bahaa
-
Posts
147 -
Joined
-
Last visited
Posts posted by bahaa
-
-
Some one tried to hack it with sql injection
-
I am only a year into programming but have many years CSS.. One minor adaption you might consider is fixed height on some of your boxes. This may limit your sentence length and lead to a few other decisions. Counting characters not necc going to work because of viewer font size settings.
Again I am new to php ..
Congrats !!!!
Counting characters got nothing to do with the font size the viewer use.
What boxes do you suggest fixed height and why ?
-
-
Can we see the error you get when you run it?
-
Well, Bahaa, I was going to answer it the other day but the answer might depend upon the version of MySQL, which you don't provide, even though this is in the forum guidelines. And your second post is a clear violation of the forum guidelines. You've been using these forums long enough that it's truly time you actually start following the forum guidelines.
Well, I did not know that the prepared statement depend upon the version of Mysql I use. I thought as long as the version I have support Mysqli prepared statement, then I would not have a problem on how to construct my query. In my opinion, if you indicate such things in your answers and give both solution, it would be a good resources for other members and they would have less problems in their application.
When I posted the second query, I did not mean to violate the guidelines. I read the the guidelines before and I read where it says not to add another post if it doesn't add anything to the thread. I waited 3 days and since I saw you answered some questions that have been posted after my post, I thought you did not notice thread or something and that is why I add the second post.
Anyway the version I use is 5.0.7
-
I would really appreciate if some one could help me with this question
-
Well done. It's a simple but elegant design, and it loads quickly. Nice.
Thanks for your comment
-
Hello,
This is my second project using MySQLI and PHP. I have done this for a client.
I know you won't be able to read it but you can see the look and click on links to check the speed.
It is hosted on shared server.
Please let me know what you think.
-
Hello,
How to I bind a param to ORDER BY in mysqli ?
Bahaa,
-
-
Hi,
how to we use the filter_input(INPUT_POST, '', FILTER_VALIDATE_INT) to validate zero as int ?
I always get false when i try to use the filter on an input that has a value of zero.
Bahaa,
-
I was able to figure out the problem
here is why it happens in case some of you run into this problem
This can happen, for example, if you are using mysql_use_result() and try to execute a new query before you have called mysql_free_result(). It can also happen if you try to execute two queries that return data without calling mysql_use_result() or mysql_store_result() in between.
I had to use mysq_store_result between the 2 queries.
-
Hello
I get this error when i try to run 2 prepared statement.. the 2 statements do not relate to each other.
The first one runs but the second doesn't... I deleted the first prepared statement and the second one worked find.
here is the error
Commands out of sync; you can't run this command now
Bahaa,
-
Hello,
How do I get rid of the output buffering already sent ? I need to generate the page title dynamically and this require to echo it before the header and it causes the the output buffer already sent to appear.
I also use the header() function in many places in my code.
I can't change the setting on the server because it is shared hosting.
Bahaa,
-
I believe the default with newer versions of MySQL is now to only allow lower-case table names. You can change that by adding the following to my.ini:
# added to support upper-case letters in tablenames lower_case_table_names=0
That solved a problem with not being able to create table names with upper-case letters for me using MySQL 5.0.8 dev client on Windows 7. You will have to stop and restart MySQL for the changes to take effect, of course.
I was going to suggest that your query may be failing because it appears that you are quoting SurveyID and QuestionID, which I would have expected to be integers, not strings.
I don't use upper case for the table's name but by mistake in my query I used upper case for my table name in one of the functions.
Everything worked fine after i fixed that problem.
-
How do I change the setting so I make it case sensitive on my machine?
-
You don't have any error reporting at all. My suggestion would be to add code that:
A) Tests for a positive result before continuing
Reports the MySQL error (during development, not production) should there be a negative result.Thanks for the tip
the problem was with using capital letter for the name of the table in my query.
on my machine the name of the tables case insensitive and on the production it is case sensitive
-
Sure the mysqli extension is available on your live host?
Yes it is available.
-
Yeah, your prepare isn't working, which probably means there's a difference in how the local vs. live databases are set up.
What do you suggest in this situation ?
I have the same problem with another non prepared query.
The problem is with the query inside the loop.
in the first query I get the question and inside the loop I get the answer for each question using the question id
this query works on my machine but it doesn't work online.
<?php
$sql ="SELECT SurveyID, SurveyName
FROM survey LIMIT 1";
$result = $mysqli->query($sql);
$rec = $result->fetch_array();
$SurveyID = $rec['SurveyID'];
$SurveyName = $rec['SurveyName'];
echo "<h2 class=\"SurveyName\"> $SurveyName</h2>";
$sql ="SELECT QuestionID, Question
FROM question
WHERE SurveyID ='".mysqli_real_escape_string($mysqli, $SurveyID)."'";
$result = $mysqli->query($sql);
$ID = array();
while($rec = $result->fetch_array())
{
$QuestionID = $rec['QuestionID'];
echo "<span class=\"Question\">". $rec['Question']. "</span>";
$ID[] = $rec['QuestionID'];
$_SESSION['Questions'] = $ID;
echo "<input type=\"hidden\" name=\"ID[]\" value=\"{$QuestionID}\"/>";
///Get answers
$sqlAnswer ="SELECT AnswerID, Answer, VoteCount
FROM Answer WHERE QuestionID ='".mysqli_real_escape_string($mysqli, $QuestionID)."'";
$AnswerResult =$mysqli->query($sqlAnswer);
//fetch the result
while($rec = $AnswerResult->fetch_array())
{
$AnswerID = $rec['AnswerID'];
$Answer = $rec['Answer'];
$VoteCount = $rec['VoteCount'];
echo "<input type=\"radio\" name=\"QuestionID[$QuestionID]\" value=\"{$AnswerID}\" id=\"{$QuestionID}\"";
if(isset($_COOKIE[$SurveyID]))
{
echo "disabled";
}
echo "/> $Answer<br />";
}
}
?>
-
No luck and the odd thing I deployed my files online and I don't get everything working as I do locally.
I have used a prepare statement inside a loop and bind param to the nested prepare statement. the first statement works fine but the one inside the loop it doesn't work though it works locally
-
The "not equal" operator in SQL is "<>", not "!=".
it is not the operator
I ran the query on mysqlbench and it worked but when i use it in my code, it doesnt work!
-
Hi,
I have this query and it keeps giving me Fatal error: Call to a member function bind_param() on a non-object.
The name of the fields are correct and the connetions is set properly.
$sql ="SELECT UserID From user WHERE UserID != ? AND Email = ? ";
//prepare stmt
$stmt = $mysqli->prepare($sql);
//bind param
$stmt->bind_param('is',$ID, $Email);
//execute the query
$stmt->execute();
-
Thank you so much Larry.
Evrything works fine now.
-
Thanks for your answer
I understand the part of creating the questions as an array but I don't understand the part of validating upon submission.
Could you please give me an example?
My Second Php Project
in PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
Posted
yes..