Jump to content

Psycho

Moderators
  • Posts

    12,164
  • Joined

  • Last visited

  • Days Won

    130

Everything posted by Psycho

  1. According to this post, for what appears to be the same issue, the OP found that his host supported PHP5 but parsed php files using PHP4 by default. He solved the issue by naming his files with a .php5 extension. I know some hosts also allow you to set the default parsing method.
  2. The data you are receiving it url encoded. So, you should decode it first. Then parse the data into the specific values. You can then save the individual values into appropriate database fields. Rough example: $stringFromJava = "4%2C3%2C4%2C3%20%2C4%2C3%2C4%2C3%20%2C2%2C3%2C2%2C3%20%2C3%2C3%2C3%2C3%20%2C3%2C3%2C3%2C3%20"; $stringFromJava = urldecode($stringFromJava); $outputAry = array(); $groups = explode(' ', $stringFromJava); foreach($groups as $group) { $valuesAry = array(); $values = explode(',', $group); foreach($values as $value) { //If value is not numeric, skip it if(!is_numeric($value)) { continue; } //Add value to group values array $valuesAry[] = $value; } //Add validation logic for the group if(count($valuesAry) != 4) { continue; } $outputAry[] = $valuesAry; } echo "<pre>" . print_r($outputAry, TRUE) . "<pre>"; Output: Array ( [0] => Array ( [0] => 4 [1] => 3 [2] => 4 [3] => 3 ) [1] => Array ( [0] => 4 [1] => 3 [2] => 4 [3] => 3 ) [2] => Array ( [0] => 2 [1] => 3 [2] => 2 [3] => 3 ) [3] => Array ( [0] => 3 [1] => 3 [2] => 3 [3] => 3 ) [4] => Array ( [0] => 3 [1] => 3 [2] => 3 [3] => 3 ) )
  3. Sounds like you have a string and not an array - what is the DB field type that you are storing this in. Would seem this needs to be sanitized as a string. But, . . . If you are storing data as comma separated values into a DB, then you are doing it wrong. Without knowing what the data represents, it is impossible to provide concrete advice. But, I would think this should be stored in a single separate table. I will assume each "group" of numbers is a record and each value in the group correlates to different values. So, you might have a table that has fields such as this: id: primary key for the 'array' records rec_id: a foreign key reference to the records for which this data is associated with val_1: the first value val_2: the second value val_3: the third value val_4: the fourth value Obviously, the fields shoudl be given more descriptive names. But, that format allows you to associate one or more "records" (e.g. 1,2,3,4) to some other entity.
  4. Because he doesn't know the full scope and purpose of your database. I agree with Jacques1 in that you should not delete rows from one table just to populate the same data into another table. There are some legitimate reasons why that might be appropriate, but I'm confident that is not the case here. If you need the data for historical purposes, just have a column in the table for a "deleted" flag. Then, YOU need to analyze your table. Are there columns that need to be unique (other than an internal primary key)? If so, those constraints could be moved to the business logic. But, assuming there are no unique fields other than the primary key it is much simpler. Then you would just need to make one last decision. It is assumed that most/all current queries should not return/operate on these "deleted" rows. depending on how many queries you have already built and/or the complexity you expect there will be you could 1) Modify the queries to exclude/include the deleted records as needed or 2) Create a VIEW with the records already filtered based on the deleted field and user that in the applicable queries.
  5. Create a function and call it within the ajax response code. Here is some untested code: In the ajax response code, something like: updateSeatsAvail($('input[name="seatch"]'), response.seats); function updateSeatsAvail(selObj, seats) { selObj.empty(); //Remove current seat options for(var seat=0; seat<=seats; seat++) { selObj.append($("<option></option>").attr("value", seat).text(seat)); } }
  6. Let me state it simply. You cannot send/set headers if any output has been made to the browser. The includes echo/print statements as well as any content not within PHP tags. In the code you just posted there is such content: $_X=base64_decode($_X);$_X=strtr($_X,'SgPO9YZWFKmqyfxcjLJRzuM5vNts1b.{B4nC]i/2Dl0EheA [d8=Qp>VXo H}6GIw7ka3TrU<','=R9odmplAEPyk8gv[53xrMezqZHi7YhW<DsG{>CcX}1N/afj6]JtuS .BUnwVKLQO20ITF4b');$_R=str_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0; ?> <<== this would be output to the browser of at least two line breaks characters! <?php /** * * @ Universal Decoder PHP 5.2 Let me also try to again explain WHY this is the case. Your browser uses the headers to determine how to handle the content that it will be sent. It may be an HTML page, a download, a PDF, etc. The browser will do different things for each of those situations. If the browser receives headers that it will be sent an HTML page, but is instead sent a PDF file you will see a lot of "junk" displayed in the browser. That is why the headers must all be sent before any content is sent. As soon as any content is detected by the browser (even a space or line break) it has to commit to how it will process that content.
