Jump to content

ChenXiu

Members
  • Posts

    177
  • Joined

  • Last visited

Everything posted by ChenXiu

  1. To this question, I have more questions than answers. 1.) Will the PHP program actually bring such a wife? 2.) If so, how much will this program cost? -and- 3.) What is the purpose of the money denominations? Is that how much money you need to keep the wife from running off with a younger man?
  2. I understand PRG ("post redirect get") as follows: "index.php" welcomes visitor. Visitor adds data, clicks submit button. A new "Post page" appears and a Chart is displayed. Visitor continues adding data to this "post.php" page via the "Add New Data" button (... as visitor adds data, "post.php" continues posting to itself, and displays updated Chart. ) When visitor is finished, visitor clicks the "Finished" button. if(isset($_POST["finished"])) { // insert all data into mySQL for upcoming INVOICE; header("location:thank-you.php",true,303); exit; } The "thank-you.php" page retrieves and displayes the mySQL data as an invoice. QUESTIONS: 1.) Anything I could do better? 2.) When visitor is on the "thank-you.php" page, reloading (F5) simply reloads the page without resubmitting data. This is good, right? (I understand that's the purpose of PRG, avoiding multiple invoices and resubmittal of data) 3.) BUT....if visitor clicks the Browser Back Button, browser displays "Document Expired: document no longer available." Is this supposed to happen? Is this normal behavior? Thank you, as always, I appreciate the help and the "pushes in the right direction."
  3. No, I'm just dumb. I have no formal training in PHP, everything I learned is just from goofing around with it. My website is basically one page, not a whole lot of 'architecture' 😀 I don't know.... Did you read the "it is not required to obtain consent for these cookies" section of the GDPR (https://gdpr.eu/cookies/) ??? I think you're right. Maybe more like a Yam 😀 I didn't think of that! Thank you for pointing that out. In fact, I remember the Boss of my shared hosting account scolding me for so many mySQL queries (must have overloaded his dialup connection). My experience is the opposite. When I implemented Sessions, the ability to go backwards and forwards was lost! In fact, I had to implement "ini_set('session.cache_limiter','public'); session_cache_limiter(false);" so that visitors COULD "go back / go forward." But something is telling me this is the wrong thing to do. What do you think?
  4. After MONTHS of wrestling with "Sessions," battling ENDLESS "undefined index," "undefined this or that," "this array is not a string you idiot" errors, I think my website finally works. NOW I WANT TO SCRAP IT ALL! While fighting Sessions a few weeks ago, one of the best Admins here tossed out an idea, "...or you could use mySQL." I thought the suggestion was ridiculous ("just answer my damn question don't give me stupid alternatives")... but now the more I think about it: 1.) Sessions are a pain. 2.) Sessions are really glorified cookies a.) Nobody really likes cookies b.) Time is wasted contemplating the 'GDPR compliance' loophole (I don't want a dumb banner on my site) 3.) Sessions DO add a drag/overhead that IS noticeable, albeit barely. 4.) MANY people proudly have "cookies disabled" on their browser Conversely, mySQL is 1.) Ridiculously fast 2.) Appears to me Virtually BULLETPROOF from a "server storing server-generated data" standpoint. 3.) If you love annoying banners, you can put one up that says "THIS SITE DOES NOT USE COOKIES!" BUT.... There are 2 problems I need to overcome: Problem 1.) How to "maintain state" i.e. follow visitor through the site? Maybe generate a unique ID like this? $uniqueID = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); Problem 2.) My product page expands as visitor continues POSTs more products to it...... How do I "maintain state" if visitor tries to add an additional product via a $_GET request from a referral page? Example: Product Page: Bicycle: $25.00 // visitor now posts a Horse: Product Page now says: Bicycle: $25.00 Horse: $100.00 // visitor now posts a Buggy: Product Page now says: Bicycle: $25.00 Horse: $100.00 Buggy: $10.00 // visitor now adds a Donkey, via Referral Page: Product Page now says: Donkey: $25.00 (Notice how all $_POST data just got lost?) Hmmm....... Any thoughts will be appreciated (maybe not appreciated right away, but eventually 😀 )
