PHP - Too Much Session And Database Reading? (general Info Request On Coding)

Hi

I am looking to develop a public facing website and would like some good practice info on php, what you should and shouldnt do and which way to do things, e.g. for security and efficiency, etc.

I have read through the PHP security guide from the PHP Security Consortium and was really good, does any one have any more info like this regarding PHP and general good practice

Thank you

Hello Everybody, i have shopping-cart with session_product. i add arrays per button to the session.   i want get the shipping1 and shipping2 fields from the array where the field qty great is or equal to 2 >= 2. i did this manualy in my example to get shi1 and shi2 lines 15 and 16. how can i get shipping1 and shipping2 automaticly?   thank you very much for your help.   here is my code

01.<?php
02.$maxshipping1=0;
03.foreach ($_SESSION['products'] as $pro1) {
04.$maxshipping1 = max($maxshipping1, $pro1['shipping1']); }
05.?>
06.<?php
07.$maxshipping2=0;
08.foreach ($_SESSION['products'] as $pro2) {
09.$maxshipping2 = max($maxshipping2, $pro2['shipping2']); }
10.?>
11.<?php
12.$maxqty=0;
13.foreach ($_SESSION['products'] as $quant) {
14.$maxqty = max($maxqty, $quant['qty']); }
15.$shi1 = $_SESSION["products"][0]["shipping1"];
16.$shi2 = $_SESSION["products"][0]["shipping2"];
17.?>

the Arrays looks like the following:

Array
(
    [0] => Array
        (
            [product] => Orangensaft 0,3l
            [code] => 5
            [qty] => 3
            [price] => 2.99
            [shipping1] => 5
            [shipping2] => 7
        )

    [1] => Array
        (
            [product] => Kuchen
            [code] => 3
            [qty] => 1
            [price] => 2.95
            [shipping1] => 4
            [shipping2] => 6
        )

    [2] => Array
        (
            [product] => Burger 200g
            [code] => 4
            [qty] => 1
            [price] => 3.95
            [shipping1] => 1
            [shipping2] => 3
        )

    [3] => Array
        (
            [product] => Pizza Pollo
            [code] => 2
            [qty] => 1
            [price] => 5.95
            [shipping1] => 2
            [shipping2] => 4
        )

    [4] => Array
        (
            [product] => Sake Maki Lachs, 6 St�cke Pommes
            [code] => 4236134485469
            [qty] => 1
            [price] => 2
            [shipping1] => 1
            [shipping2] => 2
        )

)

I have a standard form that displays users current data from a mysql database once logged in(code obtained from the internet). Users can then edit their data then submit it to page called editform.php that does the update. All works well except that the page does not display the updated info. Users have to first logout and login again to see the updated info. even refreshing the page does not show the new info. Please tell me where the problem is as i am new to php.   my form page test.php

<?PHP
require_once("./include/membersite_config.php");

if(!$fgmembersite->CheckLogin())
{
    $fgmembersite->RedirectToURL("login.php");
    exit;
}

?>
<form action="editform.php?id_user=<?= $fgmembersite->UserId() ?>" method="POST">
<input type="hidden" name="id_user" value="<?= $fgmembersite->UserId() ?>"><br>
Name:<br> <input type="text" name="name" size="40" value="<?= $fgmembersite->UserFullName() ?>"><br><br>
Email:<br> <input type="text" name="email" size="40" value="<?= $fgmembersite->UserEmail() ?>  "><br><br>
Address:<br> <input type="text" name="address" size="40" value="<?= $fgmembersite->UserAddress() ?>  "><br><br>

<button>Submit</button>

my editform.php

<?php

$con = mysqli_connect("localhost","root","user","pass");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

mysqli_query($con,"UPDATE fgusers3 SET name = '".$_POST['name']."', email= '".$_POST['email']."', address= '".$_POST['address']."' WHERE id_user='".$_POST['id_user']."'");



header("Location: test.php");

?>

$result = mysqli_query($con,"SELECT * FROM $_SESSION['datakey']";

Hello all,

I have a membership website which is using sessions... and ive been asked to add some promotion points system. So that each user is able to see how many promotion points they have...

Now, I'm a beginner in mysql and php, but feel I'm learning fairly quickly. What I need help with, is to be able to display the amount of promotion points for the logged in user.

