Feel free to ask a question.
@Dani, I should have added the word "page" which is what I meant. Tabular data is perfectly fine and is exactly what tables should be used for. But with that said, the OP should actually use prepared statements, not escape anything, as @alan.davies already mentioned.
Tables for layout went out in the 90's. We use CSS now.
Having vms for software testing or whatever else is a great option. Once you have a clean install of an OS on VM, take a snapshot, then install whatever you want. You can instantly revert to the clean install and keep repeating the process. You can also save a snapshot of the os after you install your test software and then revert to clean again for some other software.
Using VM's you can keep your host OS clean forever.
While not a bad idea to do the second clean install the upgrade is smart enough to put all the "crap" in a folder called windows.old which has everything from the previous version which is why you are able to roll back. All you really have to do is delete that folder. Although the folder is called windows.old it is not just the windows os directory in there, it is everything from the old os.
Didnt you like the answers on all the other forums you cross posted on?
As you have been told by many on the other forum you crossposted on, you need to fix your Database before you do anything.
some error appears everytime
It would have helped if you would have told us exactly what the error is. We dont have magic Crystal Balls.
Good catch on the tutorial DB. Would have been nice if the OP had mentioned it came from there. He left out the conditional comments and created his own problem.
@AssertNull, Your talking about two different things, table creation and data insertion, both of which can each have their own contraint issues. The OP's first post clearly has to do with creating tables, not inserting data. Depending on the DB structure, it could even be a requirement to turn off the foreign key checks in order to create all the tables.
The OP should do just as I said with the foreign key check for creating the tables. If there happens to be any tables that have more then one foreign keyed table you will never be able to create the tables in a sequential order.
Now inserting the data, that is a different story, and would in fact have to be inserted in a certain table order as you said with the key check on. Once the tables are created, the Key contraints will immediatly make known if there is a data integrity problem when the OP inserts the data in the order as you listed. (offices, employees, customers ). But again, depending on the DB structure, you may not be able to insert data in a sequential manner, same as table creation.
If your unsure of the data integrity you can always run a Stored Procedure to check that all the data meets all the constraints.
OP has only referenced three tables. If you have a DB with "hundreds" of tables you are not going to try and recreate the DB and data one table at a time.
The answer is simple. You just need to disable the foreign key checks first, run your querys, then turn the foreign key checks back on.
SET FOREIGN_KEY_CHECKS=0; //Run Querys SET FOREIGN_KEY_CHECKS=1;
You dont do anything with the result so of course it is blank.
Your DB design is incorrect. You need to learn about Database Normalization.
There are numerous issues with your code.
You need to check the request method. Depending on the name of a button being submitted in order for your script to work will completetly fail in certain cases.
Get rid of the try/catch blocks. Php is perfectly capable of handling errors.
Do not output internal sytem errors to the user. That info is only good to hackers.
I assume your use of id is equivelent to a username. In programming id is known in a much differnet sense. Best to change the name.
There is no need to count results. You can simply do if ($results)
You need to kill the script after redirects otherwise the script will keep running.
PHP_SELF is vulnerable to an XSS Attack
This is all you need to completely log out - logout.php
<?php session_start(); session_unset(); //remove all the variables in the session session_destroy(); // destroy the session die(header("Location: ./login.php?logout"));
Your letting the user create their own ID?
I only did a quick read through, but have you considered cloning your drive and then attempting whatever on the clone?
Being that their own server has numerous basic security issues and is vulnerable to a Clickjacking Attack, I would stay away from them.
For starters, you are using dangerous obsolete code that has been completetly removed from Php. You need to use PDO. Click Here
Second, that "code" is not going to do anything. You dont even have variables where you should have them.
Additionally, the "logic" just makes no sense at all.
This thread is TEN YEARS OLD. The OP is long gone.
This is a very poorly written and insecure script that is vulnerable to SQL Injection. Before you start adding new features you need to fix the script. There are numerous problems with it.
You need to use Prepared Statements. I suggest you use PDO.
Do not output internal errors to the user. That info is only useful to hackers
Never ever put variables in your query
Learn about "Seperation of Concerns" and then implement it
Do not create variables for nothing.
If you have this script on the net you should take it down until you fix it. If you have not been hacked yet, you will be.
You are using obsolete and dangerous code that has been completetly removed from Php. You need to use PDO with prepared statements. PDO Tutorial
Never ever put variables in a query.
Do not output internal system messages the user. That info is only good to hackers.
Having the test id in a GET variable is a very flawed approach and can be changed by the user at will. At some point a session variable for the test should be set among other things.
It would appear your DB design is flawed as well. There is not enough info here to say much more.
This is an XY Problem which basically means "Help me with my attempted solution" rather than the real problem which is likely "How do I design a quiz application".
@sriram_2, you revived a SIX YEAR OLD thread to post severely flawed and VERY DANGEROUS CODE?
I am not even going to get into everything wrong with what you posted. You need to do a lot more learning before you post a wall of code to "help".
Just to be more precise, it is not a "one way encrypted password" but a "one-way hashing algorithm using "password_hash.
Per the manual:
password_hash() creates a new password hash using a strong one-way hashing algorithm.
You would then use password_verify to "Verify that the given hash matches the given password."
OP, as stated, you need to make an attempt at coding this. If you are going to just grab some code off the net that uses a database, stay away from anything that has
mysql_* in the code.
For a Database, you optimally will want to use PDO. Here is a tutorial to get you going.
I also have no idea what you want. Rather than talk about your attempt at solving the problem, explain to us the big picture of what you are doing,