KittyKate

I can remember being lectured on the importance of using varchar(#) in school, but I can't remember the reasoning any more. I am now working with someone who has never had any formal training in databases (and very little informal), and I need to convince him that it is worth it to set the upper limit on varchars. I've taken the fact for granted for so long, I really can't think of *strong* reasons to do it. Help! Why do we set types the way we do?? I need reasons for using varchars over chars (outside of the obvious blank spaces, because for some reason that doesn't seem good enough), reasons for setting lengths on varchars, and why you should use text over an unlimitted varchar.

Finally got it working. Thanks Barand!

Note: pseudo code!!!! [code]<form name='name1'>   <input type='radio' onclick='javascript(a)' name='type' value='a' id='a' />A   <input type='radio' onclick='javascript(b)' name='type' value='b' id='b' />B   <input type='checkbox' name='a' id='a#' value='#' />String   <input type='checkbox' name='a' id='a#' value='#' />String ...   <input type='checkbox' name='b' id='b#' value='#' />String   <input type='checkbox' name='b' id='b#' value='#' />String ... </form> [/code]

Well, I found a nice work-around that fixes the issue -- radio buttons are my new best friend. (The inner option only had four choices, so the UI actually looks better with them.) Time for a night away from the screen and maybe a glass of wine.

I am feeling rather frustrated and braindead at this point... too many stupid HTML bugs in a day (if only I could at least say that they were because of me, but I'm suffering through another's code!). I've got the front end working at this point, but here is the setup and please tell me the name/value/id I need to set to get this thing to work. A pair of radio buttons trigger a javascript for one of two sets of checkboxes to be enabled. I can figure out which radio button was set, but I'm having issues parsing the checkboxes. The basic idea of the code I'm using is: [code]<?php foreach($_POST['name'] as $value) {     //add $value to database } ?>[/code] Is this remotely correct? And will only the the ones that are checked show up, or do I need to test for that (and if so how)?

I've got several SELECTs that list a bunch of companies. If the company you want to chose isn't listed, you chose 'Create New'. A javascript then creates a field immediately under in which you enter the new company's name and select it's area of industry (so a text input and a second select). My problem: the first layer of selects work perfectly. However, as soon as you chose 'create new' all selects suddenly stop functioning. You can get the top level (the list of companies) to drop down, but anything you chose doesn't get selected. The inner select (the list of areas of industry) won't even drop down. I didn't write the original code, so I may be missing something, but I've combed through it as best I can, and for the life of my I can't figure out what the issue is. I thought it was a missing close tag or quotation marks somewhere, but it doesn't appear to be an issue. This was a problem with the code before I got it. Interesting thing I've noticed: I haven't been testing it in IE yet, but when I change tabs in FF and then back, the top level SELECTs work until I click the second level select.

Thanks!

Have you tried googling it? I found a few possible sites with a quick check. If you have never programmed in an OO environment, it can take some adjustment to move from procedural to classes and methods. I'd recommend looking into OO in general, and then starting to apply it to your php. Java has a relatively decent explaination of the topic: http://java.sun.com/docs/books/tutorial/java/concepts/ For php, the standard syntax is: [code]class ClassName [extends ParentClass] {     function className ($param1, ...) {         //this is your constructor, where you set the value of variables     }     function functionName ($param1, $param2, $optionalParam = 'defaultValue') {     }     /* keep listing more and more functions */ }[/code]

I want to check to see what the location is to see if I need to print certain information or not. So, how do I pull the "*.php" part of address? I can figure out how to set it, or grab it within my HTML (using DOM), but how do I grab it on the server side?

Which fields should be set to on? The one which may be a problem, that I can see, is "session.auto_start = off", but I seem to remember that being something that you'd want anyway -- also why I have to call session_start() in the first place. The "session.cookie_lifetime = 0", which I believe means infinite/when the browser closes, right? This bug is just confusing me! I'm re-writing a previous employee's code to make it more secure, and I know sessions were working before for him. I didn't think I changed that much! *sigh*

Alright... let's see if I can figure out what you are trying to do... You have index.php. In the middle of the page somewhere, you are checking if $ad is set... I'm assuming you actually mean $_GET['ad'] with your illustration of it in the location. If it isn't set, you want to give it the value of 'visitor'. Right now, no matter what, you want to print ad.htm. If ad is set to something else (protected) you want to print something else... Is the following at all like what you'd like to do, to give other, more knowledgable people a better idea? [code]<?php switch ($_GET['ad') {     case 'visitor':           print $visitor_code;           break;     case 'protected':           print $protected_code;           break;     default:           header("location: index.php?ad='visitor'"); } ?>[/code] or [code]<?php switch ($_GET['ad') {     case 'protected':           print $protected_code;           break;     case 'visitor':           print "<!-- Ad=visitor is set -->";     default:           print $visitor_code;           break; } ?>[/code]

Try "SELECT MAX(ID) as ID ..." and increment it by one (id++;) before re-uploading. I haven't looked close enough to figure out why you are getting two rows, but this should be a start.

Alright, I am feeling really dumb right now, but I can't get my session to be persistent. Am I failing to set something, or some strange thing? Is the session cookie supposed to be automatically set, or am I supposed to call something? Each page calls session_start(), and if there is any validation of the user's login, the session_id is supposed to be updated. However, checking my cookies, I don't have a PHPSESSID set. What step am I missing?

Thanks! I forgot to say that! Yes, I am validating all data coming in, and doing some extra validation on the client-side using javascripts. I'm still working on figuring out sessions (I've been going through the code I know how to work with or can learn by reading a paragraph, then I'll come back to what is new) in php. My previous web languages experience was in PERL. Horrible, horrible, ugly language! I've obviously done cookies before, but actually having a session variable is new. I'll be looking into fully using them, and thanks for the snippets of what to make sure I include! Badgers huh? Well, I'll have lots of trees.... (the company I work for is in Forestry)

I'm hoping to get some tips on the ever important issue: security. I've taken over development on a site and already found a half dozen ways to crack it just going through it, and am working on fixing them and adding in more security. Here's a list of what I'm doing, do you have any suggestions for more? [list] [*]all sql strings are created using sprintf("string %s", mysql_real_escape_string($var)) [*]all form actions are post [*]form data is set very cautiously (the previous version I was working with set the value of the password on the login page if the password was entered incorrectly!) [*]I'm using an OO design, and checking permissions in each function. [*]session data is stored on the client side as cookies and compared with the server side at the same time as checking permissions [*]cookies expire after 3.5 hours [*]if a call is made to an area permissions aren't granted, the IP address is logged. If an IP has X 'access denied's, it is blocked for 24 hours. If it has Y instances of being blocked, it is banned. I'm thinking X=Y=3, but I'd appreciate suggestions and reasoning for the values. I know it's possible to change IP addresses, but it can help stop the less-skilled hacker or those just looking for holes. [*]database username and password are stored below the public level in an oddly named file [*]user passwords are encripted[/list] Further suggestions? Anything obvious I've missed? [/list]