Jump to content

Phi11W

Members
  • Posts

    152
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by Phi11W

  1. This XPath expression will find a product if it is is stock and return no items if it's not. $items = $xml->xpath( "/ STOREITEMS / PRODUCT [ @ITEM = '$product_queried' and STOCK / text() = 'In Stock' ] " ); Regards, Phill W.
  2. Add this condition into your "select" statement so that it only retrieves the relevant items for displaying. Don't retrieve everything and then filter it in PHP code. Regards, Phill W.
  3. At it's most simplest, your solution is called an "If statement". The HTML page loaded into the User's browser submits data to your PHP for processing. As as essential part of that processing, you should validate the supplied data values against your chosen criteria. In this case, they need to enter a valid [Character Representation of a] Date that must be earlier than the current date. If the supplied data does not match your criteria, then you send error back message(s) that the HTML (or Javascript) has to show to the User. Regards, Phill W.
  4. This is an environmental issue between your local server and your Production one, i.e. something is set up differently between the two. That require() statement is telling PHP to go and read the contents of some file and to fail if it cannot find that file. The file is specified in the variable, $view. To what value is this variable set to on your local server? Where does the PHP code set that value? Regards, Phill W.
  5. From what you've shown? No idea. What does the trValue() function do? Please remember - you are looking at this problem all the time. We only get to take the most cursory of glances at it during a quiet[er] half hour or over the lunch-hour. We are not psychic. (Some people around here are really Good, but none of us are that Good!) 🙂 We don't know what code you've written since your last posting - for example, this "$details" thing has appeared. Regards, Phill W.
  6. Simpler than you might think. The foreach loops through the array, giving you the key and value of each item in turn. For every item, you want to insert the Table Row construct. For the item where the key is "ct", you want to insert some extra "stuff". Try this: foreach( $arr as $k => $v ){ $x .= sprintf( '<tr><td> Td %s </td><td> Td %s</td></tr>', $k, $v ); if ( 'ct' === $k ) { $x .= $Insert_HTML_Here ; } } Regards, Phill W.
  7. PHP has a handy strtotime() function that does exactly that. Since you're [still] building your SQL dynamically, you do need to worry about how to format the Date Literals in your SQL. Ideally, you should use Parameterised Queries that will take care of this for you but, as you're not there yet, you need to format the Date literal to ensure no ambiguity when passing it to the database. $yfrom = date( 'Y-m-d', $dateTimeValue ); $yuntil = date( 'Y-m-d', $dateTimeValue ); $queryfebus = "SELECT x, y, z FROM glamm_pedidos WHERE fecha_folio BETWEEN '$yfrom' AND '$yuntill' "; Also, make sure that the columns in your database tables really are a Date Data Type. All too often, we see people complaining about the "format" of the Dates in the database tables. One of the "Rules" or Relational Databases: Dates have no format. None that you or I need to worry about, anyway. If you think that your Dates have the "wrong format", then the chances are that you actually have Character data that just happens to look like Dates. That's never a Good Thing and will cause you all kinds of grief. Regards, Phill W.
  8. Obligatory XKCD reference: Little Bobby Tables Regards, Phill W.
  9. The problem is common to Users, everywhere. Provide them with a mechanism to reset their own password and it becomes their problem entirely. MD5 is completely broken. Update to something at least vaguely secure. Until somebody spends an afternoon and works out your "Magic Method" and then all of your formulaic passwords are laid bare. Attempting to roll your security system is almost always a Fools Errand. Far better to randomly seed their password. Oh really? Anything that identifies a Data Subject is considered Personal Data and you are storing two of them right here. id. Uniquely identifies each Student. OK, probably not much use on its own, but in context with other information, this could be used to identify, locate or track an individual. name. Just how Personal does Data have to get? Regards, Phill W.
  10. Is the value actually blank or does your web browser display it as "blank", by trying to interpret the value as HTML? Either escape [the characters in] the value, preventing it from being shown "as" HTML or use your browser's "Developer" tools to examine the value - that will allow you to see "raw" value. Accepting Html-like values in this way can be extremely risky. It's all too easy for a [malicious] client to slip in <script> tags which, if you display them without proper "protection" will execute that script code! Regards, Phill W.
  11. OK, you've created a PHP String variable that just happens to contain some text that your DBMS can make sense of (i.e. you've written some SQL). As others have said, it's very risky SQL, as it stands, but it's still SQL. But it's still only a String variable. You need to tell your database to do something with it (i.e. to execute it). Regards, Phill W.
  12. I think you may have had a "Lucky Escape" here. Your code failed on the "select". It might be that you have a "delete" statement a few lines further down ... If so, you would have been removing "real" Data from your Live database! You need to find a way to prevent this "cross-Environment" connectivity from happening again. Regards, Phill W.
  13. Why do you feel the need to? IPv6 is already here and gaining in usage. Let's face it, there are only so many IPv4 Addresses and more devices coming on line every day. There will come a time when IPv4 will be is phased out. Why would you want to deliberately future-fail your code by locking it into this older protocol? There is no effective difference between "127.0.0.1" and "::1". It's the [loopback] address of the local machine and, once your Application goes out onto its real server, your Application will, most likely, never see it again, anyway. No real difference? Well, some of us might have to go buy a new T-Shirt to replace the one with this message: 😉 Regards, Phill W.
  14. If the user has never voted, then all of the individual votes values will be NULL. If all of the values given to SUM() are NULL, then the result is also NULL. You may want to add code to your query to handle this case. I think ... IFNULL( SUM( votes ), 0 ) ... will do what you want. Regards, Phill W.
  15. Lots of good alternatives, but here's the basic problem with your code. You're creating a new tr ("Table Row") element for for every item so yes, they will appear on separate rows. Try creating a "tr" before starting the loop, then add a pair of "/tr", "tr" elements after every fifth item, and remember to close the last row after the loop. Regards, Phill W.
  16. How about something altogether simpler and more user-friendly: <a href='www.11.com'>ABC</a> <a href='www.22.com'>ZXC</a> <a href='www.33.com'>CCC</a> No need for "error messages" at all. Only give the Users options for things that they're allowed to do. "What's the best way to prevent someone from shooting themselves in the foot? Don't give them a gun in the first place!" Regards, Phill W.
  17. $row1 is an associative (keyed) array containing the data returned by your SQL query. That's a good enough "store" for this context. If the "if" is misbehaving, then you need to find out what values it's [not] working with. This is the fundamental core of "debugging" your application - getting in amongst the code and seeing what's going on. The var_dump() and print_r() functions are your friends here. $row1 = mysqli_fetch_assoc($result1); var_dump( $row1 ); if($row1['accountType'] == 'Student') . . . Regards, Phill W.
  18. String Comparsons in PHP are case sensitive. Is idNum a number or not? If it is, then the value passed in $user should not appear in quotes. Doing so forces MySQL to perform an implicit Type Conversion, which can cause some nasty side-effects. Better still, use a prepared statement to pass the parameter value; that will protect you better from SQL Injection attacks. No need to do this in two successive queries. Let your Database do the Joining: select u.courseCode , m.field1 , m.field2 , m.field3 , ... from user_info u inner join module_details m on m.classListCourseCode = u.courseCode where u.idNum = ? Never use "select *" in Production code. Regards, Phill W.
  19. An alternative is to encapsulate this logic into a Class that represents a Player. You would populate an instance of this class from a database query and the class contains a method that handles this name formatting for you - with the advantage that it willthen be consistent for any Player. class Player { function __construct( ... ) // Probably from a database query { $this->forename_ = ... ; $this->surname_ = ... ; } function __toString() : string // Simplifies debugging { return $this->formatName(); } // Here's the encapsulation of the name-formatting logic // Write it once, use it many times! public function formatName() : string { return sprintf( '%s-%s', $this->forename_, $this->surname_ ); } public function forename() : string // Simple property retrieval { return $this->forename_ ; } public function surname() : string // Simple property retrieval { return $this->surname_ ; } private string forename_ ; private string surname_ ; } Regards, Phill W.
