Search Results

Search found 27396 results on 1096 pages for 'mysql query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 478/1096 | < Previous Page | 474 475 476 477 478 479 480 481 482 483 484 485  | Next Page >

  • Are these two functions overkill for sanitization?

    - by jpjp
    function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from a book and the author says that by using these two, I can be extra safe against XSS(the first function) and sql injections(2nd func). Are all those necessary? Also for sanitizing, I use prepared statements to prevent sql injections. I would use it like this: $variable = sanitizeString($_POST['user_input']); $variable = sanitizeMySQL($_POST['user_input']);

    Read the article

  • Improving the speed of php

    - by cast01
    I'm currently working on a website in PHP, and I'm wondering what the best practices/methods are to reduce the time requests take. I've build the site in a modular way, so a page would consist of a number of modules, and each of these would need to request information. For example, I have a cart module, that (if a cart is set) will fetch the cart with the id (stored in a session variable) from the database and return its contents. I have another module that lists categories and this needs to fetch the categories from the database. My system is built with models, and each model might also make a request, for example a category model will make a request to get products in that category.

    Read the article

  • Modifying my website to allow anonymous comments

    - by David
    I write the code for my own website as an educational/fun exercise. Right now part of the website is a blog (like every other site out there :-/) which supports the usual basic blog features, including commenting on posts. But I only have comments enabled for logged-in users; I want to alter the code to allow anonymous comments - that is, I want to allow people to post comments without first creating a user account on my site, although there will still be some sort of authentication involved to prevent spam. Question: what information should I save for anonymous comments? I'm thinking at least display name and email address (for displaying a Gravatar), and probably website URL because I eventually want to accept OpenID as well, but would anything else make sense? Other question: how should I modify the database to store this information? The schema I have for the comment table is currently comment_id smallint(5) // The unique comment ID post_id smallint(5) // The ID of the post the comment was made on user_id smallint(5) // The ID of the user account who made the comment comment_subject varchar(128) comment_date timestamp comment_text text Should I add additional fields for name, email address, etc. to the comment table? (seems like a bad idea) Create a new "anonymous users" table? (and if so, how to keep anonymous user ids from conflicting with regular user ids) Or create fake user accounts for anonymous users in my existing users table? Part of what's making this tricky is that if someone tries to post an anonymous comment using an email address (or OpenID) that's already associated with an account on my site, I'd like to catch that and prompt them to log in.

    Read the article

  • Php date() giving the wrong time after parsing

    - by Kirill
    This is confusing as hell, here's the php I'm using: <?php echo date('H:i D j, F',$j->date); ?> This is what it gives me: 01:33 Thu 1, January Which seems fine, until you look at the actual time that is being given ($j-date provides): 2010-06-12 21:12:23 Why is it giving me a January and what am I doing wrong?

    Read the article

  • ERRNO: 2 Division by zero error

    - by chupinette
    I am getting this error : ERRNO: 2 TEXT: Division by zero I have the following function in my class Customer public static function GetQuotationDetails($string) { $sql = 'SELECT I.name, I.discounted_price, I.other_name FROM item I WHERE ( I.name LIKE CONCAT( '%', :string, '%' )) AND T.item_name=:string'; $parameters = array(':string' => $string); DB::GetAll($sql,$parameters); } Then, $this->results = Customer::GetQuotationDetails('grinder'); and i echo the results by echo $obj_quotations->results; Can anyone help me?

    Read the article

  • Validate Canadian Postal Code Regex

    - by Alex Block
    I have a script written in JavaScript to Validate Canadian Postal Codes using Regex, however it does not seem to be working. Here is the script: If statement: if (myform.zip.value == "" || myform.zip.value == null || myform.zip.value == "Postal Code" || myform.zip.value.length < 12 ) { alert("Please fill in field Postal Code. You should only enter 7 characters"); myform.zip.focus(); return false; } Function: function okNumber(myform) { var regex = /^[ABCEGHJKLMNPRSTVXY]{1}\d{1}[A-Z]{1} *\d{1}[A-Z]{1}\d{1}$/; if (regex.test(myform.zip.value) == false) { alert("Input Valid Postal Code"); myform.zip.focus(); return false; } return true; }

    Read the article

  • PHP: How To Integrate HTML Purifier To Fileter User Submitted Data?

