Posts by ryantroop

You have two options:

1) Ajax instead of a form post. This way, the page never refreshes.
2) The form page will need to consume the previous form post, and set the values to match the incoming data - basically, setting the values on page load after a submit.

example (PHP-ish):
<input type="text" name="Name" value="<?echo ($_POST['Name']);?>" />

There is actually a standard for websockets. It's an http call that gets upgraded to a persistent connection. Both the software handling the http connection (either Apache or IIS) needs to be up to date to handle this upgrade request, and then you need to write code that actually does something with the persistent connection.

The amount of work required to get you up and running is a bit out of scope for a message board. I would encourage you to use google to find examples of how others have set up their systems.

:-/ You sure you're ready to play with web sockets?

Your server should already be set up to handle a socket connection. If it isn't, that's the first thing you need to fix.

The example page I gave you had a good way to make a web socket using javascript, while also doing some error checking in case it is not supported. You don't have to download anything from that page. All you need to do is read the code.

I dont mean to be a buzz kill... but why not just do a setTimout for 10000ms and reload the page?

setTimeout(function() { location.reload(); }, 10000);

Then, you don't have to keep track of your own delay... :-/
If you want to keep track of it..

function CheckTime()
{
    var iSeconds = 0;
    var oDisplay = document.getElementById("countdown");
    if (oDisplay)
      iSeconds = parseInt(oDisplay.value);

    if (isNaN(iSeconds))
      {
        //first time running
        oDisplay.value = "10";  //or whatever..
        setTimeout(CheckTime, 1000);
      }
    else if (iSeconds == 0)
      {
         location.reload();
      }
    else
      {
         oDisplay.value = iSeconds--;
         setTimeout(CheckTime, 1000);
      }
}

Then run this once onload, and let it take care of itself.

Did you follow the example in the link I posted?

Once you return something in JS (and most other languages) any data further down is ignored. So, your scoped "name" function returns with firstName + lastName, and the rest is forgotten.

I cannot think of any way to do what you want without making a new method

Instead...

function person(first, last, age, eye) {
    this.firstName = first;
    this.lastName = last;
    this.age = age;
    this.eyeColor = eye;
    this.name = function() {
        return this.firstName + " " + this.lastName
        }

    this.capitalize = function() {
        return this.firstName.charAt(0) + " " + this.lastName.charAt(0);
        }
    };
}

var myFather = new person("John", "Doe", 50, "blue");
document.getElementById("demo").innerHTML = "My father is <b>" + myFather.name() + "</b>";

document.getElementById("demo2").innerHTML = "His captial letters are <b>" + myFather.capitalize() + "</b>";

However, if your intention is to make chainable methods then you will need to change the way you think in terms of script.
Instead, think of the object as a container (or a class) that has mutable characteristics that have built in getters and setters (unless you decide not to do that, in which case you will also have to change your syntax a bit).

example of chainable methods:

var foo = function()
{
  this.Data1 = null;
  this.Data2 = null;
  this.bar = function(value)
  {
    //do something to my data
    this.Data1 = value;
    return this;
  }

  this.bar2 = function(value2)
  {
    //do soemthing to my data2
    this.Data2 = value2;
    return this;
  }
}

//I can now do...
var myFoo = new foo();
myFoo.bar("hi").bar2(22);
document.getElementById("whatever").innerHTML = myFoo.Data1 + …

The only way to dynamically size an iframe is to let the frame load and at the end of the onload event make a call to the parent that returns the content's scrollHeight and scrollWidth.

You can do it the other way (by querying downward) but in my experience you get some serious timing issues with the layout because you can't guarantee that the CSS is applied when the iframe considers itself "loaded"

You will also have to set the actually height and width attributes on the iframe, as it will not accept CSS modifiers.

http://www.tutorialspoint.com/html5/html5_websocket.htm

unlike everything else in JS, objects are generally CamelCase as opposed to pascalCase :-/

This may answer your question:
http://stackoverflow.com/questions/8898077/copying-the-value-of-a-forms-file-input-field-to-another-forms-input-field

tl;dr:
It's a security risk to simply apply an input's file data to another form element. You would need to clone it directly, and append the cloned node.

Your problem lies with a fundamental misunderstanding of how CSS works with the DOM.

You may want to read up on relative positioning, and how you center content in all its various forms.

In short - you will need to start wrapping each area in containers so that the child elements have something to be relative to. HTML/CSS has no concept of height, but it does have a concept of width - so when you start building a fluid layout you likely will need a container element that has a fixed width, position relative, and a margin of auto (which will allow it to fill in the sides).

