Asked  7 Months ago    Answers:  13   Viewed   23 times

I have the following login script, where i do use sessions.

<?php
session_start();
if(isset($_SESSION['logged_in'])){
    $id = $_SESSION['id'];
    header("Location: start.php?id=$id");
    exit();
}

if(isset($_POST['submit'])){

    $x1 = $_POST['x1'];
    $x2 = $_POST['x2'];
...
$query = $db->query("SELECT * FROM table WHERE x1='".$x1."' AND x2='".$x2."'");
        if($query->num_rows === 1){

            $row = $query->fetch_object();
            $id = $row->id;

                        $_SESSION['logged_in'] = true;
            $_SESSION['id'] = $id;
            header("Location: start.php?id=$id");

                        3more queries
                        exit();

start.php will be just:

<?php
echo $_GET['id'];
?>

I thought $_GET['id'] would be stored on the server so that $_GET should be displayed. The fetch_object is working. I know that, because it will be displayed the right way at "id=$id" at the browser. So would someone be that friendly and could help me out. Thanks!

 Answers

53

The $_GET superglobal is defined as part of the URL string:

http://example.org/index.php?foo=bar&baz=1

In index.php:

echo $_GET['foo']; // bar
echo $_GET['baz']; // 1

So $_GET is not stored on the server, but is passed with each HTTP request, as is $_POST, but that is passed in the HTTP headers rather than simply appened to the end of the URL.

Wednesday, March 31, 2021
 
Grzegorz
answered 7 Months ago
14

I am working with this already:

setlocale(LC_ALL, 'ar_LY.utf8');
bindtextdomain("trans", $_SERVER["DOCUMENT_ROOT"].'/trans/locale');
textdomain("trans"); 

the language file path:

/var/www/trans/locale/ar_LY/LC_MESSAGES/trans.mo

and I think (not sure) that you have to use the same paths!

Wednesday, March 31, 2021
 
Savageman
answered 7 Months ago
70

You need to break out of the string in order to concatenate it with the $_GET variables.

mysqli_query($db,"INSERT INTO jliu VALUES(null,".$_GET['title'].",".$_GET['fname'].",".$_GET['lname'].",".$_GET['description'].")");

But really you should look into prepared statements to avoid the gaping SQL injection security hole above.

With prepared statements you would be binding the $_GET variables to the parameters in the query.

$stmt = mysqli_prepare($db,"INSERT INTO jliu VALUES(null, ?, ?, ?, ?");

mysqli_stmt_bind_param($stmt, "s", $_GET['title']); 
...
// and the same for the others

There's some more detail in the linked manual page on how to execute the prepared statement and return the result.

Wednesday, March 31, 2021
 
Sauleil
answered 7 Months ago
18

PHP is a little odd here. Using its standard form data parser, you must end the name of the controls with [] in order to access more than one of them.

<input type="checkbox" name="foo[]" value="bar">
<input type="checkbox" name="foo[]" value="bar">
<input type="checkbox" name="foo[]" value="bar">

Will be available as an array in:

$_GET['foo'][]

If you don't want to rename the fields, then you will need to get access to the raw data ($_SERVER['REQUEST_URI']) and parse it yourself (not something I'd recommend).

Friday, May 28, 2021
 
rypskar
answered 5 Months ago
21

You can can return new property instead of null

 public function __get($name)
    {
        return (isset($this->$name)) ? $this->$name : new property();
    }
Friday, May 28, 2021
 
Gregosaurus
answered 5 Months ago
81

This is how I've handled it in the past:

$path = realpath($_SERVER['DOCUMENT_ROOT'].'/packs'.$_GET['path']);
if (strpos($path, $_SERVER['DOCUMENT_ROOT']) !== 0) {
    //It's looking to a path that is outside the document root
}
Saturday, May 29, 2021
 
apokryfos
answered 5 Months ago
65

getElementsByClassName() returns a nodeList HTMLCollection*. You are trying to operate directly on the result; you need to iterate through the results.

function change_boxes() {
    var boxes = document.getElementsByClassName('boxes'),
        i = boxes.length;

    while(i--) {
        boxes[i].style.backgroundColor = "green";
    }
}

* updated to reflect change in interface

Wednesday, June 2, 2021
 
pocketfullofcheese
answered 5 Months ago
19

gets lets the user input a line and returns it as a value to your program. This value includes the trailing line break. If you then call chomp on that value, this line break is cut off. So no, what you have there is incorrect, it should rather be:

  1. gets gets a line of text, including a line break at the end.
    • This is the user input
  2. gets returns that line of text as a string value.
  3. Calling chomp on that value removes the line break

The fact that you see the line of text on the screen is only because you entered it there in the first place. gets does not magically suppress output of things you entered.

Wednesday, June 23, 2021
 
Savageman
answered 4 Months ago
17

You cannot initialize a static final field from resources; the field needs to be initialized at the time the class is initialized and that happens before the application resources have been bound at run time. (By the way, the reason you cannot use Resources.getSystem() is that the Resources object you obtain that way contains only system resources, not any application resources.)

If you need those strings available before the application resources are bound, the only practical thing to do is to put the strings into the code directly. However, the "Android way" would be to organize your code so initialization only needs to happen during (or after) onCreate(). Just initialize the string array in onCreate() and don't worry about making the fields static or final.

If you don't want the string array to be associated with a particular activity, then you can subclass Application and read the array from resources inside the application class's onCreate() method. (You also need to declare your custom application class in the manifest.) However, the docs recommend against such an approach. (Since the array is private, I suspect that it is closely tied to a single activity anyway, so the use of an Application subclass doesn't seem warranted.)

An alternative is to declare a singleton class for your array. The singleton accessor function then needs a Context so it can retrieve the resources if necessary:

public class StringArray {
    private static String[] theArray;
    public static String[] getArray(Context context) {
        if (theArray == null) {
            theArray = context.getResources().getStringArray(R.array.my_strings);
        }
        return theArray;
    }
}

(This assumes the string data are defined in a <string-array> resource like @JaiSoni suggested in his answer.) Once again, the member field cannot be declared final.

Tuesday, August 3, 2021
 
dkcwd
answered 3 Months ago
78

Ok I finally got it. On dreamhost, it is possible to use fastcgi and therefore declare environment variables with it. It consists of just adding this simple script

#!/bin/sh
export PHP_FCGI_CHILDREN=2
exec /home/USERNAME/YOURDOMAIN/cgi-bin/php.cgi

Which is where my compiled PHP5.3.1 was located. chmod 744 on that file called dispatch.fcgi which will be allowed more memory by dreamhost's watchdog.

After that I added to my domain's .htaccess the following:

Options +ExecCGI
AddHandler fastcgi-script fcg fcgi fpl
AddHandler php5-fastcgi .php
Action php5-fastcgi /dispatch.fcgi

now in the application's root I have another .htaccess with:

SetEnv APPLICATION_ENVIRONMENT staging

In a php script is is retrievable via getenv('REDIRECT_APPLICATION_ENVIRONMENT');

Tuesday, August 3, 2021
 
Valdas
answered 3 Months ago
60

My solution is to make a function f() which performs the f-string interpolation after gettext has been called.

from inspect import currentframe

def f(s):
    frame = currentframe().f_back
    return eval(f"f'{s}'", frame.f_locals, frame.f_globals)

Now you just wrap _(...) in f() and don’t preface the string with an f:

f(_('Hey, {username}'))

Note of caution

I’m usually against the use of eval as it could make the function potentially unsafe, but I personally think it should be justified here, so long as you’re aware of what’s being formatted. That said use at your own risk.

Remember

This isn’t a perfect solution, this is just my solution. As per PEP 498 states each formatting method “have their advantages, but in addition have disadvantages” including this.

For example if you need to change the expression inside the string then it will no longer match, therefore not be translated unless you also update your .po file as well. Also if you’re not the one translating them and you use an expression that’s hard to decipher what the outcome will be then that can cause miscommunication or other issues in translation.

Wednesday, August 4, 2021
 
clean_coding
answered 3 Months ago
55

There's just an int.class.

Class[] types = { int.class, Object.class };

An alternative is Integer.TYPE.

Class[] types = { Integer.TYPE, Object.class };

The same applies on other primitives.

Sunday, August 8, 2021
 
Classified
answered 3 Months ago
84

You can pass the context to the non-activity class which is the preferred way or you could encapsulate the base context of the application to a singleton which would allow you to access the context anywhere within the application. At some cases this might be a good solution but in others its certainly not a good one.

Anyway, if you want to trigger an alarm via the AlarmManager I'm pretty sure the alarm should inherit from a Service or better yet from IntentService and in such cases you have access to the context via this.getBaseContext() or this.getApplicationContext()

Monday, August 9, 2021
 
footy
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :