Jump to content

Psycho

Moderators
  • Content Count

    12,056
  • Joined

  • Last visited

  • Days Won

    120

Psycho last won the day on September 24

Psycho had the most liked content!

Community Reputation

570 Excellent

About Psycho

  • Rank
    Move along, nothing to see here

Profile Information

  • Gender
    Not Telling
  • Location
    Canada

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You are using the "keys" from the user submitted data as the field names in your query! DO NOT DO THIS! Never trust the data from the user. Just because you provided the field names in the form does not mean that the user will submit that back. The user could arbitrarily send any field names or even malicious SQL code to expose or corrupt your DB.
  2. You are passing a string as the parameter for "jobTitle" <a href="Careers Results.php?jobTitle=Animator"> Then you are forcing that string to be an integer and comparing it to the original value (a string). A string and the integer value of a string will NEVER be the same. if( (int)$id == $id && (int)$id > 0 ) { Assuming your job titles have an ID (integer) and a Name (string value), you should craft your links to pass the ID as the parameter and not the Name. Use the Name as the text for the link: <a href="Careers Results.php?jobTitleId=5
  3. Your RegEx for email addresses is already flawed. Use built-in methods unless, as @gizmola stated, you have a use case that is not supported). As to your second question, if the error message you are referring to is one that is thrown from the DB, then you should absolutely have logic to show the message you define. Never expose DB errors to the user. You should always capture those and show a "friendly" message to the user that does not expose any details they could use to infiltrate the system.
  4. I think what you are after is having the course ID be the VALUE of the option (which is what is sent to the server) and the Course ID as the LABEL for the option. Also, only SELECT the field(s) you want in a query - do not use '*' $resultset = $conn->query("SELECT course_id, course_name FROM tbl_courses"); while($row = $resultset->fetch_assoc()) { echo "<option value='{$row['course_id']}'>{$row['course_name']}</option>"; }
  5. Not "horrible". There are use cases where that makes more sense than labels. E.g. when designing a form for a mobile device where screen real estate comes at a premium.
  6. For that matter, why have $obj2 at all! Just use $obj->Location where you want that value.
  7. Before you do that, you can verify if that is the problem. View the source of the page where the full name is not displayed and see if it is there in the content, but in such a way that it is malformed. You originally stated " . . . he is adding descriptions to the photos via a back end form, if he uses an apostrophe as in O'Sullivan for example, when he saves the entry, the description text does not show at all." First, I think it would be unlikely that output of the descriptions would be within an attribute. It might make sense if using the ALT attribute for an image, but that isn't nor
  8. I see no "link" in your code. I assume that the function l() is creating the links. You could find that function and modify it to take an additional (optional) parameter for the class. Then modify the code to insert that optional parameter value as the class. EDIT: Or do what @requinix said.
  9. You previously stated Based on that comment, this might make more sense: while ($stmt -> fetch()) { $users[$role][$id] =[$fn, $ln]; } You will then have a multidimensional array in a logical format based on the data, like this: array ( [Chef] => ( [8] => ('FName', 'LName') ), [Manager] => ( [15] => ('jon', 'smith'), [2] => ('Chelsea', 'Hockley'), ) ) You could then iterate over the results something like this foreach($users as $role => $roleUsers) { //Can add a header for each role here
  10. The title of your post was with regard to how much mocks should be utilized in Unit Testing. But, in your post you state you feel there is a lack of Black Box testing. Black Box testing is a form of User Acceptance Testing, not a form of Unit Testing, so the title and the content of your post are contradictory. With regard to Unit Testing, there is no "correct" amount that should or should not be comprised of mocks (in my opinion). It should be dependent upon what it is being tested. Now, if your question is really about whether Unit Testing (with or without mocks) replaces the need for B
  11. With all due respect, I'm not going to try and learn your code and THEN generate what the output would be to determine what the problem is. We don't have your database to try and create the HTML that would be generated from that code. If you have a problem with the HTML that is generated, you should first look at the HTML. Then, once you find the problem, you can go back to your code that generates the HTML and determine the fix. Create a complete page with a few records and then post the HTML. I assume you have certain style properties on one or more divs to implement the scroll bar, but
  12. Not so much about "need be" as it is you "should be". As I said, an auto-increment field will probably work in most situations, but if you have a date field you should absolutely be using that. It's about using good programming techniques. For example, how records are created/managed could change (especially in large projects with many developers). There could be logic that allows a record to be "replaced" with a new record that simply changes the existing record and sets a new "created date". Sorting by the ID would then have that record display out of sequence. And understand that is just an
  13. So, the 'absents' for a particular record (in your example 30) is the sum of all absents where the RecNo is less than or equal to 30? SELECT SUM(Absents) FROM [table_name] WHERE RecNo <= 30 That will give you the total Absents for a single entry. But, if you want a query to return multiple records showing the Absents " . . . at each level of entry", I think the only solution is a sub-query - which would be very inefficient in this case (if ONLY doing in SQL). I would highly suggest querying for all the relevant records and calculating the Absents at each level in code.
  14. @kicken's answer is "correct", but I would highly advise against using such a general function. While that function is correctly using a prepared statement and protecting the $sid value, you cannot use prepared variables for table/column names. This leaves open the possibility for that function to open a potential exploit depending on how it is called. A function/method should be secure on its own without having to worry about how it is called. While prevailing logic is to write code once (i.e. don't build duplication functionality) when dealing with data it is typical to have explicit setter/
  15. To add some clarification, when there are multiple ORDER BY conditions, the query will order by the first condition. Then, if there are records with the same value in that first condition, then it will sort those records by the second condition. And so on through all conditions. I.e. the second (subsequent) condition(s) only apply when two records have the same value for the first (preceding) conditions. As @cyberRobot stated, your query will first sort all records by the project_id. Then, if any records have the same project_id (a scenarios I expect would never occur), then it would s
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.