|
PHP - Preventing Circular In Db
I am trying to write a php/mysql that will allow a church keep attendance on their members in bible study. I am also going to try to prevent doing a circular reference between tables and just can't figure it out how since I am just starting to learn mysql. Here are the tables:
Table 1: Members:
---------------
1:Name:
2:Address:
3:Bible Study Group it belongs to:
Table 2: Cells
--------------
1:Bible Study Lider:
2:Bible Group Name
Table 3: Attendance
--------------
1:Date
2:Member
3:Bible Group
As you all can see, Table 2:2 makes a lookup at Table 1 for the member(in this case, the leader). BUT Table 1:3 makes a lookup to Table 2:2
and is a circular lookup.
Anyone have an idea on how to properly do this without any circular problems?
Thanks in advance!
Similar TutorialsThis topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=322595.0 Would this work to prevent remote file inclusion vulnerability? $file = "../include/links.php"; if ($file = '../include/links.php'){ include $file; } Hello every1,
I'm trying to create a magazine wesite and I dont want anybody to access my images folder which is located in the root directory.
I want some thing like this...
I want to call the images in my website using <img> tag but I dont want any1 to access the directory directly.
It should also protect from software bots also like (HTTrack or website Copier)
It should show "Access forbidden".
Any help will be greatly appreciated.
Thank you...
I hope this is enough info, but I have this code (at the bottom) that grabs images from my S3 account (Amazon Web Services)... If there is no bucket for the name given, it gives this warning... Code: [Select] Warning: S3::getBucket(): [NoSuchBucket] The specified bucket does not exist in /home/xxxxxxx/public_html/xxxxxxx.com/S3.php on line 126 Assuming it's not specific syntax to S3 and is general PHP syntax, how could I prevent that warning from showing, by saying in plain English "If a bucket by that name doesn't exist, I'm gonna do something else and NOT spit out this warning?" Basically, I want to echo a message like "There is no bucket yet" instead of having that ugly warning. Code: [Select] // Get the contents of our bucket $contents = $s3->getBucket("mybucket"); foreach ($contents as $file){ $fname = $file['name']; $furl = "http://mybucket.s3.amazonaws.com/".$fname; //output a link to the file echo "<a href=\"$furl\">$fname</a><br />"; echo "<img src='$furl' width='50' /><br />"; echo "$furl<br />"; } I've run into a little bit of a logistical nightmare on some registration pages I've taken over work on. On these pages, parents register their kids for classes. The pages have been coded as such: page one: the user enters name and personal info, and selects one or two classes to register for, on submit, they go to page two. page two: their info is entered into the mysql database's registration table on a unique id The user verifies the total, enters a discount and submits page three: credit card info is added to registration table, and sent to authorize.net. page four: payment processed, and they enter the data for their kids into the attendees table page five: confirmation and done. My issue is that, at first I saw people entering page one data, going to page two, then for some reason, hitting the back button. They could then enter the data again. I'd have two entries in the registration table for the same person. I was going to put some sort of unique key on the name and an email, but then I saw scenario two... Another person enters data and registers one kid.. then for whatever personal reason goes back and registers a second kid in a completely separate transaction. So I can't put that key on there, but is there a way to prevent them from going back and reentering twice. I don't want to have to blow up the code to do it at the end of everything. and that would take implementing sessions, wouldn't it? I'm not so versed at that. Any thoughts? Basically, I have the following code ($c2 is my connection variable): Code: [Select] $rid = $_GET['id']; $q = mysql_query("SELECT * FROM reports WHERE id = $rid", $c2) or die(mysql_error()); $report = mysql_fetch_array($q); $report is used later on to gather more information that is outputted to the user. However, if in the URL, someone were to put id=1', they would have an error message spit out to them (something along the lines of: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1), indicating a SQL Injection exploit. How would I go about fixing this, and also preventing SQL Injection? Thanks a bunch, Mark I know that the following lines of code can be used to prevent errors from being displayed: Code: [Select] <?php error_reporting(0); ini_set('display_errors', 0); ?> Is there a reason to use one over the other? Is it better to use both? I imagine there are lots of ways to answer this question, so I just want people's opinions as to the best way (if there is one). I have code with a basic form that submits data to a MySQL database. So when someone submits data the first time, I "clean it up" by doing... Code: [Select] $_POST['data'] = trim(mysql_prep($_POST['data'])); .. and then submit that info into a "varchar" mySQL field. Then if the user comes back to edit it, the form comes up and the data they previously entered is pulled into the field this way (I'm leaving out the MySQL to pull the data, obviously)... Code: [Select] <input type="text" name="field" value="<?php echo $data;?>"> The problem is that if someone entered this originally... Code: [Select] Here is "some" data with apostrophes ...Then when I echo that back into the value of the text field, it would only show... Code: [Select] Here is "...and then cuts off because the quotation mark in the data conflicted with the quotation mark after value= Is htmlentities the answer here, or is there some other/better way? FYI... Code: [Select] function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string") ; //i.e. PHP >= v4.3.0 if($new_enough_php) { //PHP v4.3.0 or higher //undo any magic quote effects so mysql_real_escape_string can do the work if($magic_quotes_active) { $value = stripslashes($value) ;} $value = mysql_real_escape_string($value); } else { //before php v4.3.0 // if magic quotes aren;t already on then add slashes manually if(!magic_quotes_active) { $value = addslashes($value); } // if magic quotes are active, then the slashes already exist } return $value; } "BACK" or REFRESH: Preventing database interaction / code execution how to prevent database interaction / code execution when user presses back or refresh button? can i detect? can i disable back/refresh? hey gurus, i am a newbie php coder.. i am learning by example. what i am trying to do is write a piece of code which will alter 3 tables (user, bonus_credit, bonus_credit_usage) ---------------------------------------------------------------- the table structure that will be used is as follows: user.bonus_credit user.ID bonus_credit.bonusCode bonus_credit.qty bonus_credit.value bonus_credit_usage.bonusCode bonus_credit_usage.usedBy ---------------------------------------------------------------- so lets say, in bonus_credit i have the following bonusCode = 'facebook' (this is the code they have to type to redeem the bonus qty = '10' ( number of times the bonusCode can be redeemed, but same person can't redeem it more than once) value = '5' (this is the amount of bonus_credit for each qty) Now, I need to write a code that check to see if the code has been redeemed in the bonus_credit_usage table and if the user.ID exists in this table as bonus_code_usage.usedBy, then give an error that its already been used and if it hasn't been used, then subtract 1 from qty, add ID to usedBy and then add the value to the bonus_credit ----------------------- i have started the steps just to create a simple textbox and entering a numeric value to bonus_credit, and that works.. but now i have to use JOIN and IF and ELSE.. which is a little too advanced for me.. so i'd appreciate a guide as i write the code. if(isset($_REQUEST['btnBonus'])) { $bonus_credit = addslashes($_REQUEST['bonusCode']); $query = "update user set bonus_credit=bonus_credit+'".$bonus_credit."' where id='".$_SESSION['SESS_USERID']."'"; echo "<script>window.location='myreferrals.php?msgs=2';</script>"; mysql_query($query) or die(mysql_error()); } |
|||||||