  5. Thank you Barand. Appreciation offered. Fortunately (and unfortunately) I realized that there is no answer to my original question (it can't be done). QUESTION: Can a "where clause" be added to an "insert.....on duplicate key update" query without additional queries? ANSWER: NO. REASON: Because for the "...on duplicate key update" portion to know whether some string exists in some column, there must, by definition, be an additional query. Although I appreciate Your's and Req's answers because they offer alternative "mysql-based" solutions, I don't like them. Req's answer of creating additional tables and then having to tie them creates all kinds complexity I don't need in my life. And your answer would result in an abominably large, and endlessly growing, table. My solution ended up being that $_SESSION["flavor"] captures vistor's $_POST["flavor"], with the following simple line of code: if ( strpos( $_POST["flavor"] , $_SESSION["flavor"] ) == FALSE ) { mysqli_query( $conn , $barands_concat_query ); }
  6. No, you missed the plot. Remember a few days ago you taught me how to CONCAT the "flavor" column? You said to make Sessionid a "unique" key, thus your "ON DUPLICATE KEY UPDATE" suggestion. So, my question is when using an "Insert.....on duplicate key update...concat" how do I NOT concat if the value is already there? I am trying to learn mySQL and all the things I can and can't do. I am trying to learn if I can add a condition to an "Insert.....on duplicate key update...concat" query. If you scroll back up to the top to my table definition, you will regain the plot, rather than going off on a tangent.
  7. My table structure is: CREATE TABLE mytable ( sessionid varchar(255) DEFAULT NULL, flavor varchar(25) DEFAULT NULL, id int(4) NOT NULL AUTO_INCREMENT, PRIMARY KEY (id), UNIQUE KEY sessionid (sessionid) ) And my query updates the 'flavor' column: $query = "insert into mytable (sessionid , flavor ) values ( '".session_id()."' , 'vanilla, ' ) ON DUPLICATE KEY UPDATE flavor = CONCAT(flavor, VALUES(flavor) )"; Basically, if the flavor column already has the strings vanilla chocolate and strawberry, I would not want the mySQL query to concat "chocolate" to the flavor column, because the flavor column already contains "chocolate" If I have a hot fudge sundae with pinapple sauce and strawberry sauce, and a new waiter comes by offering chocolate sauce, I will say "Yes, UPDATE my sundae, please concat it with chocolate." However, if a waiter comes by with more strawberry sauce (which is already on my sundae), I will tell the waiter, "No, do not insert chocolate into my sunday. Do not update it or concat it."
  8. Already doing this while I await a solution. Hopefully there are some mySQL experts out there. My question is: How can I make "on duplicate key update" update a column only if a specified condition is met?
  9. TL;DR Best way to CONCAT with a "WHERE" clause? Here is my "flavor" table, where flavors get added. CREATE TABLE mytable ( sessionid varchar(255) DEFAULT NULL, flavor varchar(25) DEFAULT NULL, id int(4) NOT NULL AUTO_INCREMENT, PRIMARY KEY (id), UNIQUE KEY sessionid (sessionid) ) I run this query: $query = "insert into mytable ( sessionid , flavor ) values ( '".session_id()."' , 'vanilla, ' ) ON DUPLICATE KEY UPDATE flavor = CONCAT(flavor, VALUES(flavor))"; The "flavor" column now has "vanilla." I run subsequent queries using "chocolate" and now the "flavor" column now contains "vanilla, chocolate, " Running the query again using "strawberry" will make the column contain "vanilla, chocolate, strawberry, " PROBLEM: if I run the query again using "chocolate", I do not want chocolate to appear twice! ( I just want "vanilla, chocolate, strawberry" I don't want chocolate to be doubled up "vanilla, chocolate, strawberry, chocolate" ) I tried appending a "WHERE" clause (... where flavor not like 'chocolate' ...) but that doesn't work because it's against the mySQL rulebook. How can this be accomplished without having the additional "overhead" of a second mySQL query? (and without the yearning for an ice cream sundae?) Thank you.
