Psycho
-
Posts
12,151 -
Joined
-
Last visited
-
Days Won
128
Posts posted by Psycho
-
-
As @mac_gyver stated, the problem is that line to check if the 't' value was sent. The way it is constructed, that condition will return true if the value is not set OR if the value is interpreted as false (which a zero value will be). You state that this was working for over 12 years and no changes were made to the code. I find that unlikely as PHP would have always interpreted a 0 as false in that condition (as far as I am aware). Perhaps that condition was previously written in a more explicit manner to account for a team ID of zero. E.g.
if(!isset($_GET['t']) || ($_GET['t']===false)
And someone looked at it and thought the code was more complicated than it needed to be and "fixed" it to be simpler.
So, your issue turned out to be exactly what I had hypothesized. You can either find all instances where teamID may be used in your code to ensure that a zero value will always work (poor fix) or (the right solution) change the primary key for that team to another value and then change the foreign key references to that ID.
-
1
-
-
Well, obviously, something has changed. We have no access to the code, the web server, etc. I have provided a "best guess" based on the only piece of information provided: team id is 0. I still think the most likely cause is something due to the value being the value zero.
As to not seeing any errors, what level of error reporting do you have enabled. In a production environment, most errors should be suppressed.
Have you even inspected the page viewTeam.php (and any included pages) to look at the code? Have you added any debugging logic to see where in the execution the logic is failing to do what you expect?
-
Without any code, there is no way to make any type of qualified assessment on what the problem is. But, I will venture a guess.
PHP is a "loosely" typed language. That means that variables can be used as different types. For example, you can use a string variable "2" as an integer 2. My guess is that there is some condition in the code that tests to see if the team ID is valid (i.e. not false). But, because the integer zero is also interpreted as the Boolean False the test is failing. Here is some mock code of what I am talking about:
if(isset($_GET['t'])) { $teamId = $_GET['t'] } else { $teamId = false; } if($teamId == false) { //Team ID is false, don't show the content } else { //Show the team content }
A team ID of zero will result in the error condition. You could correct THAT scenario by using the identical condition of !==. But, there can be multiple scenarios where a zero is being misinterpreted and you would have to look at each one to determine what the correct solution would be. There is a reason that most (all) databases start at 1 as the initial primary ID. Assuming this is a primary key in the DB, I would suggest changing that team's ID to a new unique number and updating all associated data.
-
As @dodgeitorelse3 asks, please show your form code. It is impossible for a single variable (e.g. $_POST['vote']) to have multiple values. I am assuming you have nine checkboxes all with the same name, but different values. That won't work. You need to either create them with different names OR create them as an array. Also, checkboxes are unique in that if they are not checked they are not included in the POST data, so you would want to check that they are set and not just check for the values.
If you name each checkbox differently (the value would be unnecessary in this context)
<input type="checkbox" name="Juste" value="1"> Juste <input type="checkbox" name="Chavez-Gris" value="1"> Chavez-Gris
Then your processing code might look like this
if (isset($_POST['Juste'])) { $result = mysqli_query($db,"UPDATE NewBoard SET votes=votes+'1' WHERE lname = 'Juste'")or die ("Fatal Query Error: " . mysqli_error($db)); } if (isset($_POST['Chavez-Gris'])) { $result = mysqli_query($db,"UPDATE NewBoard SET votes=votes+'1' WHERE lname = 'Chavez-Gris'")or die ("Fatal Query Error: " . mysqli_error($db)); }
Or you could create your checkboxes as an array (this would be my approach)
<input type="checkbox" name="votes[]" value="Juste"> Juste <input type="checkbox" name="votes[]" value="Chavez-Gris"> Chavez-Gris
In which case the processing code might look like this
//Set variable based on POST value or empty array if none selected $votesArray = isset($_POST['votes']) ? $_POST['votes'] : array(); //Check for each value in the $votesArray if (in_array('Juste', $votesArray)) { $result = mysqli_query($db,"UPDATE NewBoard SET votes=votes+'1' WHERE lname = 'Juste'")or die ("Fatal Query Error: " . mysqli_error($db)); } if (in_array('Chavez-Gris', $votesArray)) { $result = mysqli_query($db,"UPDATE NewBoard SET votes=votes+'1' WHERE lname = 'Chavez-Gris'")or die ("Fatal Query Error: " . mysqli_error($db)); }
-
I'm looking for a way to perform multiple LIKE conditions on a field without a string of ORs. In a perfect world, MySQL would support something such as
WHERE field LIKE (SELECT matchField FROM table WHERE . . . )
Here is my situation:
My records in a table we'll call "data" all have a value called an AreaPath which is essentially a hierarchical list. This value is coming from the source data and I have no control over it. Many items will have the same area path. Here is a mock example of what the data might look like:
- Cars\Autos\Peugeot
- Cars\Autos\Peugeot\ Peugeot 404\
- Cars\Autos\Peugeot\ Peugeot 404\Coupe\1952
- Cars\Autos\Peugeot\ Peugeot 405\
- Cars\Autos\Toyota
- Food\Bread\Croissant
- Food\Pasta\Spaghetti
During an import of the data, I'll be creating/updating a table called "areas" with all the unique area paths.
