Antonio Conte

Saw a large discussion about encryption of passwords some time ago. What you should do, is using a random string, and combine it with the password of the user. You then use SHA1 on this new string, and send it to the database. What's important, is that the same string is used when the user tries to log in. It's just a better way as it makes it harder to use rainbow tables and such. The discussion was were interesting as the debates included math (waaay over my head) on the matter. They concluded, that if you included a string into the password itself, it was impossible to be 100% sure of the original password. You would have to know the included string aswell. The best method is apperantly to create a RANDOM string for each user into the password, and save this hash to a table. If you splitt the password at, let's say 3 characters, and use the hash in the middle, it would be almost impossible to KNOW the users password EVEN if you found a match with SHA1 or MD5. NOTE: This is for the matter of discussion. Do not use this on a live project. // must have at least 6 digits. Should include some checks....... private function createHash($originalPassword) { $hash = "TheCoolHash123@."; // hash used in password $begin = substr($originalPassword, 0, 3); // 0 to 3rd char $end = substr($originalPassword, 4, 20); // 4th up 20th char $password = sha1($begin$hash$end); return $password; } The reason why something like this is working, is that you only compare the SHA1'd users password with the SHA1'd in the database. No-one should ever know what the password ever is. I'm no wiz on this matter, so correct me if I'm wrong. The discussion was very interesting though.

How about making a drop down list for each brand? This is just me thinking. You wouldn't have to use javaScript then. The three level design is not that hard really. Larry is explaining how to this this in his PHP Advanced book. I will explain briefly. You need a database, or file system, that allows for this hierarchy. It's not really that hard. brands: (brand_id, brand_name) products: (product_id, product_name) three: (brand_id, product_id) SELECT a.brand_name as brand, b.product_name as product FROM brands as a, products as b INNER JOIN three as c on (a.brand_id = c.brand_id) INNER JOIN three as d on (b.product_id = d.product_id) ORDER BY a.brand_name, b.product_name I've had a few beers, so I can't GUARANTEE you this query will work. What you do here is to make different tables for brands and products. That will allow you to create brands and products as time goes. Underlined text are primary keys. In this query, you join the three tables on brand_id and product_id. You can echo this information using "brand" and "product" after a loop or foreach statement. The query is also ordering the results after the brand name first, then the product names, alphabetically. As for the PHP, it's another question. Have to get some sleep now. Will pick up on this if you still struggle. Edit: On afterthought, you don't need JavaScript. Find a drop down hover menu. Only display the brand names in a list, and display the different products as you hover over them. There are many different existing menus that do this for you. I don't know how many products you need to display, but this might be an easy fix.

Hey, I'm working on a class to display information about football players. I have a little trouble understanding how I can make all players an individual objects though. Now the class is just printing out every player from the database as a string. Would it be possible to create every player as an object, and use the getters and setters I've created? Or is this not the correct use of objects and methods? I've seen in Java that you can pass an Object as a parameter for a method. Is this also possible in PHP? I don't really understand the point in instance variables as they are never user. Likewise with object variables like $this->firstName as they are never used. Am I doing this very wrong? Do I only need objects for classes and methods? Please enlighten me a little, because I really don't understand it. Here is my class: <?php class Players extends Connect { private $id; private $firstName; private $lastName; private $nickName; private $birthDay; private $birthPlace; private $nationality; private $position; public function __construct($id, $firstName, $lastName, $nickName, $birthDay, $birthPlace, $nationality, $position) { $this->id = $id; $this->firstName = $firstName; $this->lastName = $lastName; $this->nickName = $nickName; $this->birthDay = $birthDay; $this->birthPlace = $birthPlace; $this->nationality = $nationality; $this->position = $position; } public function getAllPlayers() { $mysqli = Connect::MYSQLI(); $query = "SELECT *, (YEAR(now())-YEAR(a.dato)) as date FROM abc_players as a"; $stmt = $mysqli->prepare($query); $stmt->execute(); $stmt->bind_result($id, $firstname, $lastname, $birthplace, $country, $date, $position, $year); while($stmt->fetch()) { echo ' <div class="row"> <div>'.$id.'</div> <div>'.$firstname.' <strong>'.$lastname.'</strong></div> <div>'.$birthplace.'</div> <div>'.$country.'</div> <div>'.$date.' år</div> <div>'.$posisjon.'</div> <div>'.$year.'</div> </div> <hr /> '; } $stmt->close(); } // return firstname public function getFirstName() { echo '<div>First Name: ' . $this->firstName . '</div>'; } // return lastname public function getLastName() { echo '<div>Last Name: ' . $this->lastName . '</div>'; } /* OTHER GETTERS ...... */ // set firstname public function setFirstName($newFirstName) { $this->firstName = $newFirstName; } // set lastname public function setLastName($newLastName) { $this->lastName = $newLastName; } /* OTHER SETTERS ...... */ } // Initialize object of class $players = new Players(); // method to get all players from database $players->getAllPlayers(); ?>

Yeah, I know. The most important is return values and examples of code. You don't need to read and understand it all. I had trouble figuring it out in the beginning too.

