Jump to content

Phi11W

Members
  • Content Count

    45
  • Joined

  • Last visited

  • Days Won

    3

Phi11W last won the day on April 14

Phi11W had the most liked content!

Community Reputation

6 Neutral

About Phi11W

  • Rank
    Member
  1. Obligatory XKCD reference: Little Bobby Tables Regards, Phill W.
  2. The problem is common to Users, everywhere. Provide them with a mechanism to reset their own password and it becomes their problem entirely. MD5 is completely broken. Update to something at least vaguely secure. Until somebody spends an afternoon and works out your "Magic Method" and then all of your formulaic passwords are laid bare. Attempting to roll your security system is almost always a Fools Errand. Far better to randomly seed their password. Oh really? Anything that identifies a Data Subject is considered Personal Data and you are storing two of them right here. id. Uniquely identifies each Student. OK, probably not much use on its own, but in context with other information, this could be used to identify, locate or track an individual. name. Just how Personal does Data have to get? Regards, Phill W.
  3. Is the value actually blank or does your web browser display it as "blank", by trying to interpret the value as HTML? Either escape [the characters in] the value, preventing it from being shown "as" HTML or use your browser's "Developer" tools to examine the value - that will allow you to see "raw" value. Accepting Html-like values in this way can be extremely risky. It's all too easy for a [malicious] client to slip in <script> tags which, if you display them without proper "protection" will execute that script code! Regards, Phill W.
  4. OK, you've created a PHP String variable that just happens to contain some text that your DBMS can make sense of (i.e. you've written some SQL). As others have said, it's very risky SQL, as it stands, but it's still SQL. But it's still only a String variable. You need to tell your database to do something with it (i.e. to execute it). Regards, Phill W.
  5. I think you may have had a "Lucky Escape" here. Your code failed on the "select". It might be that you have a "delete" statement a few lines further down ... If so, you would have been removing "real" Data from your Live database! You need to find a way to prevent this "cross-Environment" connectivity from happening again. Regards, Phill W.
  6. Why do you feel the need to? IPv6 is already here and gaining in usage. Let's face it, there are only so many IPv4 Addresses and more devices coming on line every day. There will come a time when IPv4 will be is phased out. Why would you want to deliberately future-fail your code by locking it into this older protocol? There is no effective difference between "127.0.0.1" and "::1". It's the [loopback] address of the local machine and, once your Application goes out onto its real server, your Application will, most likely, never see it again, anyway. No real difference? Well, some of us might have to go buy a new T-Shirt to replace the one with this message: 😉 Regards, Phill W.
  7. If the user has never voted, then all of the individual votes values will be NULL. If all of the values given to SUM() are NULL, then the result is also NULL. You may want to add code to your query to handle this case. I think ... IFNULL( SUM( votes ), 0 ) ... will do what you want. Regards, Phill W.
  8. Lots of good alternatives, but here's the basic problem with your code. You're creating a new tr ("Table Row") element for for every item so yes, they will appear on separate rows. Try creating a "tr" before starting the loop, then add a pair of "/tr", "tr" elements after every fifth item, and remember to close the last row after the loop. Regards, Phill W.
  9. How about something altogether simpler and more user-friendly: <a href='www.11.com'>ABC</a> <a href='www.22.com'>ZXC</a> <a href='www.33.com'>CCC</a> No need for "error messages" at all. Only give the Users options for things that they're allowed to do. "What's the best way to prevent someone from shooting themselves in the foot? Don't give them a gun in the first place!" Regards, Phill W.
  10. $row1 is an associative (keyed) array containing the data returned by your SQL query. That's a good enough "store" for this context. If the "if" is misbehaving, then you need to find out what values it's [not] working with. This is the fundamental core of "debugging" your application - getting in amongst the code and seeing what's going on. The var_dump() and print_r() functions are your friends here. $row1 = mysqli_fetch_assoc($result1); var_dump( $row1 ); if($row1['accountType'] == 'Student') . . . Regards, Phill W.
  11. String Comparsons in PHP are case sensitive. Is idNum a number or not? If it is, then the value passed in $user should not appear in quotes. Doing so forces MySQL to perform an implicit Type Conversion, which can cause some nasty side-effects. Better still, use a prepared statement to pass the parameter value; that will protect you better from SQL Injection attacks. No need to do this in two successive queries. Let your Database do the Joining: select u.courseCode , m.field1 , m.field2 , m.field3 , ... from user_info u inner join module_details m on m.classListCourseCode = u.courseCode where u.idNum = ? Never use "select *" in Production code. Regards, Phill W.
  12. An alternative is to encapsulate this logic into a Class that represents a Player. You would populate an instance of this class from a database query and the class contains a method that handles this name formatting for you - with the advantage that it willthen be consistent for any Player. class Player { function __construct( ... ) // Probably from a database query { $this->forename_ = ... ; $this->surname_ = ... ; } function __toString() : string // Simplifies debugging { return $this->formatName(); } // Here's the encapsulation of the name-formatting logic // Write it once, use it many times! public function formatName() : string { return sprintf( '%s-%s', $this->forename_, $this->surname_ ); } public function forename() : string // Simple property retrieval { return $this->forename_ ; } public function surname() : string // Simple property retrieval { return $this->surname_ ; } private string forename_ ; private string surname_ ; } Regards, Phill W.
  13. The error happened on line 36 of the file "index.php". That may or may not be in the slab of gigantic code you posted. $this is only valid inside [instance] methods of a class. Regards, Phill W.
  14. "Danger, Will Robinson!" Your suffering from [Evil] Type Coercion here. $_POST variables are all Strings. Feeding them into the date() function forces PHP to parse and convert the given String value into a Date value, which can have some very confusing consequences. More importantly, though, your quoting is messing things up. PHP doesn't understand the "smart"/sloping quotes that seem to have their way into your Post, so I'm assuming you're not really using those. 🙂 Double-quoted strings have variables inside them expanded. Single-quoted string do not. $x = '10' ; if ( '10' === "$x" ) => true because $x is expanded into the value '10' if ( '10' === '$x' ) => false because '10' != '$x' So, your first call to the date() function really is trying to make a date out of the String value '$fromdate'. Lose the quotes to pass the value of the $fromdate variable. You should never trust User input, so you should be explicitly parsing the POST'ed String values to make sure they represent sensible Date values, and then pass the resulting Date values into the date() function. Regards, Phill W.
  15. Roles are hooks that you can hang permissions off. Users are just Roles that can log into the database. "Cluster" is just PostgreSQL-speke for the PostgreSQL "instance". Nothing to do with multiple machines or multiple databases. Databases are .. well .. databases. Schemas are logical subdivisions of databases, but not widely used, in my experience. Not at all. You can have many, many Roles, all doing different things, all in the one database or across many databases. All of the settings above are there for PostgreSQL itself to work. Let well alone. Read up on the Host Based Authentication file and how it works. Getting this wrong can leave your database wide open to attack. Start adding your own rules to allow access for you and your Application. host all all 1.2.3.4/32 md5 # Application Host host me all 2.3.4.5/32 md5 # development machine As requinix quite rightly says, that's removed all authentication from connections matching that Rule. Quoting from the Documentation: Personally, I'd say never user "trust" in the pg_hba.conf. Regards, Phill W.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.