areaId | areaPath 1 Cars\Autos\Peugeot 2 Cars\Autos\Peugeot\Peugeot 404\ 3 Cars\Autos\Peugeot\Peugeot 404\Coupe\1952 4 Cars\Autos\Peugeot\Peugeot 405\ 5 Cars\Autos\Toyota 6 Food\Bread\Croissant 7 Food\Pasta\Spaghetti
In my database, I have a table called "Groups" where a user can define a group by name:
groupId | groupName 9 FrenchThen, the user will be able to define area paths that will be associated with the group (table groupareas). But, the user does not have to define all the distinct area paths only the top levels. For example, if the user selects the area path "Cars\Autos\Peugeot", then it would encompass that specific area path and ALL paths below it (e.g. "Cars\Autos\Peugeot\Peugeot 404\", "Cars\Autos\Peugeot\Peugeot 505\", "Cars\Autos\Peugeot\Peugeot 404\Coupe", etc.)
groupAreaId | groupId | areaId 1 9 2 2 9 6
The above example would define the group "French" to include the area paths of "Cars\Autos\Peugeot" and "Food\Bread\Croissant".
So, what I need to do is be able to dynamically query all the records that would belong to a particular group based on that data. Like I said above, in a perfect world I could do something like this
SELECT * FROM data WHERE areapath LIKE ( SELECT CONCAT(areaPath, '%') FROM areas JOIN groupareas ON areas.areaId = groupareas.areasId AND groupareas.groupId = ? }
But, that won't work. So, my fallback solution would be to run two queries. First query the area paths associated with a group and then programmatically build a query with OR conditions.
SELECT CONCAT(areaPath, '%') FROM areas JOIN groupareas ON areas.areaId = groupareas.areasId AND groupareas.groupId = ?
Then iterate through the results to build this. Note: I would have to also convert the backslashes.
SELECT * FROM data WHERE ( areapath LIKE "Cars\\Autos\\Peugeot%" OR areapath LIKE "Food\\Bread\\Croissant%" )
While that would work, I will be running lots of different queries against the data to run various reports on different groups. Having to programmatically create the queries will be inefficient. I'm looking to see if there is a way to pull all the records for any "group" in one query by just changing the groupID. I hope this all makes sense.
-
I am in agreement with @Phi11W above. There are scenarios where some things need to be processed on a schedule, but that is not always the case. So, it would be helpful to know what you are wanting to "happen" every night and what will "happen" after the one minute when the user clicks a button. Depending on what you are trying to do the best solution can be different.
But one of the preferred way to initiate things on a schedule is with a CRON job which is a scheduled task within a Linux server (which is where most PHP implementations are hosted). If you are hosting your application with a provider they likely have a custom interface for setting these up. You would start by creating a PHP file that will run a process (your nightly process or the process to run after one minute of the button click). For the nightly process you you set up the CRON job to run at a specific time each night. You should set up a notification to be sent and report if the process passed or failed.
As for the process to run 1 minute after a button click someone may know a better process, but the only way I can think to do that would be to have a scheduled process that runs every 10 seconds (or some time that you specify). When a user clicks the button, you would add a record to the DB for the time they clicked it and a flag to indicate it had not been completed. Then every 10 seconds when the process runs, check the DB for any unprocessed records and "process them" and update the completed flag accordingly. From the user perspective you can always display the time to execute based on the timestamp that was added to the DB.
-
1 hour ago, rick645 said:
For every problem, we always tend to look for the simplest solution
$solution1 = 2 * 5; $solution2 = 2 + 2 + 2 + 2 + 2; for ($i = 1; $i <= 5; $i++) { $solution3 = $i * 2 . PHP_EOL; }
Which do you prefer?
That's not a valid comparison. There is logic within the PHP engine to know what to do with the asterisk symbol. It was purpose built to do multiplication. If it did not exist and you wanted to be able to multiply arbitrary numbers you would have to build a function. For example, if the PHP engine knew how to add, but not to multiple here would be one way:
function product ($a, $b) { $product = 0; for ($i=0; $i<$a; $i++) { $product += $b; } return $product; }
Using the asterisk is kind of like calling an internal function to do the multiplication. For your purposes, you can create a function to do what you need and call that function as a single line.
outputDirectory($rootDirectroy);
Your logic of a single line is the simplest solution is predicated on the assumption that there is a purpose built function for your needs. If not, one needs to be created. And, I will take readable, multi-line code over condensed code every time. It's a pain to go back to some old code that needs to be refactored and trying to decipher some complicated process that was condensed down to a few lines trying to figure out how it works. Give me separate lines for each step in the process with comments on what it is expected to do.
-
I would add the following suggestion regarding this type of logic
if ($row['fk_usertypes_id'] ==1) { echo "Hello 1"; } else { echo "Hello 2"; }
Just because the value is not 1, you should not assume the value is 2 - even if those are the only expected values. I've seen multiple production issues where such logic was implemented and unexpected conditions caused impactful bugs. If you only expect the value to be 1 or 2, I would do the following.
if ($row['fk_usertypes_id'] == 1) { echo "Hello 1"; } else if (($row['fk_usertypes_id'] == 2) { echo "Hello 2"; } else { //Throw error echo "Unhandled error"; }
Although at this point a switch() statement might make more sense.
-
1
-
-
A couple things. First please put code into code tags using the forum editor. I have fixed your initial post.
Second, you say that you get a "blank screen", but you have provided no content of what debugging you have performed. You state you are looking for another way to iterate over the files - but you have already confirmed that the files do load and you can iterate over them - you just aren't getting results. So, rather than finding a different way to get the files (which you have already accomplished), you need to figure out why it is not working.
I suspect the issue may be your variable names are causing confusion and you aren't passing what you think you are to the processing code. In example you post with a single file you have this:
$file = file('myfile.xml');
In that case $file is an array of the contents of the file. Then you state that you tried thing such as
$file = glob("directory/*"); foreach ($file as $line) {
or
$directory = 'directory'; $files = scandir($directory); foreach ($files as $file) {
In the first case $line is a $file (not a line) and in the second case $file (in the foreach loop) is a reference to the file NOT an array of the contents of the file. I'm assuming you are not calling file() on the file reference within your loop. If you had called that first variable $linesAry, which is more accurate to what it is, I think you would have seen this yourself.
This should work. Note I don't have a an environment to test on at the moment. So there could be some minor typos\errors.
<?php //Make the DB connection $servername = "localhost"; $username = "dbuser"; $password = "dbpass"; $db = "dbdb"; $conn = new mysqli($servername, $username, $password, $db); if ($conn->connect_error){ die("Connection failed: ". $conn->connect_error); } //Get the contents of the directory $directoryStr = "directory/*"; echo "Processing directory: {$directoryStr}<br>\n"; $filesAry = glob($directoryStr); echo "Found: " . count($filesAry) . " files<br><br>\n"; //Iterate over each file foreach ($filesAry as $fileStr) { //Reset the variables for the data being searched $ip = ''; $hostname = ''; $port = ''; $portArray = array(); $portList = ''; $timestamp = ''; //Get content of the file into an array echo "Processing file: {$fileStr}<br>\n"; $linesAry = file($fileStr); //Iterate over each line of text in the file foreach($linesAry as $lineStr) { //Get IP Address if (strpos($lineStr, 'addrtype="ipv4"') == TRUE) { preg_match('/addr=".* addrtype/', $lineStr, $results); $ip = implode(" ",$results); $ip = ltrim($ip, 'addr="'); $ip = rtrim($ip, '" addrtype'); echo "<br><strong><u>Device</u></strong><br>"; echo "IP Address: $ip<br>"; } //Get Hostname if (strpos($lineStr, 'type="PTR"') == TRUE) { preg_match('/name=".*" type/',$lineStr,$results); $hostname = implode(" ",$results); $hostname = ltrim($hostname,'name="'); $hostname = rtrim($hostname, ' type'); $hostname = rtrim($hostname, '"'); echo "Hostname: $hostname<br>"; } //Get Ports if (strpos($lineStr, 'portid="') == TRUE) { preg_match('/portid=".*><state/',$lineStr,$results); $port = implode(" ",$results); $port = ltrim($port,'portid="'); $port = rtrim($port, '"><state'); echo "Port: $port<br>"; array_push($portArray, $port); } //Add Values to Database if (strpos($lineStr, '/host>') == TRUE) { $timestamp = time(); $mytime = new \DateTimeImmutable('@'.$timestamp); $portList = implode(", ",$portArray); $sql = "insert into _____ (ip,hostname,ports,timestamp) values ('$ip', '$hostname', '$portList', '$timestamp')"; if ($conn->query($sql) === TRUE) { echo "Data Added: $ip - $hostname - $portList - $timestamp <br>"; } else { echo "Error: ".$sql."<br>".$conn->error; } } } } //Close the DB connection $conn->close(); ?>
-
1
-
-
The previous posters provided some good input and identified the issue - but maybe not as directly as it could be.
