Jump to content


  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

ChenXiu's Achievements

Advanced Member

Advanced Member (4/5)




Community Answers

  1. So circling back to my original question.... a while back it was suggested that when the visitor is finished posting and reposting data to a product page, the final page should be a "get request" (for various reasons including disallowing the back button and inadvertantly changing the final 'shopping cart'). To get from a post/repost page to a "header(location)" get request, the only way to carry over data is via sessions. (The only alternative is to have the final "header(location)" page be an ugly url and end in an order number "...example.com/order-complete?ordernumber=123456778" rather than a tidy url like "...example.com/complete.php") So I put the customer's order number into a Session Value. Then, on the final page, I do a mySQL query, select data from my table where orderid = $_SESSION["order_number"]. My problem has been generating the stupid image from my readfile page... I've already got the customer's order number in $_SESSION["order_number"]. I don't need to add yet another id autoincrement column to my mysql table because the table already has the 100% unique order number for the customer, where I can get all the relevant data to display the final "thank you your order is complete page." Currently, I have the image file named after the order number (using <img src=".../readfile_page.php?label=$_SESSION["order_number"] . ".png">) I'm trying to figure out what's wrong with just <img src=".../readfile_page.php"> because my readfile.php page can easily derive the order number from the session and display the image. So, TL:DR (haha too late) the "order number" is already unique (I don't need an id auto increment column in addition to all of that), and if sessions $_SESSION is good enough to carry data over from my post page to the GET request redirect, why all of a sudden not good enough to display an image to the customer while they're browser is open? (I'm not trying to argue -- I'm well aware my PHP knowledge is about 1.5 on a scale of 1 to 100 -- I'm just trying to find out if I missed the boat somewhere, even though I've implemented almost everything suggested here to me).
  2. Sorry, I was just asking if by using sessions and avoiding all file names completely, it seemed to be even more secure. A potential hacker "viewing html source" might see <img src="id123.png"> and then be tempted to try "id124.png" "id125.png" "id126.png" but buy using sessions (which are 100% hidden), the hacker would only see <img src="mylabel"> in the html code. I always thought that in the back of my mind. It actually hurts to see someone say that out loud. Now I'm worried. That begs the question "when" and "how much" should one use sessions? I would assume the following factors as to "when" and "how much" someone uses sessions would be: 1. when the 'convenience value' outweighs the stability of the code 2. how badly will the code and flow be ruined if sessions go wrong 3. how important the session variables are (e.g. just to save a user's color preference red vs green) 4. you need an extra layer of security (e.g. if "order number 12345" is hard coded, making sure $_SESSION["orderid"] == '12345' matches the hard code") 5. when money is involved: if for whatever reason $_SESSION doesn't match the hard code, I would rather have the visitor leave rather than continue with a transaction where something went screwy somewhere.
  3. Circumstance: "label.php" is actually PHP "readfile" page that fetches images from a private root directory. "customer.html" is the public page where visitors view their images like this: Dear Customer, Here Is Your Image: <img src="label.php?image=id_number_1001.png"> Question: Is it okay to use a hidden $_SESSION["filename"] and change what I have now: Dear Customer, Here Is Your Image: <img src="label.php?image=id_number_1001.png"> To this: Dear Customer, Here Is Your Image: <img src="label.php"> This works by having the actual image name stored in a hidden session variable, using the following lines of code on my readfile page "label.php" like this: $imgName = $_SESSION[ "filename" ] . ".png"; $imgPath = "../root_directory/" . $imgName; Since I do not want customers to be allowed to ever see the image again after logging out, is it okay to rely on a hidden session variable for the filename as I described above? (Potential hackers will be less tempted to "try different image names and numbers" like "id1.png, id2.png, id3.png" because they will have no idea if the image will be a gif, jpeg, or png, nor have any idea of a numbering sequence.) Thank you!!