    - by TaG
    I have this script that collects data from users and I wanted to check their data for malicious code like XSS and SQL injections by using HTML Purifier http://htmlpurifier.org/ but how do I add it to my php form submission script? Here is my HTML purifier code require_once '../../htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', 'UTF-8'); // replace with your encoding $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); // replace with your doctype $purifier = new HTMLPurifier($config); $clean_html = $purifier->purify($dirty_html); Here is my PHP form submission code. if (isset($_POST['submitted'])) { // Handle the form. $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT users.*, profile.* FROM users INNER JOIN contact_info ON contact_info.user_id = users.user_id WHERE users.user_id=3"); $about_me = mysqli_real_escape_string($mysqli, $_POST['about_me']); $interests = mysqli_real_escape_string($mysqli, $_POST['interests']); if (mysqli_num_rows($dbc) == 0) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"INSERT INTO profile (user_id, about_me, interests) VALUES ('$user_id', '$about_me', '$interests')"); } if ($dbc == TRUE) { $dbc = mysqli_query($mysqli,"UPDATE profile SET about_me = '$about_me', interests = '$interests' WHERE user_id = '$user_id'"); echo '<p class="changes-saved">Your changes have been saved!</p>'; } if (!$dbc) { // There was an error...do something about it here... print mysqli_error($mysqli); return; } }

    Read the article

  • SQL: script to create country, state tables

    - by pcampbell
    Consider writing an application that requires registration for an entity, and the schema has been defined to require the country, state/prov/county data to be normalized. This is fairly typical stuff here. Naming also is important to reflect. Each country has a different name for this entity: USA = states Australia = states + territories Canada = provinces + territories Mexico = states Brazil = states Sweden = provinces UK = counties, principalities, and perhaps more! Most times when approaching this problem, I have to scratch together a list of good countries, and the states/prov/counties of each. The app may be concerned with a few countries and not others. The process is full of pain. It typically involves one of two approaches: opening up some previous DB and creating a CREATE script based on those tables. Run that script in the context of the new system. creating a DTS package from database1 to database2, with all the DDL and data included in the transfer. My goal now is to script the creation and insert of the countries that I'd be concerned with in the app of the day. When I want to roll out Countries X/Y/Z, I'll open CountryX.sql, and load its states into the ProvState table. Question: do you have a set of scripts in your toolset to create schema and data for countries and state/province/county? If so, would you share your scripts here? (U.K. citizens, please feel free to correct me by way of a comment in the use of counties.)

    Read the article

  • Adding to database with multiple text boxes

    - by kira423
    What I am trying to do with this script is allow users to update a url for their websites, and since each user isn't going to have the same amount of websites is is hard for me to just add $_POST['website'] for each of these. Here is the script <?php include("config.php"); include("header.php"); include("functions.php"); if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){ header("Location: pubs.php"); } $getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'"); $info = mysql_fetch_array($getmember); $getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'"); $postback = $_POST['website']; $webname = $_POST['webid']; if($_POST['submit']){ var_dump( $_POST['website'] ); $update = mysql_query("UPDATE `websites` SET `postback` = '$postback' WHERE name = '$webname'"); } print" <div id='center'> <span id='tools_lander'><a href='export.php'>Export Campaigns</a></span> <div id='calendar_holder'> <h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br /> cid = Campaign ID<br /> sid = Sub ID<br /> rate = Campaign Rate<br /> status = Status of Lead. 1 means payable 2 mean reversed<br /> A sample postback URL would be <br /> http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3> <table class='balances' align='center'> <form method='POST' action=''>"; while($website = mysql_fetch_array($getsites)){ print" <tr> <input type ='hidden' name='webid' value='".$website['id']."' /> <td style='font-weight:bold;'>".$website['name']."'s Postback:</td> <td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td> </tr>"; } print" <td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td> </form> </table> </div>"; include("footer.php"); ?> What I am attempting to do insert the what is inputted in the text boxes to their corresponding websites, and I cannot think of any other way to do it, and this obviously does not works and returns a notice stating Array to string conversion If there is a more logical way to do this please let me know.

