I am really having a difficult time getting started with this task.
I have 2 forms on same page.
The first form provides a search box for users to enter one of several search filters like Address, Zip Code, Streets, landlots, even the state name.
If the search produces several results, the user can then click on Advanced Search link.
This Advanced Search contains several checkboxes that allow users to check one or more boxes to narrow their search results.
This works great.
The issue now is to give the user the ability to "save" their search results perhaps using cookies so that next time the user loads this page, the search result
s/he saved last time will become his/her default search page until they change it or until they remove the cookies which wipes out this last Action.
This is more like remembering user's last action when s/he searched this page last time.
My thinking so far, first of all, is to store the SQL query in a Session variable in the php code.
Then, when the user clicks on "Remember This Action" button that I am going to create", I could just have my php code save that session variable value in a cookie.
In other words, I would do something like this:
$tsql = "SELECT Name, FeatType,
MinX, MinY, MaxX, MaxY
FROM mytable
ORDER BY ListOrder, Name DESC";
Session("LastAction") = $tsql
And then have the "Remember This Action" button post to an my php page that simply does:
Cookies("LastAction") = Session("LastAction")
Cookies("LastAction").Expires = Date() + 365 ' expires in one year
Finally, I can provide a "Repeat Last Action" button on our pages and all it does is
$tsql = Request.Cookies("LastAction")
$stmt = sqlsrv_query( $conn, $tsql);
One of the many issues that I am having is that I can't even get beyond this query:
$tsql = "SELECT Name, FeatType,
MinX, MinY, MaxX, MaxY
FROM mytable
ORDER BY ListOrder, Name DESC";
Session("LastAction") = $tsql
I keep getting "invalid" error on
Session("LastAction") = $tsql
Obviously, I am very, very weak on php but working hard to come to speed.
Your assistance is greatly appreciated
I have made some baby steps here.
I am able to get this syntactically correct:
$_SESSION["LastAction"] = $tsql;
I am also able to set the correct
setcookie('LastAction',$_SESSION["LastAction"],time() + (86400 * 365)); // 86400 = 1 year
Now, what is the equivalence of this line in php?
$tsql = Request.Cookies("LastAction")
Above was my best stab at it but I don't think it is correct.
I am basically trying to put a "Remember Last Action" buttonn on another page.
Then use:
$tsql = Request.Cookies("LastAction")
to grab values from another page into this page.
What you are doing here is, basically, saving an SQL query to a cookie (user-editable data).
setcookie('LastAction',$_SESSION["LastAction"] /*We're saving the value, not the session. */,time() + (86400 * 365)); // 86400 = 1 year
Regardless, instead of fooling around with resurrecting sessions based on a sessid saved in a cookie, I'd recommend saving the search flags into a cookie as a serialized array, and then just do your run-off-the-mill search using that data when you need to reuse it.
Basically, you can do:
$saved_search = serialize($search_opts);
setcookie('SavedSearch',$_SESSION["LastAction"],time() + (86400 * 365));
And to reverse the process,
$saved_search = $_COOKIE['SavedSearch'];
$search_opts = unserialize($saved_search);
You will need to figure out from your own code where to snag the $search_opts and how to use them later to run a search, as I do not see the code that makes that part tick.
Related
This code works but the problem is that if several people use it simultaneously it will cause problems in the sense that some people wont be registered. So I need to rewrite this in a way that all queries per person are executed and finished before the queries of the next person start.
First, the code reads from the database in order to get to the string of all the people that are registered so far.
