I am using codeigniter to built a type of online shop.
I want to create a process order function in order to verify the details of the order the clients puts in.
I am stuck though because on the last page i have the data to submit and when i click i go to main/process_order where i insert the data in the table and then use curl to comunicate with another server.
My question is: when i hit submit and then stop on the process_order page if i reload it 1000 times, the table will be filled with the same 1000 lines, so this can be a security issue. Also if i make a function to add the data to db and then redirect to process_order it will be another issue because i still need my data that was posted.
What's the best way to solve this. I hope i made it as clear as i can.
Code:
$data=array(
'userid' => $userid,
'email' => $email_data,
'phone' => $this->input->post('phone'),
'discount' => $this->input->post('discount'),
'price' => $this->input->post('price'),
'final_price' => $this->input->post('final_price'),
'client_data' => $this->input->post('client_info'),
'client_ip' => $this->input->post('client_ip'),
'time' => $date
);
$this->db->insert('orders_temp', $data);
Maybe something like this can help. Do a check on the userid and the time before you insert the data. You would need make sure to do a search on database fields that are unique (unless the time field is the full time)
$data=array(
'userid' => $userid,
'email' => $email_data,
'phone' => $this->input->post('phone'),
'discount' => $this->input->post('discount'),
'price' => $this->input->post('price'),
'final_price' => $this->input->post('final_price'),
'client_data' => $this->input->post('client_info'),
'client_ip' => $this->input->post('client_ip'),
'time' => $date
);
if (<!--CONDITIONAL STATEMENT-->)
{
$this->db->insert('orders_temp', $data);
}
Related
I am attempting to convert a php form script I created from an external MySql database to an external SQL server database. I have properly copied the database over and just seem to be having a problem getting the form to use the WPDB object to use insert into the new SQL server database. The same creation script was used for both databases.
The insert statement:
try {
$externalDB->insert('EmployeeApp.dbo.applicant', array(
'first_name' => $first_name,
'last_name' => $last_name,
'middle_name' => $middle_name,
'suffix' => $suffix,
'nick_name' => $nick_name,
'email' => $email,
'idnumber' => $idnumber,
'street_address' => $street_address,
'city' => $city,
'state' => $state,
'zip' => $zip,
'phone' => $phone,
'ged' => $ged,
'over_18' => $over_18,
'previous_app' => $previous_app,
'previous_app_date' =>$previous_app_date,
'previous_emp' => $previous_emp,
'previous_emp_date' => $previous_emp_date,
'us_citizen' => $us_citizen,
'visa' => $visa,
'us_eligible' => $us_eligible,
'date_avail' => $date_avail,
'name_change' => $name_change,
'name_change_info' => $name_change_info,
'discharged' => $discharged,
'military' => $military,
'military_info' => $military_info,
'high_school_name' => $high_school_name,
'high_school_city' => $high_school_city,
'high_school_state' => $high_school_state,
'highest_grade_completed' => $highest_grade_completed,
'additional_skills' => $additional_skills,
'convicted'=> $convicted,
'convicted_name' => $convicted_name,
'convicted_date' => $convicted_date,
'convicted_charge' => $convicted_charge,
'convicted_sentence' => $convicted_sentence,
));
$lastid = $externalDB->insert_id;
The database connection object:
try{
$externalDB = new wpdb(EMP_DB_USER,EMP_DB_PASS, EMP_DB_NAME, EMP_DB_HOST);
}catch(Exception $e){
echo $e->getmessage();
}
$wpdb has been declared as a global at the top of the script and this was working perfectly before I connected to a SQL server database.
I am wondering if I need to not use $externalDB->insert() with SQL or try a different table call such as just 'dbo.applicant' or just 'applicant'. Not sure about the transition and can’t find a lot of documentation on it.
If you look at the code, you will see that the wpdb class connects only to MySQL databases. This is an acknowledged limitation of Wordpress, and although there have been some attempts by third parties to rectify the situation, nothing official has happened yet!
I am having a problem in updating values i get from web service ..
$collection = $modb->$table;
$collection->update(array("id" => (int)$row['id']),
array('$set' => array(
"user_id" => (int)$post_data_array['user_id'],
"story" => (int)$post_data_array['story'],
"surprize_sub1" => (int)$post_data_array['surprize_sub1'],
"surprize_sub2" => (int)$post_data_array['surprize_sub2'],
"surprize_sub3" => (int)$post_data_array['surprize_sub3'],
"exr_solve" => (int)$post_data_array['exr_solve'],
"exr_assessmnt" => (int)$post_data_array['exr_assessmnt'],
"exr_refresh" => (int)$post_data_array['exr_refresh'],
"sound_control" => (int)$post_data_array['sound_control'],
"clock_control" => (int)$post_data_array['clock_control'],
"switch_user" => (int)$post_data_array['switch_user'],
"exr_print" => (int)$post_data_array['exr_print'],
"write_on_wall" => (int)$post_data_array['write_on_wall'],
"switch_letter" => (int)$post_data_array['switch_letter'],
"view_controls" => (int)$post_data_array['view_controls'],
)));
I get these values from end users.. i want the specific field sent to be updated without loosing all the rest of data ..
in this code only sent data is set while removing the rest .. i want to change only sent ones by keeping the rest as they are, please advice
you need to use updateOne instead of update .
updateOne
Use the MongoDB\Collection::updateOne() method to update a single document matching a filter.