  10. I do this: $result = $mysqli -> query("SELECT * FROM mytable") { // do something } Many online tutorials wrap with "if" if ( $result = $mysqli -> query("SELECT * FROM mytable") ) { // do something } After trying it both ways with hundreds of different variations, I cannot produce differing results... What POSSIBLY could be gained by wrapping my mysql queries with an "if" statement?
  11. Yes sir. I did give this serious thought. I was able to make everything work by simply serializing $_POST data, and retrieving it when the $_GET request is made. But then I read about all the dangers and pitfalls of serializing $_POST (not to mention, doing so would be uncultured and uncivil). I made a list of pros and cons: mySQL Cons I am not very good at mySQL (writing the simplest prepared statement requires about 3 hours debugging afterwards) I have to worry that one day a visitor will decide to Post too much inventory data and my varchar(255) columns would be too small. (If I used "text" or "blob" I would be worried my table is taking too much unnecessary pace, greenhouse gases, etc.) mySQL Pros Visitor would NOT need cookies enabled. Page loads 2000 milliseconds faster with Sessions off. Session Cons Pages take .02 seconds longer to load I still don't know how to properly destroy a session I don't like the "feel" of "something hanging around" (like having a ghost in the room) Session Pros I can monitor (better) what my Visitor is doing and where they are going using session_id() Everybody uses sessions and cookies (that's why websites are so slow nowadays) Sessions seem adequately secure. If my website gets hacked, they'll leave immediately because my $_SESSION code has made a mess of everything. If I knew mySQL as well as you do I'd have given full mySQL a shot. ...but I know my place.
  12. So maybe this is normal, or maybe there is a "better way." My website operates on $_POST (sanitized, of course), javascript, and hidden inputs. Visitor posts inventory to my page. This inventory gets added to a big chart. Sometimes, midway through the process, that visitor might add inventory via a 'referral link' which does a $_GET request to my page. "Ker-Plunk" All the $_POST variables are lost. There.... that's my rant. The only simple solution appears to be to always save $_POST data to $_SESSION["post"] on the off-chance some visitor some day ever decides to do a $_GET request from a referral link. 3 weeks of my life has been lost to correcting the neverending 'illegal string offset' and 'undefined index' errors etc. by making sure every last variable is declared... At the very least, I quickly learned early on you don't simply slap $_SESSION["post"] = $_POST at the top of the page. ...and it can't be if(isset($_POST)) { $_SESSION["post"] = $_POST } either! (it has to be if ($_SERVER['REQUEST_METHOD'] === 'POST') {$_SESSION["post"] = $_POST; } Anyway, blah blah blah, that's my rant. Is there a better way? Or is this "how everybody does it?" It seems stupid to have to do all of this.
  13. Thank you 🙏 I feel like I've been yelled at by my mom. But afterwards she makes me some apple pie 😀 I am better now.
  14. ... I finished reading. The [^\dX]+ is indeed very graceful, like a slinky dress. Very svelte. Exactly what I was hoping for. I'm disappointed that I didn't think of it or try it. There's no way I could have ever figured that out. In fact I won't even use it, it will make me mad every time I see it. I am starting to think PHP is like music, or genetics; your either born to be a Beethovin, or stuck for the rest of your life making Elevator music. Why couldn't I have figured that out!? Certainly not for lack of trying. ... Maybe I could have figured it out. Probably not. ...You should have made me try harder.
  15. No no no! As I said already, I want a "one-liner." You sound like one of those Tech Support agents who repeat your entire question back to you ad nauseum. As I said already, I have been working on this for TWO days, do you not think that I have thought this through? Again, already thought this through. I know can make this work with simple String Manipulation, I can do str_replace, etc., In fact, I can simply leave the commas out of my practice regex problem to begin with. Then, problem solved. I am trying to learn RegEx! So look, if I have preg_replace("/[^\d]/",",",'100 horses') the [^\d] replaces everything except digits with commas. If I change that to [^\d\s]/ now it replaces everthing except digits and spaces with commas. MY QUESTION IS: can I tweak "/[^\d]\,+/" to make it replace the multiple commas with a single comma without a nested preg_replace or string operation or other "would you like fries with that?" Thank you. Bless your mind.
  16. REPLACE NON-DIGITS (except "X") WITH COMMA, THEN GET RID OF MULTIPLE COMMAS From this: $string = 11111X ,,, ,222X , abcd ,,,,,,,33333X To this: $fixed = 11111X,222X,33333X I gave myself 2 days to come up with a one-liner. This is the best I could do. What am I doing wrong? $fixed = preg_replace("/[^\dX]|,+/",",",$string); (of course I know how to make it happen with a bunch more code, but there's gotta be a simple one-liner 😀 )
  17. Thank you, I will learn about CLIENT_FOUND_ROWS now. Also, rather than: $something = $db->prepare('insert into table (column) values (?)'); Why do some coders wrap their prepared statements in "if" like this: if ( $dog = $db->prepare('insert into table (column) values (?)') ) { Is it just a polite formality, like saying "please?" Give me a newspaper vs If you would be so kind ( give me a newspaper ) Or does it help suppress errors? I've tried it both ways 1000 times and it doesn't appear to matter...
  18. 3 it is! When I run this query on my table (which currently has only 1 row), mySQL answers back "Query OK, 2 rows affected".... Why does it say "2 rows" affected when my table has only 1 row? (Just like my counting "2 good points" when you really made "3 good points," it looks like mySQL is bad at counting, too 😀)
  19. Thank you, good point! Two good points actually! So, varchar is fixed now. The question is whether a future Session ID from a new visitor would ever be the same. In my case, probably yes it will happen...
  20. Visitor's Session ID and a Random Number gets inserted into mySQL. If the page is re-visited with the same Session ID, I want the new Random Number appended to the existing random number already in mySQL. This non-working example is the best I can do. What will make this work? CREATE TABLE mytable ( // my Table structure Session_id varchar(255), Random_Number varchar(6), id int NOT NULL AUTO_INCREMENT, PRIMARY KEY (id), KEY Session_id (Session_id) ) $sessionid = session_id(); $Random_Number = rand(111111,999999); $query = $db->prepare("INSERT INTO mytable (Session_id,Random_Number) VALUES (?, ?) ON DUPLICATE KEY CONCAT(Random_Number, VALUES(?))"); $query->bind_param("sss",$sessionid,$Random_Number,$Random_Number); $query->execute(); $query->close(); I assume if I can make this "one-liner" method work, this method will be faster and more efficient than having to do 2 queries whereby the existance of Session_id is ascertained first, and then subsequently creating a new row if it doesn't exist, or, concating if already exists... If there is a TOTALLY BETTER way of doing this, I am "all ears" (I learned this expression last week "all ears," means I am eager for better knowledge). Thank you.
  21. I tried to type this in my last post but your forum rushed me and said "NO MORE EDITING" so now I have to make a new post. But that is good. More content = better forum. That is why lay people simply answer questions but Admins say "Why do you want to do this?" because it adds content. So I make you happy, I give you two posts. Now you have double good content. Okay this is what I found: I see that in the www.conf in my pool.d, PHP is user="www-data" and group="www-data" Should I be terribly upset about this? Or happy? PHP is "www-data" and belongs to the group "www-data". So the reason I added myself to www-data is so I can edit my own files. But if I go into my files and do chown -R Billybob:Billybob, then Apache and PHP will get angry because they want to own it too, right? So I make it good shared owner "Billybob:www-data" and that way PHP is happy and Apache is happy. And directory / file permissions are 740 and 640 which is better than the 755 and 644 on the OTHER-server-which-I-do-not-own-but-have-a-website-on. Okay what can I monkey with and make it better. I want best configuration on my own server ( we will ignore the other-server-which-I-do-not-own-but-have-a-website-on because I don't have root on that one and I can't change anything anyway, and I don't care about that).