The issue is that you do not provide the input field a name, i.e. name="clientSearch" or something like that
function client_search(){ echo "<h1 color=#00000>Client Search</h1>"; echo "<label for='clientSearch'>Search Clients:</label>"; echo "<input type='text' id='clientSearch' oninput='getSuggestions(this.value)'>"; //What is the name of this field??? echo "<div id='suggestions'></div>"; }
But, they are also correct that the organization of the code is problematic. I see no reason to create a function for creating that form field. I am big on writing code one and reusing it (that's assuming you use this field in multiple places) - but in the case of a field within a form it makes it difficult to "see" the entire form.
Also, whenever I'm trying to debug issues with data passed from a form, I'll simply output the contents of $_POST or $_GET to the page.
-
$earliestDateTs = false; foreach($data as $line) { $dateStr = substr($line, 0, 10); //Get just the date part of the string $dateTs = strtotime($dateStr); //Convert the date string to a timestamp if(!$earliestDateTs) { $earliestDateTs = $dateTs; } //If earliestDateTs not set (i.e. first iteration) set to this line's timestamp $earliestDateTs = min($dateTs, $earliestDateTs); //Set earliestDateTs to the minimum of the current value or this line's timestamp } echo "Earliest date: " . date('m/d/Y', $earliestDateTs);
-
15 hours ago, kicken said:
I'm assuming you mean a mobile app. I'd ask if you actually need an app vs just a mobile friendly website. Making the website mobile friendly would probably be easier. You could give it a manifest file and users could even add it to their home screen as if it were an app.
I will second this. I've been involved in the creation of several cloud based applications (browser, mobile apps, and desktop clients) for a commercial company. In my experience, native mobile apps are a pain for many reasons. For Apple apps there was a significant process to get approved to get the app on the iStore. Trying to verify compatibility between different mobile OSes and version was a huge pain. It's "different" from the browser version (assuming Product decided to make the same functionality available in a browser). So the front-end has to be coded and tested separately. And many others.
It takes a little more though to design a responsive web application that will display appropriately on a mobile device vs a tablet vs a full size display. But, that extra work is benefitted by having a single application that can be repurposed across multiple devices. I just don't know why so many companies want to build mobile apps that could be served by a responsive web application. Of course, some functions require a mobile app (at least for usability), e.g. if the app needs to interact with data on the mobile device.
-
You are defining those input fields as arrays. Note the "[]" at the end of the field name.
<input type="checkbox" name="tam[]" value="tamzamanli" /> <span style="color: #fdb43f;"> Tam Zamanlı</span> <br /> <input type="checkbox" name="tam[]" value="yarizamanli" /> <span style="color: #fdb43f;"> Yarı Zamanlı</span>
Is your intent to allow the user to select multiple options for the "tam" value? If so, this is a valid approach - but the results ill be passed as an array because of the "[]" in the field names. Checkboxes are unique in that if you don't check them - then there is no value passed when the form is submitted. Using the above logic, the first value checked would be passed as "$_POST['tam'][0]", the second one as "$_POST['tam'][1]", etc. So, you would need to write your logic to process that data accordingly. One way you could handle this is by imploding the array into a single string. But, not knowing all the ways you may need to use this data, I can't say if that is the best approach. Also, in your validation part of the script, you can check that $_POST['tam'] isset() and also check that its length is greater than 0: if(count($_POST['tam'])>) then . . .
