DoxramosPS's Profile User Rating: -----

Reputation: 4 Apprentice
Group:
Active Members
Active Posts:
164 (0.25 per day)
Joined:
07-October 12
Profile Views:
1,426
Last Active:
User is offline Yesterday, 04:24 PM
Currently:
Offline

Previous Fields

Country:
US
OS Preference:
Linux
Favorite Browser:
Chrome
Favorite Processor:
AMD
Favorite Gaming Platform:
Playstation
Your Car:
Ford
Dream Kudos:
0

Latest Visitors

Icon   DoxramosPS has not set their status

Posts I've Made

  1. In Topic: Regarding Prepared Statements

    Posted 30 Jul 2014

    In this case I actually only want one row to be returned. I want the others to default to 0 if enabled on one is set to 1. The code I was using to display multiple results was
    public function GetLinks() {
    		Dox::Connect();
    		printf("<div class='nav-button' onclick='window.location = \"index.php\";'>Home</div>");
    		$stmt = $this->mysqli->prepare("SELECT name,id FROM pages WHERE mainnav=? ORDER BY pageOrder ASC");
    		if ($stmt === false) {
    			trigger_error($this->mysqli->error, E_USER_ERROR);
    			}
    		$mainnav = '1';
    		$stmt->bind_param('i', $mainnav);
    		$stmt->bind_result($name,$id);
    		$stmt->execute();
    		while($stmt ->fetch()) {
    			$this->name = $name;
    			$this->id = $id;
    				printf("<div class='nav-button' onclick='window.location = \"viewPage.php?=". $id . "\";'>" . $name . "</div>");
    				}
    			}
    
    
  2. In Topic: Regarding Prepared Statements

    Posted 30 Jul 2014

    No. I knew that that wasn't prepared. The new one I have is prepared
    public function GetSiteInfo() {
    		Dox::Connect();
    		$stmt = $this->mysqli->prepare("SELECT name,copyright,facebook FROM siteinfo WHERE active='1'");
    		if ($stmt === false) {
    			trigger_error($this->mysqli->error, E_USER_ERROR);
    			}
    		$stmt->bind_result($name, $copyright, $facebook);
    		$stmt->execute();
    		while($stmt -> fetch()) {
    			$this->sitename=$name;
    			$this->copyright = $copyright;
    			$this->facebook = $facebook;
    			}
    		}
    
    

    Is what I'm actually using now and I'm thinking I'm going to be changing it to
    public function GetSiteInfo() {
    		Dox::Connect();
    		$stmt = $this->mysqli->prepare("SELECT name,copyright,facebook FROM siteinfo WHERE enabled=?");
    		if ($stmt === false) {
    			trigger_error($this->mysqli->error, E_USER_ERROR);
    			}
                    $enabled = '1';
    		$stmt->bind_param('i', $enabled);		
                    $stmt->bind_result($name, $copyright, $facebook);
    		$stmt->execute();
    		while($stmt -> fetch()) {
    			$this->sitename=$name;
    			$this->copyright = $copyright;
    			$this->facebook = $facebook;
    			}
    		}
    
    

    I'm up for constructive Criticism if It looks like I'm messing up anywhere. :)
  3. In Topic: Regarding Prepared Statements

    Posted 30 Jul 2014

    That's kind of what I was thinking. I plan on changing it all eventually just wasn't sure how necessary it was at the moment.
  4. In Topic: Odd little issue when submitting form to update page information.

    Posted 30 Jul 2014

    After it's been switched to a Prepared Statement is that still a concern? That's the best way I could think to create a dynamic link.
  5. In Topic: Odd little issue when submitting form to update page information.

    Posted 30 Jul 2014

    The editPage.php link is a dynamic link to the page ID and then the Dox->PageContent() function retrieves values from
    public function GetPageInfo() {
    	Dox::Connect();
    	$this->query="SELECT * FROM pages WHERE id=" . $_GET['id'] . "";
    	$this->result=mysqli_query($this->mysqli,$this->query);
    	while($row=mysqli_fetch_object($this->result))
    		{
    		$this->title=$row->title;
    		$this->content=$row->content;
    		$this->mainnav=$row->mainnav;
    		$this->home=$row->home;
    		$this->id=$row->id;
    		$this->name=$row->name;
    		}
    	}
    
    

    (I'll be changing that to prepared Statements. Going to go through my entire code and redo it.) Other than that though I would think it would be better to put an
    if(isset($_GET['id'])) {
                 	$this->query="SELECT * FROM pages WHERE id=" . $_POST['id'] . "";
    }
    else if(isset($_POST['id'])) {
                   $this->query="SELECT * FROM pages WHERE id=" . $_GET['id'] . "";
    }
    else {
                    printf("You cannot directly access this page.");
    }
    
    

    This is more of a brain storming session than anything. Sorry. :P

    View PostDoxramosPS, on 30 July 2014 - 08:07 AM, said:

    Thanks for the response Dormilich. I looked into prepared statements a little more. Not 100% sure that I did it right, but I know that it's working.
    public function UpdatePageTest() {
    	Dox::Connect();
    	$stmt = $this->mysqli->prepare("UPDATE pages SET name=?,title=?,content=?,mainnav=?, home=? WHERE id=?");
    if ($stmt === false) {
      trigger_error($this->mysqli->error, E_USER_ERROR);
    }
    $id = $_POST['id'];
    
    $stmt->bind_param('sssiii', $name, $title, $content, $mainnav, $home, $id);
    
    $name = $_POST['name'] ?: '';
    $title = $_POST['title'] ?:'';
    $content = $_POST['content'] ?:'';
    $mainnav = $_POST['mainnav'] ?:'';
    $home = $_POST['home'] ?:'';
    $status = $stmt->execute();
    }	
    
    

    Still get the massive php error page after submitting it, I think it's because it refreshes the page on form submit, but rather than submitting with the id at the end it's only submitting pageEdit.php with no ?id= at the end hence there's nothing to pull from.
    I think the only thing I can think of is to have the form action point to a different page. IE. UpdateSuccess.php

    And out of curiosity. I've been able to find out how it's done, but how does this make it more secure? I couldn't find the answer to that. It looks like in the end it's just performing the query the same way? Sorry. A bit confused.

My Information

Member Title:
D.I.C Head
Age:
27 years old
Birthday:
May 16, 1987
Gender:
Location:
Seattle
Interests:
PHP, C++, Gaming
Full Name:
Morgan Green
Years Programming:
2
Programming Languages:
PHP, SQL, Javascript, C++, C#

Contact Information

E-mail:
Private
Website URL:
Website URL  http://www.doxramos.org

Friends

DoxramosPS hasn't added any friends yet.

Comments

DoxramosPS has no profile comments yet. Why not say hello?