  22. I am quoting myself, here is what I said in my previous post (Quoted above, and below): "I have my own server" -but- "I also have a website on a shared hosting environment" (and also in my first post, I also said): "I have my own server but I also have a website on a shared hosting environment" Like "I have an apple, and I have an orange." I have both an apple and an orange. I have my own server (which I have root), and I also have a website on a shared hosting server. I am sorry to confuse you, my language can be very confusing. On my own server, I installed PHP w/ FastCGI. I did not know that I should know what PHP (FMP / FastCGI) is running as. I will go figure that out at once. Please hang by.
  23. Thank you, here are the answers to your questions: When I log in as $USER ("BillyBob") and run <?php echo exec('whoami'); ?> Result: PHP is running as BillyBob When I log in as root and run <?php echo exec('whoami'); ?> Result: PHP is running as root When I run "groups php" Result: groups: ‘php’: no such user When I run grep php /etc/group Result: (no result) When I run "groups BillyBob" Result: Billybob sudo www-data I am a member of www-data because I always add myself to www-data whenever I set up a server because that's what all the experts on the internet say to do and the internet is always right. I am also a member of AARP but that is a different story. To clarify (my english very poor) I have my own server but I also have a website on a shared hosting environment where every single file and every directory is owned by user/group "Billybob:Billybob" and I can't figure out how the heck on the shared hosting server PHP or Apache can run on everything on Billybob:Billybob files. (I don't 'need' to know, I'm just dying of curiosity). Did you know that there are over 1,000 tutorials on the internet on how to configure permissions ownership and groups on LAMP setups, and I have read every one of them and they are all different. Some moron expert will say to chmod everything to 777 and another expert will say to lock down everything so you can't even write files to your own server. I wish someone smart from the PHP Freak would please write the 5 steps it takes to do it right. I can do that for you. I can write out the 5 line program condensed from the 1,000 tutorials on how I set up my server and then you can criticise it to pieces and I will keep fixing it until you are happy as a pickle and then in the end we will have a wonderful easy 5 line system on how to set up an Apache Server that we can point to when someone asks the same question again in the future and we can say "do some research you silly person this question has already been asked and answered over here by Billybob." That will be fun and then my school will give me a mascot scarf and free ticket to the dance.
  24. After searching for a secure and decent-looking user/apache permission structure for my server's /var/www/html directory, I found an expert-looking answer on askubuntu . Now my directories and files are 760 and 640 respectively, with a "user:www-data" ownership, like this: 760 drwxrw-s--- Billybob:www-data html 640 -rw-r----- Billybob:www-data file.php It appears to work scrumptialiciously. Any previous permission/ownership structure I had presented problems, like php not having directory/file write permissions, or worse, I would not have permissions to write, etc. Question 1: What do you all think of this? Are there any pitfalls I'm overlooking? Question 2: On a shared server I'm on, all my directories and files are 755/644 with ownership at user:user (Billybob:Billybob). How the heck is PHP able to write to directories with this structure? ~ Thank You ~ p.s. please forgive my terrible english. I am not from around here.
  25. I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database. (No super private data like credit card numbers or social security numbers.) Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL. Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above... My thoughts: 1. The "secret cyphers" are located on my server, so if someone hacks my server, they'll get the secret cyphers anyway. 2. Encrypting the Customer Data will add, at the most, 5 extra minutes, for the hacker to find. 3. Perhaps if mySQL was stored on a different server, encrypting may be useful... but mySQL is on same server. 4. On the flipside, if I did get hacked, at least I could demonstrate I tried my best to encrypt what I could... What do you all think? Sorry for my bad english. I am not from around these parts.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.