I created a new field in my "essenti1_Users" table for the promotion code.

database is called "essenti1_membership"
table is "essenti1_Users"
feild is "promo"


I think im going to have to manually add the points to each user manually through phpMyAdmin Navicat unfortunatly. Unless anyone has any other ideas just for adding the points to each user account?
ziggynerja is online now Add to ziggynerja's Reputation Report Post      Edit/Delete Message

I have several "sites" located in my html directory, and each has a "general" access point and an "administrator" access point:

/var/www/html/site1/index.php
/var/www/html/site1/administrator/index.php
/var/www/html/site2/index.php
/var/www/html/site2/administrator/index.php
/var/www/html/site3/index.php
/var/www/html/site3/administrator/index.php

All sites are similar except that data will be specific to site1, site2, or site3, etc.   Users who log onto /var/www/html/siteX/index.php are totally unrelated to those who logon to /var/www/html/siteX/administrator/index.php, will have different logon credentials, are stored in different DB tables, and each should have their own session.  If a user logs off of either the general or administrator site, it should not effect the other site even if they were previously logged on to both on the same PC (and of course not effect other sites). When a user logs off, I would like to destroy their previous cookie and associated session.  Users for either will only use https.  I am using Apache to rewrite https://www.mysite.com/ to https://mysite.com/.  While I named the administrator site "administrator" above, the administrator user has the ability to change the directory name.   I am thinking I need to use session_set_cookie_params to specify where I wish the session cookie to be stored since /var/www/html/siteX/administrator/index.php is a sub-directory to /var/www/html/siteX/index.php, but am not really sure.  Sorry for the cryptic post, but I am not very well versed in this subject. How would you recommend setting up cookies/sessions for this scenario?  Thank you

I have a normalized database in the form of

Code: [Select]
ID   user_id     key           value
1    3           first_name    Brian
2    3           last_name     Tardy
3    4           first_name    John
4    4           last_name     Wilson

What is the fastest way to capture these values within php? I want to perform a SELECT to catch the values for every user as

Code: [Select]
$result=mysql_query("SELECT * FROM users_data WHERE user_id = '$id'");
while($row=mysql_fetch_array($result)) {

here we process all data for a given user
and write it to text file as a single line

}
Since it is a long list (100K users with about 10M of rows in user_data), I am looking for the fastest and most reliable way to scan all the database.
?>

Where is the best to store the list of categories and menu? Obviously it is better to reduce mysql queries. From a plain list in file, we can create desirable list (menu) from an array. This is quite faster (though SELECT from an indexed table is fast too; but I do know if it is as fast as reading from a php file). Any idea how to code this to create the menu faster ?

Hey,

I'm trying to work out how I can have a simple script that will work like this:

Page 1 - Heading, Paragraph, Image read from database.
Page 2 - Has text boxes allowing you to change heading, paragraph and image (url) with each edit using a different text box. (Admin panel)

The database connection would be in a separate file.

So far I've got the database connection sorted.

Code: [Select]
<?php
//Database Information
$dbtype = "mysql"; 
$db_host = "localhost";
$db_user = "";
$db_pass = "";
$db_name = "";
$db_port = "";
$db_table_prefix = "userCake_";
?>
At the top of each of the other pages this is what I've got.
Code: [Select]
<?php 
require_once("models/config.php");
?>
Let's say I give each bit stored in the database a page ID and an object ID.

If the page selected is index.php how can we give it a page ID of 1 and give then include all the separate 'objects' throughout the page?

Hopefully this makes sense?

Cheers,
Jack

As per the client requirement he wants to read words from a file and want to insert them in database  one by one . ie a confirmation is required whether he wants to insert is or not. I have developed the thing but the problem is when i am retrieving the words it asks for all the words. i will show u wat the problem is. My main query is i want to pause the exectution until user's input.

Code: [Select]
<script type="text/javascript" src="jquery.js"></script>
<script type"text/javascript">
function show() {
document.getElementById('form#submit').fadeIn();
alert("Abhinav");
}
$(document).ready(function(){
$("form#submit").submit(function() {
// we want to store the values from the form input box, then send via ajax below
var word    = $('#word').attr('value');
var synonym     = $('#synonym').attr('value');

$.ajax({
type: "POST",
url: "ajax.php",
data: "word="+ word + "&synonym=" + synonym,
success: function(){
$('form#submit').hide();
//$('form#submit :input').val("");
$('div.success').fadeIn();
}
});
return false;
});
});
</script>

<?php 
$file=fopen("welcome.txt","r") or exit("Unable to open file!");
@$word="";
@$c="";
while (!feof($file))
{
  $c=fgetc($file);
if(strcmp($c," ")==0)
{ echo "".
 