Currently, your BODY tag is taking place of this "container" and has some funky CSS on it that is giving you your odd layout. While this is "fine", I wouldn't recommend it. Your HTML and BODY tags should probably be left alone, and the only styles applied are those to get rid of build in browser layouts.

Your HTML will need a bit of an adjustment just so you can start to control the elements you are trying to control.

For fluid layouts, you cannot (should not) have absolutely positioned elements at the top level as you are currently doing.

You know.. I re-read your post and Im a bit confused... so I want to clarify and maybe direct you in a different direction.

If you are using an application on a machine that will interact with a remote database, then you need some sort of authentication layer to protect your data. Otherwise, all anyone would need is an install of your app, a valid "password" that is in its encrypted state in their registry, and voila! They get access. This is a very weak protection.

Odds are, you are going to want to know who logged in, who made what changes, and who broke whatever they broke.

I would encourage you to instead make your app part of the authentication layer, which identifies itself to a web host, which in turn will have the password and everything else you need for your mysql database. This abstraction will make sure no one ever has their hands on your password (encrypted or not), and all they will ever have access to is a login prompt. Even if they reverse engineer your application, all they will learn is what method you use for authentication (be it an oAuth or domain, etc..).

Your app would hold a valid public key to access data on your web server, and with that no one could ever really harm your data or system without a valid user id and password (unless you get brute force hacked, or you give someone that password).

You may want to …

try:

Options +FollowSymLinks -Indexes -Multiviews

<IfModule mod_rewrite.c>

    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine on
    RewriteBase /

    RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|css|js)$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*).html$ /article.php?url=$1 [NC,L]

</IfModule>

basically
set a few options (including the all important +FollowSymLinks)

if mod_rewrite exists
Enable it
set the base to /
make sure we dont ever rewrite direct requests for images, css, or js files
or any files
or a proper directory
and then rewite our url pattern.

The only words that would get skipped over without executing code would be ones that are actually generated on the fly. But that rarely actually happens in code.

Hah! Tell that to front end developers.

You will have to be a bit more clear on your goal.

When you say session, are you talking about a PHP session? A cookie? The current "browser session"?

Perhaps detail your idea, and we can help give you direction on how to accomplish it. :)

I believe you are missing your leading slash..
RewriteRule ^/([a-zA-Z0-9-/]+).html$ /article.php?url=$1

Also remember, do MOST specific to LEAST specific. So, your order is incorrect.

You also seem to be missing some flags that will terminate the rewrite, and you possibly have yourself stuck in a loop so apache ignores the rule.

For more info, please see:
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags

I do recall that a few companies (godaddy) also require a few XML type markups to your .htaccess file to work as expected. You may want to look into your hosts idea of a "properly formatted" .htaccess file for mod_rewrite.

generally, the way this works -- the you write your connection + query in PHP, gather your data, and use PHP to format the output. This can be its very own .php page, or a library, or however you see fit.

Since PHP will format your output (and set the appropriate headers for the data type), all you will need to do is call that page via an AJAX call, and either JSON.parse the text response from PHP or hope that the browser understands the headers and believes you that it's JSON data as the return.

Once you have your data in JSON format, you can use it as an object (or, any of the data types that your data is in, be it an array or just a parameter block).

You can use Javascript to iterate through your data, set whatever needs to be set, and allow your styles to control layout as needed.

Of course, if this is a one off page, it may just be easier to have PHP do all of this and not need the AJAX call at all. AJAX is for dynamic pages that need to update without a full page refresh.

your sql query has an error in it. Nothing to do with your VB script, unless the intention is to write a handler for an SQL error - in which case, you should probably handle it :-/

Based on your use case, I do not think that a hash is sufficient for your needs. A hash is one-way, and then you do a comparison lookup against the hash.

What you seem to want is encrypted text, with a method for decryption within your application.

Depending on your program language of choice, you will have lots of options on what method of encrypt/decrypt you can use, including the algorithm and whatever data you want to string together (i.e., your data + your salt). Your salt can be anything that is unique to the platform (such as a GUID).

By simply hashing, you will just be putting a hashed version of "yesican" into the registry instead of a plain text version - however, if you cant decrypt it, then you will end up having to use the hash instead of the plain text for the password. (i.e, the hash becomes the password, and the plain texts is irrevokably lost).

