Jump to content

son

Members
  • Posts

    1,024
  • Joined

  • Last visited

Recent Profile Visitors

7,687 profile views

son's Achievements

Dedicated Member

Dedicated Member (4/7)

11

Reputation

  1. I post this here as a database issue/decision... Working on this project where I am also tidying up a lot of data that was placed in many different places (some even offline, mostly contact data for customers). At the moment I am collating all the data in one mySQL table. Afterwards I will create a mini web admin interface to access the data, change details and/or delele as necessary. However, one thing came up: Mailchimp is used to send newsletters which obviously means that there is another place with contact data where some might match the ones in central database. And there might be individuals who initially are only receiving newsletters and then change to become customer or the other way round. As the sending and measuring requires the Mailchimp account am wondering if it is an idea to still match up data from Mailchimp somehow to the central database? It would be fab if one could see all contacts in one place and this would include the newsletter contacts also. However, it would be essential that the data stays up to date and does not involve manual copying/pasting. So, if one person signs up to newsletter there should also be automatically an entry in central db, if one unsubscribes this should be reflected in central db etc.. Not sure what is the best way forward... Does any of you have experience in streamlining things like this? Son - lost
  2. son

    TIMEDIFF returns empty set

    Thanks for new reply. Will leave it as it is as there will never be an instance where the start and end would be on separate days... Son
  3. son

    TIMEDIFF returns empty set

    Actually, had a play around with this and seems I cannot undo the automatical insertion of current timestamp when I make changes made to a row. This is not useful as the timestamp will never be the current one and would only mess up my data, so will leave it in separate fields as it is... Son
  4. son

    TIMEDIFF returns empty set

    Query works now, thanks:-) However, had to change the time fields in query though as otherwise negative difference coming up. I want to add up several time differences to a total of used slots. Query now: "SELECT TIMEDIFF(ender, starter) AS timediff FROM table1"; which works. What you said regarding date: I have a separate field for DATE and then the two TIME columns. But now you got me thinking and I wonder if it was an idea to loose the DATE column and just add DATE bit to the two TIME columns. Would that make sense? Guess it would enable me to loose one column and I could still extract date and time parts separately. Or, are there other reasons to do this? Son
  5. Have table1 to hold date as DATE and a start and end time as TIME as I need to calculate difference between the start and end time for various dates (which all hold varying times). However, using TIMEDIFF on my columns 'starter' and 'ender' which hold the TIME components simply returns an empty set SELECT TIMEDIFF('starter','ender') FROM table1; Do you have any ideas? Have posted below the formatting used in columns just in case the issue lies there... Son 2010-09-09 09:30:00 11:00:00
  6. son

    Security

    Sorry for delay in responding. Caught a nasty bug... Thanks for feedback. Will look into this. Very helpful:-) Son
  7. son

    Security

    I implemented the changes to the area, but just now thought if it might also be an idea to log the IP addresses of users just in case some dodgy entity finds a way in. Would tha be a good idea and if so, should I do this only for the login or any updates entered? Really would like to do all I can to avoid issues with security etc. Son
  8. son

    Security

    Thanks for your feedback Ingolme. Whilst no home address etc will go for your advice and have them enter password to change password and email address. Will also check for https. Might also consider the two email option. Appreciate your input:-) Son
  9. son

    Security

    Hi there, Have coded a simply members login area where members can change their email address, password (to logon to area), phone number and upload some text info. Nothing fancy really (no file upload etc). Now am concerned to make the area as secure as I can and whilst you need to be logged in to access any of the pages within the area I wonder what else I can do. I have three main questions. 1. On lots of large websites you have to enter your password to change details. Would it be good advice to do this for all four update pages (email address, password, phone, information)? Or would that be overkill? 2. Shall I request that the whole area is under https rather than just http? 3. What else is good practice to safeguard the area and/or what tools can you use to test security issues? In addition, I decided to go only for one email field rather than add the customary confirmation email field. My browers always fill in the details anyway, so in a way there is no point to this. What is your take on this? Any comments appreciated:-) Son
  10. Thanks for all the feedback. Very helpful. The external scripts are sitting in admin folder, web root and there is a folder created in web root with two files inside... Son
  11. Thanks Ingolme. You might have just pointed me in the right direction. However, not sure how they managed to login into password protected area where this files sits. All files have test right at the top to check if user is logged in... In addition, the site security scan did not pick up on any of the dodgy scripts and host says that this is because file sat there for years apparently. However, I can for once not see how it sat there for all this time not doing anything till recently and why a security scan would not pick up dodgy scripts just because they were for a while on the site. Does this make any sense to you? Son
  12. Thanks for your feedback. Will check the access logs. However, unfortunately we are not entirely sure when it happened. Seems to have gone on unnoticed for some time. There is a security service installed which was offered by host when we discovered a number of strange things happening and were able to correct some that were obvious. However, the scans come back each day saying that the files are all okay which sort of confuses me as they are obviously not. In addition when you say scripts often lack 'security validation and checking and allow attackers to replace or upload files' can you point me in the right direction of what to google to find some more info on this. Am still puzzled how those placed .php files come to the web server in the first place. I understand once one script is there how it can create the other files and folders, but am lost as in how they got in first... Son
  13. Is it possible that a hacker can place phycial files and create new folders on a web server without ftp access? If so, how can I find out if the hack came via ftp or via a weak script? Son
  14. Thanks for this. Could only think in vague PHP-terms to solve this and it is great to have the confirmation that I am not missing a more direct way of achieving this. Will have a go now:-) Son
  15. Thanks for pointing this out. Have setup a new table now with three fields: combination ID, item ID, category ID. As I have lots of data sitting in the item table wondered if there is a good way to extract the info to the new table? It would need to transfer each itemID/categoryID combination to the new table. For example 'itemID (1), categoryIDS (1,2,3)' would become 'itemID (1), categoryIDS (1)', 'itemID (1), categoryIDS (2)' and 'itemID (1), categoryIDS (3)'. The category ids are in field as a comma-separated list without spaces... Son
×
×
  • Create New...