markifornia
Members-
Posts
112 -
Joined
-
Last visited
Everything posted by markifornia
-
I'm just chiming in here learning any way I can. But you can definitely use != operator in SQL statements. Larry's book page 271, I have actually used the method there to check if emails aren't already taken. Here is the SQL statement: $q = "SELECT user_id FROM users WHERE email="$e" AND user_id !="$id"; I haven't gone into OOP yet, but perhaps your issue lies here: //bind param $stmt->bind_param('is',$ID, $Email); Have you tried binding them this way? // Prepare $stmt = mysqli_prepare($dbc, $sql); // Bind mysqli_stmt_bind_param($stmt, 'is', $ID, $Email); You can start debugging this way. -M
-
I understand this is a very simplified example given in the book as there only consists of few records. encode table - contains the id and card number aes_salt - contains just the salt On page 387, the instructions for decrypting a stored credit card number shown below: SELECT @salt:salt FROM aes_salt; SELECT id, AES_DECRYPT(card_number, @salt) AS cc FROM encode; This is assuming we are working from just the books example, but what if there were two salt values and two credit card numbers? I am assuming the way to assign each salt with each credit card between two tables is to use a foreign key? How would you go about running the SELECT query above using multiple records? For example if I had multiple credit card numbers from the encode table and multiple salts in the aes_salt table? Would the salt table be already pre populated with salt values?? Here is my taking a stab at it. Assuming my theory is correct about the foriegn key, aes_salt will have an id column which is an fk of encode. Step 1: SELECT @salt:=salt FROM aes_salt; INSERT INTO encode (card_number) VALUES (AES_ENCRYPT(123456, @salt)); Step 2: SELECT @salt:salt FROM aes_salt WHERE id=2'; SELECT id, AES_DECRYPT(card_number, @salt) AS cc FROM encode; it just seems as though there needs to be a foreign key and a WHERE clause to make this work with multiple records. Any advice appreciated. Thanks, Mark
-
Edward, my example comparison above wasn't the greatest of examples as Larry even pointed out. I had added a WHERE clause which would make the while loop unnecessary I presume. I too am getting the hang of it. But to take a stab at your question, $row isn't equal to something, $row is a variable that is assigned the results of mysqli_fetch_array that loops through each row even NULL values. Anyone? Correct me if I'm wrong. -Mark
-
Prepared statements makes total sense, except the example in the book does not include a while loop. See my comparison below, I assume they would be very similar. In regular queries we use: $q = "SELECT user_id FROM users WHERE user_id = '$id'"; $r = @mysqli_query($dbc, $q); while($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { // print out array } But in prepared statements would it be like so? $q = "SELECT user_id FROM users WHERE user_id = ?"; // Prepare the statement $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_execute($stmt); while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { // print out array } ** I'm assuming the while loop goes after the mysqli execution. Is this correct? Thanks, Mark
-
Exactly what I was looking for Larry. Page 354 explains "Garbage Collection". I am running my site on a server that does not receive a lot of traffic, it is a management tool for just a few internal admins, so garbage collection isn't kicking in. This section of the book explains it well, just now found it - thanks!
-
Great thanks I fully understand now in regards to my question. Since we are on the discussion of sessions(), I have an extra question below: My web application works great, except the session never expires if left overnight I am still in the session because I have not logged out. But I would like a session to expire based on idleness length of time. I have been searching chapter 11 for a way to designate an expiration on a session() if the user has been idle for a specified amount of time. I have forgotten where this line of instruction is located now, or if it only applies to set_cookie(). Thanks, Mark
-
I am trying to understand this bullet point on page 368: "Watch how database references are used. For example, if a person's user ID is their primary key from the database and this is stored in a cookie (as in Chapter 11, "Cookies and Sessions"), a malicious user just needs to change that cookie value to access another user's account". Page 349 tells us that when a session is created, it also creates a browser cookie. For example when tracking user activity, checking to see which user modified a table. Here some methods in the book: (1.) A solution on page 358: Page 358 provides a method for improving sessions security by checking if the $SESSION['agent'] is set, and then also checking if the the $_SESSION['agent'] matches the $_SERVER['HTTP_USER_AGENT'] (2.) A solution on page 360: Page 360 introduces session_regenerate_id(), which provides a new session ID. MY QUESTION: While these are nice methods to use, should we not store a users ID like so? $_SESSION['user_id'] = $data['user_id']; Here, the users primary ID is stored into the session. I am thinking of plenty scenarios where this is necessary like tracking user activity. I have already built a nice database design and script that uses the users primary id as a way to track their activity. Is this the right way to do it? Is this unsecure? Thanks, Mark
-
Script is awesome, working great. I am just trying to understand this function the list() function used in conjunction with the custom check_login() function (this function is created in includes/login_functions.inc.php) The() list function in this script takes on two parameters or returned values. Does this mean that the check_login function needs to return exactly 2 values? What if there are 3 values returned by the check_login function, would that mean the list_function() would need a third parameter? If check_login returned 3 values, then would it be like so: list($check, $data, $more_data) Thanks Mark
-
My web application is going along smoothly thanks to both of you. Bahaa, When updating the table containing CreationDate and CreatedBy these values will remain the same. How do you make a query update if they will have the same values. CreationDate and CreatedBy will not change during an query update, therefore are these fields skipped? Thanks, Mark
-
Thanks Larry i was just curious if it would be sufficient using one method, or if using both methods is more preferred? I am looking for the most practical and popular solution. Bahaa - thanks for the script, Larry's book provides a similar example. Yours doesn't include an INSERT query though. Are you also inserting the image into the database, at the same time inserting it in the uploads directory? And if so, then why did you have to use both methods.
-
I was able to code this script without any problems, I understand the process of uploading a file from apache's default temporary directory to the uploads folder. My question is: Is this tied to inserting an image into a database? Or an alternative method? If I wanted to tie certain images to a certain users unique id, it seems like uploading a file into a directory wouldn't work. If inserting an image into a database is the solution to my question, would the correct datatype be LONGBLOB? Again, I'm just guessing after some research this seems to be the solution. Thanks Mark