Posts by |-|x

ORDER BY unit_cm DESC LIMIT 3 will actually give you the 3 records with the highest values of unit_cm

To get the smallest values use ORDER BY unit_cm ASC LIMIT 3 in the subquery.

You'd be better off using a loop

He'd be better off using a single regex like Atli originally posted, much faster execution, less steps, and more elegant code to read.

Because id_buku is being compared to a string value, which is ok. The table name fk_00_m_buku is not a string, and if you were to add limits to this query they need to be integers not strings.

In the previous query you were creating the table name and limit values as strings, which wont work. String values for comparison (WHERE clause) do need to have quotes.

I feel like maybe I'm not explaining this clearly enough, but not sure how else to put it. You need to take a look at the result SQL query of those you are producing so that you can better see the differences.

your initial query

$table = "t_book";
$start = 1;
$amount = 15;

$sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

echo $sql;

//output result is...
select * 't_book' limit '1' , '15'

//Correct syntax should be...
select * from t_book limit 1 , 15

second example

$id_book = "A";

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";

//output is OK ...

select * from fk_00_m_buku where id_buku='A';

NOTE

This second query is treating the book_id as a string, if this is supposed to be a number (is an integer in the database) MySQL is capable of implicitly converting '1' to 1 for the comparison - however, it is better practice to not use quotes and pass the value as an integer yourself.

You only need to use quotes ' when you …

You don't need single quotes around your variables inserted in the sql string - there weren't single quotes in the original, and adding them makes the table name and limiters string values.

Echo your sql string to the page so you can see it and copy/run it manually to check that it works.

Have a read of the MySQL Join documentation, specifically the section that covers Left/Right joins.

What I would use here is a LEFT JOIN which allows the parent record (ie: dealer_item) to be shown with a null record where no data exists in the child record (dealer_product). More left join can be used to add more "optional" child tables to the query in the same way.

Have a go at rewriting the joins and I can help further if you have trouble with syntax or anything.

@Msanches; Firstly, let me address your comments on advertising by saying that many long time users are happy to have ads displayed in order to support the site. Many online communities achieve this by disabling ads for paying members, so I find it extremely generous and convenient that Dani allows free (but verified) members to disable ads.

Also, Stack overflow does have ad banners as well - the content of which appears to be mostly their own, which demonstrates only that they have reached the point where advertising revenue is no longer necessary to support their continued operation, but is no less annoying than any other ads.

Secondly, while I agree that "stole" is a strong (and perhaps inaccurate) word to use, if you had read past the title you would see that it is not actually used in the article at any point, and that she is in fact presenting evidence of possible collusion between Google and SO - whatever view you take of this theory, I think most of us recognised that the terminology used in the title was somewhat metaphorical.

Furthermore, "preference" has no baring on Googles search results. They track usage history and clickthroughs - but most people click through all links that appear to be vaguely interesting on the first page of a result set, and Google has no way of knowing whether that site was actually useful or not. The sites shown on that first page are algorithmically determined to be relevant based on …

I feel that all this business of personalized searches is also annoying in the same way: I'm not searching the web to find things I already know about. I'd wish there was a button to reverse it completely (as in, "give the results that are as far removed as possible from what I've previously visited").

I agree with that sentiment completely. I remember reading something a while back where a Google engineer was talking about the "personalised" search features and mentioned that there are over 50 different metrics used to track user activity for this purpose, including IP address, geolocation and other data that is somewhat more difficult to strip from your browser headers.

I almost always use incognito mode for searches in order to remove as much personal data and history from skewing the results as possible, but it is still ridiculously localised. IMHO the only time this is useful is in searching for a local business such as "pizza" and in most other cases amounts to a form of censorship.

Dani, I found this site years ago via a Google search, but honestly can't say the last time I have seen DW in a result set - I do notice it has become a rarety. In fact my search results are serviced almost exclusively by a small set of websites including the stackexchange family, wikipedia and youtube - anything beyond that I have to really dig around for.

It annoys me to no end that certain …

mysql_query returns a resource datatype on success, which is not simply printable like you are trying to do.

You need to call either mysql_fetch_array or mysql_fetch_assoc passing the $result to that function, which will return each row as an Array structure that can be iterated and printed as any typical array.

Example:

$sql = "Select FirstName from Person Where LoginID = (Select LoginID from UserLogin Where Username = '$username')"

$result = mysql_query($sql,$con);

while ($row = mysql_fetch_assoc($result)) {
    echo $row["FirstName"];
}

Is that your entire css? You haven't specified any other margin or float values or anything for other elements?

