Jump to content

Psycho

Moderators
  • Posts

    12,153
  • Joined

  • Last visited

  • Days Won

    128

Community Answers

  1. Psycho's post in mysql table settings was marked as the answer   
    You didn't answer my questions, so why should I take the time to answer yours? I don't see how the joined date can be used to know if a user has paid their fees (even though the field doesn't even state that it is a joined date). That date only tells you, presumably, when they joined. So, what data are you storing to know when a user has paid the fees? Are you reducing the fees field when they make payment? That's a poor way to do it since you would have no history of exactly when they were paid and how much they paid.
     
    But, making a HUGE assumption that the fees field is the outstanding fees (which is a terrible process), this query would get you the list of users who have an outstanding fee and their joined date was > 30 days ago.
     
    SELECT id, fname, name, fee, `date`   FROM users   WHERE fees > 0     AND date < CURDATE() - INTERVAL 30 DAY  
    Or, if you want ALL the users to display in a list and show specific notices next to the ones who's fee is pending, you could either add that logic to the output processing OR you could add a dynamic field to the query result.
     
    SELECT *,        (`date` < CURDATE() - INTERVAL 30 DAY and fees > 0) as fee_due   FROM `users`  
    But, if you are doing as I suspect, it is a poor implementation.
  2. Psycho's post in how to append comment values to respective posts in php was marked as the answer   
    The problem is not the query. The problem is likely the logic in displaying the output. I expect you have a loop to process all the records in the result set. You need to have logic so the first record in the result set display the post content and the first comment (if it exists). Each subsequent record in the result set should only display the comment.
     
    But, there is a problem with the query. It uses a normal JOIN. So, if there are no records in the comments table, the post won't be returned either. This needs to use a LEFT JOIN so all relevant posts will be returned - even if they do not have comments.
  3. Psycho's post in New to Password Hashing was marked as the answer   
    There's quite a few things which need to be "fixed" in this code, not the least of which is the password verification. But, we can start with that.
     
    When a user creates their password, use the function password_hash() to generate a hash value and save it to the DB. Then, when a user attempts to log in, run a DB query to find the record matching just the username. Take the hash value from the DB and the password the user provided on the login and use the password_verify() function to see if the password is valid.
     
    FYI: Font tags have been deprecated for over a decade!
  4. Psycho's post in foreach with pdo was marked as the answer   
    Give this a try
     
    <?php       if (!empty($results))     {         foreach ($results as $row) {             echo "<tr>\n"             echo "  <td>{$row['user_nome']}</td>\n";             echo "  <td>{$row['user_email']}</td>\n";             echo "  <td>{$row['user_tel']}</td>\n";             echo "  <td><a data-toggle='modal' data-id='{$row['user_id']}' class='open-AddDialog btn btn-sm btn-danger center-block' href='#myModal'>Validar</a></td>\n";             echo "</tr>\n"         }     }   ?>
  5. Psycho's post in update the data in the database from the HTML form was marked as the answer   
    sigmahokies,
     
    You need to understand that just because something works does not mean it is correct. I can store a user's password in plain text in the database and it will work, but is absolutely wrong. Yes you "can" pass all of the data and it will work. But, it is not correct and will eventually cause you problems either in this project or another one some time later if you do the same thing. You should treat ALL user supplied data as "dirty". It could be that something is corrupted unintentionally or, worse, it malicious data intended to do harm.
     
    For your page above, it should only accept the ID for the process of setting up the form for edit. The code should do a SELECT query to get the current data instead of relying upon data submitted by the user via $_GET.
     
    Here is a quick rewrite of your code in a more logical format. This is not what I would consider complete, but is more complete than the current code and shows an example of a logical flow. There may be some minor errors in syntax as I did not test it.
     
     
    <?php   $Garydb = mysqli_connect("XXXXX","XXXXX","XXXXX") or die("Could not connect MySQL Database"); mysqli_select_db($Garydb, "XXXXX") or die("Could not find a Database");   $response = '';   if(isset($_GET['id'])) {     //User passed the ID of a record to be updated     //Get current values to populate form field     $id = intval($_GET['id']); $query = "SELECT First_name, Last_name, Locations, birthdate, Email          FROM  WHERE ID = {$id}";     $result = mysqli_query($Garydb, $query); if(!mysqli_num_rows($result)) {         //No record matching the passed ID         $response = 'Error: No record matching requested id.'; } else     {         //Define variables for form fields from current DB result         $row = mysqli_fetch_assoc($result);         $first_name = $row['first_name'];         $last_name  = $row['last_name'];         $locations  = $row['locations'];         $birthdate  = $row['birthdate'];         $email      = $row['email'];     } } elseif ($_SERVER['REQUEST_METHOD']!='POST') {     //User posted a form if data to be updated for a record     $id         = intval($_POST['id']);     $first_name = trim($_POST['first_name']);     $last_name  = trim($_POST['last_name']);     $locations  = trim($_POST['locations']);     $birthdate  = trim($_POST['birthdate']);     $email      = trim($_POST['email']);       if ($id && $first_name && $last_name && $locations && $birthdate && $email) {         //All the posted value are not empty/zero         //Should really have better validation logic         $update = "UPDATE Members           SET FirstName = '$first_name',                         LastName  = '$last_name',                         Locations = '$locations',                         birthdate = '$birthdate',                         Email     = '$email'   WHERE ID = $id";         if(!mysqli_query($Garydb, $query)  || )         {             //Query failed             $response = 'Error: Unable to update record.';         }         elseif(!mysqli_affected_rows($link))         {             //No records were updated. Record may have been deleted or ID manipulated             $response = 'Error: No records updated.';         }         else         {             $response = 'Record was updated.';         }     } else {         //Not all fields have values or non-zero    $response = 'Error: Missing data required for update.'; } } else {     //No POST or GET data submitted     $response = 'Error: No data received.'; } ?> <!doctype html> <html> <head> <title>Update Members info</title> </head> <body> <?php       //If there was a response, show it. Else show form.     if($response)     {         echo "<div style=\"color:red;\">{response}</div>";         //Could add a link to go back to a listing page or somewhere appropriate     }     else     {   ?>   <form action="insert.php" method="POST"> <table> <tr> <td>Identify Number:</td> <td><?php echo $id ?><input type="hidden" name="id" value="<?php echo $id; ?>"</td> </tr> <tr> <td>First Name:</td> <td><input type="text" name="first_name" value="<?php echo $first_name; ?>"></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="last_name" value="<?php echo $last_name; ?>"></td> </tr> <tr> <td>Locations:</td> <td><input type="text" name="locations" value="<?php echo $locations; ?>"></td> </tr> <tr> <td>birthdate:</td> <td><input type="text" name="birthdate" value="<?php echo $birthdate; ?>"></td> </tr> <tr> <td>Email:</td> <td><input type="text" name="email" value="<?php echo $email; ?>"></td> </tr> <tr> <td colspan="2"><button type="submit">Update</button></td> </tr> </table> </form> <?php     } ?> </body> </html>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.