Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Gilbert

  1. Not sure what topic to post this under. I've read a bunch about sql injection and have done all the testing for bad input when building forms and input devices, but then I thought what if you display an alpha-numeric pad for a person to enter the data. I figured you have complete control over the input by processing each character as they are entered and then using a php file to process the end result. Basically there is no place for a hacker to enter a sql string with slashes or whatnot. I'd like to hear what pitfalls there are with this type of approach and what injections or hackin
  2. That seems to have done the trick. Now I have one other item concerning syntax that I hope you can help me with. I have a button with an onclick function and in that function I want to set a php session to the option that was chosen. function saveTheValue(theSID){ '<?php $_SESSION['editSchedStand']=' + theSID + ';?>'; } Can you tell me if this is possible or show me the correct syntax? Thank you
  3. OK, I will keep that in mind, but the thing that seems conflicting is that I used the session_start() only once at the beginning of my main page and then the session worked fine in the first http request but then bombed in the second. I've also read that if you invoke the session_start in more than 2 places it can screw things up. So you're saying I do need a session_start() at the beginning of each php code I invoke with an HTTP request. I'll give it a whirl. Thanks for the help!
  4. I thought I had this down, but I have a situation that isn't working. I have a page for dealing with schedules called adminSchedules.php and right at the top I put <?php session_start(); .... Then later on I make a xmlHTTPRequest and use the $_SESSION to get & set some session variables. I echoed them back to be sure they were set. Then I go back to the main adminSchedules page and I make another xmlHTTPRequest and when I try to access the session vars I set before, they are not set. I've checked over all the syntax carefully and the error I'm getting in the error_log fil
  5. Thanks a lot, justsomeguy! After I posted I tinkered some more and I came up with creating 2 views called viewDropOff and viewPickUp and then referenced them separately in the left joins. I use aliases sometimes, but I never really understood how powerful they can be, like in this instance. I will go back and try it the way you said and I'm sure it will work. Thank you for the help.
  6. Hi all, I have a table of a schedule of workers at kiosks and I have a table of drivers who drop them off and possibly a different driver picks them up. I have a view that lists other details from other tables (like times, dates, names) and I'd like to list the drop off and pickup drivers separately, because they might be different. I've tried a couple of things and got error messages - like 'referencing same table' when I tried this: create view allScheduleInfo AS ..... schedule.dropOffID, drivers.dropOffName, schedule.pickUpID, drivers.pickUpName, .... FROM schedule left join ..... l
  7. Hi all, I upload a text file to extract info to put into my database on GoDaddy and when I run my php code on it, it tells me that it can't read the file because it is in ansi-xxxx format. In my php code I'm using $var = fgets() to read each line and then put the $vars into the correct table of the database. So I have clicked the button at the top of the code editor and converted the text file to utf-8 - but the conversion leaves the file with 2 odd characters at the beginning of the file and puts a blank line between each line. When I delete the 2 characters and the blank lines and I ru
  8. Thank you very much - I was getting the feeling that it couldn't be totally automatic. I guess I'll just have to take 30 seconds out of my day to upload the txt file to my server. Thank you for the link and your help. Happy Holidays to you!
  9. Thanx for the reply. Maybe I'm not understanding what I need to do - I think I want to upload because I want to use php to do something with the file on the server. Right now I am opening my phpAdmin every day and entering my daily data by hand which is getting kind of tedious. I do want to COPY my data from a text file on my computer, but I thought that to get it on the server I had to UPLOAD. I know I could go to the file manager on the server and click upload and put the file wherever I want, but I wanted to make it automatic so I would have a button on the website to run the php to upl
  10. Hi all, I use MS Access to keep track of income at various kiosks and each day I create a text file which I would like to upload to my server and save the data to my tables so I can publish the results on a website. My question is about the uploading. The W3 schools example uses a form to pick the file and then uploads with php, as several other help sites have suggested. I already know the name of the file - it's not like a user picking one from his computer - so I'd like to skip the user interface and just tell the 'uploader' which file to use. I just want to click a button and have th
  11. Thank you so much justsomeguy!! I decided on the HTML element.scrollIntoView because I already had the ID of the list item. I said I had used php & sql to create the list so I just added a unique id attribute to the output wrapper and then used that as my element to scroll to. It works perfectly! I don't know why I didn't find this sooner - it's kind of weird that sometimes you have to know exactly what you want to find in order to search for it. Ah well, thanx again!
