugh openly at anyone that runs their entire Application as root. 😉 Regards, Phill W.
  4. This is a fundamental difference between files and directories. On a file, the execute bit makes the file .. well .. executable. On a directory, the "execute" bit makes the directory "navigable", i.e. you can get "into" it. At present, you can see that the directory exists - you can 'r'ead it in a listing of the parent directory - but you cannot navigate into it. To do that, the directory must have its Execute bit set. More typical permissions on a directory would be 750: User:rwx Group:rx Other:(None) This link explains it better, albeit talking about NFS and
  5. In a Client-Server application, like this, you have to consider two, very separate Environments: The secure Environment, in which your code runs and your database lives. Here, you can Trust everything. Everything is stored in "proper" Data Types. Life is Good. 🙂 The unsecure Environment, which is everything outside the secure Environment. This includes the User's browser and even the TCP/IP channel between your server and that browser. Here, you can Trust nothing. All data is encoded into Character Representations of itself (Users cannot enter "numbers" or
  6. Here's an idea to try and get your head around ... You cannot click on anything in PHP. PHP is a server-side technology so you can only get it do anything by sending it an HTTP request, by loading a URL, submitting a Form or sending it an AJAX request. Clicking is a client-side thing, usually supported by Javascript code that runs in your browser (and often sends AJAX requests under the covers). Fire up the "Developer Tools" in your favourite browser and step through the Javascript code as it runs. Regards, Phill W.
  7. You don't need JSON data (unless you actually want to store JSON data). Use two database connections - one to the local database, another to the cloud one - then loop through the data from the local one and insert it into the cloud one: $insertDB -> prepare('insert into cloud_users values ( :id, :username )'); $readDB -> prepare('select id, username from users order by 1'); $readDB -> execute(); while ( $row = $readDB -> fetch() ) { $insertDB -> execute( [ 'id' => $row['id'], 'username' => $row['username'] ] ); } Regards, Phill W.
  8. I'm guessing that's because you told it to? while( $r = mysqli_fetch_row( $result ) ) { echo "<option data-location_name='$r[1]' data-location_phone='$r[2]' value='$r[0]' selected> $r[0] </option>"; // ^ ^ ^ ID!! // | | ID // | Phone // Name // } Trying putting the name ($r['location_id']) inside the option ele
  9. Taking these statements in order: $rec = mysqli_query( $db, "SELECT FROM joborder WHERE id=$id" ); This tries to execute a SQL query and puts the result - hopefully a set of results - into $rec. The function can also return false if its execution fails - which it will because your SQL in invalid. (What were you hoping to get from the joborder table?). I'll gloss over your SQL Injection Attack vulnerability for now. $record = mysqli_fetch_array( $rec ); Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in line 8 So now PHP is complain
  10. You have an array containing the field names that were passed into the function. That array is used to build the SQL statement so those columns will be returned in each row. Now, for each row in the returned data, you need to loop through your fields array and pull out each value from the row, by field name, something like this: while( $row = $results->fetch_assoc() ){ $dlm = ''; foreach( $fields as $field ){ echo $dlm . $row[ $field ]; $dlm = "\t"; } } Regards, Phill W.
  11. Personally, I prefer to have my SQL clean and self-contained but then I don't have to work with WordPress. YMMV. Here's one way: public function wpquery_select($conn,$sql,$fields){ $sql = replace($sql,'*',implode(',',$fields); <-- Assumes your query has "select * ..." $results = $conn->query($sql); . . . Regards, Phill W.
  12. Thank you for posting your database's root password for the whole world to read. Go and change it right now. Stop using the root user in your Application code. Create dedicated accounts for each of your Applications and grant these accounts appropriate permissions. Always keep the biggest and best tools to yourself (so that you can sort out the mess made by other people or programs). Stop using Reserved Words as table / column names (e.g. "user" & "password"). Doing so will come back to bite you, at some point. Don't store the user's actual password. Instead
  13. Which file? Would you expect both the load() and save() method [of this subclass] to all the work to find out which file they needed to work with? No. What might be more "normal" would be to tell the object which file is should "save" itself to, i.e. you would pass the load() and save() methods the path to the target file. But then you have another problem ... This is a Box. A Musical Box, wound up and ready to ... no; that's a different story. This is a Box. It will be one of many Boxes and each of these will need to load() and save() themselves to/from somewhere
  14. You structure looks wrong to me. You have multiple form elements, each of which contains one select element with two option elements. I would expect there to be one form element, which contains one select element, which contains one or more option elements. echo( '<form method="POST">' ); echo( '<select name="inv">' ); if( mysqli_num_rows($result) ) { echo( '<option>' . $row["rizikos_lygis"] . '</option>' ); while( $row = mysqli_fetch_array($result) ) { printf( '<option value=\'%s\'>%s&nbsp;%s</option>' , $row["su
  15. As Brand says, try the assembled SQL manually and see what the database is objecting to. Some other thoughts: 1. You're wide open to an SQL Injection Attack. Obligatory XKCD Reference - Little Bobby Tables. Less severely, you're effectively excluding anybody with an apostrophe in their name, e.g. "Peter O'Toole", from registering with your site! Not that you'd be the only one, according to IrishCentral. Why is this? Because in your PHP code you're building a String value that just happens to contain some text that your database should be able to make sense of. By
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.