"<form id='submit' method='post' name='submit' action='' >".  
        "<fieldset>  ".
            "<legend>Enter Information</legend>  ".
"            <label for='word'>Word:</label>  ".
"<input id='word' class='text' name='word' size='20' type='text' value='$word' >  ".
"            <label for='Synonym'>Synonym:</label>  ".
"<input id='synonym' class='text' name='synonym' size='20' type='text'>  ".
"            <button class='button positive' type='submit'>  Add Client </button>  ".
   " </fieldset>  ".
   " </form>  ".
"<div class='success' style='display:none;'>Client has been added.</div>  ".
"</div>";
 
$word="";
}
else
$word=$word.$c;
}
fclose($file);

?>



Now what i want is after user clicks add client then only next insertion box must be shown. please check the attached image to see the output. Guys pls help me over this. Thnx in advance

Hello all,

I have a directory page that is populated with a foreach loop pulling info from a db table. I want to make a "Download Directory pdf" button that will print out the directory entries in a nicely formatted way.
 The thing is that the foreach loop uses an OO call to what every template is being used for the HTML display:

foreach ( (array) $results as $row)
{
     ...

$out .= '<div class="cn-list-row' . $alternate . ' vcard ' . $template->slug . ' ' . $entry->getCategoryClass(TRUE) . '">' . "\n";

$out = apply_filters('cn_entry_before', $out, $entry);

ob_start();

include($template->file);

    $out .= ob_get_contents();

    ob_end_clean();

$out = apply_filters('cn_entry_after', $out, $entry);

$out .= '</div>' . "\n";

}

$out .= '<div class="clear"></div>' . "\n";

$out .= '</div>' . "\n";

$out = apply_filters('cn_list_after', $out, $results);

return $out;
}

Any Ideas??

I have created a form that i can see the form input info in to the form boxes but once submitted it is not updating or adding new input to the database. I am trying to keep it as simple as possible. I am also new at PHP. Here is my code:     <?php
    // define variables and set to empty values
    $amp_20_parts_idErr = $part_numberErr = $locationErr = $quantityErr = "";
    $amp_20_parts_id = $part_number = $discription = $location = $quantity = "";     if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["amp_20_parts_id"])) {
     $amp_20_parts_idErr = "ID is required.";
    } else {
     $amp_20_parts_id= test_input($_POST["amp_20_parts_id"]);
    }
 
    if (empty($_POST["part_number"])) {
     $part_numberErr = "Part number is required.";
    } else {
     $email = test_input($_POST["part_number"]);
    }
  
     if (empty($_POST["description"])) {
     $descriptionErr = "";
    } else {
     $description = test_input($_POST["description"]);
    }
  
    if (empty($_POST["location"])) {
     $locationErr = "A location is required.";
    } else {
     $location = test_input($_POST["location"]);
    }     if (empty($_POST["quantity"])) {
      $quantityErr = "Quantity is required";
    } else {
      $quantity = test_input($_POST["quantity"]);
    }
    }     function test_input($data) {
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
    return $data;
    }
    ?>
  
 <div id="update_form">
  Please follow instructions for updating the data base.<br>instructional text goes here.<br/><br/>
  
    <table><tr><form  method="POST" action="new path">
      <td>ID: <input name="amp_20_parts_id" type="text"><span><?php echo
    $amp_20_parts_idErr; ?></span><br/><br/></td>
      <td>Part Number: <input name="part_number" type="text"><span><?php echo
     $part_numberErr; ?></span><br/><br/></td>
      <td><label>Discription: <textarea name="description" rows="3" col="20"></textarea> 
     <br/><br/></td>
      <td>Location: <input name="location" type="text"><span><?php echo $locationErr;?> 
      </span><br/><br/></td>
      <td>Quantity: <input name="quantity" type="text"><span><?php echo $quantityErr; ?>
      </span><br/><br/></td><br/>
      <td><input type="submit"></td>
      </form></tr></table>
 
 
      <?php
         $con=mysqli_connect("server","user","password","db");  // Check connection
    if (mysqli_connect_errno()) {
    echo("Connect failed: %s\n", mysqli_connect_error());    // escape variables for security
    $amp_20_parts_id = mysqli_real_escape_string($con, $_POST['amp_20_parts_id']);
    $part_number = mysqli_real_escape_string($con, $_POST['part_number']);
    $discription = mysqli_real_escape_string($con, $_POST['description']);
    $location = mysqli_real_escape_string($con, $_POST['location']);
    $quantity = mysqli_real_escape_string($con, $_POST['quantity']);      $sql="INSERT INTO amp_20 (amp_20_parts_id, part_number, description, location,
     quantity)
     VALUES ('$amp_20_parts_id', '$part_number', '$description', '$location',
    '$quantity')";     if (!mysqli_query($con,$sql)) {
      die('Error: ' . mysqli_error($con));
     }
     echo "1 record added";
   
 mysqli_close($con);
    }
    ?>

I'm currently trying...struggling....to teach myself PHP and I'm really bugged with this database stuff. I am slowly managing but I'm a tad bit stuck now.