  12. Hi all, I have a list anywhere from 10 to 100 items retrieved from a database table using php & sql via an XMLHttpRequest. The list shows 5 or 6 records at a time in the screen view (phone) and you scroll thru them. I have an edit button included with each record which triggers an overlay to change that record - then you click OK and it updates the info in the database table. Then I show the list and the changes have taken place, but what I would like to do is show the list from just where the edit occurred, instead of the user having to scroll down maybe 50 or 60 records to confirm
  13. Thanx justsomeguy - I think what you're basically saying is that I did it correctly - that I have the right idea. I'm not sure I follow you on the 'validation' part because I'm getting the information from a database and asking the user to click on one of the options in the combo box list. Where is the validation needed? I think I'm missing where a user could inject malicious code. Thanx....
  14. Hi all, I am populating the <options> of a <select> statement from a database using php. I'm setting the value of the options to the 'workerID' and setting the innerHTML to the worker name, reading both of these values from the database table 'workers'. The 'input' button runs the php and I have the workerID as a value, but then I have to access the table again matching the workerID in a where clause to get the first & last name of the worker. It seems kind of redundant to do it this way - the question is, is there any way to pass along the worker name (which you just looke
  15. How so justsomeguy? Don't you need to UPDATE after you INSERT INTO? I learned my sql from MS ACCESS, but I realize mySQL has some different syntax. In Access the insert into doesnot update the table until you say 'update'. Have I written it wrong? A little more help, please. Thank you.
  16. I'm still a bit fuzzy on how to go about checking every page. Can you give me a typical example of how to check if a user has permission to view it. I came up with the following code but got stymied as to how to break off gracefully and return to whereever. Is this the right approach to start with - where do I go from here? Or am I not seeing the whole picture? Thank you!! <?php session_start(); $pageLevel = "4"; if ($pageLevel > $_SESSION["userUserLevel"]) { // userUserLevel is a single string digit created at log in echo "You do not have permission to view this page";
  17. Hi, I have a goDaddy account and I'm learning to import data. I've had success with a couple of uploads, but I get an error message and I don't understand what I need to do to get rid of it. My code is below, along with the error message I get and the excerpt from the mySQL documentation. Can anyone offer some advice about how to proceed and what may be the problem? The query works and updates the table with the info perfectly, but I think I should find out what this error is b/4 I incorporate into my website. Thanks a million! SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zon
  18. Thank you very much! I appreciate you helping me get this basic stuff under my belt from the start so I can do it right. Gil
  19. OK thank you very much. I have the log in in php and at the same time I set a $_SESSION var called userLogStatus to 'loggedIn' - so I have to check that global in php when each page opens. Or do you suggest I copy 'userLogStatus' to a sessionStorage to make it more accessible for checking. Would that compromise my security by being in the browser? Thanx, Gil
  20. Hi all, I'm trying to control where a visitor enters my website. I only want a visitor to open my homepage, pass security and then continue, like a menu-driven app. I know you can enter a domain name and a slash and go to that page in the website like 'amazon.com/tools' will bring up the tool page. Is there a way to prevent this from happening? Can it be turned off or on according to a security level imposed? I only want higher level users to see pages like 'checkswritten.html' or 'incomelevel.html' and not a casual user type in 'myDomain/incomelevel'. anybody can see the links in
  21. Hi all, I'm trying to wrap my head around the idea of the window object and the document object relationship. I've read some really good explanations in stackoverflow and others. I have a pretty good grasp of it so I tried an experiment. If the window object opens in the browser, and then the document object opens in the window, then if I change the document, will the window object remain the same. I tried make 2 simple html's - in the first I set a variable like window.myVar = "myValue";. I was able to change the value with a button so it was working fine, and then I used an <a&
  22. Thanx justsomeguy - I think I've got it now. I've got to read very carefully what is being referred to - the window or browser or page or site. Thanx
  23. I think I understand your point - The following excerpts are from thew3 JS tutorial under jsScope, but I think I read 'web page' as 'web site' in the first one, which would support your answer. But down further are two other excerpts which are confusing me. It says that HTML global variables belong to the window object and remain until the window is closed. The last line of the 3rd quote is what I was basing my hypothesis on. Please set me straight if I'm reading this wrong. Thanks for all your help. In the end, I have nothing against sessionStorage - I'm just trying to understand t
  24. Hi, I tried a couple of searches and couldn't find a post that compared these 2 forms of storage. I was using sessionStorage in my script to remember information from a Db, but as I was reviewing variable properties and scope, I said to myself Why should I involve sessionStorage when I can just assign the info to a global variable which is accessable to the whole website and goes away when you leave the website, just like a session variable. Is this correct? Are the global variables not as reliable or something? What are the differences, similarities; and what can you recommend to me
  25. Thank you very much - great explanation! I have programmed in 'normal' languages for some time now, but I have to start thinking in abstracts more with asynchronous stuff going on. I appreciate all the help from good, experienced coders like yourself. Gil
  • Create New...