$collection = $modb->$table;
$collection->updateOne(array("id" => (int)$row['id']),
array('$set' => array(
// .... array elements
)));
Im working with an api which stores data into a JSON file. This data is gathered from a form that the users fill in my website. The way its inserted goes as follow:
$pers_payload = array(
'gender' => 'Unknown', //or Male / Female
'first_name' => $_POST['billing_first_name'],
'family_name' => $_POST ['billing_last_name'],
'email' => $_POST['billing_email'],
'linked_as_contact_to_organization' => array(
array(
'organization_id' => $organization_id, // add the person as a contact to the newly created organization
'work_email' => $_POST['billing_email'],
'work_phone' => $_POST['billing_phone']
)
),
'visiting_address' => array(
'country_code' => 'NL'
), // can be extented with other address data
'postal_address' => array(
'country_code' => $_POST['billing_country']
) // can be extented with other address data
);
And then:
$person = $SimplicateApi->makeApiCall('POST','/crm/person',json_encode($pers_payload));
Now instead of post i want to get the data. I tried getting data like this:
$SimplicateApi->makeApiCall('GET','/crm/organization?q[name]=*my name*');
I dont know if this is the right way, well it didn't work so obviously its not.
Anyways what im trying to achieve is with PHP i want to gather the name value of an existing person. this data is stored in /api/v2/crm/person.json
Api documentation (which i read but didn't understand to well) http://api.simplicate.nl/
It's been a while but i'm trying to answer all my open questions without an answer which i ended up solving on my own.
So for this.
You have to create a variable which makes the get request like this:
$test = $SimplicateApi->makeApiCall('GET','/crm/organization?q[name]=My name');
Now you can for example do a var_dump($test);
And as output you will get all the data inside
/crm/organization?q[name]=My name
I'm working with an API.
With an array I collect data like this:
$org_payload = array(
'name' => $_POST['billing_company'],
'phone' => $_POST['billing_phone'],
'email' => $_POST['billing_email'],
'note' => $_POST['order_comments'],
'relation_type' => array(
'id'=>'relationtype:c1ec3ae77036842d' //provide the relationtypeid, f.e. relationtype:796ce0d318a2f5db515efc18bba82b90
),
'visiting_address' => array(
'country_code' => 'NL',
'line_1' => $_POST['billing_address_1'],
'postal_code' => $_POST['billing_postcode'],
'locality' => $_POST['billing_city'],
'country' => $_POST['billing_country']
), // can be extented with other address data
'postal_address' => array(
'country_code' => 'NL'
) // can be extented with other address data
);
At one point i send this data to the program i'm working with. I achieve this with this code:
$organization = $SimplicateApi->makeApiCall('POST','/crm/organization',json_encode($org_payload));
I gather this data from a form on my website. This data gets posted in the program.
I am trying to achieve that when data gathered from my form matches existing data in the program then don't add it. I would like a hint in the right direction for this, been looking on the internet without any luck.
What I would suggest is to have one extra call to the API.
Like you said in the comments - the company name and the phone number is unique.
If there is some call to get a user by those values and check what you got from the form, would be enough.
If they are unique - send them,
if not - show to the user or whatever you want to do here.
No need to keep one more database on your system as well.
I have built an API that I want to test. By that reason I'm building a simple client to try out the different features (CRUD). Below is the function for updating a producer, which works fine. However, I also want to be able to update parts of a producer, e.g. address (/producers/8?method=put&address=milkyway).
The array producer always contains the same elements (name, address, zipcode etc) but I only want to update the producer with the elements in the array which contains of anything. What I mean with that is that if for example the name element in the array is empty then name shouldn't be included in *http_build_query*. If only the name element contains of anything then only name should be updated.
So, let's say that the array (except for id that of course is mandatory) contains of address. How can I dynamically add only that to *http_build_query* ?
Thanks in advance!
public function UpdateProducer($producer) {
$url = 'http://localhost/webbteknik2/Labb2/api/v1/producers/ . $producer['id'] . '?method=put';
$data = http_build_query(array(
'name' => $producer['name'],
'address' => $producer['address'],
'zipcode' => $producer['zipcode'],
'town' => $producer['town'],
'url' => $producer['url'],
'imgurl' => $producer['imgurl'],
'latitude' => $producer['latitude'],
'longitude' => $producer['longitude'],
));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
...
the rest of the curl code
}
Note: I know this is bad coding in many ways, but as I said I only, asap want to be able to test the CRUD functionality through the client.
use array_filter to remove the empty elements....
$params = array(
'name' => $producer['name'],
'address' => $producer['address'],
'zipcode' => $producer['zipcode'],
'town' => $producer['town'],
'url' => $producer['url'],
'imgurl' => $producer['imgurl'],
'latitude' => $producer['latitude'],
'longitude' => $producer['longitude'],
);
$data = http_build_query(array_filter($params, 'is_null'));