  20. The error happened on line 36 of the file "index.php". That may or may not be in the slab of gigantic code you posted. $this is only valid inside [instance] methods of a class. Regards, Phill W.
  21. "Danger, Will Robinson!" Your suffering from [Evil] Type Coercion here. $_POST variables are all Strings. Feeding them into the date() function forces PHP to parse and convert the given String value into a Date value, which can have some very confusing consequences. More importantly, though, your quoting is messing things up. PHP doesn't understand the "smart"/sloping quotes that seem to have their way into your Post, so I'm assuming you're not really using those. 🙂 Double-quoted strings have variables inside them expanded. Single-quoted string do not. $x = '10' ; if ( '10' === "$x" ) => true because $x is expanded into the value '10' if ( '10' === '$x' ) => false because '10' != '$x' So, your first call to the date() function really is trying to make a date out of the String value '$fromdate'. Lose the quotes to pass the value of the $fromdate variable. You should never trust User input, so you should be explicitly parsing the POST'ed String values to make sure they represent sensible Date values, and then pass the resulting Date values into the date() function. Regards, Phill W.
  22. Roles are hooks that you can hang permissions off. Users are just Roles that can log into the database. "Cluster" is just PostgreSQL-speke for the PostgreSQL "instance". Nothing to do with multiple machines or multiple databases. Databases are .. well .. databases. Schemas are logical subdivisions of databases, but not widely used, in my experience. Not at all. You can have many, many Roles, all doing different things, all in the one database or across many databases. All of the settings above are there for PostgreSQL itself to work. Let well alone. Read up on the Host Based Authentication file and how it works. Getting this wrong can leave your database wide open to attack. Start adding your own rules to allow access for you and your Application. host all all 1.2.3.4/32 md5 # Application Host host me all 2.3.4.5/32 md5 # development machine As requinix quite rightly says, that's removed all authentication from connections matching that Rule. Quoting from the Documentation: Personally, I'd say never user "trust" in the pg_hba.conf. Regards, Phill W.
  23. One of the elements submitted with the POST request should be the name attribute of the clicked [submit] button. Some of your buttons have the name "out". Some of your buttons have no name at all - they should all have one. None of your buttons have the name "inside", which your PHP code is testing for. Regards, Phill W.
  24. Since the two tables have no fields in common, I assume you want a linking table ("Weak Entity") between the two, something like this: create table employee_attendance ( empno ... , att_date ... , Ot ... , primary key ( empno, att_date, Ot ) , foreign key empno references employee ( empno ) , foreign key ( att_date, Ot ) references attendance( att_date, Ot ) ); I'm guessing at the primary Key for the attendance table here - an employee would attend something ("Ot?") on a given date. Don't use reserved words, like date, for table or column names. Eventually, it will come back to bite you. Regards, Phill W.
  25. My recommendation? Don't do it. $teams is an array of Strings with, I assume, two elements (as in "A v B") so you don't want to restrict the number of elements there. If you restrict the length of the Name Xml element, then you run the risk of losing the second team entirely or even breaking your own code: Arbitrarily cutting this at 25 characters, your code only just gets the ' v ' delimiter that the explode() function requires. If you did the cutting at twenty characters, or if the former name were just two characters longer, then you would lose that delimiter and your code might well break, receiving only one element in the resulting $teams value. $hie->Name = 'Arnold Schwarzenegger v Sylvester Stallone' ; ^ 1 2 | 3 123456789012345678901234567890 I have to ask "why" you want to do this at all ... If your application allows names to be longer than 25 characters, why are you truncating them? I suspect your Users would be less than impressed if they chose much longer names and your code just chopped them off at some arbitrary limit.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.