  7. Well, let's start with the form creation. 1. Do NOT use PHP short tags for code blocks. 2. Do NOT use the mysql_ library - it has been deprecated for many years. Either use mysqli_ or, better yet, PDO 3. You create a loop to store the DB results in an array and then immediately iterate over the array to use those values. Why not just create the output when reading the DB results? There are reasons why separating the logic to get the data vs. using the data makes sense. But, in this instance is it a waste of code 4. There is no need to create the variable $c to use as the index in the array. You can simply append a new value to an array without defining the index and the next numeric index will be used automatically 5. The checkbox inputs have duplicate IDs. This is invalid code. They can have the same name - but not the same ID 6. The variable $career is getting written AFTER the input field is output. So, each input has the value for the previous checkbox. 7. The value of the checkboxes should be the ID - not the name You state "Then my form have an action=" " but is conected to 'function save'". What does that mean. You can't connect a PHP function to a form. The form is submitted and the PHP code determines what to do with it. A function would not get executed automatically. There's no way to tell if that function is even getting called based on what you've provided. But, I am assuming it is not getting called. The reason is the function expects certain parameters to be passed, but you are then defining the parameters within the function. If those parameters are not passed the function would fail and an error would be displayed on the page. Try this for the form <p><label>career:</label></p> <table border="0"> <td> <p> <?php $sql = "SELECT * FROM career ORDER BY id_career asc"; $res = mysql_query($sql); while($row = mysql_fetch_assoc($res)) { $id = $row['id_career']; $label = $row['career']; echo "<input type=\"checkbox\" name=\"career[$id]\" id="career[$id]" value=\"$id\">$label<br>\n"; } ?> </p> </td> </table> On the page that receives the form you will need to show the code that calls the function.
  8. The message is as it says. Content has already been sent to the browser (e.g. echo/print or anything not within PHP tags). Look at file admin_controller.php (post the first 20 lines if you want feedback on it). The headers for a page request must be sent before the content. The headers contain information for the browser on how to handle the page. After content for the page starts, the browser is already committed to how it will handle the page (either with the headers that were already sent or using defaults). So, you need to go through any logic that may determine any header output without outputting any content. You can store potential content within a variable for output later.
  9. You can also change the 'root' folder for your site. Not knowing what you are using for hosting, I can't give you specific instructions. But, if you are with a host, they should have the ability to configure your domain. Just point the domain to the frontend folder (I assume that none of the files in the backend folder need to be directly accessible via a browser). If you do this, then frontend/ will be the root for your domain and no one would be able to directly access files in backend/
  10. Just show the output of this: var_dump($cities); We want to verify that there is a value that starts with 'E' (not 'e') and that the value doesn't start with a space or some other non-printable character.
  11. I was just going to suggest the same thing. The SELECT query and the loop are completely unnecessary for what is being accomplished here.
  12. If you are referring to the pattern in the input element <input type="text" pattern="[\w-_]{5,}" name="username" . . . It is actually superfluous (i.e. not needed). That pattern is defining the allowed characters. The \w represents "word" characters: a-z, A-Z, 0-9 and underscore. Then there is a dash and an underscore in the approved list as well. Since the underscore is included in the \w it is not needed to add it explicitly. EDIT: I just noticed this in his code as well if (isset($_POST['username']) && ctype_alnum(str_replace(array( "-", "_" ), '', trim($_POST['username']))) && strlen(trim($_POST['username'])) >= 5) { That is verifying that (not including underscores and dashes) that the username is at least 5 characters and all alphanumeric characters. The replacement is only done for the purpose of validation. If validation passes, the entire username (including dashes and underscores) is used. Unless there was a specific business need for such exclusion I wouldn't be so strict. Also, excluding the dashes and underscores before checking the length could cause isses. for example, if a user tried to use the name "ab_de" the validation code would output the error that the username was not valid - even though it uses the allowed characters and is 5 characters long. But, considering how fast he put this together, I'm sure it was not something he would have done in a final version.
