Page 2 of 2 First 12
  • Jump to page:
    #16
  1. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    I know we're going off topic a little here, but just for the OPs reference:

    http://www.php.net/eol.php

    PHP 4.3 was officially given an "end of life" by the PHP team on 31 March 2005 - near enough 8 years ago. the entire 4.x branch died in August 2008 and since then 3 versions of PHP 5 have reached their end of life

    If you are using <=4.3 upgrade. In fact, if you're using <=5.2 upgrade. 5.3 might even reach EOL this year (https://wiki.php.net/rfc/releaseprocess )

    If a developer who you are paying allows you to use <=4.3 sack him, he should be encouraging you to upgrade your hosting set up.

    If your developer is a friend or family member then perhaps suggest they update their skills?
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  2. #17
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1015
    Compared to what we usually see around here, I don't find the code too bad. Sure, some parts are hopelessly outdated. But at least he/she tried to make the code secure and actually wrote down some descriptive comments. Great! Finally someone who seems to actually care about good code and doesn't stop at "It compiles" (aka "It works" when using an interpreter).

    But, yeah, outdated code and knowledge seems to be the biggest problem of PHP. People learn the basics from some 15-year-old online tutorial, and that's it. "It works", so why learn something new?

    No matter how many deprecation warnings the PHP developers put into the manual, no matter how many tutorials about MySQLi/PDO get written, people still use
    PHP Code:
    mysql_query('SELECT * FROM users WHERE user_id = $_GET[id]') or die(mysql_error()); 
    Because that's what w3schools has taught them.

    And I doubt this will change in the near future. The PHP learners tend to be lazy and ignorant, the PHP devs are afraid to break legacy code, and the PHP hosters don't update their stuff. It's just sad. We have a small elite programming and using the latest fancy features, and we have masses of (amateur) programmers who are stuck in time and still write their HTML and PHP like it was 1995.

    Comments on this post

    • ptr2void agrees
    • Smurff289 agrees
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #18
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    4
    Originally Posted by Jacques1
    Compared to what we usually see around here....
    Thanks for the great insight. I have been really trying to learn PHP and MySQL, I really would like to learn more, and be good at it. Where is a good place to learn basics > harder complex stuff?

    I do have another question, and was thinking about starting a new thread, but its in direct correlation to what I have provided.

    I just learned the information being passed to me is coming from a JSON String, not a post method like I had originally thought. This is the string being sent to me...
    PHP Code:
    {"username":"john","secret_key":"123","password":"smith"
    So now I need to parse this first, than run it within my form?
    What would be the simplest way to do that?
    Would I just put the below code in the top portion of my PHP Script? .

    This is what I have thus far.

    PHP Code:
    $string 'THE JSON STRING YOU SHOULD GET FROM _POST[]"; 
    $json_a=json_decode($string,true); 
    $username = $json_a["username"]; 
    $secret_key = $json_a["secret_key"]; 
    $password = $json_a["password"]; 
  6. #19
  7. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    mind your quotes! (see double/single mis match in your post above)

    The function you want is [PHPNET="json_decode"]json_decode()[/PHPNET]

    this function takes a json string and turns it into an object

    If you want it as an array, send true as the optional second argument (the link to the docs gives more info).

    Then test with print_r or var_dump
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  8. #20
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    47
    Rep Power
    4
    Originally Posted by Northie
    mind your quotes! (see double/single mis match in your post above)

    The function you want is [PHPNET="json_decode"]json_decode()[/PHPNET]

    this function takes a json string and turns it into an object

    If you want it as an array, send true as the optional second argument (the link to the docs gives more info).

    Then test with print_r or var_dump
    I corrected the double quote.
    I am using a JSON_Decode with a true value?
    Ive been able to echo the $password, username, secret_key and I get accurate info. However that info is not being carried over into my script?

    PHP Code:
    $string '{ "username":"test", "secret_key":"123", "password":"test" }'
    $json_a=[B]json_decode[/B]($string,[B]true[/B]); 
    $username $json_a["username"]; 
    $secret_key $json_a["secret_key"]; 
    $password $json_a["password"]; 
    Thanks you for all your help. I got it working completly. This is my final code I had to change all the $post to $string and remove the $clean query.
  10. #21
  11. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    now all you need to do is prevent SQL injection.

    Just because the data is coming from json, does not mean it is safe, the username field in the json string could still contain characters that are unsafe for MySQL

    Also, please consider alternatives to the mysql_* library functions. My sig contains a link to a migration guide (might have to scroll up to my first reply to see it) and shows how to easily protect against SQL injection
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  12. #22
  13. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    1
    Rep Power
    0
    Stringify your jason object into a hidden field. Then use json_decode on the server side of the resulting $_POST value.
    Last edited by ManiacDan; March 19th, 2013 at 03:21 PM.
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo