Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by bakertaylor28

  1. This should be <form action="/multi.php" ...> because, assuming multi.php is in the root directory of the server, you need the forward slash to denote any address that is on the resident server and is not a GET Request via http. If it is in a subdirectory, it will be action="/path/to/file.php"
  2. I get that part, but the syntax is different in how it's deployed depending upon the language you're using.
  3. That helps my understanding of it quite a bit. (I'm quite new to SQL and have only done a modest bit of PHP- This is my first project from scratch.) . So the best structure, If I'm understanding it, is to combine everyone's data into the same table and use a WHERE statement. I'm also guessing that you can use WHERE column A=something AND column B = something else AND column C= something else (going as many columns as need be) if necessary? I'm having a hard time finding examples of SQL queries within the context of PHP that actually work.
  4. To clarify, it would be the same table structure for everyone, but would be different user-supplied data for each account, in a setting where data integrity matters, forensically speaking. It would seem that by providing the account with it's own database table, it then, worst case, minimizes the impact of SQL injection- because the injector then only theoretically would effect only one particular table Vs. the potential for wiping out the whole database (and thus effecting the integrity of the whole SQL server) if everything is stored in one table. The idea is essentially de-centralizing vs.
  5. The idea is that by pulling data from a smaller table in which all the data would be used (e.g. given a SELECT * from table argument) would be faster and more efficient than having to use the form of Select * from table WHERE parameter1=x and parameter2=y type of argument.) because it would seem that the latter takes much more time and resources to execute, and would be more secure because we're partitioning tables.
  6. The application I'm building issues an account and then basically stores a set of property information (such as make/model, serial number, etc.) to the individual account and allows the user to recall the information in his own account but not in other user's accounts. It also will allow "marking" certain property missing, etc. to display to super users (e.g. people manually verified to have a right to know the info and then granted a superuser status) using an administrative "level" model , while the system administrator has access to all of the information everywhere. My first instinct
  7. This seems to be because you're mixing obsolete sql with sqli. You can't use both in the same database call. The big problem I see with this is that you should be using prepared statements in the first place.
  8. Following the KISS principle, The way I would handle this is to have each button submit to a different php script and do a header redirect if need be. This approach is particularly useful if you can't use mod_rewrite such as if you're using nginx.
  9. What is the best table structure when constructing what will be a potentially large multi-user platform? Example- Each user inputs their own individualized information into a table, for recall only to that specific user and to certain other users defined as administrators or half-administrators super users. Would it be better to store this all in a single table, or to give each user their own individual table on formation of the account?
  10. I would have never really thought about it that way, in that I would have to double check the login script to make sure I'm not inadvertently setting a session var using post data. I'm still quite new to SQL though have dabbled a bit in php, though mostly have done content not involving databases until now. Thanks for your help.
  11. Why do I need a prepared statement IF I'm not accepting user input, and the material already in the database was derived from a prepared statement? It would seem that a prepared statement isn't necessary here because, correct me if I'm wrong" injection only concerns parsing user input into a database, not reading a database.
  12. let me guess, $user needs to be escaped in single-quotes for SQL to be able to read the variable?
  13. My first thought. (and it actually worked with the issue with $user, as I was able to successfully echo the variable to demonstrate it had been fixed.) However changing it to $priv = $row['su'] still threw the same error, as if to say that SQL isn't properly returning $row['su'] at all- but if this were the case I'd expect an SQL error a )s opposed to variable undefined.
  14. I've read that- in fact it was my fist stop in approaching this- though I'm not sure how it applies here, as none of the examples there seem to be directly on point.
  15. Of course, i realized to put the entire table in there and close the sql connection just before closing the function. (Mind you I ended up wrapping all of this within a function, and then calling the function in the HTML code after closing the main php tag and issuing <!DOCTYPE HTML> due to the complexity of the HTML code everywhere else to keep the HTML halfway readable, other than the code for the table itself which doesn't make a difference, as well as to keep the end user from reading the php code.) But you helped me figure out the problem- namely that I can't write these thin
  16. My login script stores the user's login name as $_SESSION[ 'name'] on login. For some unapparent reason, i'm getting errors stating that $user and $priv are undefined variables, though I've attempted to define $user as being equal to $_SESSION['name'], using $user to look up the the user's privilege level (stored as the su column ) in the SQL table, and then where the result of the sql query is $priv which is then evaluated in an if statement. I can't seem to figure out why this might not be working. The code I'm using: <?php session_start(); function verify() { //verify that t
  17. so, if I'm understanding you correctly, then the code would look something like this? if ($result = mysqli_query($link, "SELECT * FROM accounts", MYSQLI_STORE_RESULT)) { while ($row = $result->fetch_assoc()) { echo '<table><th></th>'; echo '<td>$row["id"]</td>'; // and so on for each column... } } mysqli_close($link);
  18. I thought that was what the whole point of what that loop did as it is written, or at least that is the explanation on practically every site I've seen, in that this is the code example given practically everywhere to do what I'm trying to do.
  19. So then how would you do this if there's no way to hard code the exact number of rows into the script?
  20. I'm trying to simply display the contents of an entire database for the purpose of building an administrative super-user into the back-end to remove login credentials without having to resort to having to manually interact with Mariadb or PHPmyadmin. However, the code is only returning the last row that was entered into the database. I can't seem to figure out why it's not working as intended. The code is intended to simply display the entire contents of the database into an html table. The code i'm using: <?php $link = mysqli_connect("", "database user", "password", "log
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.