0

Almost,

in the query you should write AND/OR between the WHERE clauses, and execute() does not allow two parameters, so you should merge the array, and in this case convert $data = NULL; to $data = []; because otherwise you cannot merge it. So:

Line 1:

$sql = "SELECT * FROM `names` WHERE %s OR %s";

Line 10, 21:

$data = [];
$data2 = [];

Line 25:

$stmt->execute(array_merge($data, $data2));

About bindParam(), it's up to you, I was showing how you can build the query, now if you want something more complex, you can stack the params into an array and loop it, like this:

if($int > 0)
{
    $condition = "`fname` = :fname";
    $data[] = [':fname', 'klaus', PDO::PARAM_STR];
}

else
{
    $condition = "`fname` IS NOT NULL";
    $data[] = [];
}

if($int2 > 0)
{
    $condition2 = "`fname` = :fname2";
    $data[] = [':fname2', 'klaus2', PDO::PARAM_STR];
}

else
{
    $condition2 = "`fname` IS NOT NULL";
    $data[] = [];
}

$stmt = $db->prepare(sprintf($sql, $condition, $condition2));

foreach($data as $k => $v)
    if(count($v) > 0)
        $stmt->bindParam($v[0], $v[1], $v[2]);

$stmt->execute();

However, by using sprintf() the query will always expect two clauses, if you want to make it more dynamic then you have to change that part and build the query with an assignement operator .= or an array and then you implode by space. As example, consider to have an if statement for $int3, but no else statement:

if($int3 > 0)
{
    # ...
}

The origin query does not work anymore because it could ...

2

In the specific case of Twitter, there is an API that allows to search through the public tweets of a specific account:

You can check the libraries used to connect this service here and see how it is done:

If you want to check the contents of a static page and here I mean the contents generated on server side and loaded in plain HTML, you can use a library to analyze the DOM, like:

DOM libraries require valid documents, if these are malformed then the extraction can fail.

If, instead, the contents are loaded through Javascript, you need a browser engine and some javascript, see as example:

A part these, there are many other available solutions, like regular expressions or scripting with command line tools as awk or sed:

Also, if the goal is to extract data, don't limit your choices to PHP, there are excellent solutions written in other languages, see for example Scrapy:

Curious to see what the code would look like and php is capable of doing it in how many lines of code.

Hehe, I think you can try to extract the tweet through a DOM library (DOM Crawler should be easy to use), check the HTML source of the link you provided, load the page and see what you can get from there.

2

In addition: consider that a bind can be defined in the execute() method, so:

$stmt->execute([':id' => $id]);

You could change the queries to whitelist some expressions and add it as a variable, something like this should work and allow you to define multiple conditions:

$sql = "SELECT * FROM `names` WHERE %s";

if($int > 0)
{
    $condition = "`fname` = :fname";
    $data = [':fname' => 'klaus'];
}

else
{
    $condition = "`fname` IS NOT NULL";
    $data = NULL;
}

$stmt = $db->prepare(sprintf($sql, $condition));
$stmt->execute($data);

Bye!

0

Hi,

IS NOT NULL is not a string, it's an expression. So, as far as I know, you cannot bind it into a prepared statement. Do two queries:

if($gjendja_id > 0)
{
    $stmt = $dbconnection->prepare('SELECT a.dokumenti, a.datafillimit, a.datambarimit, b.programi, c.lloji_diplomes, d.ial, e.akreditimi FROM programet_akreditimet AS a INNER JOIN programet AS b ON a.programi_id = b.id INNER JOIN programet_llojet_diplomave AS c ON b.lloji_diplomes_id = c.id INNER JOIN institucionet AS d ON b.ial_id = d.id INNER JOIN akreditimet_llojet AS e ON a.lloji_akreditimit_id = e.id WHERE a.datambarimit >= CURDATE() AND b.gjendja_id =:gjendja_id AND d.gjendja_id = 1 AND a.trashed = 0 ORDER BY d.ial ASC');
    $stmt->bindParam(':gjendja_id', $gjendja_id, PDO::PARAM_INT);
}

// Is not null
else
{
    $stmt = $dbconnection->prepare('SELECT a.dokumenti, a.datafillimit, a.datambarimit, b.programi, c.lloji_diplomes, d.ial, e.akreditimi FROM programet_akreditimet AS a INNER JOIN programet AS b ON a.programi_id = b.id INNER JOIN programet_llojet_diplomave AS c ON b.lloji_diplomes_id = c.id INNER JOIN institucionet AS d ON b.ial_id = d.id INNER JOIN akreditimet_llojet AS e ON a.lloji_akreditimit_id = e.id WHERE a.datambarimit >= CURDATE() AND b.gjendja_id IS NOT NULL AND d.gjendja_id = 1 AND a.trashed = 0 ORDER BY d.ial ASC');
}

$stmt->execute();
0

Hehe, sure you can!

