Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Gilbert last won the day on April 25 2018

Gilbert had the most liked content!

Community Reputation

1 Neutral

About Gilbert

  • Rank

Profile Information

  • Gender
  • Location
  1. Not sure what topic to post this under. I've read a bunch about sql injection and have done all the testing for bad input when building forms and input devices, but then I thought what if you display an alpha-numeric pad for a person to enter the data. I figured you have complete control over the input by processing each character as they are entered and then using a php file to process the end result. Basically there is no place for a hacker to enter a sql string with slashes or whatnot. I'd like to hear what pitfalls there are with this type of approach and what injections or hackin
  2. That seems to have done the trick. Now I have one other item concerning syntax that I hope you can help me with. I have a button with an onclick function and in that function I want to set a php session to the option that was chosen. function saveTheValue(theSID){ '<?php $_SESSION['editSchedStand']=' + theSID + ';?>'; } Can you tell me if this is possible or show me the correct syntax? Thank you
  3. OK, I will keep that in mind, but the thing that seems conflicting is that I used the session_start() only once at the beginning of my main page and then the session worked fine in the first http request but then bombed in the second. I've also read that if you invoke the session_start in more than 2 places it can screw things up. So you're saying I do need a session_start() at the beginning of each php code I invoke with an HTTP request. I'll give it a whirl. Thanks for the help!
  4. I thought I had this down, but I have a situation that isn't working. I have a page for dealing with schedules called adminSchedules.php and right at the top I put <?php session_start(); .... Then later on I make a xmlHTTPRequest and use the $_SESSION to get & set some session variables. I echoed them back to be sure they were set. Then I go back to the main adminSchedules page and I make another xmlHTTPRequest and when I try to access the session vars I set before, they are not set. I've checked over all the syntax carefully and the error I'm getting in the error_log fil
  5. Thanks a lot, justsomeguy! After I posted I tinkered some more and I came up with creating 2 views called viewDropOff and viewPickUp and then referenced them separately in the left joins. I use aliases sometimes, but I never really understood how powerful they can be, like in this instance. I will go back and try it the way you said and I'm sure it will work. Thank you for the help.
  6. Hi all, I have a table of a schedule of workers at kiosks and I have a table of drivers who drop them off and possibly a different driver picks them up. I have a view that lists other details from other tables (like times, dates, names) and I'd like to list the drop off and pickup drivers separately, because they might be different. I've tried a couple of things and got error messages - like 'referencing same table' when I tried this: create view allScheduleInfo AS ..... schedule.dropOffID, drivers.dropOffName, schedule.pickUpID, drivers.pickUpName, .... FROM schedule left join ..... l
  7. Hi all, I upload a text file to extract info to put into my database on GoDaddy and when I run my php code on it, it tells me that it can't read the file because it is in ansi-xxxx format. In my php code I'm using $var = fgets() to read each line and then put the $vars into the correct table of the database. So I have clicked the button at the top of the code editor and converted the text file to utf-8 - but the conversion leaves the file with 2 odd characters at the beginning of the file and puts a blank line between each line. When I delete the 2 characters and the blank lines and I ru
  8. Thank you very much - I was getting the feeling that it couldn't be totally automatic. I guess I'll just have to take 30 seconds out of my day to upload the txt file to my server. Thank you for the link and your help. Happy Holidays to you!
  9. Thanx for the reply. Maybe I'm not understanding what I need to do - I think I want to upload because I want to use php to do something with the file on the server. Right now I am opening my phpAdmin every day and entering my daily data by hand which is getting kind of tedious. I do want to COPY my data from a text file on my computer, but I thought that to get it on the server I had to UPLOAD. I know I could go to the file manager on the server and click upload and put the file wherever I want, but I wanted to make it automatic so I would have a button on the website to run the php to upl
  10. Hi all, I use MS Access to keep track of income at various kiosks and each day I create a text file which I would like to upload to my server and save the data to my tables so I can publish the results on a website. My question is about the uploading. The W3 schools example uses a form to pick the file and then uploads with php, as several other help sites have suggested. I already know the name of the file - it's not like a user picking one from his computer - so I'd like to skip the user interface and just tell the 'uploader' which file to use. I just want to click a button and have th
  11. Thank you so much justsomeguy!! I decided on the HTML element.scrollIntoView because I already had the ID of the list item. I said I had used php & sql to create the list so I just added a unique id attribute to the output wrapper and then used that as my element to scroll to. It works perfectly! I don't know why I didn't find this sooner - it's kind of weird that sometimes you have to know exactly what you want to find in order to search for it. Ah well, thanx again!
  12. Hi all, I have a list anywhere from 10 to 100 items retrieved from a database table using php & sql via an XMLHttpRequest. The list shows 5 or 6 records at a time in the screen view (phone) and you scroll thru them. I have an edit button included with each record which triggers an overlay to change that record - then you click OK and it updates the info in the database table. Then I show the list and the changes have taken place, but what I would like to do is show the list from just where the edit occurred, instead of the user having to scroll down maybe 50 or 60 records to confirm
  13. Thanx justsomeguy - I think what you're basically saying is that I did it correctly - that I have the right idea. I'm not sure I follow you on the 'validation' part because I'm getting the information from a database and asking the user to click on one of the options in the combo box list. Where is the validation needed? I think I'm missing where a user could inject malicious code. Thanx....
  14. Hi all, I am populating the <options> of a <select> statement from a database using php. I'm setting the value of the options to the 'workerID' and setting the innerHTML to the worker name, reading both of these values from the database table 'workers'. The 'input' button runs the php and I have the workerID as a value, but then I have to access the table again matching the workerID in a where clause to get the first & last name of the worker. It seems kind of redundant to do it this way - the question is, is there any way to pass along the worker name (which you just looke
  15. How so justsomeguy? Don't you need to UPDATE after you INSERT INTO? I learned my sql from MS ACCESS, but I realize mySQL has some different syntax. In Access the insert into doesnot update the table until you say 'update'. Have I written it wrong? A little more help, please. Thank you.
  • Create New...