  4. LOL -- the "&" and the "|" are right next to each other on my keyboard 😃 Actually, there comes a point at the end of the day where no matter what I type it is wrong and it generates an error. echo hello; (oops I forgot the quotes). echo 'hello' (oops I forgot the semicolon). But thank you for pointing that out, I'll double-check my actual code to make sure it's not really that way. Thank you, those are very good points. To paraphrase back to you what you said to ensure I understand the idea, it sounds like the proper way to do this is to, no matter what, have the $_SESSION["username"] always set with minimum default values.... then add/change permissions via mySQL as necessary -- thus: 1.) making the check for isset($_SESSION["username"]) unnecessary 2.) giving better (more uniform) control over users (via backend, without needing the user to logout then log back in) 3.) Future-proofing (although just 2 users today, maybe 50 users a year from now). A year ago, I would have said "doing it that way is complicated and a big waste of time because there's only myself and one other user." But I've quickly learned that if I don't code stuff correctly in the beginning, I end up spending days and days re-coding everything per the advice given right here that I should have followed in the beginning 😁
  5. Interesting! Both your ideas - the "placeholder image" with the words "no image here" sounds perfect, and, the storing the real filenames in a database sound excellent. I'm thinking because you made these suggestions, you must be saying there's no way for PHP code (on my html page) to verify what my readfile.php page is generating, right? For example, my html page says: Dear Customer, here is your image: <img src="label.php?label=<?= $filename ?>.jpg"> So there's no such line of PHP code I could precede that with? For example, something that like this pseudocode: <?php if( ! image ("label.php?label=<?= $filename ?>.jpg")) echo "no image"; ?> I'm assuming this cannot be done -- I tried lots of stuff that didn't work.
  6. 😃 Okay I got another one: if(!isset($_SESSION["username"]) && $_SESSION["username"] != 'admin')) { exit; } That's another one I wish I could shorten. If I just do "if($_SESSION["username"] != 'admin')" then I'll get an "undefined index 'username'" error if $_SESSION["username"] wasn't already set...
  7. An image is saved in the root directory. The page "label.php" uses "readfile" to access and display the image using code like this: $file = '../image.jpg'; // IN ROOT DIRECTORY $type = 'image/jpeg'; header('Content-Type:'.$type); header('Content-Length: ' . filesize($file)); readfile($file); The image then gets embedded into an html page and displayed like this: Dear Customer, here is your image: <img src="label.php?label=<?= $filename ?>.jpg"> QUESTION: in the event of an error, how do I dipslay the readfile error on the customer's html page? Even though I have error trapping in the "readfile" code in "label.php" file -- like if a parameter is missing, I'll have exit( "NO IMAGE GENERATED" ). But this error message won't display on the customer's html page because html treats <?= $filename ?>.jpg" like it's a real image instead of displaying the readfile's "NO IMAGE GENERATED" exit error. Make sense? No. I probably have to rewrite my question 😃
  8. Is there a shorthand for: if( $dog != 'bark' ) exit( ' go away ' ); This obviously doesn't work (but I tried it anyway 😃 ) ( $dog != 'bark' ) ?? exit( ' go away ' ); .... I also tried every permutation of: $dog = 'bark' ?? exit('go away'); Maybe a stupid question... after typing it out, if($dog!='bark') exit('go away'); looks pretty short already.
  9. That is fantastic! I also like your change to line 6 -- it makes for clearer code. These days I'm learning to make my code neater, and to use actual words (like your $sku['products']) so at a later time, I know what the heck my code means. Years ago I thought it "saved space" and "made PHP faster" if I scrunched everything on one line! (made-up example): $aaa=array($cz =>$w8);$c=$5;foreach($a as $b){if($b!=0){$czn = $rrr}} <--- OMG! That works fine until 6 months later an "error on line 10" appears and not only do I not remember what any of the variables mean, I can't find the line -- because the entire code is all on one line haha LOL. Anyway, thank you!!
  10. I know, I agree! But I can't. That posted array comes from a 3rd party. Actually, not too long ago when you were helping me with another mySQL issue, I learned about how use create those mini-arrays with my POST data (at first I thought it was complicated, but here's a perfect example of why doing a little prep work in the beginning is an excellent idea). Anyway, I'm stuck with receiving this type of an array. Over the past couple years, I throw about an hour or two a day at it to try to come up with something better -- I have several solutions that work..... but they all involve looping and either using strpos or preg_match. At the end of each daily 2-hour sessions I spend on this, I end up scrapping my work and reverting to what I have because, at least, my original work never triggers any errors 😃 If you can think of any ideas to point me in the right direction I would appreciate it. The only consistant thing I have to go on is the SKU numbers always are digits, are always 5 digits long, and nothing else in the $_POST variable ever has 5 consecutive digits. I cannot think of any other sure-fire way than to loop through each value, capture those 5 digits, and then find every post variable with the captured 5 digits to then capture the quantity and price. (And, once I have that, the rest of my code is starting to shape up nicely).
