Jump to content

gmwebs

Members
  • Posts

    174
  • Joined

  • Last visited

    Never

About gmwebs

  • Birthday 07/18/1977

Profile Information

  • Gender
    Male
  • Location
    London

gmwebs's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Which did you try? Thebadbad or mine, or both?
  2. If you are using extract($row) doesn't it then create variables from the field names for the row? <?php // While a row of data exists, put that row in $row as an associative array // Note: If you put extract($row); inside the following loop, you'll // then create $userid, $fullname, and $userstatus while ($row = mysql_fetch_assoc($result)) { echo $row["userid"]; echo $row["fullname"]; echo $row["userstatus"]; } ?> I don't understand why you would be doing: <?php $num_views = $row['num_views'] + 1; ?> What if you try the following... <?php $result = mysql_query(SELECT * FROM ads); while($row = mysql_fetch_assoc($result)) { extract($row); echo "<img src=\"/$ad_url\" width=\"400\">"; echo "<h4>$business</h4>$description"; $qry = "UPDATE ads SET num_views = num_views + 1 WHERE id = $row[id]"; mysql_query($qry) or die ("Error during query!"); } ?>
  3. I 2nd WinSCP but have also used FileZilla in the past.
  4. Have you seen CakePHP: Where to get help?
  5. I have been using CakePHP almost exclusively for all my projects (professional and personal) over the past couple of years and cannot recommend it enough. I started using v1.2 in the early days and have now got completely used to the conventions used. The documentation is getting much better, (see CakePHP Manual) and with 1.2 now being in RC2, more stable and mature. rmbarnes82: CakePHP does in fact allow you to use resources other than database tables in the Model. If you are interested, have a look at CakePHP Models which explains CakePHP's implementation of the Model.
  6. Sorry, I am at work at the moment, but if I remember correctly I am doing it the following way... //index.php session_start(); $_SESSION['product'] = "foo"; require_once($_SERVER['DOCUMENT_ROOT'] . "/includes/menu.inc.php");
  7. Hi, I just can't seem to get this to work... In my index.php file I set a session variable $_SESSION['product'] = "foo"; and then in my html part of index.php I include a file menu.php using require_once() which I use to build the menu tree. However, the session variable is not available to me inside that include file. It is available to me inside index.php because if I echo it I can see it. If I go to page2.php it is also there. Just not in the include file. Am I doing something stupid here?? Graham
  8. Yep... Assign the POST value to a variable and then use that variable in your query. Or you could just use the [code=php:0]$_POST['username'][/code] directly.
  9. Well yeah, sure, if you name your db fields something weird, then it would obviously make it harder to guess your table structures. That is the only benefit I can see. It would make it hell on earth for anyone else to work with your code though!
  10. Firstly, it's always a good idea to assign your query string to a variable, and then perform the MySQL operation on that variable. Also, it is a good idea to echo out the SQL error should it be failing. An example... [code=php:0]$sql = "SELECT * FROM comments WHERE nid = '$nid'";[/code] [code=php:0]$result = mysql_query($sql) OR DIE ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());[/code] This will print out... [b]A fatal MySQL error occured[/b]. Query: SELECT * FROM comments WHERE nid = '' Error: (err_no) The MySQL error description gets printed here. Sorry Thorpe... didn't see you there!
  11. Well, I think you don't quite understand the mechanism of forms. When you have an html form, and the fields are displayed to the browser ([i]client-side[/i]), no matter what you call them, when the user clicks submit the form is posted (POST or GET method) to its target script and the data that is posted is in clear text. On the receiving script, you then perform any encryption/decryption on the [i]server-side[/i]. As I said in my previous posts, the [b]only[/b] way you can secure transmission of data over HTTP is to use HTTPS (SSL). Think of it, if you do internet banking, you have to use SSL. Now that's not because they have enough money to buy an SSL certificate, it's because it's the [i]only[/i] way to secure the transaction. Whenever user input is involved, and that input has to be encrypted, there is no other way to do it.
  12. Unless you are doing something with JavaScript, the POST data in your scenario will be passed through as clear text. The user will input "fred" and "password" into the text fields, and when he clicks submit, those exact values will be passed. The mere fact that you have named the fields something weird, would not really thwart anyone who was sniffing the wire, as anyone who sees 2 values coming accross as "fred" and "password" would immediately put 2 and 2 together. The only true way to secure wire transmissions is to use SSL.
  13. Well... My opinion is this: If your data was [i]that[/i] sensitive that you need to encrypt the values on the wire, then I would be looking at using SSL for those transactions that did. Just remember that your sql stuff is all server-side, and potentially even on the same server as your web stuff, so the only data that would be traversing the wire would be your POST data from your forms - which SSL will secure perfectly. As for storing encrypted values in the database, you would just need to encrypt them before your sql query inserts them into the tables. If you are concerned with having clear text data stored in the tables, then as I said, encrypt the values before inserting them, and then decrypt them before displaying them. Obviously, if you were concerned about the data you were displaying back to the user agent, then you would have to use SSL, otherwise you would just be passing the clear text value back to the browser when you decrypt it to display it. I am sure that there are many other people who are much more experienced with this kind if thing, and hopefully they will fill in anything that I have left out.
  14. You are using the incorrect case for DisplayImage.php - it should be lowercase displayimage.php. You also have a space before the id <img src="DisplayImage.php?gim= 7" alt="league"width=80 height=80> which you probably don't want.
  15. lol... In all fairness it was my code that suggested he assign a variable to [code=php:0]$_FILES['input_name'][/code] but yeah, fair point ;)
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.