- Escape your queries. mysqli_real_escape_string or prepared statements (if this is for a database) - type force (int) and use ctype_digit() on numbers. - Check length of string - Check if it contains values (!= null, !empty(), isset()) - Regex for email - Check out jQuery validate UI (it's great!) This will take you far. Good luck

You still teach me things, Larry. I'm also doing a lot of Java at the moment, so I thought the two worked the same way. Paul. You should learn to read the PHP Manual. Look up mysqli_query() in there, and you see this "Return value". This is really important for understanding what to do with the code. It says that mysqli_query returns an RESULT OBJECT if the query is successfull, and FALSE if the query is not working. This gives you direction for what to do next. This means what you get from mysqli_query is not data, but a data object. That is a difference. Result object: I don't know if you have heard of objects, but that is not important. The thing is, you need to look at it as a bag or something. You need to tell this object what data to give you, or it makes no sense for PHP. This is the reason we use mysqli_fetch_array. We fetch the result object to an array, and that allows us to point at the object which data to give us from the bag. Return false on $result You can also see return "False" on failure. This allows us to check if the query is right, or other things. Possible use of this knowledge You could stop PHP from giving you an error message by checking the $result variable. Because it return false on failure, we can check things. /* This is the same as if ($result != False) and means "If $result is TRUE" */ if ($result) { echo "The query is ok. We got a data object. Now we could use mysqli_fetch_array!!!"; } else { echo "Sorry. There's something wrong with the query } mysqli_fetch_array: Looking at the manual again, it says this about return values: "Returns an array of strings that corresponds to the fetched row or NULL if there are no more rows in resultset." This means it's perfect to use a while-loop to get this data. // We get date in a result object OR get false back from this $result = mysqli_query($database, $query); // If $result got a result object, not false... if ($result) { /* This means While there ARE data in $result (while $result is NOT NULL) .... make an array of the data for $row */ while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { /* name is the database table row name. If you also have a row called "lastname" in your table, you can get lastnames too! */ $row["name"]; // $row["lastname"]; database table-row name // $row["cellphone"]; database table-row name } } // This means the query is wrong, and mysqli_query returned FALSE to $result. else { echo "Sorry! $result got false from funciton mysqli_query! It's something wrong with the query"; } This is comming from mysqli_fetch_row. You can choose how mysqli_fetch_row is going to display the result with MYSQLI_ASSOC, MYSQLI_NUM or MYSQLI_BOTH. If you choose MYSQLI_ASSOC, it means use the NAME OF YOUR DATABASE TABLE ROWS. If you use MYSQLI_NUM, you use THE POSITION in the array of $row. Arrays start counting from 0, so 0 is DATA FROM THE FIRST ROW of your table. If you use MYSQLI_BOTH, you can use both the names and the number of the arrays position to display the data. Hope you understand this. Learn to read the manual. It can be a bit difficult in the beginning, but learn to look at return and such. It's important.

Yes. Almost. There are steps you need to go through to get data from a database. 1. Connect to the database (This is the variabel $dbc) 2. Write a query. The variabel of your query is $q. 3. Execute the query. Almost there... (This is were you stop. 4. Get the info into an array so we can read and display it. You do this with mysqli_fetch_array(). I have switched names on your variables to better understand how they work. // This is query $query = "SELECT CONCAT (first_name, last_name) FROM users WHERE user_id = 22"; // The result of mysqli_query() $result = @mysqli_query($connection, $query); // WHILE there is MORE ROWS from mysqli_fetch_array() - Do the below while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { echo '<p>This users name is' . $row["name"] . '!'</p>'; } // We have displayed all rows mysqli_fetch_array() can be written with these "parameters". (Values put between the functions ( ... ) mysqli_fetch_array($r, MYSQLI_ASSOC); mysqli_fetch_array($r, MYSQLI_NUM); mysqli_fetch_array($r, MYSQLI_BOTH); The difference is how you ask from the row from $row. Assoc let you use THE NAMES of your database table rows ($row["firstname"] . $row["lastname"]), NUM is the number in the array (Counting from zero) ($row[0] . $row[1]) BOTH means you can mix as you wish. $row["firstname"] . $row["lastname"] AND $row[0] . $row[1] Is the same info (If firstname is the first row of the tab, and lastname second.)

What you need to understand is that we have different types of variables. - Local variables - Instance variables - Reference variables You $row[0] is a local variable. This is because it's declared inside the while loop. At the end, it dies. What this mean is that the variable does not exist after the while loop. It has no value, and the variable name is gone. $counter = 0; // available also after loops for ($i=0; $i<5; i++) { // $i is a local variable. It's value is available here, but not outside echo $i++; // add one as long as $i is less than 5 (5 times) $counter++; // add one as long as $i is less than 5 (5 times) } echo $counter; // prints 5 echo $i; // this is another VARIABLE $i. not the same as in the for-loop $row = mysqli_fetch_array ($r, MYSQLI_NUM) { $row[0]; // Working } echo $row[0]; // Not working anymore mysqli_fetch_array is a function. With MYSQLI_NUM as a parameter, this line give meaning to $row[0]. Things in brackets (or what they are called) is arrays. (tables of data). $row[0] is therefor now the DATA of row 0 in the array that holds your database data. Outside $row = mysqli_fetch_array() { } your look at $row[0] as an empty array you are trying to get data from, but that data is long gone.

<?php $query = "SELECT name, type, size, Content FROM Files WHERE id = '$id'"; $result = mysql_query($query) or die(mysql_error()); if ($result) { if (mysql_num_rows($result) == 1) { // if it num_rows = 1 } else { // if not } mysql_free_result($result); } else { // error } ?> First of, it seem you have one to many brackets in your code, after the $result if. Sorry. Just edited out some code before looking at it... From php.net: Mysql_query() For Select(...) mysql_query() returns a [b]resource on success[/b], or [b]FALSE on error[/b]. I don't know if if ($result) will work then. Maybe you should do if ($result !== false) {} instead? I don't know if this is the problem.