I am not a VB writer, but this should at least get you started:
https://msdn.microsoft.com/en-us/library/ms172831.aspx

They are out there.

More likely, you will find companies that make automated pen-testing tools, which they license for use on your system. Their job is to update their tools to attempt to breach your system using common (and some less commong) hacks and methods.

You, of course, are also free to write tools of your own - but that's a full time job in itself to try and keep up with the latest and greatest threats to any given platform, language, and mode of data shuttling.

I think he is being asked, as a UI/UX point of view, to do something that is programatically a strange concept. Requests like this come around once in a while.

Yes, what he is doing is easily obfuscated using hidden fields, or simply knowing on the server side to ignore certain fields based on a selection. However, it may not be what was requested of him.

I agree, though, that as far as usability is concerned, it offers little value for the visual change. Having a dynamic list of options display or simply modifying a hidden field, may be more appropriate; but I do not know the situation, nor the scope of whatever project he is working on.

All the best security flaws are implemented with the best of intentions.

Tomorrow, your C# stack could blow up because a major vulnerability in .NET surfaces. Likewise, the years and years of unstructured code that is poured in from the open source community to manage and update PHP is bound to have loop-holes. Windows gets patched regularly for all their security updates, and Linux kernals are just as open to problems.

Your question comes down to this:

As Im walking down the street, which do I need to be more worried about?
A brick falling on my head and killing me?
The sidewalk giving way and I fall into a sink hole and killing me?
Someone robbing me and then killing me?
A heart attack, with no help, thus killing me?

The reality is - you can't ever really know until that crap happens. Code defensively to be pro-active, and keep up to date on latest threat vectors. You alone will likely never be able to manage all the possible attacks and vulnerabilities available to attack a web platform. You can mitigate much of it, though, and that comes with learning best practices, and thinking about what the most nefarious of users will do to destroy your system.

There are also a number of tools available to automate attack vectors and see if you have any insecurities. On top of that, you can write your own tools to verify you are not having an issue with …

there is an "onsubmit" property of a form, as I mentioned above.

I don't write in jQuery, but Im sure they have a method for removing attributes. If not, iterate through the collection that $( "input[type='checkbox']" ) returns you, and for each item .removeAttribute("disabled")

http://www.w3schools.com/jsref/met_element_removeattribute.asp

this
$( "input[type='checkbox']" ).prop({ disabled: false});

will not work. You will have to remove the property entirely to get rid of the "disabled" marker.

for reference...
https://jsfiddle.net/pudhLdbt/

you will notice, the only way to "un-disabled" the check box is to remove the property altogether.

You can do that in two ways -- in PHP you will know it's empty because your result set will be empty. That's probably the simplest and most straight forward way. You can use something like mysql_num_rows.

To do it with pure SQL, you can do aggregate functions like Count() to get the number of results in the set (but if nothing comes back, you're still stuck with an empty set). You can use something like

SELECT FOUND_ROWS();

and that will return the count for you (even if it's 0). However, you will then be writing code that expects that result set on top of the result set you just returned, which is rediculous. FOUND_ROWS() is more for procs that fill temp tables and does some sort of data massaging (in my opinion).

ehhh...

First, Im not sure why you are wrapping a select in a transaction. May just be my not following your logic, or maybe me being naive, but Im pretty sure transactions are meant to make sure everything went smoothly on inserts or updates before committing changes. You are doing neither of those things, and therefore do not need a transaction.

In MySQL, the @ symbol represents a user defined variable - which means it is actually accessable outside the stored procedure as long as the session remains open. Do not use them unless you know why you are using them.

What your proc is doing is this ->

CREATE DEFINER=`root`@`localhost` PROCEDURE `usp_GetProduct`(IN `iProductCategoryId` INT)
--create this procedure. it will take in 1 int variable called iProductCategoryId
--note, if the procedure already exists you will have to delete it before saving
BEGIN
  --start the procedure
  DECLARE ResultStatus INT default 0; --make a variable for an int. default 0 does nothing if I remember correctly. If not ignore my correction
  --here, give your default.
  set ResultStatus = 0;
  DECLARE ErrorCode INT;
  set ErrorCode = 0; -- because you never declare it, it likely wasnt working...
  DECLARE exit handler for sqlexception  --take care of SQL error
  BEGIN
    -- ERROR
    #set ErrorCode = -999;
    rollback; -- totally not necessary
  END;

  DECLARE exit handler for sqlwarning
  BEGIN
    -- WARNING
    #set ErrorCode = -888; 
    rollback; --totally not necessary
  END; 

  START TRANSACTION; --not necessary
   SELECT --just a select, result set 1
     P.iProductId AS ProductId,
     P.vProductName …

From the looks of it.. your function find_all_products() makes a database call, then you churn through the results as needed.

This is just terribly inefficient. You do not seem to be changing the SQL in any way for each call, so just do it once and store the values locally in either an object, or an associative array (if that makes you happy). Or, an array of Objects (which seems to be the best solution in your case).

Then, instead of doing the database calls over and over again, you simply iterate through your local array of objects and pull whatever data you need at the time.

Hope that helps!

likely the jquery is setting the "disabled" flag, which according to the HTML specs tells the browser to remove the input in regards to submitting a form. Any "disabled" input field will have the same result.

Your solution is to enable all input fields immediately before submitting (which you can do on the onsubmit event of a form.

http://www.w3schools.com/tags/ev_onsubmit.asp

Glad it all worked out for you. So it was the no SQL after all

I don't use phpmyadmin, So maybe someone who does may be able to help with debugging... The query looks fine, so all I can go on is assuming that it compiled without error, that your data types match, And that your query does actually return data when run inside the stored procedure. All this things true, the only other things I can think of is that your user does not have insert rights, that you must explicitly commit the insert, or some other quirk with how you are set up.

Sorry, but I think I can't help without actually connecting to the database with something like MySQL workbench and trying to run the stuff manually

may sound silly, but can you try without the () surrounding your select?

insert into `product_attribute` (`product_id`, `attribute_id`, `language_id`, `text`)
SELECT a.`product_id` 
        ,b.`attr_id`
        ,b.`lang_id`
        ,b.`attr_value`

FROM     `product` a 
        ,`batch_attr_detail` b
        ,`batch_attr_set` c

WHERE c.`batch_attr_id` = @`batch_attr_id`
  and c.`batch_attr_id` = b.`batch_attr_id`
  and a.`product_id` between @`start_product_id` and @`end_product_id`

Other than that, I am not familliar with the program you are using to manage your SQL, and with that I am not familliar with some of your syntax -- that doesn't mean it's wrong, though.

you may also want to comment out the insert, and just see if your select is in fact returning any data. If not, you may have to modify your select syntax. I don't often (in fact, never) do macros like you are, where I have a.'foo' instead it's a.foo. Again, however, that may be due to the SQL manager you are using, and less a syntax issue.

It would really help to see the whole declaration, so we can see the incoming variables.

At first glance, it looks like you're doing something funny with your vars by using quotes...

@'foo' should be @foo, And in MySQL, I have found more success just avoiding user declared variables and just using the VARs passed in.

Of course, your mileage may vary...

Part science, part art. It's a way to challenge ourselves to solve new (to us) problems, and give us a puzzle to not only solve, but improve upon when everything finally works. It is a beautiful, fairly universal mode of communication, and there is just something so peaceful about code that not only runs fast, but its also aesthetically pleasing to read.

I think what priteas is trying to get across to you is that you need to change your thinking.

Consider it this way: "only display the box when there are images to display."

That way, you are not trying to "fix" something post render or mid build.

A payment gateway is for credit cards and debit card.

Whatever system you use to process payment (either a payment gateway directly, or a service like paypal) will likely have a copy/paste or include PHP script for simple transactions that you call (like a function, or doing a cURL call to), or a more robust API that you can make your own code for, as long as you follow their standards.

Yes, there is likely a fee. Most will charge a monthly or annual fee, as well as a % of transaction fee (usually between 1 and 3%).

That... looks very unfamilliar to me in terms of creating and running procedures... try this instead:

delimiter //
drop procedure if exists GetEvents//
create procedure GetEvents(IN iVal1 int,
                           IN iVal2 int)
begin

select * from myTable where Col1 = iVal1 and Col2 = iVal 2;

end//
delimiter ;

then to call...

you will likely need to use mysqli->multi_query()

because of this, you will likely have to manually sanitze your incoming data, using mysql->real_escape_string() on each parameter.

Of course, from there, it's just using the PHP/MySQLi interface and going from there...

You seem to be familliar with how to connect, etc.. so I spared you that bit. If you need any other help, show some new code and we can go from there.

Side note: if I recall, when I started getting back into PHP a while ago, PDO had awful support for stored procedures. THe only interface for them was with mySQLi, unless you were using PDO with a TSQL server (which is microsoft, not mySQL/whoever owns it now). Anyone know if PDO is now a good interface for mySQL and stored procedures?