    Read the article

  • Dropdown dependent values to be fetch from multiple models using ajax in Yii

    - by newuser
    I searched all the documentation over Yii but not got the answer of it.So I came here finally. I have the following schema Table Schools +------------------+--------------+------+-----+---------------------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------------+--------------+------+-----+---------------------+----------------+ | id | int(10) | NO | PRI | NULL | auto_increment | | school_name | varchar(100) | NO | | | | +------------------+--------------+------+-----+---------------------+----------------+ Table Students +------------------+--------------+------+-----+---------------------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------------+--------------+------+-----+---------------------+----------------+ | id | int(10) | NO | PRI | NULL | auto_increment | | school_id | int(10) | NO | FK | | | | student_name | varchar(100) | NO | | | | | roll_no | varchar(80) | NO | | | | | class | varchar(20) | NO | | | | | | subjects | varchar(100) | NO | | | | +------------------+--------------+------+-----+---------------------+----------------+ I have made models and CRUD for the both models.In models my relation is like this In Students.php the relation is like public function relations() { // NOTE: you may need to adjust the relation name and the related // class name for the relations automatically generated below. return array( 'School' => array(self::BELONGS_TO,'Schools','school_id'), ); } In Schools.php the relation is like public function relations() { // NOTE: you may need to adjust the relation name and the related // class name for the relations automatically generated below. return array( 'student' => array(self::HAS_MANY, 'Students', 'school_id'), ); } Now I made the two models rendered in a single page so that I can enter all the respective fields in a single form. In the _form.php file of Students I have made some change in student_name like this <div class="row"> <?php echo $form->labelEx($model,'student_name'); ?> <?php echo $form->dropdownList($model,'student_name', CHtml::listData(Students::model()->findAll(), 'id', 'student_name'), array('empty'=>array('Select'=>'--Select One---'))); ?> <?php echo $form->error($model,'student_name'); ?> Now for this piece of code I got all the student name from the Student model. So my problem is when I am getting the student name from the dropdown list and going to select a student it will also fetch all the respective values of the student to be rendered in the _form.php without click on save button.So that user don't have to put it again manually. I think ajax and json encode will work here but don't know how to make them work here. [Update] Here is StudentsController code public function actionDisCoor() { $model = School::model()->findByPk($_POST['Students']['student_id']); $data=CHtml::listData($data,'id','name'); foreach($data as $value=>$name) { echo CHtml::tag('option',array('value'=>$value),CHtml::encode($name),true); } } Here is _form.php code for Students <div class="row"> <?php echo $form->labelEx($model,'student_name'); ?> <?php $List = CHtml::listData(Students::model()->findAll(), 'id', 'student_name'); ?> <?php echo $form->dropdownList($model,'student_name',$List, array('onChange'=>CHtml::ajax(array( 'url' => CController::createUrl('DisCoor'), 'type' => 'POST', 'update'=>'#school_id', )),'style'=>'width:180px;' ) )?> <?php echo $form->error($model,'student_name'); ?> </div> After all that when I saw in firebug I got the error.Here is the screen shot

    Read the article

  • How to display external database data in VBulletin 4 Forums Custom PHP Block?

    - by NJTechGuy
    Hi guys! I want to display data feed from an external database in a sidebar in the forums section. PHP Block Code : $host = 'db.123.net'; $dbUser = 'db49'; $dbPass = 'iReVbY'; $db = 'db6578h8'; mysql_connect("$host", "$dbUser", "$dbPass") or die(mysql_error()); mysql_select_db("$db") or die(mysql_error()); ob_start(); $result = mysql_query("SELECT id, title from abc") or die(mysql_error()); while($row = mysql_fetch_array( $result )) { print"<center>"; print "<a href=\"http://abc.com/?id=" . $row['id'] . "\"></a>"; print "</center>"; } $output .= ob_get_contents(); return $output; ob_end_clean(); How do I return an array to display in a PHP block in the sidebar (forums section)? Please help me out of this! Thank you..

    Read the article

  • i demand you all men to help

    - by Hello you all men
    you all men i demand answer, you say not real question?? many page get big load for long time and now we are suspended and http://stackoverflow.com/questions/2890840/how-can-we-make-our-website-scalable and please you help men very sorry -bern

    Read the article

  • Thoughts/Input about Database Design for a CMS

    - by dallasclark
    I'm just about to expand the functionality of our own CMS but was thinking of restructuring the database to make it simpler to add/edit data types and values. Currently, the CMS is quite flat - the CMS requires a field in the database for every type of stored value (manually created). The first option that comes to mind is simply a table which keeps the data types (ie: Address 1, Suburb, Email Address etc) and another table which holds values for each of these data types. Just like how Wordpress keeps values in the 'options' table, PHP serialize would be used to store an array of values. The second option is how Drupal works, the CMS creates tables for every data type. Unlike Wordpress, this can be a bit of an overkill but really useful for SQL queries when ordering and grouping by a particular value. What's everyone's thoughts?

    Read the article

  • SQL, PHP: want to get the collums of a table INFORMATION_SCHEMA gives acces denied --> alternative?

    - by matthy
    hi what i am trying to do is get all the collums of a table (the table can be empty) example of what i did before: SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = 'aTable' AND table_schema = 'theDatabase' it works perfectly on localhost however on my provider it gives: #1142 - SELECT command denied to user 'username'@'localhost' for table 'COLUMNS' is there an alternative that doesn't use the INFORMATION_SCHEMA??

    Read the article

  • Should I include user_id in multiple tables?