  13. One thing I will point out in QuickOldCar's code that may not be obvious. You will notice that the file doesn't start with "<HTML>". It instead starts with the PHP processing logic. Then, after all the processing is done, he builds the page. There are many reasons why this format should be followed and his implementation includes one such example. After all the processing logic is done there is a condition to test whether registration passed or if there was a failure. If registration failed the logic will continue to the output of the form (as well as the error message). however, if registration passed, there is a header() redirect to a login or main page. That header function would fail if ANY content had been sent to the browser - even if it was just the opening "<HTML>" tag or a line-break before the opening PHP tag.
  14. There is no built-in function/methods that I am aware of. But, the process of getting the data would be a very simple process. function getDOWs($year, $month) { $monthDays = array(); //Output variable $daysInMonthy = date('t', strtotime("{$year}-{$month}-01")); //# days in selected month for($day=1; $day<=$daysInMonthy; $day++) { //Create timestamp for current day of month $date = strtotime("{$year}-{$month}-{$day}"); //Add numeric day of month and the doy of week name to output array $monthDays[$day] = date('l', $date); } //Return results return $monthDays; } echo "<pre>"; print_r(getDOWs(2015, 9)); echo "<pre>"; Output for 2015 and 10 Array ( [1] => Tuesday [2] => Wednesday [3] => Thursday [4] => Friday [5] => Saturday [6] => Sunday [7] => Monday [8] => Tuesday [9] => Wednesday [10] => Thursday [11] => Friday [12] => Saturday [13] => Sunday [14] => Monday [15] => Tuesday [16] => Wednesday [17] => Thursday [18] => Friday [19] => Saturday [20] => Sunday [21] => Monday [22] => Tuesday [23] => Wednesday [24] => Thursday [25] => Friday [26] => Saturday [27] => Sunday [28] => Monday [29] => Tuesday [30] => Wednesday )
  15. interesting, since the example on the page you linked seems to highly infer that the 'name' is the document name $("button").click(function(){ $("#table2excel").table2excel({ // exclude CSS class exclude: ".noExl", name: "Excel Document Name" }); });
  16. A few responses are referring to "encryption" above. Hashing is not encryption, but it is routinely called that. Since you are specifically asking what hashing is, I think it is important to differentiate the two. Encryption is used when you need to securely store a value which you will need in its original state in the future. For example, if you allow the user to store thier credit card number for the purpose of easy check outs in the future, you would need to encrypt it. Other data such as SSNs, birth dates and other PII data should be encrypted as well (assuming it shoudl even be something to be stored). With encryption, there is a key or some method to decrypt the value back to its original state. Hashing is used to verify that some value is the same as some other previous value. hashes cannot be decrypted back to their original values. Two specific uses for hashes are for password and file verification. When a user creates a password, the hashes values should be stored - not the actual password. Then, when logging in, the user submits their password and the value will be hashed in the same manner in which is was when stored. Those hashed values are then compared to see if the user entered the correct password. Passwords should be hashed because people use the same passwords on different sites. If the database is compromised, the malicious user already has all the data. But, we want to prevent them from getting the original password. Hashes are also used for file verification. If an install file for some shareware app is made available for download from many sites, you want to be careful to ensure you are getting the "real" file and not one that has been modified with malicious code. The author may provide a hash value of their file. Then when you download the file from an alternative site you can run a hash on it to ensure it returns the same hash and has not been modified. Hashing is also referred to one-way encryption because, ideally, you should not be able to decrypt it since it is used for comparing two value. But, you may hear about being able to decrypt hashes via rainbow tables. It is not really decrypting. A rainbow table is the process of generating hashes for MANY different values (typically a dictionary list). If I hash the word "password", it will be the same hash every time (assuming no additional processes are used). So, if a programmer just used a simple hashing method, I could create hashes for common words that are used as passwords and find the users that are using those words since they would have the same hash. But, a hash should not be used on its own. When hashing a value a 'salt' should be used to ensure the hash is unique for that user/record. For example, if you were to concatenate the user's password and the timestamp of when they registered before hashing you would have to create a rainbow table specific for each user. The password_hash() function specified above has this built in.