  11. My longest post of the year..... (thank you in advance for scrolling 😀) Here is what my $_POST array looks like using print_r($_POST) Array ( [newQuantity77777] => 3 [newPrice77777] => 5.00 [usedQuantity77777] => 1 [usedPrice77777] => 3.99 [total77777] => 18.99 [newQuantity88888] => // sometimes empty [newPrice88888] => [usedQuantity88888] => 4 [usedPrice88888] => 12.00 [total88888] => 48.00 [newQuantity44444] => 2 [newPrice44444] => 4.00 [usedQuantity44444] => 0 [usedPrice44444] => 3.99 [total44444] => 8.00 // these values I don't need [date] => July 25 2021 // these values below I don't need [address] => 123 Anystreet Avenue [address2] => [zipcode] => 90210 [city] => Beverly Hills [state] => CA [planet] => Mars ) I've been trying to use that array to create a special "sub-array" for only the SKU numbers and just their new and used quantities and prices. DESIRED RESULT: Array ( [77777] => Array ( [newQuantity] => 3 [newPrice] => 5.00 [usedQuantity] => 1 [usedPrice] => 3.99 ) [88888] => Array ( [newQuantity] => 0 [newPrice] => 0 [usedQuantity] => 4 [usedPrice] => 12.00 ) [44444] => Array ( [newQuantity] => 2 [newPrice] => 4.00 [usedQuantity] => 0 [usedPrice] => 3.99 ) ) Knowing that my SKU numbers are always exactly 5 digits, and no other $_POST keys will ever have 5 digits, I've been able to accomplish this with horribly convoluted and unsatisfactory code like this: $sku = array(); foreach($_POST as $var => $val) { $number = substr($var,-5); if (preg_match("/\d{5}/",$sku)) { $sku[$number] = // the array keys will be the SKU numbers // then I keep looping to look for the string "newQuantity" // capture that value... and create little mini arrays // for my big multidimensional array..... Is there a better way to go about this? Thank you.
  12. [from php.net]: (PHP 4, PHP 5, PHP 7, PHP) join — Alias of implode() So it's just an alias of implode.... (You did that on purpose! :-)
  13. I know you really do know how to do this in just 1 line.... but, "we earthlings are not yet ready for such knowledge" haha 😃 I like the code -- Thank you, it looks perfect, I'm going to try it now. ...uh-oh.... what's that!...darnit -- that word "join" again... and not even using 2 tables. (Just when I thought I had understood what "join" meant.) Back to my mySQL studybooks I guess. I was going to search the internet again for a function on how to use "array_diff" or "array_intersect" using just keys (If I use json_decode, I have an array keyed with the sku numbers) and then I can intersect it with that simple array. But I see your code already does that! Thank you again!
  14. Perfect! I appreciate the implode and rtrim. And I'll use the "prepared statement" style -- but sometimes I wonder how necessary that is when the values are already sanitized (for example, the SKU numbers I'd be inserting have already been preg_replaced to just digits only, and will only be inserted if exactly 4 digits long, etc.) Interestingly, I am suddenly at a loss how to access a JSON value using json_decode without the "true" (and impossible to search for on the internet because all the search results tell people to use the "true" part). Whenever I try to access the array values of just json_decode($var) I keep getting that error message about std class.
  15. An affiliate marketer refers some products which are stored in a simple array. My website creates a JSON variable of all products sold. $all_items_sold = '{"7777":{"item":"hammer","price":"4.99"},"8888":{"item":"nail","price":"1.99"},"9999":{"item":"apple","price":"2.00"}}'; $referred_by_Affiliate = array('1234','8888','7777'); So, out of all the 3 items that sold, only 2 of them were referred by the affiliate marketer. DESIRED EFFECT: insert this product 8888: $1.99 and insert this product 7777: $4.99 into mysql. Currently I do this: 1.) foreach loop, 2.) use strpos to see if it's in the raw JSON variable. 3.) If there, I use preg_match to find the price. 4.) Do a mySQL insert while still in the foreach loop. Is there a "best practices" way to accomplish this? I'm guessing there is a "one liner" so I don't have to do a foreach loop and using strpos. And I'm guessing there is a way to do multiple mySQL inserts all at once with just one line of code, instead of from inside a foreach loop. This probably can all be accomplished with just one line of code total, error trapping included 😁 Thank you.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.