Jump to content

micmania1

Members
  • Posts

    174
  • Joined

  • Last visited

    Never

About micmania1

  • Birthday 02/13/1990

Contact Methods

  • MSN
    micmania@hotmil.co.uk
  • Website URL
    http://tinyurl.com/6zy52lt

Profile Information

  • Gender
    Male
  • Location
    Newcastle Upon Tyne, England

micmania1's Achievements

Member

Member (2/5)

0

Reputation

  1. $id = 10; $query = "SELECT id, (SELECT id FROM table WHERE id>'$id' ORDER BY id DESC LIMIT 1) AS 'prev', (SELECT id FROM table WHERE id<'$id' ORDER BY id DESC LIMIT 1) AS 'next' WHERE id='$id' LIMIT 1"; EDIT: Changes to subqueries.
  2. Is it the mssql timeout limit you've changed in your php.ini? Also, have you restarted apache? Apache must be restarted for changes to take affect.
  3. $id = 10; $query = "SELECT id, (SELECT id FROM table WHERE id>'$id') AS 'prev', (SELECT id FROM table WHERE id<'$id') AS 'next' WHERE id='$id'"; I think that should work.
  4. // Current Page $page = 1; // How many records are we showing on a single page? $records_per_page = 10; // Calculate the lowest row of data to fetch from the database $minimum_row = ($page-1) * $records_per_page; // = 0 $query = "SELECT * FROM table LIMIT $minimum_row, $records_per_page"; $result = mysql_query($query) or die("MySQL Error"); if (mysql_num_rows($result) > 0) { // Deal with your data } mysql_free_result($result); if ($page > 1) { echo 'Previous Page'; } // To work out if we should display a next page link we have to find out how many records there are. $query = "SELECT COUNT(*) AS 'total' FROM table"; $result = mysql_query($query) or die("MySQL Error"); $num_records = mysql_fetch_object($result)->total; // Work out maximum amount of pages $max_page = floor($num_records/$records_per_page); if ($page < $max_page) { echo 'Next Page'; } I haven't tested the code, and you could probably optimize it a little more. The benefit of running it this way is that you don't fetch every record from the database meaning you use a lot less memory.
  5. Start stepping through your code and debugging. Start by putting error_reporting(E_ALL) at the top of your main script. Try echoing text from you ExcelXML classes page (not actually in the class). Just to make sure its being included etc.
  6. Have you looked into the possibility of JSON? json_encode() json_decode()
  7. I think scandir() would be a better option for what your wanting. It runs very fast.
  8. Hi, Yesterday I was writing a script for MS SQL and when it came to testing, I noticed backslash wasn't escaping single quotes. Done my research on google and found the reason why. I then added a simple function to my validation class which i'm hoping somebody can review? // A function to parse a mssql string // $params: data - any data // @returns validated mssql data function mssql($data) { $data = str_replace("[", "[[", $data); $data = str_replace("]", "]]", $data); $data = str_replace("'", "''", $data); $data = str_replace('"', '""', $data); $data = str_replace("%", "[%]", $data); $data = str_replace("_", "[_]", $data); return $data; } How secure is the above function? Is there a way to improve it? Thanks for reading and any feedback is appreciated.
  9. Can you show me an example of how you are using the function and also what result you are getting.
  10. function check_Race ($race,$display_name,$member_id,$description,$ip) { //echo "This is the race". $race; //exit; if(isset($race)) { // $race isset switch ($race) { // Check if race == 0 case 0: // race==0; return true return true; // Check if race == (black|white) case 'White': case 'Black': // Case is equal to 'Black' or 'White' echo "This is an errror.!"; $t_error="19"; $member_id = $member_id; notify_Admin($t_error,$member_id,$ip); // logOut ($t_error); exit; } } } I've commented the code so you understand what each section is doing. If your unsure about switch statements click here
  11. You may also want to consider validating the hash before using it in your SQL query. When your cookie is set type this into your url bar: Javascript: void(document.cookie="LoginCookie='or user_id=1--"); The above changes the value of your hash to ['or user_id=1--] check if your hash is equal to '' or user_id=1 which is usually admin. Then ignores the rest of the query using -- People could also delete your table: '; DROP TABLE People -- See mysql_real_escape_string(). EDIT: The above javascript isn't a solution; its an example of the vulnerability. mysql_real_escape_string() is the solution.
  12. The only benefit I see is to save memory - although the saving is hardly worth the work. I suppose you have the global factor too. Instead of server though, there is an array called $_ENV. Try the following 3 small scripts to view memory usage: <?php putenv("TEST=1"); echo memory_get_usage(); ?> <?php $test=1; echo memory_get_usage(); ?> <?php $test="1"; echo memory_get_usage(); ?> I'm not sure if putenv() saves as bool or int, hence the reason I done the two scripts for $test variable - both with different memory usage. You can access the variables in two ways. echo $_ENV['TEST']; echo getenv('TEST'); I don't know why using these techniques would be classed as bad practice. Maybe its just some sort of unofficial standard?
  13. You can create a recursive function as so... WARNING! I have not validated any data. You will need to do this, nor have I checked it works. // This is a recursive function that will find 1 single row // from payments table and update payment // returns true or false, dies on fatal error function update_payment($payment, $client) { // Make sure you validate your data before querying // Query next expected payment for client $query = "SELECT * FROM payments WHERE clientid='$client' AND pending='Y' ORDER BY paymentduedate ASC LIMIT 0,1"; $result = mysql_query($query) or die("Invalid query 1"); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_assoc($result); if ($row['expected'] < $payment) { // The payment is higher than the expected amount due // make this zero and repeat function // Set pending to N $expected = 0; $payment -= $row['expected']; $pending = 'N'; } else if ($row['expected'] > $payment) { // Expected amount due is more than the amount paid // Update this row and leave pending $expected = $row['expected'] - $payment; $payment = 0; $pending = 'Y'; } else { // Payment has been matched to expected // Set pending to N $expected = 0; $payment = 0; $pending = 'N'; } // Update row $query2 = "UPDATE payments SET expected='$expected', pending='$pending' WHERE id='{$row['id']}'"; $result2 = mysql_query($query2) or die("Invalid query 2"); if (mysql_affected_rows() == 1) { // Payment update has been successful // Check to see if full $payment amount has been matched if ($payment > 0) { // Payment has not fully been matched. update_payment($payment, $client); } else { return true; } } else { die("Unable to update row"); } } return false; } // You call the function like this // it will keep recalling itself until $payment=0 $payment = '257.5'; $client = '112233'; update_payment($payment, $client); If a lot of transactions are taking place at once, this isn't very server-friendly and you may want to think about restructuring your program/database.
  14. Could it be because you are using name="Longitude" on the second page as opposed to name="longitude" on the first? Variable names are case sensitive so $_GET['longitude'] is not the same as $_GET['Longitude'].
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.