mkosmosports

Yes Aureole, I did mean class as in OOP, and sure, I will PM you with any good info on it. Personally, the main reason I want to use it, is to use bind variables (which are available from mysql 5 onwards from what I read), which I heard are the best and easiest way to prevent SQL injection. Here's the first mysqli tutorial I found: http://www.phpfever.com/mysqli-tutorial.html

Ive found some tutorials on mysqli, so Im going through those right now. If someone has some experience with this though, I would still love it if you shared them with me. It seems the mysqli class offers big advantages if you want to get the most out of mysql. One major question I have then is, why is it so rarely used? (It seems to me it is) Is there any disadvantages to it? Thanks.

*bump* *bump* I found out using bind variables is possible through the mysqli extension. Now, I still wanna know if anyone has any experience with this? Is mysqli a robust extension? Any tutorials on it and bind variables? Thanks!

Can you show me that script sKunKbad? Thanks. In the meantime this will probable be my last bump to this thread. Ive also changed the topic, as maybe this is doable using something else than curl. Here is my ultimate question: Is it possible to simulate a form POST redirect fully with a php script, meaning POST data get sent to a target url and the browser then redirects there as well? Once again, this is part of my form validation. When there is some missing or invalid data, I dont want the user to have to fill everything out again, so I want to post them back the valid data they already entered, and then redirect them back to the form page of course. And I dont want to use hidden forms.

Yeah, I know sessions would work but I dont want to use them in this case. This is driving me crazy?! With cURL, you can send post requests to pages, so why can I not find anywhere, how to also redirect to the page I sent the POST to. Just like a form POST would do! This has to be possible.

Thanks sKunKbad. However, Im still not able to do what I want to do. It seems cURL is more for communicating with other webpages. Here my situation: -the user fills out a form and submits it to my php script -my php validation script detects missing or invalid form data, the user gets kicked back out to the form page, and their form fields are now all empty. So here's where my problem lies, I dont want them to have to reenter any other fields they had previously entered, so I thought I would use cURL to send them back to the form page along with a POST request containing any info they had filled in and submitted. Is cURL the way to go here? Does anyone know any alternatives to this situation? Any advice appreciated!

Hey, I want to send some POST data with cURL and then also redirect to the location where Im sending the POST data. Ive been running around like crazy and unable to find a way. This must be something very simple. Heres what I have thus far, except this doesnt redirect to my target page. function cURL_post($desturl, $postvalues) { $chttp = curl_init($desturl); curl_setopt($chttp, CURLOPT_POST, 1); curl_setopt($chttp, CURLOPT_POSTFIELDS, "$postvalues"); curl_setopt($chttp, CURLOPT_FOLLOWLOCATION, 1); curl_exec($chttp); curl_close($chttp); } Any help is much appreciated. Thanks in advance! mkosmosports

Im sure there is. Can you show us the code?

Sorry robcrozier, I missed what you said. Check my response again.

"However like i say this time i wasn't." Well, that would explain how someone could do what they did. Look into using mysql_real_escape_string on all of those entries through the text boxes when running your query. Or addslashes.

Hey, A database admin using Oracle spoke to me yesterday about his golden rule being to always use bind variables and never hardcoding in a sql query. (to prevent sql injection, and secure the db better) Ive found very little regarding the support for this in mysql. Is it available? And if it, is it a good solution? Does anyone have any experience with it and can give me some pointers or refer me to some online info? Any suggestions appreciated! Thanks. Mkosmosports

Are you using php to process whatever the user is entering through the text boxes?

Look into using htaccess files or CHMOD to secure files and directories that you want noone to access. Someone more experienced with that please correct me if Im wrong.

True, I can do that. But you're making me work pocobueno..

So you basically want noone to have direct web access to your script file? Only the cronjob can run it?

Hey, Ive got the following two lines of code: header('Location: ' $_SESSION['fromurl']'); unset($_SESSION['fromurl']); Will the unsetting of that session variable take place or does the script end after the redirect. Whats the rule on that? Thanks!

Thanks for this detailed response roopurt18. Im gonna pick up these two habits then: 1. Always use curly brackets. (Thats a darn good example as to why to use them BTW. That one should be documented. ) 2. Use them like cooldude demonstrated (open after the closing paren on the same line as the statement) Thanks again!

Thanks thorpe. Another bad habit I somehow picked up and gotta get rid of.

Thanks cooldude, The ? prototype would mean using ternary operators, no? About the curly brackets in single-line if statements, I thought they would slow things down a little, since 2 additional lines need to be parsed. This is most likely wrong though, so, I guess Im a make a habit of always including the curly brackets then. Thanks.

Hey kenrbnsn, I noticed you didnt put any brackets when echoing. ie: echo '<a href="add_prod.php?descr=' . $descr . '">Some text</a>'; vs. echo ('<a href="add_prod.php?descr=' . $descr . '">Some text</a>'); Is this preferred? Thanks.

You have to urlencode the $descr variable if you want to pass it into a URL, so: $descr=urlencode("I love New York"); echo('<a href=add_prod.php?descr=$descr');

Yes, sorry, the double desc thing is a typo. IF (isset($_GET['dir']) && ($_GET['dir'] == 'desc' || $_GET['dir'] == 'asc')) { $dir = $_GET['dir'] } About the curly brackets. Youre really burstin my bubble on this one I always thought and have been avoiding them if the if statement only contains one line. I do trust you, since you definitely seem like a more skilled php programmer than me, but do you have a brief explanation of why? Is it performance or organization related? Thanks roopurt18

True cooldude, In the end, I will go with simply: IF (isset($_GET['dir']) && ($_GET['dir'] == 'desc' || $_GET['dir'] == 'desc')) $dir = $_GET['dir'] but it looks like I may be able to use ternary operators to optimize code in many other instances of my script. I just started looking into them yesterday and I see a lot of potential. On a side note, what do all you guys use when designing code and writing pseudocode? Is there a preferred piece of software. Im using Word, just wondering if there is a more appropriate alternative? Thanks.

Thanks roopurt18 and cooldude for your help. Its always good to see all the ways you can code things...

Hello, Is there a more elegant way to write the following piece of code, maybe using ternary operators? IF isset($_GET['dir']) { IF ($_GET['dir'] == 'DESC' || $_GET['dir'] == 'ASC') $dir = $_GET['dir'] } Or is that the only and most effective way to do it? Thanks for any suggestions!