    - by Drarok
    I'm at the planning stages of a multi-user application where each user will only have access their own data. There'll be a few tables that relate to each other, so I could use JOINs to ensure they're accessing only their data, but should I include user_id in each table? Would this be faster? It would certainly make some of the queries easier in the long run. Thanks!

    Read the article

  • Access 2007 file picker, replaces all rows with the same choice.

    - by SqlStruggle
    This code is from an Access 2007 project I've been struggling with. The actual mean part is the part where I should put something like "update only current form" DoCmd.RunSQL "Update Korut Set [PikkuKuva]=('" & varFile & "') ;" Could someone please help me with this?` If I use it now, it updates all the tables with the same file picked. Heres the whole code. ' This requires a reference to the Microsoft Office 11.0 Object Library. Dim fDialog As Office.FileDialog Dim varFile As Variant Dim filePath As String ' Set up the File dialog box. Set fDialog = Application.FileDialog(msoFileDialogFilePicker) With fDialog ' Allow the user to make multiple selections in the dialog box. .AllowMultiSelect = False ' Set the title of the dialog box. .Title = "Valitse Tiedosto" ' Clear out the current filters, and then add your own. .Filters.Clear .Filters.Add "All Files", "*.*" ' user picked at least one file. If the .Show method returns ' False, the user clicked Cancel. If .Show = True Then ' Loop through each file that is selected and then add it to the list box. For Each varFile In .SelectedItems DoCmd.SetWarnings True DoCmd.RunSQL "Update Korut Set [PikkuKuva]=('" & varFile & "') ;" Next Else MsgBox "You clicked Cancel in the file dialog box." End If End With

    Read the article

  • SQL Server Group Concat with Different characters

    - by Molloch
    I have looked through a number of solutions to emulating "Group concat" functionality in SQL Server. I wanted to make a more human readable solution though and I can't work out how to do it. I have a view: ParentID | ChildName Which contains the records, for example: 1 | Max 1 | Jessie 2 | Steven 2 | Lucy 2 | Jake 3 | Mark I want to "Group Concat" these to get: 1 | Max and Jessie 2 | Steven, Lucy and Jake 3 | Mark So If there is only 1 child, just return name, if there are more than one, concat the last 2 with an ' and ' and all others with a ', '. I am a bit stuck on how to do this without resorting to CLR, which I don't want to do. I am happy with a function - but speed is an issue and how do I determine the child number so I can choose between ' and ', ', ' or ''?

    Read the article

  • Audit Table using Triggers

    - by Jose
    DROP TABLE IF EXISTS `actividades`.`act_actividad_audit`; CREATE TABLE `actividades`.`act_actividad_audit` ( `fe_creacion` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `usr_digitador` char(10) NOT NULL, `ip_digitador` char(15) NOT NULL, `id_act_actividad` int(10) unsigned NOT NULL, `titulo` char(64) NOT NULL, `act_prioridad_id` int(10) unsigned NOT NULL, `act_motivo_id` int(10) unsigned NOT NULL, `detalle` text, `detalle_tecnico` text, `hostname_id` int(10) unsigned NOT NULL, `hostname_nombre` char(50) NOT NULL, `es_SMOP` tinyint(1) NOT NULL, `url_SMOP` text, `es_tecnico` tinyint(1) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Auditoria Actividad General'; I want to populate that audit table with a trigger but how can i send or fill the values for usr_digitador or ip_digitador if that values are on client side.? please help

    Read the article

  • Cast integer to real

    - by Dave Jarvis
    Question How do you cast an INTEGER value as a REAL value? Attempts CAST( Y.YEAR AS REAL), but that failed (the documentation indicates you cannot CAST or CONVERT values to REALs. Y.YEAR + 0.0, but that failed, too. Error Message Using udf_slope fails due to: Can't initialize function 'slope'; slope() requires a real as parameter 2 Code SELECT D.AMOUNT, Y.YEAR, slope(D.AMOUNT, Y.YEAR + 0.0) as SLOPE, intercept(D.AMOUNT, Y.YEAR + 0.0) as INTERCEPT FROM YEAR_REF Y, DAILY D Here, D.AMOUNT is a FLOAT and Y.YEAR is an INTEGER. Thank you!

    Read the article

  • Rails Unit Testing with MyISAM Tables

    - by tadman
    I've got an application that requires the use of MyISAM on a few tables, but the rest are the traditional InnoDB type. The application itself is not concerned with transactions where it applies to these records, but performance is a concern. The Rails testing environment assumes the engine used is transactional, though, so when the test database is generated from the schema.rb it is imported with the same engine. Is it possible to over-ride this behaviour in a simple manner? I've resorted to an awful hack to ensure the tables are the correct type by appending this to test_helper.rb: (ActiveRecord::Base.connection.select_values("SHOW TABLES") - %w[ schema_info ]).each do |table_name| ActiveRecord::Base.connection.execute("ALTER TABLE `#{table_name}` ENGINE=InnoDB") end Is there a better way to make a MyISAM-backed model be testable?

    Read the article

  • Make A HTML/PHP Link

    - by Will Evans
    I have the code below: $result = mysql_query("SELECT link, notes FROM links WHERE username='will';"); $html .= "<ul>"; while ($row = mysql_fetch_array($result)) { //loop extract($row); $html .= "<li>{$link} - {$notes}</li>"; } I need the bit where it says {$link} to become a clickable link which opens a new window. How would I do this? When I put tags around it you get this error: The error is: Parse error: syntax error, unexpected '{' in /data/www/vhosts/themacsplash.com/httpdocs/ClipBoy/will.php on line 18 Line 18 is $html .= "{$link} - {$notes}";

    Read the article

  • Drupal Views pulling Data Fields

    - by askon
    I'm a little new to drupal but have been using things like devel module and theme developer to speed up the learning process. My question, is it possible to theme an entire views BLOCK from a single views tpl.php page OR even a preprocess? When I'm grabbing the $view object I can see results $node-result, it has all of the results, but it doesn't have all my views fields. I'm missing things like, node path, taxonomy titles and paths, etc. From my understanding, Drupal wants you to individually theme EACH output field. It seems rather superfluous to create so many extra templates when I've already got over HALF of my results coming through the $view object Would outputting node over field make this easier? Or am going in the wrong direction with $view-result? Thanks!

    Read the article

  • Normalization of database for timesheet tool and ensure data integrity

    - by fireeyedboy
    I'm creating a timesheet application. I have the following entities (amongst others): Company Employee = an employee associated with a company Client = a client associated with a company So far I have the following (abbreviated) database setup: Company - id - name Employee - id - companyId (FK to Company.id) - name Client - id - companyId (FK to Company.id) - name Now, I want an employee to be associated with a client, but only if that client is associated with the company the employee works for. How would you guarantee this data integrity on a database level? Or should I just depend on the application to guarantee this data integrity? I thought about creating a many to many table like this: EmployeeClient - employeeId (FK to Employee.id) - companyId \ (combined FK to Client.companyId, Client.id) - clientId / Thus, when I insert a client for an employee along with the employee's company id, the database should prevent this when the client is not associated with the employee's company id. Does this make sense? Because this still doesn't guarantee the employee is associated with the company. How do you deal with these things? UPDATE The scenario is as followed: A company has multiple employees. Employees will only be linked to one company. A company has multiple clients also. Clients will only be linked to one company. (Company is a sandbox, so to speak). An employee of a company can be linked to a client of it's company, but only if the client is part of the company's clientele. In other words: The application will allow a company to create/add employees and create/add clients (hence the companyId FK in the Employee and Client tables). Next, the company will be allowed to assign certain clients to certain of it's employees (EmployeeClient table). Imagine an employee working on projects for a few clients for which s/he can write billable hours, but the employee must not be allowed to write billable hours for clients they are not assigned to by their employer (the company). So, employees will not automatically have access to all their company's clients, but only to those that the company has selected for them. Hopefully this has shed some more light on the matter.

    Read the article

  • How to write this Link2Sql select query

    - by RememberME
    I have 3 tables: subcontracts, companies and contacts. Each table has a active_status flags which shows that the item is still active (hasn't been deleted). Each contact has a company_id field which stores the id of the contact's company. Each subcontract has a company_id field which stores the subcontract's company. Each company has a company_id field which holds its guid and a primary_company field, b/c the company could be a subsidiary. If it's a subsidiary, the primary_company field holds the id of the primary company. I have a subcontract form. On the form, I have a drop-down of contacts which are stored in a contact table. Currently the drop-down lists all contacts. I would like to have the drop-down only list contacts which belong to the subcontract's company or any of that company's subsidiaries. I have the following query which I use elsewhere in the program to pass a company_id and get its subsidiaries. public IQueryable<company> GetSubsidiaryCompanies(Guid id) { return from c in db.companies where c.primary_company == id && c.active_status == true select c; } This is my current contact selection public IQueryable<contact> GetContacts() { return from c in db.contacts where c.active_status == true orderby c.contact_name select c; } What I need to do is pass it the subcontract.company_id and then only return the contacts where contact.company_id == subcontract.company_id or contact.company_id == one of the subsidiary ids.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 474 475 476 477 478 479 480 481 482 483 484 485  | Next Page >