If you want to solve it, instead, read the notice, it says Use of undefined constant session - assumed 'session', which means you probably wrote:

$autoload['libraries'] = array(session); # without quotes

Instead of:

$autoload['libraries'] = array('session'); # with quotes

By adding quotes the value is considered a string, which is what you need in this case.

0

Mostly running, for few hours, 4 times per week, it's my break from everything. About plants, I don't have a garden anymore, but I have a small room with a French window exposed to south, I use it as a small greenhouse, with some plants... last year I grew up four avocado plants from seeds, one of these is now 2mt tall, I didn't expected such results. Now I want to try with a mango or something else outlandish.

2

Have you read this? http://php.net/manual/en/language.expressions.php
Basically a statement can be an expression. And:

The simplest yet most accurate way to define an expression is "anything that has a value"

About tokens: in PHP it can be, strictly, used to define some parts of the language or used widely by the interlocutor to refer to other concepts, see:

1

Hi,

I don't want to add confusion, but I wonder if there is an open process pointing to an unlinked file in that directory. Try something like:

lsof -nP +L1 | grep '(deleted)' | grep -i ".club"

from a terminal, to see if it outputs results. To be honest, I ran a test on my system[2] and, while the file was still "existing" for the process, I was able to install Flarum through composer.

Reference:

  1. http://www.gnu.org/software/libc/manual/html_node/Deleting-Files.html
  2. http://www.linuxquestions.org/questions/linux-security-4/how-can-i-hide-a-file-from-ls-a-496229/

Anyway, instead of using composer on the server, you could install it on local and then use SFTP (Filezilla has the client too) to upload all the files to the server.

1

Hi!

In addition to previous suggestion: if the path is wrong or does not have write permissions Python would return:

sqlite3.OperationalError: unable to open database file

Instead you get:

sqlite3.OperationalError: no such table: Airports

Which can be generated if:

  1. the database file name is wrong due, for example, to the case: linux is case sensitive, Mac OS no (at least not by default)
  2. the database file or the parent directory is read-only, so you have to change the permissions
  3. the table does not exists

In the first case connect() will create the database file, but this obviously won't have the Airports table.

In the first case this:

for row in cur.execute('''SELECT "Hello"'''):
    print row

will run successfully, it will run successfully also if the file is read-only, but it will fail if there are permission issues with the parent directory. The error, however, will be related to the database file, not to the table.

0

Am I missing something? Or doing this completly wrong?

It's difficult to say because I don't see the current code you are using. On top of dogReview.php page, right after session_start() set var_dump() to show $_GET and $_SESSION contents:

echo "<pre>";
var_dump($_GET, $_SESSION);
echo "</pre>";

You should be able to see what is sent through the GET request (appending the parameters to the url) and the contents of the current session. If it does not help show the code of this page.

0

Hi,

once you load the document, create an element (customer) inside the root (customers), then create the children elements of customer and append them to it, at the end append the customer element to the root. Basically:

<?php

$str = <<<'XML'
<customers>
    <customer>
        <ID>C1</ID>
        <FirstName>Jack</FirstName>
        <SurName>Wong</SurName>
        <Email>jack@hotmail.com</Email>
        <Password>081292</Password> 
    </customer> 

    <customer>
        <ID>C2</ID>
        <FirstName>Ashley</FirstName>
        <SurName>Rachael</SurName>
        <Email>ashley@hotmail.com</Email>
        <Password>081292</Password> 
    </customer>

    <customer>
        <ID>C3</ID>
        <FirstName>Vongola</FirstName>
        <SurName>Steve</SurName>
        <Email>vongola@hotmail.com</Email>
        <Password>081292</Password> 
    </customer>
</customers>
XML;

$dom = new DOMDocument();
$dom->preserveWhiteSpace = FALSE;
$dom->loadXML($str);
$dom->formatOutput = TRUE;

$customers = $dom->documentElement;
$customer  = $dom->createElement("customer");

$data = ['ID'        => 'C4'
       , 'FirstName' => 'Name'
       , 'SurName'   => 'Last Name'
       , 'Email'     => 'email address here'
       , 'Password'  => 'really?!'];

foreach($data as $k => $v)
{
    $el = $dom->createElement($k, $v);
    $customer->appendChild($el);
}

$customers->appendChild($customer);
print $dom->saveXML();

See:

The Daniweb link is about an HTML document, it uses the same rules for XML documents and it explains how to apply attributes to the elements.