You're on it.

What would you like to know about them?

(Of course, I assume you checked out http://php.net/manual/en/book.session.php)

While I don't agree with your use of an anonymous function to attach an anonymous function to a node to alert the value (... yup, that sounds right), it seems that you are trying to get the text value of the first node. So, you are looking for the innerText(for those browsers that support it), and a fallback of innerHTML. The below should catch that for you. Not totally sure that syntax will not error out on browsers that don't support innerText, so you may want to clean it up some.

<script>
    function Test() {
        var rows = document.getElementById("filetable").rows;
        if (rows.length > 0) {
            for (var i = 1; i < rows.length; i++) {
                (function (i) {
                    var temp = rows[i].cells[0].childNodes[1];


                    var obj = rows[i];
                    obj.ondblclick = function () { alert(temp.innerText || temp.innerHTML); };
                })(i)
            }
        }
    }

    window.onload = function () { Test(); }
</script>

heh... I think diafol was trying to say why not store the images on a web server, and only store the paths (ex: http://mysite.com/images/myimage.jpg) to the images on that web server in the database - that way you are only retrieving a small amount of text (the URL) as opposed to base64 encoded garbage, that will take however long the transfer time is to load EVERY SINGLE TIME you load a page - as opposed to a cached image (png, jpg, etc...) that will only have to load once, and then any time the user comes back the image is ready to go and will significantly lower your page load times.

While storing image data in the database is not a bad thing, it certainly is a "right tool for the job" sort of thing.

If you are going the database route - which you seem intent on doing - then you will still need a valid html <img> tag, and set it's source to the output of the database.

While databases are very fast, in terms of web development, in general, the database is the slowest component. Bogging it down by doing a very long read with upwards to a megabyte of data for each image, will only make things slower.

you, sir, are building a proxy (at least, that's what it sounds like to me). Feel free to read about that: http://en.wikipedia.org/wiki/Proxy_server

There are many PHP proxy scripts you can snag. Glype, I believe, is very popular. There are other alternatives, including some from google.

However, the way you are going about it is probably not the best. PHP is already a giant while loop wiating for data on port 80 (or 443, or whatever port you plop a listener on). There is no need to reinvent the wheel.

Depending on how you are getting your data from Site: 1, you have many options available. Right now, you seem to be trying a "polling" method, which is very traffic intensive, and sucks up a lot of resources just to check if something has changed. If you are connecting to a database, you most certainly don't want to have a while loop spamming a read off those tables non-stop, as that will eventually bring the poor Site: 1 to its knees (and may get you black listed from the host anyway).

It may provide a better answer if you either provide sample code, or explain in further detail what you are attempting to accomplish.

for sure, this is broken:

public function get_validator(){
        return $this->response_code;
        return $this->response_msg;
}

once you return out of a method, you're done. It does not continue to process.

Other than that.. not sure what you are not understanding... If you get a response from your class, take the value and pass it to a method or instantiation of your message class... ??

If you press the F12 key, and go to the "network" tab (in pretty much any browser", you will be able to do a network trace. IE may require you to press a "play" button, but you will at least be able to see what traffic is going through the browser.

I dunno... hit F12 and do a network trace, and see what you are posting and where. I don't see anything else wrong with what you have... especially seeing that your original input type="button" works as is, and happily passes along a value.

echo '<input type = "submit" value = "Top Up">';
should be
echo '<input type = "submit" name="submit" value = "1">';

What are you getting now with the var_dump?

yes

Yeah, you don't even have a new balance in there...

Leads me to believe that you need to fix the action on your form and target the page directly.

which means 'submit_btn' doesn't exist. Hence, why your if check fails, and no update. Change your button to an input type="submit" with a value="1" and you will likely fix your issue.

that makes such little sense to me... if you were pulling data off "Users" but it's called "users" in the database, where were you pulling data from?

You may also want to put a var_dump($_POST); at line 73 and see if your if checks are truly being met. Personally, I don't often leave action="" even though it, in theory (and, yes, by spec), posts to itself.

isset($_POST['submit_btn']) can be your problem, or on the flip side - if your database expects an INT and you are passing in a VARCHAR, the query will fail. mysqli should throw an exception there, but you say no errors so... *shrug*

look closely at your lines of code. One "Users" is capitalized. The other "users" is not. The cases must match.

I mean the table name.
"SELECT * FROM Users WHERE Username ='$searchq'"
"UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='".$username ."'"