Server side, yes. Only the submit button that was clicked will be set in the POST data.

I believe it is your logout button.

<a href="index.jsp" id="btnLogout" onclick="<%session.invalidate();%>">Logout</a>

It is a while since I've worked in jsp, so someone may correct me, but I believe this is executing the session.invalidate() function and printing the result into the javascript onclick call. You are not able to use javascript events to call server side functions in this way.

To test if this is correct, remove temporarily remove the logout button (or at least the call to session.invalidate) and try to run the page again.

Have a look at this post or google for how to call server side code from a hyperlink. But I think you will have to post the request to the server in order to achieve the functionality you require. I don't believe it can be done inline as you are trying to do.

You can do it all in the loop if you handle the parameters properly.

private void autofillyr(int incrementBy, int maxyr, int no_year)
{
   for (int i = no_year; i < maxyr; i += incrementBy)
   {
       year.Items.Add(new ListItem(i.ToString(), i.ToString()));
   }
}

and the function call...

protected void Page_Load(object sender, EventArgs e)
{
    ...
    autofillyr(1, 2050, 1900);
}

actually, i repurposed your no_year parameter as start year since it is unclear what the purpose of this parameter is.

I would susggest doing the days function the same way since

if (incrementBy <= max) // this line is irrelevant

try...

private void autofilldate(int incrementBy, int max) //don't need `itemcount`
{
    for (int i = 1; i < max; i += incrementBy)
    {
        day.Items.Add(new ListItem(i.ToString(), i.ToString()));
    }
}

You haven't posted your month function, but it can be done the same way. In fact you could use the same function to fill all 3 dropdowns (as per the Year function I just posted) call them with appropriate start, max, and increment values, just pass the dropdown itself as another parameter. I would also make the increment an optional parameter with default of 1.

the comparison you have should tell you the exact matches (though you are missing ;'s off the end of lines 5 & 8 (javascrip is a little forgiving if its the last line in a block).

You will have to have a nested loop to do the "correct but in wrong place" check.

Are you able to post any more code, the snippet posted above is obviously only a portion and it would be easier to help spot the issue if you can provide the whole function.

you're missing a brace so the for loop will always return on the first iteration.

    for(index = 0; index < length; index++){
        if(array1[index] == array2[index]){
            count++
        }
    } //<-- add this brace and see if that fixes it.
    return count
}

Hi all,

I have a somewhat philosophical issue I would be interested to see others opinions on. I have a site that receives several values via the querystring that are necessary for use throughout the site. By default other links internal to the site do no include these values, so to persist the data I am pulling them into session variables, which are used on subsequent pages.

I am having issues now where users are opening multiple instances of the site in different tabs of their browser. The session then becomes common accross all of these tabs, and this there have been occurrences of data contamination.

How would you approach a solution to this problem?
Are there perhaps some alternate options for persisting this data on a per-instance basis?

The Ubuntu live CD will allow you to do a side by side installation (dual boot), but I believe you need to have a separate drive or partition in order to maintain both OS.

OK. So a little clarification on linked lists, because I can see where you are having trouble.

You have the list declaration inside the loop, which means each time you input for a new student you are actually creating a whole new list (not just adding to the existing list). In the same way, your output needs to be outside the loop in order to output once for the entire list and not for each item during the input process.

So logically (in pseudocode) it would look like this.

instantiate list
loop through students
    collect user input for each student
    add student to list
end loop
ouput list

Hopefully that makes sense, and should be enough to help modify your code so that it works - you're really close.

It looks like you aren't actually calling name.add() anywhere in the main function. Only reading the input into local variables.

I think line 21 StudentList name = new StudentList(); should be outside the loop, and this is the spot where you need to call the add() function.

the sum() function simply calculates the total for the group of whatever field you give it, so if you just said sum(qty) you would end up with 101 for rod1.

The if function is where we do the conversion, and it operates just like any typical if statement: if(condition,true_part,false_part) so we are saying if the unit is 'cm' return qty/100 (convert to m) else just return qty. You could nest these, or use a case statement if you had more than two unit types.

The qty at the end is the alias for the column, otherwise the column header would show the formula - this is the same as saying sum(..) as qty (the as is optional).

Since we are grouping we can't just select the unit column as it wont necessarily pull the correct row, and since we are converting all units to m, we can hard code this value in the column. Therefore 'm' unit is simply returning the hard coded string 'm' for all rows as a column named unit

Hope that explains everything.

are you talking about nesting one gridview inside another? or having two linked datagridview controls side by side on the page?

