mika

My issue: this is a simplified piece of code to demonstrate what I'm trying to do. I need some kind of interaction, a way to instruct the controller what to do when a model parameter is not valid. I'd like to have an automatic validation(before query execution) that the controller is not aware about, a method like $myModel->validate(); inside the controller seems redundant. class Controller_User extends Controller { public function __construct() { parent::__construct(); } public function msg($text) { parent::display(array('message'=>$text)); } . . . } class Model_User extends User { protected $_controller; public function __construct($controller) { $this->_controller = $controller; } public function onParameterNotValid($name) { /* here you can have a call to user redirect, a retype of the wrong value, ... */ $this->_controller->msg('Parameter "' . $name . '" is not valid'); } . . . . }

Hi I'm trying to implement MVC design in my personal framework and I was wondering if it is a good idea to pass the controller object to the model... M, V and C are supposed to be independent but I'd like to be able to call the controller when something unexpected happens inside the model. For example, when validating query parameters the model should be able to notify the controller what went wrong and a controller action should be triggered. What is the best way to accomplish that? thanks

Please provide more information. 1. are there any errors: first SQL, second SQL; is $pacientID non empty? 2. are records from 'internari' deleted or not 3. are there any other foreign keys associated to "pacienti" 4. other messages, notices,...

Try with this: $host="localhost"; $username="root"; $password="administrator"; $db_name="model_healthcare"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $pacientID=$_GET['pacientID']; $tbl_name = 'internari'; $sql="DELETE FROM $tbl_name WHERE pacientID='$pacientID'"; $result=mysql_query($sql); $tbl_name="pacienti"; $sql2="DELETE FROM $tbl_name WHERE pacientID='$pacientID'"; $result=mysql_query($sql2);

$tbl_name = 'BIGGER TABLE'; $sql="DELETE FROM $tbl_name WHERE pacientID='$pacientID'"; $result=mysql_query($sql); Replace BIGGER TABLE with exact table name. I hope this is what you would like to do.

The record you are attempting to delete is used in some other table(s). You should delete these record(s) first.

I assume $rows should be replaced with $row_Recordset1... Again do Input Sanitization

Echo your $sql statement and check what is the pacientID value. Also check the link, if pacientID= is not empty.

Another thing. You are allowing SQL injection. Sanitize your input data or at least do this $pacientID=(int)$_GET['pacientID']; assuming pacientID is an integer.

You are missing the <?php tag, short tags are not enabled on your server: Change: <td width="192"><a href="delete_inregistrare.php?pacientID=<? echo $rows['pacientID']; ?>">Elimiare Pacient</a></td> to <td width="192"><a href="delete_inregistrare.php?pacientID=<?php echo $rows['pacientID']; ?>">Elimiare Pacient</a></td>

For debugging purposes, you should echo the exact error, not a general message, replace: echo "ERROR"; with echo mysql_error(); and see what it says.

ALTER TABLE tablename AUTO_INCREMENT = 1

Are PHP sessions safe? Session ID is automatically sent to the server via session cookies. Is there any safer and at the same time efficent method? Is sending session IDs via url more secure? I believe it is not very practical.

Can you be more specific, any examples?

Can someone please help to find the most important login precautions in terms of security. For example, I'think the most important is: 1. string escaping, prevent SQL injections 2. 3. ... I know It's hard to find and consider all of them, that's why I'd like to have a list of the most important.