1

Because id_buku is being compared to a string value, which is ok. The table name fk_00_m_buku is not a string, and if you were to add limits to this query they need to be integers not strings.

In the previous query you were creating the table name and limit values as strings, which wont work. String values for comparison (WHERE clause) do need to have quotes.

I feel like maybe I'm not explaining this clearly enough, but not sure how else to put it. You need to take a look at the result SQL query of those you are producing so that you can better see the differences.

your initial query

$table = "t_book";
$start = 1;
$amount = 15;

$sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

echo $sql;

//output result is...
select * 't_book' limit '1' , '15'

//Correct syntax should be...
select * from t_book limit 1 , 15

second example

$id_book = "A";

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";

//output is OK ...

select * from fk_00_m_buku where id_buku='A';

NOTE

This second query is treating the book_id as a string, if this is supposed to be a number (is an integer in the database) MySQL is capable of implicitly converting '1' to 1 for the comparison - however, it is better practice to not use quotes and pass the value as an integer yourself.

You only need to use quotes ' ...

1

You don't need single quotes around your variables inserted in the sql string - there weren't single quotes in the original, and adding them makes the table name and limiters string values.

Echo your sql string to the page so you can see it and copy/run it manually to check that it works.

1

Have a read of the MySQL Join documentation, specifically the section that covers Left/Right joins.

What I would use here is a LEFT JOIN which allows the parent record (ie: dealer_item) to be shown with a null record where no data exists in the child record (dealer_product). More left join can be used to add more "optional" child tables to the query in the same way.

Have a go at rewriting the joins and I can help further if you have trouble with syntax or anything.

1

@Msanches; Firstly, let me address your comments on advertising by saying that many long time users are happy to have ads displayed in order to support the site. Many online communities achieve this by disabling ads for paying members, so I find it extremely generous and convenient that Dani allows free (but verified) members to disable ads.

Also, Stack overflow does have ad banners as well - the content of which appears to be mostly their own, which demonstrates only that they have reached the point where advertising revenue is no longer necessary to support their continued operation, but is no less annoying than any other ads.

Secondly, while I agree that "stole" is a strong (and perhaps inaccurate) word to use, if you had read past the title you would see that it is not actually used in the article at any point, and that she is in fact presenting evidence of possible collusion between Google and SO - whatever view you take of this theory, I think most of us recognised that the terminology used in the title was somewhat metaphorical.

Furthermore, "preference" has no baring on Googles search results. They track usage history and clickthroughs - but most people click through all links that appear to be vaguely interesting on the first page of a result set, and Google has no way of knowing whether that site was actually useful or not. The sites shown on that first page are algorithmically determined to be relevant based on ...

1

I feel that all this business of personalized searches is also annoying in the same way: I'm not searching the web to find things I already know about. I'd wish there was a button to reverse it completely (as in, "give the results that are as far removed as possible from what I've previously visited").

I agree with that sentiment completely. I remember reading something a while back where a Google engineer was talking about the "personalised" search features and mentioned that there are over 50 different metrics used to track user activity for this purpose, including IP address, geolocation and other data that is somewhat more difficult to strip from your browser headers.

I almost always use incognito mode for searches in order to remove as much personal data and history from skewing the results as possible, but it is still ridiculously localised. IMHO the only time this is useful is in searching for a local business such as "pizza" and in most other cases amounts to a form of censorship.

Dani, I found this site years ago via a Google search, but honestly can't say the last time I have seen DW in a result set - I do notice it has become a rarety. In fact my search results are serviced almost exclusively by a small set of websites including the stackexchange family, wikipedia and youtube - anything beyond that I have to really dig around for.

It annoys me to no end that certain aggregator ...

2

mysql_query returns a resource datatype on success, which is not simply printable like you are trying to do.

You need to call either mysql_fetch_array or mysql_fetch_assoc passing the $result to that function, which will return each row as an Array structure that can be iterated and printed as any typical array.

Example:

$sql = "Select FirstName from Person Where LoginID = (Select LoginID from UserLogin Where Username = '$username')"

$result = mysql_query($sql,$con);

while ($row = mysql_fetch_assoc($result)) {
    echo $row["FirstName"];
}
1

I believe it is your logout button.

<a href="index.jsp" id="btnLogout" onclick="<%session.invalidate();%>">Logout</a>

It is a while since I've worked in jsp, so someone may correct me, but I believe this is executing the session.invalidate() function and printing the result into the javascript onclick call. You are not able to use javascript events to call server side functions in this way.

To test if this is correct, remove temporarily remove the logout button (or at least the call to session.invalidate) and try to run the page again.

Have a look at this post or google for how to call server side code from a hyperlink. But I think you will have to post the request to the server in order to achieve the functionality you require. I don't believe it can be done inline as you are trying to do.