$sql_s = $con -> query("select * from schedule where date='$date'");
$row_schedule = $sql_s->fetch_array(MYSQLI_BOTH);
$participants = $row_schedule['participants'];
$participants is a string that looks something like "'Sara':'Richard':'Greg'"
Now the current user (Fredrik) wants to add its name to the string like this
$current_user='Fredrik';
$participants_new=add_participant($participants,$current_user);
add_participant is a php function that adds 'Fredrik' to the participant string. Then I want to replace the old participant string with the new one in the SQL database like this
$sql = $con->query("UPDATE schedule SET participants='{$participants_new}' where date='{$date}'");
The specific problem is that if another person (Linda) reads the database before Fredrik executes
$sql = $con->query("UPDATE schedule SET participants='{$participants_new}' where date='{$date}'");
Linda won't get a string that includes Fredrik, she will get "'Sara':'Richard':'Greg'". And when she has added her name it will look like "'Sara':'Richard':'Greg':'Linda'" and when she updates the database like this
$sql = $con->query("UPDATE schedule SET participants='{$participants_new}' where date='{$date}'");
The string including Fredrik ("'Sara':'Richard':'Greg':'Fredrik'") will be overwritten with ("'Sara':'Richard':'Greg':'Linda'") and noone will ever know that Fredrik registered in the class.
Thus, how can I rewrite this code such that all Fredrik's queries are executed before Linda's queries start?
Your question is very good example, showing why one should always learn database design basics and always follow them.
A separator-delimited string in a database is a deadly sin. For many reasons, but we are interesting in this particular case.
Had you designed your database properly, adding participants into separate rows, there would be not a single problem.
So, just change your design by adding a table with participants, and there will be not a single problem adding or removing any number of them.
Here is an approach to do it :
Theoritically Explanation :
Something like this could work.That everytime when user executes the query so it should check for time the request was made to update the query so.Now there must be time difference between user requests for updation query.
Note : Still It's not guaranteed that it will work as because when you will be having internet problems and the user who submitted the request at first but having internet problems and that's why his update query execution is delayed during that time and the other user comes and he sent request late for the updation query but he was having no internet connection problem so his query will be updated before and I think hence that way first user query will get failed..!
Here is the Code :
<?php
// You need to add another column for saving time of last query execution
$current_time=time();
$current_date=date("Y-m-d",$t);
$query_execution_new_time = $current_time.":".$current_date;
if (empty($row_schedule['query_execution_time'])) {
$sql = $con->query("UPDATE schedule SET query_execution_time='{$query_execution_new_time}' where date='{$date}'");
} else {
$query_execution_time = explode(":",$row_schedule['query_execution_time']);
if ($query_execution_time[0] < $current_time) {
$con->query("UPDATE schedule SET participants='{$participants_new}' where date='{$date}'");
$sql = $con->query("UPDATE schedule SET query_execution_time='{$query_execution_new_time}' where date='{$date}'");
}
}
?>
Try this
No need to fetch first all participants and then update.
only update new participant user.
you can concat result of previous one result saved in database column field.
update schedule
set participants = case when participants is null or participants =''
then CONCAT(participants,'Fredrik') // assume Fredrik a new participant
else CONCAT(participants,':','Fredrik')
end
where date='$date';
That way even if you have multiple participants came at the same time the queries won't run at exactly the same time and so you'll get the correct user at the end.
you don't need to worry about multiple users clicking on them unless you've got millions of users
I am working on a project where only title of posts are shown on main page and on clicking the title, full post is loaded on another page posts.php code for this is:
<?php echo $row['title']; ?>
Now to count post views I have a column hits in my posts table ,initially value of hits is set to 0 and whenever a post is opened value of hits is increased by 1, for this my code is in posts.php
$id = $_GET['postId'];
$sql = "UPDATE posts SET hits = hits + 1 WHERE post_id = $id";
But this is not a good practice for tracking post views as views increase whenever page is refreshed. I want a clean system to track post views where, for every distinct user or visitor views increase by one irrespective of fact how many times the same user/visitor views same post (as in stackoverflow). Like tracking them by their IP address or something else, just an idea (how these guys do it) or how the stuff works would be enough to let me start my work.
You cannot solve your problem so simply. Your problem is counting unique users who view a page (with, perhaps a time component). You have several problems, as described in the comments. The first is determining what you are counting. For a prototype, IP address is good as anything else for getting started. However, it has many short-comings, and you will need to think hard about identifying a "visitor".
There is a way to solve your problem in SQL, sort of efficiently. But, it requires an additional table at the level of post/visitor. It will have one row per combination, and then you will need to count from there. To quickly get the unique counts, you then need an insert trigger on that table.
Here is a sketch of the code:
create unique index unq_postvisitors_post_visitor on postvisitors(postid, visitorid);
insert into PostVisitors (postid, visitorid)
select $postid, $visitorid
on duplicate key update set counter = counter + 1;
delimiter $$
create trigger trig_PostVisitors
after insert on PostVisitors
begin
update posts
set numvisitors = numvisitors + 1
where posts.post_id = new.post_id;
end;$$
delimiter ;
Simplest way I use to solve this problem is through cookies.
Whenever your page is opened, you check if there's set cookie_name cookie through isset($_COOKIE[$cookie_name]).
If isset returns false, you set a cookie through setcookie(cookie_name, value, expire);, maybe setting expire time to 24h (you have to set it in seconds, so 24h is 84600). Also, you trigger your counting systems with a +1 to your visitor counter.
If isset returns true, do nothing.
PHP Cookies Refs
Try this It'll Work
$refreshed = $_SERVER['HTTP_CACHE_CONTROL'];
if ($refreshed == 'max-age=0'){
$sql = "UPDATE posts SET hits = hits + 1 WHERE post_id = $id";
}
Try this script on the page $_SERVER['HTTP_CACHE_CONTROL'] get place when page is refreshed
I am trying to finish this website I am currently creating, but I am kind of stuck.
I want to create a table called "orders" in my DB. I want this table to be related to my users table so that when the user goes to his "orders.php" page (once logged in already) he sees all his current and previous orders.
These would be my table fields/cols:
id
username
ordernumber
description
quantity
total
This is my approach:
Whenever a new order is created, insert all the table fields/cols depending on the user's choice (selected stuff for the order), but the username would be the only value gathered from a $_SESSION or $_COOKIE variable, which holds the username. Then, once the user goes to orders.php, I will execute a query to show all the orders that only that username has ordered. Please note that I do sanitize all my input/output and I do not store sensitive data in my cookies. My system is designed so it only uses the session as the method of authentication, therefore you need to login every time you close the browser but that is fine.
1) Is this a safe approach? Do you have any suggestions/comments?
2) Could you help me construct the query?
I haven't really worked with relational databases, so I am kind of lost. How can I call all the orders from table "orders" where username = "username from the session"?
So far I have this:
"SELECT * FROM orders WHERE username = ? " //(Using PDO)
I know that this will work but my concern is in case of getting a session hijacked or something like that, then a user would be able to retrieve any users' orders, or not?
Thank you for explaining this a little bit further and helping me out!
Cheers!
Be careful! Please don't create a plain text cookie containing a human-readable user id (like user2345995 or OllieJones). It's far too easy for a badguy to fake a cookie like that just by guessing, and then your users' information leaks out.
You're working in php. Therefore you can use php's session mechanism to store your userid and other values. php uses hard-to-guess session ids (SIDs) and stores them in either a cookie or as a sid=1234abcd9875 parameter in URLs.
For the sake of your system's integrity, please read up on this. It's actually a pretty well-designed feature and it's been in the wild for fifteen years or so: it's debugged.
http://php.net/manual/en/session.idpassing.php
If you're using the session system, you basically do this in your first page, your login page.
session_start();
...
$_SESSION['username'] = $username; /* which you get by logging in */
...
On your order lookup page you do something similar to retrieve the username and use it in a query.
session_start();
...
$orderstmt = $pdoconn->prepare("SELECT * FROM orders WHERE username = :username");
$orderstmt->execute( array(':username' => $_SESSION['username']) );
...
while ($row = $orderstmt->fetch()) {
/* use the row's data */
}
$orderstmt->closeCursor();
I am trying to develop an application where a guest user can see search results only 10 times after which he should be directed to payment page. I can use sessions on the search results page, but how can i put a counter on that. Can any please help me on that.
Every time a search request is created you just do
$_SESSION['counter']++
Altough he can just get rid of the limit by deleting cookies. An other approach would be, to store the number of search requests in a database table including the IP address, but this can also be bypassed, while it takes more work to do so.
If you should put search limit on current running session than you can use $_SESSION['count']++.
And if you should put search limit per day than you can use 'UPDATE users SET search_count = search_count+1'
It depends whether you would allow him to search again when he comes to your website or just those 10 times even after he visits after a year.
For temporary bases, you can use cookies (see setcookie function) but if you want to restrict him once and for all, you will have to ssave that information in database.
You would code something like:
<?php
session_start();
$_SESSION['counter'] += 1;
// more logic/code
Now you will have to save the value of $_SESSION['counter'].
If your users can search only while logged in, then I see no problem - you definitely have db table with users, so just add another column to it, say 'search_count' and increase it by one each time user attemps a search.
For example:
UPDATE `users` SET search_count = search_count+1
You can also use a counter in the table user of your db and call a function everytime the user looks for the result, that increments the value by one, so a simple UPDATE.
I think maintaining database will be much better then maintaining SESSION because may be due to some reason session removed or erased.
add a field within users table name for example visit with default value 0 and update this field on every visit of search result page..
"update usertablename set visitfield = visitfield + 1 where user_id = ".$current_user_id
thanks
I have a social network that allows users to post blogs, ask questions, and message. We have had a slight issue with spamming. For example, we had users sign up, and write about 6 blogs a minute trying to sell stuff.
I am looking for a quick way to limit these activities by the id of the user, let's say only allowing them to post 3 blogs a day.
I have the users stored in a $auth variable and through OOP bring them up by $auth->id for example to be more specific.
Looking for a fast,simple way to do this via php.
thanks in advance /**EDIT*****/
this is what I have so far, and I know for sure $too many is counting as it should, but for some reason my if(statement is not stopping the 4th blog from posting. HERE is the code
Something like CAPTCHA would be appropriate. However, if they're being entered manually, it will do little to stop them. Regardless, no reason you can't implement both methods.
I'm assuming you have a created field in your blogs table. Simply query the table for the number of blogs with today's date before allowing another to be posted. Not sure what database/API you're using. In MySQL, you could do:
SELECT COUNT(*)
FROM blogs
WHERE user_id = USERID
AND DATE(created) = '2011-11-30'
When the user writes and submits a post, save the date they posted on the post's table. Select and count the amount of times they posted today. If they are under their limit, allow the post or else give them the error/warning message.
When a post is made, do something like:
// Get last post time and number of posts today from database
$query = "SELECT
last_post,
posts_today
FROM
users
WHERE
id = '$auth->id'";
$result = mysql_fetch_assoc(mysql_query($query));
// See if this is the first post today
$isNewDay = date('Y-m-d') != date('Y-m-d',strtotime($result['last_post']));
$postsToday = ($isNewDay) ? 0 : (int) $result['posts_today'];
// Only add post if user is allowed
if ($isNewDay || $postsToday < 3) {
/*
Add the post to the database here
*/
// Update the number of posts today in the database
$query = "UPDATE
users
SET
last_post = '".date('Y-m-d H:i:s')."',
posts_today = '".($postsToday + 1)."'
WHERE
id = '$auth->id'";
mysql_query($query);
} else {
echo "You have already made 3 posts today!";
}
...or you could just use a CAPTCHA (as mentioned by others). That's what they're for. Really, you should have one in the signup process...
I'll admit I know next to nothing on PHP programming, but another option (or addition to the CAPTCHA) would be to use a service such as StopForumSpam
There's an example of how to use it here (no idea how good it is, as I don't code PHP (yet)) :)