To open an save to a file, use these methods :

Bye!

3

I don't know what this is as still a beginner: var_dump($numrows);

var_dump() returns information about expressions TRUE < FALSE or variables. For example:

$stmt = TRUE === TRUE || TRUE < FALSE && TRUE === FALSE;
$str  = 'Hello';
$fp   = fopen('php://memory', 'w+');
var_dump($stmt, $str, $fp);

It will return the data type and the value:

bool(true)
string(5) "Hello"
resource(3) of type (stream)

In my previous comment, I suggested you to verify the contents of the $numrows variable, to make sure you were receiving an integer (as expected) or NULL, which would suggest an error with the query.

About the code, I understand what you want to achieve, however query to verify only if the username or the email address exists, exclude the password for now, so do:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' LIMIT 1;

I'm adding LIMIT 1 here, which can be avoided if you set unique keys on usernames and emails columns.

Once you get the row, fetch the password from the result set and compare it with the one submitted in the login request.

Right now, I suppose you are saving passwords in plain text, you should use password_hash() to generate the hash to save into the database and password_verify() to verify the attemp with the hash.

Read the following tutorial by Diafol, #11 Storing and Retrieving Authentication Data, which shows exactly the same approach that I would use here:

It is developed for PDO and uses prepared statements, it can be ...

2

Hi,

what you get with var_dump($numrows);?

Besides, look at your query:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' AND passwords='WRONG_pass';

Basically it is like writing:

SELECT TRUE OR FALSE AND FALSE;

Which evaluates to TRUE:

+---------------------------+
|   TRUE OR FALSE AND FALSE |
|---------------------------|
|                         1 |
+---------------------------+

In this case by knowing the username you can access without the correct password. It happens because in MySQL AND has an higher precedence than OR, so the expression is read by the database like:

SELECT TRUE OR (FALSE AND FALSE);

To avoid the issue do:

SELECT (TRUE OR FALSE) AND FALSE;

Which evaluates to:

+-----------------------------+
|   (TRUE OR FALSE) AND FALSE |
|-----------------------------|
|                           0 |
+-----------------------------+

As expected.

See: https://dev.mysql.com/doc/refman/5.7/en/operator-precedence.html

0

Hi,

read the error carefully, it says:

Error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined.

And look at your prepared statement:

$query = $pdo->prepare('INSERT INTO subscriptions (name, email, subscribe) VALUES(:name, :email, :chk)');

And the execution:

$query->execute(array(':name'=> $name,':email'=> $email, ':subscribe'=> $chk));

As you see you have defined :chk in the prepared statement, and :subscribe in the array that is executed. Fix it and you will solve this error.

2

Has 7 made any difference to the way you code?

A bit.

To be honest, a part personal code, I have used PHP 7 only for one client's project because it was starting with that version, in that case I used strict type declarations, CSPRNG functions and Throwable to catch common errors.

For me the former and the latter were missing bits in PHP. I'm happy these were introduced. I would like to see Throwable also for warnings and notices rather than setting an error handler.

Are they massive time savers (coding-wise or run-wise)?

At the moment no, not for me.

Something I would like to see is overloading, what is currently used in PHP smells more like overriding and I find it chaotic.

Votes + Comments
About the same here, although not using CSPRNG or strict types
overloading: There isn't the concept of the "method signature" so to add overloading in PHP can be difficult
0

If you manually run the query, does it works? If, for example: you are using InnoDB, autocommit is disabled, then there could be a deadlock.

A part from that, use var_dump against $invoice, to be sure the value is really received by the script.

Also, if you are running ext/mysqli in procedural mode, then the first argument must be the connection to the database and the second the query:

mysqli_query($conn, 'YOUR QUERY HERE');

If it still does not help provide more info, show more code, it could be something else.

1

Hi,

at line 7 you have:

$update_id = $post_id;

while $post_id is initialized at line 68:

$post_id = $row_post['post_id'];

Which in practice depends on $edit_id defined at line 60:

$edit_id = $_GET['edit_post'];

So, it seems that you open the page like this:

page.php?edit_post=123

All you have to do is to initialize $edit_id on top, at line 4, so that is available to the POST conditional statement and to the other code.

Do not use $_GET directly, filter the variable:

$edit_id = filter_input(INPUT_GET, 'edit_post', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

Then replace:

$update_id = $post_id;

With:

$update_id = $edit_id;

Or simply adjust the following code to use $edit_id. Use the filter functions also for the other input coming from POST and GET requests, and use prepared statements too: