Jump to content

Mudsaf

Members
  • Posts

    462
  • Joined

  • Last visited

  • Days Won

    1

Mudsaf last won the day on November 21 2019

Mudsaf had the most liked content!

About Mudsaf

  • Birthday 08/29/1994

Previous Fields

  • Languages
    php,css,javascript,jquery,mysql,html

Contact Methods

  • MSN
    Mudsaf@hotmail.com
  • Website URL
    http://www.mudsaf.com/
  • Skype
    Mudsaf

Profile Information

  • Location
    Finland
  • Interests
    Coffee & Gaming

Recent Profile Visitors

6,699 profile views

Mudsaf's Achievements

Member

Member (2/7)

17

Reputation

  1. Hey, was wondering what might have caused issue with my script to break. Basically I have "Search" function that uses jQuery .get to access website, but somehow when text is entered on chatbox it causes 500 error? This only happens on remote server and not local, could it be some sort of security block? Example (Error) https://mudsaf.com/script/php/search.php?search=asd Example (No error) https://mudsaf.com/script/php/search.php?search=12 --------------- Probably know the solution, why I always figure it out when I have posted here..
  2. It's somewhat easy to patch up, but you need to know what to do (how php and sql works). I'd suggest you to learn about check out these links if you want to have more secure system against SQL injections. https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection and https://www.w3schools.com/php/php_mysql_prepared_statements.asp --- I'd also recommend to sanitize or escape the image name too from $image.
  3. You don't want to use Auto increment in user_id on images table (as mentioned above), instead just get the value from $_SESSION. You are also setting it as Primary key, which means you can't have multiple images linked to one person. (However if you do, just use unique and create id column for images table with Auto_increment+Primary key.
  4. This seems fine, but has errors in it. Check the first echo after row image, missing dot and single quote or delete the line. As you asked the first echo is not required, was probably used to show you the results.
  5. mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); Honestly, I would recommend against this method, since its vulnerable to SQL injection. At least mysqli_escape the post method and consider hashing the passwords instead of storing them as plain text. This is so minor update that matters lot. Mysqli_real_escape_string: https://www.php.net/manual/en/mysqli.real-escape-string.php prevents from sql injection (not required with prepared statements, but yours isn't one).
  6. <?php echo "What kind of issue are you having? Mind telling us more whats wrong with the code (expected results and what you are getting)"; ?>
  7. Where have you defined variable called $id, for sure I cannot see one in this code.
  8. You can store wherever you want as long as you know the path you store them. If you want to store outside of www directory then you need to use php readfile() and store mime_types, but that gets bit more complex.
  9. Check the item_id where you are getting the error. You are trying to create it as primary key, but you only have column called id. As justsomeguy told you have to pay attention to details. Check the underlined areas, also you are missing a comma before primary key. Below working example. CREATE TABLE IF NOT EXISTS images ( id INT UNSIGNED NOT NULL AUTO_INCREMENT, img VARCHAR(20) NOT NULL, PRIMARY KEY (id) ); INSERT INTO images (img) VALUES ("testx");
  10. What you are trying to do isn't going to work with the table you just created. You need to make 3 more columns to your database table to be able to fill the rest of information in your query. Example scenario account information id int auto_increment primary key | username varchar(50) | password varchar(128) | email (varchar150) unique So lets pretend that the table we created with the "create table" query. So we wound have to do insert query like below. insert into accounts (username,password,email) values (value1,value2,value3)
  11. It was just example text that you could insert to the database. (Whatever you want to insert into img column, usually the filepath+name as you mentioned)
  12. As for SQL try this CREATE TABLE IF NOT EXISTS images ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, img VARCHAR(20) NOT NULL ) INSERT INTO images (img) VALUES ("imageurl")
  13. After move_uploaded_file just do simple sql query that adds the information to database. You already have all the available information ready. If you only have 2 columns on database, you only need the image name stored, since id is auto_integer primary key (so its auto generated). What kind of issues are you having with your code? More about file upload: https://www.w3schools.com/php/php_file_upload.asp More about sql insert: https://www.w3schools.com/php/php_mysql_insert.asp
  14. Not sure what kind of sorcery is this, but it works now. Thank you!
×
×
  • Create New...