PHP - Advice
So here's my problem I'm not sure how to approach this:
I have a table with user_items which are stored together separated by commas. Code: [Select] 13,12,11,9,27,15,16,22,21,23,24,26,29,30,31,32,33 Now, I have a script where the user is in a trade and I want to verify the item they are trying to trade, but is there an alternative other than grabbing all of that users' items and checking that one item with all of the records? I've tried using Code: [Select] SELECT * FROM MYTABLE WHERE user_item_id IN(33) As an example to see if it will pull the rows with that ID. It didn't seem to work, am I doing it wrong? if so, forgive me. Any suggestions/help? The main problem is I don't want to have to explode that data and use a foreach to check that one item against all of that users items, as they could have well over 500. Similar TutorialsRight now I have a SESSION so when users flip though pages they carry their info with them, what I'm trying to do now is that userhome.php can't be accesses unless the user just was succesful in cracking there system.. game I'm creating for those of you helping and following me while I do this! it's a virutal hacking simulation and where I'm now is that the user's passwordcracker was compared to the target systems 'systemkey' and either granted him access or didn't, if it did it displayed a progress bar then fowarded to userhome.php where the target users info will lay, right now though if I just type in userhome.php i get there without haveing the crack it.... any ideas? Hi all, I am looking as a pet project to develop a review site, with the info stored in a database by id and the information grabbed bet get id and then displayed on a dynamic page, eg review.php?id=1 My question is this, if i throw keywords into the mix for each review, will search engines cache a review like this? Or would I need static pages for google etc to find the info? Thanks Hi, basically i have data in my database i want to represent as cash, i currently put the dollar sign infront of each echo which is fine, but how would i go about adding , to the php code itself as you cannot do this from the sql database.. In short i want to use the following code below, when someone selects there option and submits it, it would bring up details from the database on this user from the selected table, can you explain what it would be called doing this so i can look it up, Sorry to be a pain, Cheers. Code: [Select] <select name="target2" id="target2"> <option value=""></option> <?php $sql = "SELECT player_id, friend_id, name, is_active FROM contacts as c JOIN players as p ON c.friend_id = p.id WHERE c.player_id = $playerID AND is_active = 1 ORDER BY name ASC"; $que = mysql_query($sql) or die(mysql_error()); while($list = mysql_fetch_array($que)) { ?> <option value="<?php echo $list['friend_id'] ?>"><?php echo $list['name'] ?></option> <?php } ?> </select> Hello, can someone please advice me on what scripts I will need to accomplish the following. I want users to be able to login to their personal page, on there will be items such as pdf files, jpeg files etc, that they will be able to download. Are there any free scripts out there that can do this, that anyone knows of? I don't mind paying if its a cheapish script for one of you to make for me, but money is a bit tight at the moment so a free script would be my 1st choice... Thanks for all your help for those of you who don't know i am creating a piece of forum software called ASF. Ive done it by myself so far but as it grows i find it harder to write the code and keep organised. my code is a mess and things arent done the way they should be. So if anyone can give me advice or wants to help i could post some of the files for download. Even if you just want to have a look and let me know waht you think. Thanks Carl http://www.thevault.cz.cc I am working on adding security to my code. This is new to me and I am confused at which one to use. The numbers, email and pswd are all explanatory its the text fields that are confusing me. So I have a variety of text fields where the user can input what they want. I want to be able to add in a variety of characters but want it to be secure as well. I want to be able to use the "&" so I think I want Quote FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP All the text fields will be used for descriptions or notes. Also, how secure, if at all, is this function? It was a very earlier attempt at security function check_input($data) { $data = trim($data); $data = htmlspecialchars($data); return $data; } hello i need someone to take a look on this , General comments on the code process and how should i continue !!! [attachment deleted by admin] Hi everyone This is not really about php code...sorry. But i want some advice if you dont mind. I am working on a system, but i would like it to be available for PC use, aswell as for mobile use. What would be the best? To create two websites, one for mobile other for PC, and upload them to .mobi and .com domains, or should i create only one... I need this to be as user-friendly as possible...because the clients who are going to use this, is those ppl that is not comfortable with a PC, not to mention the web. Thanks Hello all I wonder if someone can give me some advice, sorry if this is in the wrong place, I couldn't seem to find the right forum to put it in. I am helping a friend to build a PC support ticket system for use by around 100 support groups, 50 schools and 20 universities, over time a total potential student population of between 300,000 and 800,000 might use it. Of course they as not all going to be accessing the system at once, but of something major happens, there could be almost half the students submitting a ticket at once, but I want to build it in a way that it could cope with 1,000,000 users, I know server space maybe expensive and luckily I wont have to pickup the bill for that. So my questions are; Can PHP handle this volume of traffic with multiple SELECTS, INSERTS etc Can PHP ever crash due to overload or is it always the server which has the overload and crashes, if it's PHP, what can be done to stop that? What would be the best way to hold user data? Is is best to spread the data over multiple tables Is there anything I should consider in PHP when working out a viable system Any advice on the type and level of server we should use I assume PHP would be the best to use as companies like Facebook seem to use PHP and they handle 500 millions users, so I guess it's stable enough. I guess Cloud hosting would be best to balance the load?? I was going to code this all myself over time and learn advanced PHP a bit more, is this a good idea or should I be learning using a framework like ZEND or something like Drupal? Thanks all Hello world,
Im a development fan,but not a coder.
Im planning to hire a developer for a project but i want some advice from experts first.
My project is a market place where sellers and stores could place their ads, I want it very very custom,so here are the questions.
1. Do i use php from scratch or maybe a CMS?
2.Is there a possibly to develop a custom cms to admin this project if it has been developed on php or i have to learn to code by the way?
3.how i can detail exactly what i want to the coder,is there a glossary or something like that for the modules?
this is the question that came up now,but fell free of give me all advice you think i might know.
Thanks.
Hello everyone. I have been told that PHP, javascript and html would be needed for this. So I am here to explain and ask your advice. Since being severely disabled in a car accident, I am trying to make use of what I have left. I would like to use my knowledge and try to help those who want to get back to work. I will give my time for free but the cost of using council premises must be paid for, albeit heavily subsedised by the benefits department. I will need a single page. It will need a datepicker (so I am told) where students can see what days are available and then select their chosen dates and complete their details. Then, the system will make some calculations and send me an email with the details that I can add to official paperwork and email on, to the student, the benefits department and the local council. I would also like to be able to "log in" to the page, to put the details in myself and still to send me the email with the details, as before. Should I explain everything I am trying to achieve, in one post, or can someone advise me as to which parts need which code and make separate posts in the corresponding threads? I am trying to study as much as possible and am finding this forum a great help. But, a little help or guidance in the right direction would be great. Thank you, in advance, for your help Hi All, I currently have a ticketqueue that show's all tickets assigned to a group of people, but split into personal queues, but the way that I wrote it, means that it needs manually updating if a specific person leaves/joins the department. For example, to get the queue details, I use the following query: Code: [Select] $username1 = mssql_query("select id,subject,body,priority from queue where assignedto = username1";) $username2 = mssql_query("select id,subject,body,priority from queue where assignedto = username2";) I have repeated this code for all of the users in our team. Which seams a waste, as I have all the information on our team stored in a DB called "sysadminusers". Is there an array I could use that would look at all the usernames in the table, and then repeat the query for me? I would also need this array to display the results on the page, currently I use the following: Code: [Select] while($username1_tickets = mssql_fetch_assoc($username1)){ echo $username1_tickets['id'],$username1_tickets['subject']$username1_tickets['body'],$username1_tickets['priority'];} while($username2_tickets = mssql_fetch_assoc($username2)){ echo $username2_tickets['id'],$username2_tickets['subject']$username2_tickets['body'],$username2_tickets['priority'];} I am just looking for some design advice and code examples that would help me tidy up my code for this page, it seams a lot of code for quite a simple page. Thanks Matt Was wondering if anyone had any thoughts on how im running settings on my text base game. I currently have like 60 settings stored in the data base. These are only admin control settings. They set what things cost in the game and such. I was thinking today that would it be better instead of running a query on every page to grab the settings that page uses. I just simply do one huge select ALL query for the settings when a user logs in and turn all the setting into super global $_SESSION. Also this way any function i made i can simply use the SESSION instead of grabing settings out side the function or creating a query for it with in the function. So i was thinking doing this would extremly speed up my game wouldnt it? wondering if anyone has any thoughts on this This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=328588.0 I have a restricted page for members of a website. This restricted area is within a directory called 'download.' There is a login form on two pages (home and support pages, found in the main menu). These pages are on the site root directory. When the user successfully logs in they are taken inside the download directory to index.php. This index.php has a different look to the site root design. I have since redesigned this page to have the same structure as the site root pages. I would love for the user to able to navigate around the main site if they wanted, and when they clicked support in the menu they would have all the download files there on the page, instead of a login form. My question is how would I implement this login so that when the user logs in the support page changes from the login page to the page with the files. I don't want to to duplicate the site within the download directory, I was hoping for an efficient method, but I am unsure how to go about it. Hey everyone A little advice would be great. okay... I have a system that registers users and then allows them to take part in a quiz, which uses sessions and a database however what the problem is, is that i would like the user to be able to see the results of there quiz rather than destroying a session on logout.php for example when they login, they will click member area for example and this will display info about the quiz they completed.... i.e. Scores How would i do keep this info so its not lost on logging out?? Thanks in advance guys Lance Yup, the nice person left some friendly messages just to prove it. Now i need to recover. I have back up code and DB. But I need to establish what kind of hack it was and how to improve things. The big tell tale, is that all the javascript is gone off the pages. Yet the js tools ( jquery etc ) all all still there.
They also got past the login page as well.
The site was built with CodeIgniter so I had invested my trust in the framework as I will never assume I know more than the CI guys on security.
any ideas jump to mind as to what kind of hack it was and therefore what obvious things I can do to avoid it again ?
Many Thanks !!
I've been trying to find a good, up-to-date source on how to secure the authentication credentials for my db connection. I've done some PHP coding and would like to learn more. There's plenty information available, but I often find books inevitably have typos in the code. Also most of the online tutorials are either at least several years old or deal more with user login security. User authentication is one thing, but what are the best ways to secure the connection to the database itself? Obviously your basic newbie method of unencrypted host, username, password, and database stored in a connectvar file is just open invitation--or maybe not since it doesn't present a challenge to a hacker. Some say to encrypt the credentials with something like MD5 and store them in .htaccess. Other sources say not to use MD5. Any advice on where to find some good resources on this? Cheers! Hi, Is anyone here familiar with the Facebook API? My boss wants people to be able to share their store with their friends on Facebook from within the stores admin panel. He wants the following. 1) Display all friends with a checkbox next to each name. 2) Check the friends you want to inform about your store. 3) Post a message on checked friends wall. It sounds simple. The problem is the friends selection screen. Some of my friends on Facebook have 1000 friends. Obviously listing all of them is inpractical. Ideally I need a search box to limit the friends that display and make it easy to find who you are looking for. Does something like this already exist? Does it have a name? |