Jump to content

gizmola

Administrators
  • Posts

    5,251
  • Joined

  • Last visited

  • Days Won

    78

Everything posted by gizmola

  1. One of the several advantages to using prepared queries is that you don't have to escape special characters. Since you are using mysqli_ * api: Quick example from this Mysqli guide, that is well worth reading through... # replace your php parameters in the VALUES section with '?' for each column you are inserting $sql = "INSERT INTO users (name, email, password) VALUES (?,?,?)"; # Now prepare the statement. It is ready for binding. $stmt= $conn->prepare($sql); #bind the values. The first parameter is a type for each column. 's' is for a string. 'i' is for integer. 'd' is for double/float. 'b' is for binary/blobs $stmt->bind_param("sss", $name, $email, $password); $stmt->execute(); Another thing that is beneficial is that once you bind variables, you can simply set them to new values and do another execute.
  2. No worries, this is why the forum exists -- to help people who are working on things, and giving an honest effort, which you clearly are. Glad you are not giving up.
  3. Look at the stuff Barand highlighted in yellow. Here's the first one: <div class="div-table-row" 'text-align: right;'> So what is the problem here? Well you have a css class you are referencing, which is good. Then you have an inline style: 'text-align: right;' Really you should avoid using inline styles, and have your own style sheet you reference in your page, however, if you wanted to do this, the problem is that you are missing the attribute name and equal sign for the inline style definition. <div class="div-table-row" style="text-align: right;"> Also try not to mix your quoting style. For html, best practice is to use double quotes for all attributes. The 2nd problem he highlighted is the same as the first. You have a set of inline styles, but no style=".....".
  4. Also to answer your question, a common technique is to use a hidden form element, if you need to pass an extra attribute that isn't part of the 2 you have in the drop down. You would need a bit of javascript to set it onChange. <input id= "catId" type="hidden"> With that said, you should probably use the cat_id rather than the category to index the select. *edit* See Barands comment ^^^^^^^^
  5. Just going forward, while these type of all in one functions with data & presentation are enticing (and I certainly wrote many of them back in my early days of web development) it's really an anti-pattern that you should avoid. Have a function that returns the data in a format, ideally json, but at very least in a clean php data like an array. Why json? Because it will be easier for you to wire it into a javascript based UI. In the meantime for server side coding, have a separate view script or template. You might organize these by putting them into a subdir named /views or /templates. You could write a simple render($view, $data) function that takes the parameters and require_once() your $view. At that point, your view templates can just concentrate on html, and using alternative php syntax, handle whatever looping you need.
  6. Things like this, with interleaving batch processes also have a propensity to suffer from race conditions. In your case it sounds like you have a form of a race condition, where separate processes interfered with your expectations of how things would work from a timing standpoint. Sometimes the best tool for something is one that already exists. The entire process that copies from linux1 -> linux2 could be done using rsync, and its "--remove-source-files" option. The command would be: rsync --remove-source-files -options /path/to/src/ linux2host:/path/to/dest This is not a criticism of what you built, but just pointing out that if the only reason you have a drive NFS mounted on linux1 is to facilitate this copy process, then rsyncing would decouple the servers, and also likely be a lot more efficient, allowing Linux1 and Linux2 to each do what they were designed for independently. NFS has a good deal of network overhead intrinsic to it, and this copying process is likely producing a lot of network traffic that you don't need, just maintaining state and doing NFS locking. NFS is great when you truly do need to share a filesystem across a number of different servers, but for a 1-1 mount like this, rsync would be better, and is also famous for its high level of performance in copying or syncing files.
  7. I browsed through the code. Did you write this code? Is it from a Tutorial? I don't understand why something new would use Bootstrap 2.0.1, which is a 7 year old version of Bootstrap. I did not find the error messages you provided in your first message. Are these really the error messages that occurred? Without the exact messages, we can't pinpoint where that code is running from.
  8. Post with portions of your problematic code using the code button. We don't allow people linking to archive files, as they could literally contain anything.
  9. Agree 👍. Gotta use Double quotes around strings in Json. -> Spec Here. Scroll down to String. Embedded double quotes have to be escaped with a backslash.
  10. You can call json_last_error() to see what the parser said.
  11. Not clear what you are asking for here, but either way, we need to see some code.
  12. Because in the POST example, you are actually doing an HTTP POST request that goes to a new page. This is why I suggested you look at the network tab, so you can see this in action. In the 2nd (all javascript) you don't actually leave the page, you just run javascript code on your existing page.
  13. Along the lines of what Barry suggested, you also will find looking at the network tab is also very useful, as it might show you what is occurring with the actual request/response. This will also lead you to the sources tab, so you can add a breakpoint to your javascript code and debug it while it's running, which will let you introspect the actual variables.
  14. This hack was for a very old version of the package. You can see that it references an array $str, that is no longer available or used in the script you provided, so this hack is not going to work. The general idea can probably be hacked to work with the existing script, but I can only warrant an educated guess on this. Since it's dependent on the $cl['u'] parameter, I would try and stick this code inside the code that processes that particular url parameter. <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php endif; ?> Since it's fairly obvious that the hack is just injecting a 1x1 iframe, you might try this, but I have no way of testing this at all. Change the code above, to this: <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str = '<iframe src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1"></iframe>'; ?> <?= $str ?> <?php endif; ?>
  15. As you know, you can have multiple optional parameters, but the problem with that is, as in your example, you want the where clause to be default, but the column parameter is something you want to pass, then you have to pass something for the where parameter as well. You would need to pass the same default empty array to your get method: $obj->get('atable', [], 'aCol'); There are lots of different ways to get around this issue. One obvious and simple solution is to change to something like this: public function get($table, $criteria = []) { if (!empty($criteria['where']) && is_array($criteria['where'])) { $where = $criteria['where']; } else { $where = []; } $column = empty($criteria['column']) ? '*' : $criteria['column']; return $this->action("SELECT {$column}", $table, $where); } Then you just call it with your array containing what you want: $obj->get('yourtable', ['column' => 'foo']); or $obj=>get('yourtable', ['where' => ['cola = 3', 'colb = "something"']); This code is tightly bound, so another solution would be to have something like what you see with ORM's like Symfony Doctrine or Laravel Eloquent, where there is a query class, that can be used to define the elements of query in pieces, and then this can be passed to your class that actually constructs, executes and fetches your results.
  16. Hi Heathcliff. Welcome to the forums! Let us know how we can help
  17. I don't see anything overtly wrong, other than you have some wonky markup at the end, where you don't have matching thead/tbody tags. Compare this, where I added the obvious missing tags, to what you posted. <?php // ?> <div class="card-body"> <div class="table-responsive" style="max-height: 70vh"> <table class="table"> <thead class="text-primary"> <th style=" position: sticky;top: 0; background: white" ;> Order no </th> <th style=" position: sticky;top: 0; background: white" ;> Product Name </th> <th style=" position: sticky;top: 0; background: white" ;> Quantity </th> <th style=" position: sticky;top: 0; background: white" ;> Order Date </th> <th style=" position: sticky;top: 0; background: white" ;> Recieve by </th> </thead> <tbody> <tr> <?php echo $tab_content; ?> </tr> </tbody> </table> </div>
  18. This doesn't have anything to do with curl, really. Your question is: "How can I pass information between pages?" This is both a function of HTTP protocol itself (GET requests, POST requests, cookies) and PHP's support for those things ($_GET, $_POST, $_COOKIE, PHP Sessions). The simplest way would be to have dashboard.php accept a url parameter like msg. $msg = empty($_GET['msg']) ? false : $_GET['msg']; if ($msg) { // Display the message in the dashboard } Then your login success code will be something like this: if ($response["Message"] !== "The request is invalid." && $response["Authenticated"]) { $msg = 'login successful'; header('Location: ' . $nextpage . '?msg=' . urlencode($msg)); } else { echo "login failed!"; } As I mentioned you can also do this using php sessions, or set a cookie. There are some advantages to each, and probably for an authentication scheme like this, you would want to use php sessions, since the problem with using get parameters is that your dashboard currently has no way of knowing that a user has logged in or not. So more likely what you want is something like this: Start a session at the top of your login script: session_start(); /// other code if ($response["Message"] !== "The request is invalid." && $response["Authenticated"]) { $_SESSION['login'] = true; $_SESSION['msg'] = 'login successful'; header('Location: ' . $nextpage); } else { echo "login failed!"; } Then for Dashboard: session_start(); if (empty($_SESSION['login']) || $_SESSION['login'] == false) { header('Location: /login.php'); exit; } $msg = empty($_SESSION['msg']) ? false : $_SESSION['msg']; if ($msg) { // Display the message in the dashboard }
  19. Did you try and access it via ssh using the instructions they provided? There is also a mention of a security administration package that could be interfering. Just to be clear, the default mysql port is 3306, and since they provide a hosted/shared mysql server, there is no problem with the default port. According to some people, there was an odd bug in regards to the DSN string and remote databases. I have never encountered this myself but perhaps you have an old(er) php stack in your hosting environment? Try this code, cribbed directly from the Best PDO Tutorial $host = 'rdbms.strato.de'; $db = 'DBS*********'; $user = 'DBS*********'; $pass = '***'; $charset = 'utf8mb4'; $dsn = "mysql: host=$host;dbname=$db;charset=$charset"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = new PDO($dsn, $user, $pass, $options); } catch (\PDOException $e) { throw new \PDOException($e->getMessage(), (int)$e->getCode()); } The space between the scheme 'mysql: ' and host= is deliberate in this case. Between that and checking out if you can ssh & the security settings you can change, any other issue probably will require some support from your ISP.
  20. I agree with Barand. It sound like you are talking about making a SQL join between the two tables, but it's not clear. A SQL join is trivial, and you can find numerous examples with a simple google of MySQL JOIN, or if you're using some other database substitute that for MySQL.
  21. Take a look at the manual page for the Datetime::diff method. What you are returned is a "DateInterval" object. All you need to do is call the format method and utilize the appropriate format string -- it has already computed an internal representation of the interval between the 2 dates, and you don't want or need to do additional math to get this represented in days/hours/minutes etc. Just look at the format strings.
  22. Please do read the thread that Barand posted. Somewhere you have started output before the session_start() was called. That could be via error, or even an errant newline character in an included script. For this reason, it is recommended that people omit the closing php end tag for scripts: <?php //Somescript.php // Various code // Don't have an end tag Carefully check the script where this is happening and insure that the include that does the session_start() is doing that before anything else happens. Errors will also trigger output in some situations.
  23. I can only offer a couple of educated guesses. It's real tough to try and debug something you can't replicate. opcache_reset uses a semaphore lock mechanism, and only does the reset when the php script exits. If the script hangs or does not exit, it is possible it will be left in this state. You also need to be sure that you don't have a race condition where there are 2 processes both trying to run opcache_reset -- neither of which will complete as they have deadlocked.
  24. In PHP the backslash is an escape character. So you either need to double up your slashes in the path '//' or better yet, just use forward slashes, which works on any OS including windows. C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe C:/TestNew/pscripta.ps1 2>&1
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.