As a general rule of thumb, install older versions before newer versions of the same software. Install software in heirarchical order, apps before plugins etc. (eg: VS before Crystal).

In your list above I would probably install SQL server first, as it is likely to be the heaviest. I have also had trouble in the past getting different versions of SQLsvr to play nicely together, theoretically they should be fine, but just be careful about the instance configurations.

Hope that helps.

You will need to check the POST variable to see if a user has been selected, then make an additional call to the database to fetch the related data.

I have also added a javascript call to automatically post the form when the dropdown is selected.

It will probably be easier if you move your <select> tags inside the php code. Then you will be able to print out the other data outside of the dropdown, as per below example.

<form id="userform" method="post" action="drop.php">

    <?php

        $mysqlserver="localhost";
        $mysqlusername="root";
        $mysqlpassword="";
        $link=mysql_connect(localhost, $mysqlusername, $mysqlpassword) or die ("Error connecting to mysql server: ".mysql_error());
        $dbname = 'members';
        mysql_select_db($dbname, $link) or die ("Error selecting specified database on mysql server: ".mysql_error());
        $myquery="SELECT username FROM members";
        $myresult=mysql_query($myquery) or die ("Query to get data from members failed: ".mysql_error());

        echo '<select id="user" name="user" onchange="document.forms[\'userform\'].submit();">';

        while ($row=mysql_fetch_array($myresult)) {
        $user=$row[username];         // NOTE: username should be in quotes here.
            echo "<option>
                $user
            </option>";
        }

        echo '</select>';

        if (isset($_POST['user'])) {
            $r = mysql_query("SELECT password, email FROM members WHERE username='".$_POST['user']."'") or die ("Unable to get user details: ".mysql_error());
            while ($row=mysql_fetch_array($r)) { // there should only ever be 1 result
                // display the data however you want, add some HTML tags to format nicely.
                echo $row['password'];
                echo $row['email'];
            }
        }

    ?>
</form>

Please note that the above code is not tested, but should give you an idea of how to proceed.

Also, it is bad practice to use a POST variable directly in a query string (as I have done here) without parsing it for …

these are exactly the kind of computers being put to use by the bad guys in decoding those stolen databases of encrypted (salted but not hashed) usernames and passwords that you read about in the news.

.

Sorry, that's absolutely not how encryption works. Salting only means anything in the context of hashing.

I think he meant Hashed but not Salted, as this was the case with the LinkedIn incident.

You should be able to interact with multiple databases without needing multiple connections open from php. Check out the mysql use command.

You can also reference the databases directly in your query.

SELECT * FROM db1.tableA;
SELECT * FROM db2.tableA;

OK neither of those answered my question.

@Dany12

thanks, but that doesn't help specifically - I can just use css.

@Troy_III

The question was posed out of simple curiosity as to whether MS had some proprietary implementation similar to the HTML5 attribute that they apparently don't support.

That's some of the dumbest reinventions I've ever seen!
Moreover it's against the core principles of web coding.

That's as may be but it is in the HTML5 spec.

Have you ever heard of CSS?

Thats why I said "do I have to just use the style properties" ... I know how to do it in css, I wanted to know if I could do it using the hidden attribute, or some other way supported in IE.

Evermore, w3schools are teaching you wrong HTML(5),

w3schools is a simple reference, not the be-all and end-all of web development. It was a quick and easy link to provide more information about the question I was asking, not a religous quotation.

Because in HTML(n) you don't have to write: <p hidden="hidden"> because it is a Boolean!

You can write <p hidden="bananas"> for that matter and it will work.

The proper HTML syntax is: <p hidden> and it will suffice.

If you actually read the page, they do have:

<element hidden>
<element hidden="hidden">
<element hidden="">

And how about <p disabled> or <a href=" " disabled>

I don't need to disable an element, I need …

is there a way of incorporating shell commands like PING into a T-SQL procedure?

Yes. This page has a demonstration of such.

However, let it be said that shell access via SQL is regarded as a high security risk and is often disabled, so it will depend on your level of access to the server whether you will be able to use those system procedures or not. Also, just because you can doesn't mean you should... if it is the only workable solution, then just make sure you and your team/admins know what it's doing and have some configuration & monitoring in place to ensure the system access is protected.

if(!$insert = mysql_query

is an assignment operation, which will always return true. If you are trying to check the success of the query operation, just use

if (mysql_query(...))