$tamValues = implode(', ', $_POST['tam']); echo "Selected tam values: " . $tamValues; //Assuming "tamzamanli" and "yarizamanli" were checked the output would be: // Selected tam values: tamzamanli, yarizamanliHowever, if your intent is that the user should only select one of the values for "tam" (and the similar inputs), then you should use a radio group instead. Using a radio group, each element will have the same name and only one record can be selected. You don't need to format the name as an array (but could be for other uses cases not related to your purpose).
<input type="radio" name="tam" value="tamzamanli" /> <span style="color: #fdb43f;"> Tam Zamanlı</span> <br /> <input type="radio" name="tam" value="yarizamanli" /> <span style="color: #fdb43f;"> Yarı Zamanlı</span>
-
A "tiny URL" typically refers to a 3rd party service that will accept a full/long URL and then provide a coded URL for a person to then use for communicating the IRL to people. Typically when in printed format since long URLs can be embedded in links for any digital communications. When those links are utilized, they are first directed to the 3rd party site, which then checks the "tiny URL" parameters to what is stored in their DB and then redirects the user to the intended original URL.
Are you wanting code that will utilize a third party service to generate the tiny URLs or are you wanting to build your own tiny URL service? If the former, you would need to check those services and find one that allows for such external submissions. I would suspect they would have instructions for doing so if it is within their TOS.
If you want to build your own, what have you done so far and where are you stuck? This is a "help" forum, not a do it for me forum.
-
If you are wanting to change images - that might be very easy. If you can load a page where the image you want to change is displayed, you can just right-click on the image and select an option to see properties of the image where that image "lives" on the web server. E.g. in Chrome you can select "Open image in new tab" or "Inspect". For many websites, the path you can see in either of those would show you were the image is located on the webserver. However, some web applications might have a src for images that goes through some intermediate process to pull the image based on a parameter (e.g. something like "loadimage.php?img_id=5"). If that's the case, then you can open the php file the image src points to and try to decipher the logic on how it gets the image. One word of caution though, an image could be used in multiple places. If you are only intending to change it in one place it would also change it for any other locations you are unaware of.
As for text, it is not as simple. Typically the content is "built" from many different files (as you've see by inspecting the index.php and trying to trace through the files that are called). If the text for a particular page is hard-coded within a file, you can use an IDE (or even robust file search tools) to search all the files in the repository for certain words/phrases within the content to see what files have that content. If the content is in a database, then you would have to figure out what tables(s) the content is stored in and search them for the content. however, if the content is within a database, I would think there would be an "admin" area of the site in order to update the content.
-
Try this
newent = newent.toUpperCase();
-
5 hours ago, ginerjm said:
This query seems strange to me:
SELECT t.transactioncode AS tCode, c.transactioncode AS cCode FROM tsc AS t LEFT JOIN Candidates AS c USING (transactioncode) WHERE transactioncode = ?"You are selecting 2 values that are the same and nothing else. I picture a set of records for your chosen code that are nothing but that and nothing of value.
Yeah, that was my revised query I sent to him and I can see why it is confusing. While it as not what I would ideally write it should work for him. Based on what I deduced from his code there is a transaction table and a candidates table. A transaction ID will be included in any transaction record created. Then, when that transaction ID is "USED" it will be included (or updated) in a record within the candidates table. The functionality he is trying to create is to identify if:
- Does the transaction ID exist
- Has the transaction ID been used
That query will take the supplied ID from the form input and pull the transaction ID from both the transition table and the candidates table using a LEFT join. So, if the transaction ID does not exist (within the transaction table) then no records will be returned. If a record is returned, then the logic just needs to check the transaction ID from the Candidates table. If NULL then the transaction code has not been used. I probably would have pulled something like the candidate ID from the candidates table to check (or use a calculated group by to return a 0 or 1 value. But, I had no visibility of any other field names from that table and was too lazy to ask or provide an explanation when using some mock field name for him to change.
-
1 hour ago, Dealmightyera said:
Please, I beg you help me implement it in the code.
I'm still a beginner in PHP.