1

You can do it all in the loop if you handle the parameters properly.

private void autofillyr(int incrementBy, int maxyr, int no_year)
{
   for (int i = no_year; i < maxyr; i += incrementBy)
   {
       year.Items.Add(new ListItem(i.ToString(), i.ToString()));
   }
}

and the function call...

protected void Page_Load(object sender, EventArgs e)
{
    ...
    autofillyr(1, 2050, 1900);
}

actually, i repurposed your no_year parameter as start year since it is unclear what the purpose of this parameter is.

I would susggest doing the days function the same way since

if (incrementBy <= max) // this line is irrelevant

try...

private void autofilldate(int incrementBy, int max) //don't need `itemcount`
{
    for (int i = 1; i < max; i += incrementBy)
    {
        day.Items.Add(new ListItem(i.ToString(), i.ToString()));
    }
}

You haven't posted your month function, but it can be done the same way. In fact you could use the same function to fill all 3 dropdowns (as per the Year function I just posted) call them with appropriate start, max, and increment values, just pass the dropdown itself as another parameter. I would also make the increment an optional parameter with default of 1.

1

the comparison you have should tell you the exact matches (though you are missing ;'s off the end of lines 5 & 8 (javascrip is a little forgiving if its the last line in a block).

You will have to have a nested loop to do the "correct but in wrong place" check.

Are you able to post any more code, the snippet posted above is obviously only a portion and it would be easier to help spot the issue if you can provide the whole function.

1

Hi all,

I have a somewhat philosophical issue I would be interested to see others opinions on. I have a site that receives several values via the querystring that are necessary for use throughout the site. By default other links internal to the site do no include these values, so to persist the data I am pulling them into session variables, which are used on subsequent pages.

I am having issues now where users are opening multiple instances of the site in different tabs of their browser. The session then becomes common accross all of these tabs, and this there have been occurrences of data contamination.

How would you approach a solution to this problem?
Are there perhaps some alternate options for persisting this data on a per-instance basis?

2

OK. So a little clarification on linked lists, because I can see where you are having trouble.

You have the list declaration inside the loop, which means each time you input for a new student you are actually creating a whole new list (not just adding to the existing list). In the same way, your output needs to be outside the loop in order to output once for the entire list and not for each item during the input process.

So logically (in pseudocode) it would look like this.

instantiate list
loop through students
    collect user input for each student
    add student to list
end loop
ouput list

Hopefully that makes sense, and should be enough to help modify your code so that it works - you're really close.

1

the sum() function simply calculates the total for the group of whatever field you give it, so if you just said sum(qty) you would end up with 101 for rod1.

The if function is where we do the conversion, and it operates just like any typical if statement: if(condition,true_part,false_part) so we are saying if the unit is 'cm' return qty/100 (convert to m) else just return qty. You could nest these, or use a case statement if you had more than two unit types.

The qty at the end is the alias for the column, otherwise the column header would show the formula - this is the same as saying sum(..) as qty (the as is optional).

Since we are grouping we can't just select the unit column as it wont necessarily pull the correct row, and since we are converting all units to m, we can hard code this value in the column. Therefore 'm' unit is simply returning the hard coded string 'm' for all rows as a column named unit

Hope that explains everything.

1

As a general rule of thumb, install older versions before newer versions of the same software. Install software in heirarchical order, apps before plugins etc. (eg: VS before Crystal).

In your list above I would probably install SQL server first, as it is likely to be the heaviest. I have also had trouble in the past getting different versions of SQLsvr to play nicely together, theoretically they should be fine, but just be careful about the instance configurations.

Hope that helps.

2

You will need to check the POST variable to see if a user has been selected, then make an additional call to the database to fetch the related data.

I have also added a javascript call to automatically post the form when the dropdown is selected.

It will probably be easier if you move your <select> tags inside the php code. Then you will be able to print out the other data outside of the dropdown, as per below example.

<form id="userform" method="post" action="drop.php">

    <?php

        $mysqlserver="localhost";
        $mysqlusername="root";
        $mysqlpassword="";
        $link=mysql_connect(localhost, $mysqlusername, $mysqlpassword) or die ("Error connecting to mysql server: ".mysql_error());
        $dbname = 'members';
        mysql_select_db($dbname, $link) or die ("Error selecting specified database on mysql server: ".mysql_error());
        $myquery="SELECT username FROM members";
        $myresult=mysql_query($myquery) or die ("Query to get data from members failed: ".mysql_error());

        echo '<select id="user" name="user" onchange="document.forms[\'userform\'].submit();">';

        while ($row=mysql_fetch_array($myresult)) {
        $user=$row[username];         // NOTE: username should be in quotes here.
            echo "<option>
                $user
            </option>";
        }

        echo '</select>';

        if (isset($_POST['user'])) {
            $r = mysql_query("SELECT password, email FROM members WHERE username='".$_POST['user']."'") or die ("Unable to get user details: ".mysql_error());
            while ($row=mysql_fetch_array($r)) { // there should only ever be 1 result
                // display the data however you want, add some HTML tags to format nicely.
                echo $row['password'];
                echo $row['email'];
            }
        }

    ?>
</form>

Please note that the above code is not tested, but should give you an idea of how to proceed.