MySQL server has gone away

This means that the connection has been closed or has timed out, and the query is unable to complete execution - likely the cause of your second error.

mysql_fetch_assoc() expects parameter 1 to be resource

I can't see where line 113 is in your page code, but this error usually means that the query has failed. This could be a result of the previous error.

@Mitch

Thanks for the ideas. I do know about AD Auditing, but its more on the post-analysis of the resulting logs that I'm looking for. Also, I am more interested in network based access (AD Authentication entries for instance) than File level activity.

@Jorge

I think that SCOM is probably a lot bigger than we need, but I will look further into its log alert capabilities and see if there is enough value for me to justify including it in our planned server upgrade.

@Jim

Thanks, it looks like that tool might do what I need for the time being. I've downloaded and will give it a try.

---

Any more ideas or 3rd party tools I'd love to hear about, but I'll go ahead and mark this solved now. Thanks all.

correcting my code because apparently I'm dyslexic...

md5($email);

etc... not mdf

can't believe I posted that wrong through that whole thing and didn't even notice ... <facepalm/>

I will give you a really basic example of how this might work. Take a look at the md5 hash function.

This function will generate a hash (using the md5 algorithm) from any string you provide, the hash will always be the same given the same input string. For instance, 'user@hotmail.com' will always produce the hash '7b928f8a1884fc44709e0b17ec65228c'

So your registration page would include something like this:

$email = $_POST['email']; // get the users email address from the form post
$hash = mdf($email); // generate the hash code
$link = "http://mydomain.com/confirm.php?email=".urlencode($email)."&hash=$hash"; // include the hash code in link to email to user

You then send the email to the registered address with the generated link, and the user must click on the link to confirm their valid email address. The confirm.php page will then check the hash code.

$email = urldecode($_GET['email']); // grab the email & hash code from URL
$hash = $_GET['hash'];
if (md5($email) == $hash) { // check if the hash code matches
    // successfully validated
    // add email to registered user list here...
} else {
    echo "invalid registration";
}

---

Note that md5 is a common algorithm and you may want to vary you hash output by adding something unique of your own to it so that people can't generate their own hash codes to manipulate or bypass the registration system. This is called Salt and is generally a fixed or random string that you add to your data …

The way email validation usually works is to have a unique key or hash that is sent to the email, and then passed back to the webpage when the user clicks on the link. The web page then needs to identify that the hash is the same as that which was generated for that email, the storage mechanism is largely irrelevant to this process.

You could for instance, store the hash together with the email in a flat file.

newuser@hotmail.com=GENERATEDKEYHASH
...

Or you could generate the hash based on the email address itself, so that the confirmation page will recreate the hash from the email and it must match the originally created hash to verify. This way you don't need to actually store the hash at all.

It is because of the layout of the page - these styles apply to several different nested elements or tags in the html, not just the button. Depending on the actual styles implemented they will have quite different effects if applied directly to the button, which is not necessarily what the designer wants to achieve.

Sometimes it is necessary to nest elements like this to allow for full cross browser compatibility, especially when catering for older browsers. Sometimes it is necessary simply to achieve the desired layouts or visual effects.

button

These styles will apply directly to the button itself

button a

These styles apply to an anchor tag inside the button tag.

<button><a></a></button>

button a ins

these styles apply to text marked as inserted inside the anchor tag.

<button><a><ins></ins></a></button>

button a:hover

These styles apply to the anchor tag again, but only when it is in hover state - ie: the user has the mouse over the link.

Hey ... just had another thought. Can you open the code file in a text editor and show whitespace characters? It is possible that there is an invalid invisible character somewhere that is causing a parse error for php - I have seen this happen before.

Just an idea.

It means it found something incorrect in the php on that line. This error can also be caused by things like forgetting a semicolon, closing quote or bracket on an earlier line.

---

Hmm.. the code you have posted works fine for me. I am led to assume, then, that the error may be originating in your connect.php or is possibly data related (invalid characters, or disparity in the character set being used in php to that in mysql).

I assume that your connect.php includes a call to mysql_connect ... are you also checking to make sure the connection is successful?