  17. Um, yeah. I don't think you are going to get someone to parse through all of that code to try and figure out the problem. It seems you are simply checking a session value to determine whether registration succeeded or not if($_SESSION['regsuccess']){ But, the code has some logic problems. take this for example: else if(isset($_SESSION['regsuccess'])){ /* Registration was successful */ if($_SESSION['regsuccess']){ There is an elseif() to check if that variable exists. Then there is an immediate if() condition after that to check the same exact thing. That is not the cause of the problem you are experiencing - but it shows that the logic is flawed and that there are likely bigger issues. I think you first need to go back and map out the logic on a piece of paper or in a flowchart. Then revise your code for that logical workflow. As to knowing why registration fails. You need to look at all the conditions that would cause the value to not be set. Add error handling to log the errors some way. That way you can find out "why" the registration failed.
  18. JayDz, Your request and follow up comments are not very specific and are leading to confusion. The reasons the others were suggesting adding a unique constraint to the table is they are under the assumption that you don't want "duplicate" records to begin with. But, I don't think we are really talking about duplicates. The way I understand it is you have a table that logs when users log in and you want to remove old records for users instead of maintaining a history. So, I will ask a different question. Do you only want one record for each user to record the last successful login for each user? Or do you need to maintain some prior login records: e.g. a certain number or however many going back a certain number of days? If you only want to maintain one record for each user, then you do not need (or want) to implement a process to remove "duplicate" records. Instead, you would just do an "INSERT ON DUPLICATE KEY" query. That will either add a new record if one doesn't exist for the user or, if there is an existing record, it will overwrite it with the new data. That way you have just one query to insert/update the records in the table and there is no need for any secondary process to delete records. If you want something along the lines of the other scenarios I mentioned there are better solutions than what you are asking. So, please describe what the purpose is of the table and what you are trying to accomplish in plain English rather than providing specifics of the mechanics that you think you want to accomplish.
  19. Barand may come up with something more efficient. But, give this a try: SELECT p.ProspectID, p.ProspectName, p.ProspectCode, p.ProspectStatus, n.NoteID, n.Note FROM Prospects p LEFT JOIN Notes n ON p.ProspectID = n.NoteProspectID AND n.NoteID IN ( SELECT MAX(NoteID) FROM Notes GROUP BY NoteProspectID ) WHERE p.ProspectCode = “123abc” AND p.ProspectStatus = “Contacted”
  20. That page would also 'fail' because you are outputting content to the page and THEN attempting to use a header redirect - which I already stated twice is not valid.
  21. gizmola, My point is that it does not generate a notice when used within a double quoted string. The manual does discourage leaving the quotes off non-numeric keys in most circumstances - as you stated. But, within a double quoted string it is proper and valid to leave them off per the manual. error_reporting(-1); $foo['bar'] = 'output'; echo $foo[bar]; echo "<br><br>"; echo "$foo[bar]"; The output of the above is No notice for the instance where the array key has no quote marks when used within a double quoted string. It is my opinion that making one instance valid and another not is a bad idea. I would suggest the second instance should generate a notice.
  22. There's also this from another page in the manual: http://php.net/manual/en/language.types.array.php
  23. @gizmola, I (almost) always wrap my variables in curly braces when used in a string. However, I think the problem with people not using quotes around strings used as array keys is specifically because there is a specific exception with regard to the use of array variables in double-quoted strings. As you point out, this will not work: $name['first'] = 'Fred'; $name['last'] = 'Stone'; $output = "Hi $name['first']! I hope that you and the rest of the $name['last'] family have a great visit with us at our first class resort!"; echo $output; However, this will work and is actually 'proper' per the manual (see third echo in example # $name['first'] = 'Fred'; $name['last'] = 'Stone'; $output = "Hi $name[first]! I hope that you and the rest of the $name[last] family have a great visit with us at our first class resort!"; echo $output; Note: single quotes around the keys when defining, but no quotes around the keys when used in double-quoted text. Personally, I don't like it and never use it.
  24. Then don't output anything.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.