I want to show a specific piece of information from a table.

Lets say my table is structured like so:

id user email 1
Bob
Bob@Name.com
2 Fred Fred@Name.com 3 Matt Matt@Name.com
What would I need to do to display ONLY Freds user?

One way I tried only displayed the first rows info (Bob) the second way I tried (with a while loop) only displayed the last rows info (Matt)

Heres my current code:
<html>
<body>
<?php
include 'dbwire.php'; 

$query = mysql_query('SELECT * FROM user');

$row = mysql_fetch_array($query); 

while ($row = mysql_fetch_array($query)) { 
echo '<b>User:</b> ' . $row['user'] . '<br />';
}
?>
</body>
</html>

helllo dear php-commmunity


new to Ruby - i need some advices -

i plan to do some requests in osm-files. (openstreetmap)

Question - how can i store the results on a Database -
eg mysql or - (if you prefer postgresql) -

note: my favorite db - at least at the moment is mysql


here the code

    require 'open-uri'
    require "net/http"
    require 'rexml/document'
     
    def query_overpass(object_type, left,bottom,right,top, key, value)
       base_url = "http://www.overpass-api.de/api/xapi?"
       query_string = "#{object_type}[bbox=#{left},#{bottom},#{right},#{top}][#{key}=#{value}]"
       url = "#{base_url}#{URI.encode(query_string)}"
       resp = Net::HTTP.get_response(URI.parse(url))
       data = resp.body
       return data
    end
     
    overpass_result = REXML::Document.new(query_overpass("node", 7.1,51.2,7.2,51.3,"amenity","restaurant|pub|ice_cream|food_court|fast_food|cafe|biergarten|bar|bakery|steak|pasta|pizza|sushi|asia|nightclub"))
     
    overpass_result.elements.each('osm/node') {|x|
      if !x.elements["tag[@k='name']"].nil?
        print x.elements["tag[@k='name']"].attributes["v"]
      end
      print " | "
     
      if !x.elements["tag[@k='addr:postcode']"].nil?
        print x.elements["tag[@k='addr:postcode']"].attributes["v"]
        print ", "
      end
      if !x.elements["tag[@k='addr:city']"].nil?
        print x.elements["tag[@k='addr:city']"].attributes["v"]
        print ", "
      end
      if !x.elements["tag[@k='addr:street']"].nil?
        print x.elements["tag[@k='addr:street']"].attributes["v"]
        print ", "
      end
      if !x.elements["tag[@k='addr:housenumber']"].nil?
        print x.elements["tag[@k='addr:housenumber']"].attributes["v"]
      end
      print " | "
      print x.attributes["lat"]
      print " | "
      print x.attributes["lon"]
      print " | "
      if !x.elements["tag[@k='website']"].nil?
        print x.elements["tag[@k='website']"].attributes["v"]
      end
      print " | "
      if !x.elements["tag[@k='amenity']"].nil?
        print x.elements["tag[@k='amenity']"].attributes["v"]
        print " | "
      end
      puts
    }

look forward to hear from you

again - i would love to store it on a mysql - database - if possible. If you would prefer postgresql - then i would
takte this one.... ;-)



look forward to hear from you

again - i would love to store it on a mysql - database - if possible. If you would prefer postgresql - then i would
takte this one.... ;-)

well - i guess that the answer to this will be the same no matter what language we are using.
If the db is a sql database we need to design the database schema and create the tables in the database.

The first step in accessing a db in our code is to get a connection to it.
If ruby is our choice of language, a search for "ruby sql connector" will give us
lots of options to read about.

Well - we also can do it in PHP. What do you think!?

Next, based on the schema we have designed, we need to create queries suitable for storing the data.
We will likely need to consider our transactional model.

Again, searching "ruby sql transactional model" will give us plenty of food for thought. Finally, we may want or need to close the connection to the database.