Should your password hash be before tring to connect to the DB?

function substr

$outputstring = "</br><b>" .$name. " </b> le <?php
echo date('d/m/Y') ;
?> a <?php
echo date('G:i') ;
?> a ecris:<hr/>" .$area. "</br>" ;

I think what you want is something like this

$outputstring = "</br><b>" .$name.   " </b> le ".date('d/m/Y')." a ".date('G:i')." a ecris:<hr/>"  .$area. "</br>" ;

to add the date at time of posting to your output string.

now is not a keyword, it's a function. You would normally use it when you create a new record.
example

INSERT INTO dates (date_field) VALUES (NOW())

to execute this in PHP code you call mysql_query

mysql_query("INSERT INTO dates (date_field) VALUES (NOW())");

On its own, however, the date stored may not have much value. In the context of your post, you would normally add a date field to your post table and save the date when the post content is saved. Have you got as far as creating a table for your posts yet? because this is probably a more logical place to start.

I get an error saying that my syntax is wrong

What is the actual error message you are getting? Is it from mysql or from PHP?

the line of code you posted doesn't have a semicolon at the end, which will generate a syntax error in php if its like that in your page.

I believe the PRIMARY statement needs to go at then end of all the column definitions

CREATE TABLE example (
  id int NOT NULL AUTO_INCREMENT,
  name varchar(30),
  age int,
  PRIMARY KEY (id)
)

Secondly I don't think base64_decode is necessary. Just check it out. I've worked with the same system before. And i directly echoed the data rather than a base64_decode

I believe you are correct, but you have to then specify the encoding type Header to be base64, if I'm not mistaken...?

@hwoarang

Post your whole code for both pages again please, I'll set it up localy and see if I can make it work.

i should del $sql from gallery side right? and while loop

Sorry, forgot to respond to this part.

No, you still want the loop in your gallery page, as this is selecting all images for the logged in user, and formatting the HTML page output.

The image.php page is only returning the contents of a single image file for display.

Both parts must work together for the user to see all images they have uploaded. Does this make sense the way I have explained it?

now only error is the T_STRING

in your page above, line 5 does not have a closing quote " which may be causing the issue.

please also make sure there are no blank lines in connect.php

does connect.php produce any output??

there can't be any output at all before setting the Header
Also remove that blank line (line 5 above) from image.php, as that may be generating empty output.

try changing line 8 of image.php

$imgdata = base64_decode($row[image]);
header("Content-Type: image/jpeg");
header("Content-Length: ".strlen($imgdata));
echo $imgdata;

note: the actual content-type used must depend on the type of image stored. ie: jpg gif png etc.
See this list for more details.

I think this section is wrong. (lines 24-27)

echo"
$image = $sql['image'];
base64_decode($image);
echo "$row[image]";
";

Try something like the following in its place.

echo '<td><img src="image.php?id='.$row['image_id'].'" /></td>';

then create a new file called image.php with the following content.

<?php
    session_start();
    include("connect.php");
    $sql = "SELECT image FROM image WHERE image_id = ".$_GET['id'];
    $result = mysql_query($sql);
    if ($row = mysql_fetch_assoc($result)) //should only be one record
    {
        echo base64_decode($row[image]);
    }
?>

Get rid of all the whitespace in the img src property - also, make sure the img tag is closed.

<img src=\"get.php?image_id=$lastid\"></img>

where are we getting _GET[image_id]?

this will pull the value from the querystring, ie: get.php?image_id=

$user_id = $_SESSION['user_id']; or _request?

I would think Session, unless you are passing the user_id to the page somehow

try adding quotes around your image source

 <img src ="get.php?image_id = $lastid">

dont forget to escape them in the php though

echo "Image upoaded.<p />your image:<p />
                      <img src = \"get.php?image_id = $lastid\">
                      ";

also, if you are passing the image_id to the get.php page, why aren't you using it to select the image?

eg:

mysql_query("SELECT * FROM image WHERE image_id = $_GET['image_id']");

line 4 (above) of get.php should be echo base64_decode($image);

and the header needs to be set first, or it wont work.

oh, I also just noticed that you are getting the image_id via last insert id, but you are selecting based on the user_id in get.php

no, as long as image_id is an autoincrement field, this is the correct way to handle it.

According to the table schema you provided in the original post, there are 2 fields at the end you are not providing values for. Either you need to add values for these fields (null can be used if this is acceptable by the schema) OR you need to specify the columns list for which you are providing data.

I would probably add this, and then insert as per your original insert query.

$image = base64_encode(file_get_contents($_FILES['fileupload']['tmp_name']));

then, yes, you call the base64_decode() when you want to display the image.

not sure what you are getting at with that user/password query, do you need to check the users login? Generally it is good practice to call mysql_real_escape_string() on any text input by a user before executing it on your database, as it can help prevent injection atacks as well as sql errors.