Thanks.
This is a PHP "Help" forum, not a PHP "Do it for me" forum.
But, I'll give you some code samples to start with. I don't have your database and am simply not going to take the effort to put one together to test the code. So, what I provide might not work out of the box. I'll leave it to you to fix any errors I miss.
<?php session_start(); require_once 'INC/DBcon.php'; $error = ""; //Variable to hold error messages // Check if the user submitted a transaction code if(ISSET($_POST['transactioncode'])) { // Trim the transaction code and assign to variable $tcode = trim($_POST['transactioncode']); //Create a query to identify if the transaction code exists //AND if it has been used for a candidate by JOINing the tables $query = "SELECT t.transactioncode AS tCode, c.transactioncode AS cCode FROM tsc AS t LEFT JOIN Candidates AS c USING (transactioncode) WHERE transactioncode = ?" $stmt = $conn->prepare($query)->execute([$tcode]); $result = $stmt->fetch(); //Check if results were empty if(!$result) { //The transaction code does not exist $error = "The transaction code does not exist"; } //Check if the cCode (transaction code in candidate table) is not empty elseif (!empty($result['cCode'])) { //The transaction code has been used $error = "That code has already been used."; } else { //The transaction code exists and has not been used $_SESSION['tsc'] = $tcode; echo "<script>alert('Validation Succcessful')</script>"; header("location: Sign-up.php"); exit(); } } ?> <!DOCTYPE html> <html class="no-js" lang="en"> <head> </head> <body> <?php echo $error; ?> <form action="" name="regForm" onsubmit="return validateForm()" method="POST"> <h4 class="text-success"> <b>N/B:</b> Enter Session/Transaction ID/Number Correctly and click on PROCEED/FETCH, candidates will now commence registration.</h4> <br> <br> <div class="fCont"> <div class="fContL"> <label for="tsc"> TRANSACTION NUMBER/<br>SESSION ID/<br>TRACKING CODE: </label> </div> <div class="fContR"> <input type="text" id="tsc" name="transactioncode" placeholder="Your TRANSACTION NUMBER/SESSION ID/TRACKING CODE.."> </div> </div> <br> <br> <div class="fCont"> <input type="submit" id="submit" value="PROCEED/FETCH" class="submit" name="Submit1"> </div> </form> </body> </html>
-
As Requinix alluded to, this is not a limitation of PHP, it is a limitation of the PhpSpreadsheet library. Excel files have evolved into highly complex files well beyond what a "spreadsheet" is intended for. In this case the checkboxes are not "data" within the spreadsheet as it would normally exist. The checkboxes are objects that sit "on top of" those cells and are not the values within the cells. It would be possible to accomplish what you are after but it would require extensive knowledge of how those objects are defined within the file structure and even then could require elaborate logic within the code to figure out which checkboxes align with which row. The very simple solution is to change the structure of the spreadsheet so the "value" for that column is actually in the cells of that column. Instead of using checkbox elements on top of the cells, I would change those cells to use data validation so that the cell becomes a drop-down selection where the user can only choose True or False.
-
46 minutes ago, forum said:
Of course it's possible as you say, but how else can I learn to understand it, for example, I don't write long code when it's confusing for any beginner, I always want to write shorter code in the first steps.
Programming, like any skills, is a matter of Crawl, Walk, Run. You learn by doing the very simple things, then build on that to learn intermediate skills, then (after a sufficient amount of time) you can learn to do more complex things.
But, here's the thing. If you already know how to run a query against the database, you should already know how to work with an array and to build an output from it. Plus, the fact that you state you've been working with this language for two years and don't know these fairly easy tasks is incomprehensible to me. In fact, I am leaning towards the fact that you are a troll and just trying to get people mad based on your "not" understanding these things. I've even considered locking the thread.
-
1
-
-
@forum It appears you are of the expectation that when retrieving the results of a Database query, that you should be able to just do an "echo" of the results and have it written to the page in some way. That's not how this works (with PHP/MySQL or any similar languages as far as I know). If you think about this logically, you would understand that would not be very useful for the majority of use cases. Here are just a couple of reasons;
- How should the results be formatted? What works for one scenario would not work for the other 9,999 scenarios.
- Not all DB queries would be output to the page without other "post-processing". E.g. maybe the results should include sub-totals for different categories, or some records should be displayed differently (e.g. a negative amount in red. It would be extremely difficult if the results were returned in an "echo" ready format to do anything with the data.