Also, it is bad practice to use a POST variable directly in a query string (as I have done here) without parsing it for potential ...

2

these are exactly the kind of computers being put to use by the bad guys in decoding those stolen databases of encrypted (salted but not hashed) usernames and passwords that you read about in the news.

.

Sorry, that's absolutely not how encryption works. Salting only means anything in the context of hashing.

I think he meant Hashed but not Salted, as this was the case with the LinkedIn incident.

Votes + Comments
thanks for spotting that stupid typo which I missed when editing
3

You should be able to interact with multiple databases without needing multiple connections open from php. Check out the mysql use command.

You can also reference the databases directly in your query.

SELECT * FROM db1.tableA;
SELECT * FROM db2.tableA;
1

OK neither of those answered my question.

@Dany12

thanks, but that doesn't help specifically - I can just use css.

@Troy_III

The question was posed out of simple curiosity as to whether MS had some proprietary implementation similar to the HTML5 attribute that they apparently don't support.

That's some of the dumbest reinventions I've ever seen!
Moreover it's against the core principles of web coding.

That's as may be but it is in the HTML5 spec.

Have you ever heard of CSS?

Thats why I said "do I have to just use the style properties" ... I know how to do it in css, I wanted to know if I could do it using the hidden attribute, or some other way supported in IE.

Evermore, w3schools are teaching you wrong HTML(5),

w3schools is a simple reference, not the be-all and end-all of web development. It was a quick and easy link to provide more information about the question I was asking, not a religous quotation.

Because in HTML(n) you don't have to write: <p hidden="hidden"> because it is a Boolean!

You can write <p hidden="bananas"> for that matter and it will work.

The proper HTML syntax is: <p hidden> and it will suffice.

If you actually read the page, they do have:

<element hidden>
<element hidden="hidden">
<element hidden="">

And how about <p disabled> or <a href=" " disabled>

I don't need to disable an element, I need to hide it. ...

1

is there a way of incorporating shell commands like PING into a T-SQL procedure?

Yes. This page has a demonstration of such.

However, let it be said that shell access via SQL is regarded as a high security risk and is often disabled, so it will depend on your level of access to the server whether you will be able to use those system procedures or not. Also, just because you can doesn't mean you should... if it is the only workable solution, then just make sure you and your team/admins know what it's doing and have some configuration & monitoring in place to ensure the system access is protected.

1

if(!$insert = mysql_query

is an assignment operation, which will always return true. If you are trying to check the success of the query operation, just use

if (mysql_query(...))

MySQL server has gone away

This means that the connection has been closed or has timed out, and the query is unable to complete execution - likely the cause of your second error.

mysql_fetch_assoc() expects parameter 1 to be resource

I can't see where line 113 is in your page code, but this error usually means that the query has failed. This could be a result of the previous error.

1

@Mitch

Thanks for the ideas. I do know about AD Auditing, but its more on the post-analysis of the resulting logs that I'm looking for. Also, I am more interested in network based access (AD Authentication entries for instance) than File level activity.

@Jorge

I think that SCOM is probably a lot bigger than we need, but I will look further into its log alert capabilities and see if there is enough value for me to justify including it in our planned server upgrade.

@Jim

Thanks, it looks like that tool might do what I need for the time being. I've downloaded and will give it a try.

Any more ideas or 3rd party tools I'd love to hear about, but I'll go ahead and mark this solved now. Thanks all.

1

I will give you a really basic example of how this might work. Take a look at the md5 hash function.

This function will generate a hash (using the md5 algorithm) from any string you provide, the hash will always be the same given the same input string. For instance, 'user@hotmail.com' will always produce the hash '7b928f8a1884fc44709e0b17ec65228c'

So your registration page would include something like this:

$email = $_POST['email']; // get the users email address from the form post
$hash = mdf($email); // generate the hash code
$link = "http://mydomain.com/confirm.php?email=".urlencode($email)."&hash=$hash"; // include the hash code in link to email to user

You then send the email to the registered address with the generated link, and the user must click on the link to confirm their valid email address. The confirm.php page will then check the hash code.

$email = urldecode($_GET['email']); // grab the email & hash code from URL
$hash = $_GET['hash'];
if (md5($email) == $hash) { // check if the hash code matches
    // successfully validated
    // add email to registered user list here...
} else {
    echo "invalid registration";
}

Note that md5 is a common algorithm and you may want to vary you hash output by adding something unique of your own to it so that people can't generate their own hash codes to manipulate or bypass the registration system. This is called Salt and is generally a fixed or random string that you add to your data before generating the hash.

Example:

$hash = mdf("mysalt".$email."moresalt"); ...