ignace
Moderators-
Posts
6,457 -
Joined
-
Last visited
-
Days Won
26
Everything posted by ignace
-
$field2 = mysql_real_escape_string($field2); $field3 = mysql_real_escape_string($field3); /// query db and loop through rows example $field2 = $_POST['friend']; $field3 = $_POST['zip']; $field4 = $_POST['grade1']; $field5 = $_POST['grade2']; $field6 = $_POST['grade3']; $field7 = $_POST['grade4']; Should be: /// query db and loop through rows example $field2 = $_POST['friend']; $field3 = $_POST['zip']; $field4 = $_POST['grade1']; $field5 = $_POST['grade2']; $field6 = $_POST['grade3']; $field7 = $_POST['grade4']; $field2 = mysql_real_escape_string($field2); $field3 = mysql_real_escape_string($field3); $votes=$votes++; Apparently you have no idea what $votes++ does and thus you also have no idea what the above code does. That code does this: $votes = $votes; $votes++; I disagree with: type - char - [code to identify which grade] There is no need to store this data as it will be re-calculated on each vote leave it out and create a function called getGrade() that takes one parameter $average to calculate his grade. vid - numeric - [id of voter] uid - numeric [FK for user table] Is IMO the same.
-
Please review. I have finally got it running. www.newgads.com
ignace replied to ltcchuan's topic in Website Critique
If I tab through your website I suddenly get references to banner1.jpg, banner2.jpg, banner3.jpg and banner4.jpg typo: Advanced Search -
$comment = mysql_real_escape_string($_POST[$comment]); $username = mysql_real_escape_string($_POST[$username]); $fullname = mysql_real_escape_string($_POST[$fullname]); $birthdate = mysql_real_escape_string($_POST[$birthdate]); $birthplace = mysql_real_escape_string($_POST[$birthplace]); $deathdate = mysql_real_escape_string($_POST[$deathdate]); $deathplace = mysql_real_escape_string($_POST[$deathplace]); $residence1 = mysql_real_escape_string($_POST[$residence1]); $residence2 = mysql_real_escape_string($_POST[$residence2]); $residence3 = mysql_real_escape_string($_POST[$residence3]); $residence4 = mysql_real_escape_string($_POST[$residence4]); $dadname = mysql_real_escape_string($_POST[$dadname]); $dadbirthdate = mysql_real_escape_string($_POST[$dadbirthdate]); $dadbirthplace = mysql_real_escape_string($_POST[$dadbirthplace]); $daddeathdate = mysql_real_escape_string($_POST[$daddeathdate]); $daddeathplace = mysql_real_escape_string($_POST[$daddeathplace]); $momname = mysql_real_escape_string($_POST[$momname]); $mombirthdate = mysql_real_escape_string($_POST[$mombirthdate]); $mombirthplace = mysql_real_escape_string($_POST[$mombirthplace]); $momdeathdate = mysql_real_escape_string($_POST[$momdeathdate]); $momdeathplace = mysql_real_escape_string($_POST[$momdeathplace]); $spouse1fullname = mysql_real_escape_string($_POST[$spouse1fullname]); $spouse1marriagedate = mysql_real_escape_string($_POST[$spouse1marriagedate]); $spouse1marriageplace = mysql_real_escape_string($_POST[$spouse1marriageplace]); $spouse1birthdate = mysql_real_escape_string($_POST[$spouse1birthdate]); $spouse1birthplace = mysql_real_escape_string($_POST[$spouse1birthplace]); $spouse1deathdate = mysql_real_escape_string($_POST[$spouse1deathdate]); $spouse1deathplace = mysql_real_escape_string($_POST[$spouse1deathplace]); $spouse2fullname = mysql_real_escape_string($_POST[$spouse2fullname]); $spouse2marriagedate = mysql_real_escape_string($_POST[$spouse2marriagedate]); $spouse2marriageplace = mysql_real_escape_string($_POST[$spouse2marriageplace]); $spouse2birthdate = mysql_real_escape_string($_POST[$spouse2birthdate]); $spouse2birthplace = mysql_real_escape_string($_POST[$spouse2birthplace]); $spouse2deathdate = mysql_real_escape_string($_POST[$spouse2deathdate]); $spouse2deathplace = mysql_real_escape_string($_POST[$spouse2deathplace]); $kidname = mysql_real_escape_string($_POST[$kidname]); $kidbirthdate = mysql_real_escape_string($_POST[$kidbirthdate]); $kidbirthplace = mysql_real_escape_string($_POST[$kidbirthplace]); $kidname2 = mysql_real_escape_string($_POST[$kidname2]); $kidbirthdate2 = mysql_real_escape_string($_POST[$kidbirthdate2]); $kidbirthplace2 = mysql_real_escape_string($_POST[$kidbirthplace2]); $kidname3 = mysql_real_escape_string($_POST[$kidname3]); $kidbirthdate3 = mysql_real_escape_string($_POST[$kidbirthdate3]); $kidbirthplace3 = mysql_real_escape_string($_POST[$kidbirthplace3]); $kidname4 = mysql_real_escape_string($_POST[$kidname4]); $kidbirthdate4 = mysql_real_escape_string($_POST[$kidbirthdate4]); $kidbirthplace4 = mysql_real_escape_string($_POST[$kidbirthplace4]); $kidname5 = mysql_real_escape_string($_POST[$kidname5]); $kidbirthdate5 = mysql_real_escape_string($_POST[$kidbirthdate5]); $kidbirthplace5 = mysql_real_escape_string($_POST[$kidbirthplace5]); $kidname6 = mysql_real_escape_string($_POST[$kidname6]); $kidbirthdate6 = mysql_real_escape_string($_POST[$kidbirthdate6]); $kidbirthplace6 = mysql_real_escape_string($_POST[$kidbirthplace6]); $kidname7 = mysql_real_escape_string($_POST[$kidname7]); $kidbirthdate7 = mysql_real_escape_string($_POST[$kidbirthdate7]); $kidbirthplace7 = mysql_real_escape_string($_POST[$kidbirthplace7]); $notes = mysql_real_escape_string($_POST[$notes]); This is tiresome work as these values come from a form. You can ease this process by naming your fields in the following format: <tablename>_<columnname> Then using something similar like: function clean($value, $key = null) { $value = trim($value); $value = strip_tags($value); $value = htmlentities($value, ENT_QUOTES); $temp = @mysql_real_escape_string($value) ? $value = $temp : $value = addslashes($value); return $value; } $_POST = array_walk('clean', $_POST); $tableData = array(); foreach ($_POST as $key => $value) { $fieldParts = explode('_', $key, 1); // tablename_column_name => tablename, column_name (note: 1) $tableName = current($fieldParts); if (!isset($tableData[$tableName])) { $tableData[$tableName] = array(); } else { $columnName = end($fieldParts); $tableData[$tableName][$columnName] = $value; } } foreach ($tableData as $table => $data) { $keys = implode(', ', array_keys($data)); $values = implode(', ', array_values($data)); $sql = "INSERT INTO $table ($keys) VALUES ($values)"; mysql_query($sql) or trigger_error("Query $sql failed.", E_USER_WARNING); } Will input the data into the correct tables.
-
The error says it all. You can't redeclare the function find_products() because it is already defined in db_fns.php on line 53
-
Don't restrict on IP that just doesn't work and only frustrates people because IP's change and users will think your system is flawed because they get a "can't vote because you already voted today" while they just met your website. One of these websites that has this annoyance is megaupload.com when it tells me I already downloaded 10GB.. unless I sleepwalk what I doubt. Plus you also have another problem for example 5 users vote on an item giving it a 5-star rating giving it a total of 5 stars. Now second item received 400 votes and gets an average of 4 stars. You see my point?
-
Why not use HTTP_ACCEPT_LANGUAGE?
-
- Drop the Times New Roman font you should always use sans-serif and keep serif only for headings (http://en.wikipedia.org/wiki/Serif) - Your website is about snooker but only partially through it's header. You can do much more: Look for websites that provide (and allow you to use them in your website) RSS feeds for snooker news on upcoming- and passed official games Instead of explaining what your website is about show content that intrests them by for example using the above tip (they will register automatically) Once they like it allow them to share it with friends which in turn increases traffic (you know that little thing you see on blogs that says: "share this") After your explanation in the news section the About us page seems redundant The images have been poorly cut out (try some photoshop tutorials like http://www.photoshopcafe.com/tutorials/cutout/cutout.htm) * Your login form poorly handles errors (I get a white page with red text) * I can provide invalid data to the register form (and also handles error handling poorly) * Invalid HTML Your website contains no content that inspires me to return to your website. What if I were new to snooker, what would you want to tell me (rules, *famous* players, ..)? What if I were a veteran snooker player, what would you want to tell me then? Gather content that will inspire people to return to your website as much as they can and you soon may be holding a serious market share and millions of visitors Just providing an online (printable) version would be sufficient for some players to visit your website. And by printable I mean a print CSS (http://www.alistapart.com/articles/goingtoprint/) In today's age we also don't create web 1.0 websites anymore and your website should be more social (web 2.0). Don't worry if you don't understand what that Web1.0 & 2.0 stuff is. Allow users to comment (for example list passed official games and allow users to comment on them) I like the design but as you admitted it isn't yours. The points marked with * I consider as extremely important and should be addressed ASAP.
-
LOL he changed it. It first was a different kinda background with a klingon lady on the frontpage Besides I like the criminas better maybe try stealing that one
-
http://stackoverflow.com/questions/1223923/advanced-banner-rotation-algorithms
-
Well the OP hasn't clearly stated for what he is using it but in that case a LIMIT 2 would suffice. The first record would be the where id = 3015 because of ORDER BY id ASC, order_num ASC
-
Don't create 2 topics for the same thing: http://www.phpfreaks.com/forums/index.php/topic,284875.msg1351159.html#msg1351159
-
I hadn't noticed the LIMIT 1, this should do it: SELECT title, abstract, body FROM Articles WHERE category_id = 1 AND id >= 3015 ORDER BY id ASC, order_num ASC; Try this one because UNION is IMO overkill
-
User must activate listing using activation link sent to email
ignace replied to Modernvox's topic in PHP Coding Help
Sorry I apologize misunderstood what you meant. -
Enter a session to start a form from an email link URL
ignace replied to hugeness's topic in PHP Coding Help
The best route would be to not use session's at all and more importantingly not allow impersonation. Instead use a db table in which you store the values for the form: friends_forms (id, uniqid, data) Then using PHP: if (submit) { $hash = sha1(uniqid()); $data = serialize($_POST); $sql = "INSERT INTO friends_forms (uniqid, data) VALUES ('$hash', '$data')"; // send an e-mail to the user containing form.php?unique=$hash // when the friend clicks the link, load the data using hash from friends_forms and fill the form (don't forget to unserialize()) } -
User must activate listing using activation link sent to email
ignace replied to Modernvox's topic in PHP Coding Help
Yes. But how does that solve: -
Don't wrap an object around an object either use it or extend it. class FeedManager extends MySQLi { public function getCategoryList() { /* logic, return $categoryList; */ } } class ItemManager extends MySQLi { public function add($config) { /* logic */ } } class DropDownWidget { public function __construct($config = array()) { /* logic */ } public function render() { /* logic, renders the dropdown */ } public function __toString() { return $this->render(); } }
-
if (!empty($_REQUEST)) { $sql = "SELECT * FROM extraq WHERE programid = $programid"; $result = mysql_query($sql); if (0 !== ($row_count = mysql_num_rows($result))) { // LOL, I just thought about this $rows = array_map('mysql_fetch_assoc', array_fill(0, $row_count, $result)); $keys = array_keys($_REQUEST); foreach ($rows as $row) { if (in_array($row['id'], $keys)) { $id = intval($row['id']); $value = $_REQUEST[$row['id']]; $sql = "INSERT INTO $extraqopt (extraqid, value, subid) VALUES ($id, '$value', $subid)"; if (!mysql_query($sql)) { trigger_error("Query failed: $sql", E_USER_WARNING); continue; // does the code after trigger_error() execute? The manual doesn't explicitly say it doesn't? } } } } }
-
Read this: http://www.phpfreaks.com/forums/index.php/topic,268089.msg1264949.html#msg1264949
-
User must activate listing using activation link sent to email
ignace replied to Modernvox's topic in PHP Coding Help
p2grace by all means share -
- Invalid HTML & CSS - In firefox is the click here rounded corner not shown on the left side - The Learn More navigation on the left side highlights but is not clickable (text is however make the entire button clickable) - "Buy Now" but you give no price or estimate - The actual buy now page does not give the customer much confident that he will actually get something as it looks obscure - Which e-mail? sales@..? - To be honest the website looks like a rip-off. Nice design but the content and functionality is seriously flawed. - I laughed at the Refund Policy. Did you write this yourself?
-
or SELECT title, abstract, body FROM Articles WHERE category_id = 1 AND id >= 3015 ORDER BY id ASC, order_num ASC LIMIT 1;
-
Oh yeah that brings back memories
-
WHOOHOO cags, YOU THE MAN!!
-
Darn I wish someone had told me I would have then put them in a text document.