A database returns DATA in a logical data type that a programming language or other resource can work with. It is up to the receiving application to determine what to do with the data. If you want to run a query and have it output to the page in some standard format. Then just create a simple function and you can call that function every time you call a query. That is the beauty of programming, you can write a little bit of code to do something repetitive and reuse that code whenever and wherever you choose. You only have to figure out how to do it one.
Also, there is a VERY easy way to output a multi-dimensional array in a readable format (albeit not in a table). I do this all the time to be able to debug output from a query.
$query=$db->query("SELECT * FROM msg"); echo "<pre>" . print_r($query, TRUE) . "</pre>";
-
8 hours ago, mac_gyver said:
- don't attempt to SELECT data first to determine if it exists. there's a race condition between multiple concurrent instances of your script, where they will all find from the existing SELECT query that the data doesn't exist, then try to insert duplicate values. instead, define the username and email columns as unique indexes, just attempt to insert the data, and detect if a duplicate index error (number) occurred. if the data was successful inserted, the values didn't exist. if you did get a duplicate index error, and since there is more than one unique index defined, it is at this point where you would query to find which column(s) contain duplicate values.
@mac_gyver is correct about the proper way to prevent duplicates. However, when it comes to account creation you should never inform the user that there are existing values for user IDs or email addresses. Malicious users use such "errors" to data-mine a site to find out what are valid usernames. They can then do all sorts of nefarious activities from trying to brute force passwords, sending users fishing emails purporting to be from the company of the site, etc.
Best practice is that when a user registers for a site (assuming the data they entered was valid) is to provide a message to them stating something along the lines of "Thank you for registering, an email has been sent to you with instructions to complete your registration". If the username & email are not duplicates, then send an email with a link to complete the registration. If the email is an existing one (whether or not the username is the same), then send an email with a statement that a registration was attempted with the email address, but one already exists (and probably include a link with instruction on how to reset their password as they may have forgotten they registered previously). If it was a malicious attempt the user will know that someone else tried to register with their email address. What I remember was based on the email address being the User ID. So, I'm not certain what you would want to do if only the User ID is a duplicate. But, you don't want to allow a malicious user to harvest your application for valid User IDs.
-
1
-
To add some context to @Barand's response. The code you provided is not "complete". I would expect that line is contained within an echo statement that uses double quotes. Within a string defined with double quotes the brace {} characters have special meaning - they allow you to include a PHP variable directly within the quoted string. But, you cannot manipulate the variable within the braces - only include the value of it. So, similar to what Barand showed, you need to find where that string starts and before the declaration of the string you will want to define a new variable which is the view count +1000. Then replace the view count variable within the quoted string with the new variable that you have defined.
-
OK, I just realized that the prior code I posted has a problem - not a "technical" problem as it should do what it was intended to do. But, in retrospect, it allows for an attack vector. Ideally, you should not "leak" data about existing accounts. In the sample code I provided, a malicious user could identify if a particular email address was already used and then iterate through various usernames to see which one was used for that account (or vise versa).
Instead, I would suggest that the account signup page always present the user will a message along the lines of "Your account request has been received, please check your email for more info". Of course, if there were data validation errors (e.g. not a valid email format, username blank or too short) you can present the user with those problems on screen. Going back to the "valid" submission and the potential duplicate errors, here is what I would do.
- Both the email and username or unique: Create a temp account and send an email with a link to confirm the account. Do not allow the user to "use" the account until it is confirmed. This prevents a malicious users from creating an account under someone else's email
- The email address is a duplicate (the username may or may not be a duplicate): Send an email to the existing user for that account with a message telling them that you are notifying them that a request was made to create a new account for their email address, but an account already exists
- The username is a duplicate, but the email address is not: This is a tough one. If the email is the user ID then it is covered in #2 above. But, in this situation it is quite possible that two people might want to use the same username, but you don't want to tell a malicious user about existing usernames. The best option I can think of is to send the sign-up user an email to the email address provided telling them the username is not unique. It still leaks data, but it would be harder to automate/brute force because they also have to check the email - although that can be automated as well.
PHP help needed. Webpage php script works for all teams except team "0"
in PHP Coding Help
Posted
Looks like @gizmola missed a right square bracket on the second $_GET value. Try: