Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jun 2018
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    [HELP] How To Show Hidden Page Text After Correct String In Input Box

    So I am currently working on a project where I have to make a small puzzle challenge, and I'm wondering if it is possible to show a certain string after the correct string is inserted and submitted and verified through mySQL.

    For example, I have an input box, and the answer, in md5, is stored on database in mySQL. Upon solving one part of the puzzle I would like for another nav link to appear and some paragraphs.


    Here is my HTML saved as index.php
    Code:
    <?php
    include('check.php');
    if ((isset($_SESSION['code']) != ''))
    {
    	header('Location: index.php');
    }
    ?>
    <!DOCTYPE HTML>
    <html>
    <head>
    
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,height=device-height,initial-scale=1">
    
    <title>Challenge 03 - Sophie</title>
    
    <link rel="stylesheet" href="screen.css" media="screen">
    
    <style media="screen">
    body{
        background-color: #191f25;
        font: 100% / 162% courier, monospace;
     }
    h1, h2{
        font-size: 1em;
        text-align:center;
        color: #e7e7e7;
     }
    h1{
        color: #e7e7e7;
        text-transform:uppercase;
     }
    #nav {
        padding: 0;
        margin: 0;
        list-style: none;
        text-align: center;
     }
    #nav li{
        display: inline-block;
        margin: 0 0.25em;
     }
    #nav a{
        display: block;
        padding: 0.25em 0.5em;
        color: #e7e7e7;
     }
    #container{
        max-width: 50em;;
        background-color: #2a343e;
        margin: 0 auto;
        border-radius: 0.2em;
     }
    #container div, form{
        padding: 1em;
        display:none;
        border: 0.062em solid #000;
        border-radius: 0.2em;
        box-shadow: 0 0 0 rgba( 0, 0, 0, 0 );
        box-shadow: 0.3em  0.3em 0.3em rgba( 0, 0, 0, 0.4 );
     }
    #container div:target{
        display: block;
        animation: highlight 1.7s forwards;
        box-shadow: 0 0 0 rgba( 0, 0, 0, 0 );
        box-shadow: 0.3em  0.3em 0.3em rgba( 0, 0, 0, 0.4 );
        color: #e7e7e7;
     }
    p{
     	color: #e7e7e7;
     }
     #begin_poem{
     	text-align: center;
     }
    .dropoption{
    	color: #e7e7e7;
    	padding: 5px;
    	border: none;
    }
    .dropdown{
    	position: relative;
    	display: inline-block;
    }
    .dropdown-content{
    	display: none;
    	position: absolute;
    	z-index: 1;
    }
    .dropdown-content a{
    	color: #e7e7e7;
    	padding: 5px 5px;
    	
    	display: block;
    }
    .dropdown:hover .dropdown-content{
    	display: block;
    }
    a[href=""]{
    	color: #e7e7e7;
    }
     #entrance{
    	max-width: 50em;
    	
    	padding: 10px 5px 10px 5px;
    	margin: auto;
    	box-shadow: .3em .3em .3em #000;
    	display: inline-block;
    	width: 12em;
    }
    #entrance fieldset{
    	margin: ;
    	border: none;
    }
    #code, #submit{
    	border-radius: .2em;
    }
    @keyframes highlight {
    from {
          background-color: rgba( 255, 255, 255, 0.4 );
          color: rgba( 0, 0, 0, 0 );
      }
    to   {
          background-color: rgba(  25, 31, 37, 0.0 );
          color: rgba( 68, 68, 68, 1 );
      }
     }
    </style>
    
    </head>
    <body> 
    
    <h1>Welcome to another puzzle.</h1>
     <ul id="nav">
     <div class="dropdown">
      <li><a class="dropoption" href="#home">home</a></li>
      <div class="dropdown-content">
      	<a href="#begin">begin</a>
      </div>
      </div>
      <li><a href="#library">library</a></li>
      <li><a href="#office">office</a></li>
      <li><a href="#mainframe">mainframe</a></li>
      <li><a href="#exit">exit</a></li>
     </ul>
     <div id="container">
      <div id="home">
        <h2>Home</h2>
         <p>
           <b>Welcome</b> to another puzzle. This one is going to be interesting.<br>
           Have fun and as always, enjoy. 
         </p>
         <p>
           In this challenge you will start by hovering over <u>home</u> and select <u>begin</u>, then work your way, in order, to <u>The Library</u>, <u>The Office</u>, <u>The Mainframe</u>, and end at <u>Exit</u>. Each step will require you to enter code(s) to decode the scrambled information. Of course, the code(s) can be found by solving pieces of the puzzle, and upon entering the codes in the correct input box, you shall venture further into the puzzle.
         </p>
         <center><img src="/imgs/planet.gif" height="200px" width="400px"></center>
      </div>
      <div id="begin">
      	<h2>Let's Begin</h2>
      	<p>First Stage:<br>
      	Have fun and enjoy!<br></p>
      	<p id="begin_poem">I am everything,<br>
      	I am infinite,<br>
      	I am full of all widsom,<br>
      	I want nothing but life,<br>
      	I see everything,<br>
      	I have all mass,<br>
      	What am I?
      	</p>
      	<center><form id="entrance" method="post" action="">
      		<fieldset>
      			<input id="code" type="text" name="code" placeholder="enter code here" required>
      		</fieldset>
      		<fieldset>
      			<input id="submit" type="submit" name="submit" value="submit">
      		</fieldset>
         </form></center>
      </div>
      <div id="library">
        <h2>The Library</h2>
        <center><img id="bookshelf" src="/imgs/bookshelf.png" width="500em" height="500em"></center>
         <p>
           This mysterious place contains all the information you could think of, but only one can actually help you. Let's have a riddle to help us out. <br><br>
           1:11 2:8 3:14 4:6 5:2 6:12 7:25 8:7 9:13 10:13 11:2 12:20 13:13 14:10 15:22 16:11 17:18 18:1
         </p>  
         <center><form id="entrance" method="post" action="">
      		<fieldset>
      			<input id="code" type="text" name="code" placeholder="enter code here" required>
      		</fieldset>
      		<fieldset>
      			<input id="submit" type="submit" name="submit" value="submit">
      		</fieldset>
         </form></center>
      </div>
      <div id="office">
        <h2>The Office</h2>
         <p>
           
         </p> 
         <center><form id="entrance" method="post" action="">
      		<fieldset>
      			<input id="code" type="text" name="code" placeholder="enter code here" required>
      		</fieldset>
      		<fieldset>
      			<input id="submit" type="submit" name="submit" value="submit">
      		</fieldset>
         </form></center>
         <br>
         <center><form id="entrance" method="post" action="">
      		<fieldset>
      			<input id="code" type="text" name="code" placeholder="enter code here" required>
      		</fieldset>
      		<fieldset>
      			<input id="submit" type="submit" name="submit" value="submit">
      		</fieldset>
         </form></center>
      </div>
      <div id="mainframe">
        <h2>The Mainframe</h2>
         <p>
           1010111 1100101 1101100 1100011 1101111 1101101 1100101 100000 1110100 1101111 100000 1110100 1101000 1100101 100000 1101101 1100001 1101001 1101110 1100110 1110010 1100001 1101101 1100101 111011 100000 1110100 1101000 1100101 100000 1110000 1101100 1100001 1100011 1100101 100000 1101111 1100110 100000 1100011 1101111 1101110 1110100 1110010 1101111 1101100 101110 100000 1001000 1100101 1110010 1100101 100000 1111001 1101111 1110101 100000 1110111 1101001 1101100 1101100 100000 1100110 1101001 1101110 1100100 100000 1111001 1101111 1110101 1110010 100000 1110111 1100001 1111001 100000 1110100 1101000 1110010 1101111 1110101 1100111 1101000 100000 1110100 1101000 1100101 100000 1101110 1100101 1110100 1110111 1101111 1110010 1101011 100000 1100001 1101110 1100100 100000 1110100 1101000 1100101 1101110 100000 1100110 1101001 1101110 1100001 1101100 1101100 1111001 101100 100000 1100101 1101110 1110100 1100101 1110010 100000 1110100 1101000 1100101 100000 1100011 1101111 1101110 1110100 1110010 1101111 1101100 100000 1100011 1101100 1101001 1100101 1101110 1110100 100000 1101110 1100001 1101101 1100101 100000 1101001 1101110 1110100 1101111 100000 1110100 1101000 1100101 100000 1100110 1101001 1100101 1101100 1100100 100000 1100010 1100101 1101100 1101111 1110111 101110 100000 1010100 1101000 1100101 1101110 100000 1101101 1110101 1110011 1110100 100000 1100101 1101110 1110100 1100101 1110010 100000 1100011 1101111 1101110 1110100 1110010 1101111 1101100 100000 1100011 1101111 1101101 1101101 1100001 1101110 1100100 100000 1110100 1101111 100000 1101111 1110000 1100101 1101110 100000 1100101 1101110 1110100 1110010 1111001 100000 1110100 1101111 100000 1100101 1111000 1101001 1110100 101110 100000 1000101 1110110 1100101 1110010 1111001 1110100 1101000 1101001 1101110 1100111 100000 1111001 1101111 1110101 100000 1101110 1100101 1100101 1100100 100000 1101001 1110011 100000 1101000 1100101 1110010 1100101 101100 100000 1101110 1101111 100000 1110111 1101000 1100101 1110010 1100101 100000 1100101 1101100 1110011 1100101 100000 1101111 1101110 100000 1110100 1101000 1100101 100000 1110000 1100001 1100111 1100101 101110
         </p>
         <center><form id="entrance" method="post" action="">
      		<fieldset>
      			<input id="code" type="text" name="code" placeholder="enter code here" required>
      		</fieldset>
      		<fieldset>
      			<input id="submit" type="submit" name="submit" value="submit">
      		</fieldset>
         </form></center>
      </div>
       <div id="exit">
        <h2>Exit</h2>
         <p>
           
         </p>
      </div>
    <!-- #content --></div>
    
    </body>
    </html>

    Here is my check.php file
    Code:
    <?php
    session_start();
    include("conn.php");
    
    $error = "";
    if(isset($_POST["submit"]))
    {
    	if(empty($_POST["code"]))
    	{
    		$error = "Please enter the code!";
    	}else
    	{
    		$code = $_POST['code'];
    		$code = stripslashes($code);
    		$code = mysqli_real_escape_string($db, $code);
    		$code = md5($code);
    
    		$sql = "SELECT uid FROM code WHERE code='$code'";
    		$result = mysqli_query($db, $sql);
    		$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
    
    	if(mysqli_num_rows($result) == 1)
    	{
    		$_SESSION['code'] = $login_user;
    		header("location: http://google.com");
    	}else
    	{
    		$error = "Incorrect code.";
    	}
    }
    }
    ?>
    Here is the other php file.

    <?php
    define('DB_SERVER', 'localhost');
    define('DB_USERNAME', 'root');
    define('DB_PASSWORD', '');
    define('DB_DATABASE', 'codes');
    $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);

    if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    ?>

    Everything works, I'm just simply trying to do what I said above. IF you don't fully understand what I need please tell me. I really would like some help as I'm trying to advance my programming knowledge. Thanks in advance.

  2. #2
    Master Coder sunfighter's Avatar
    Join Date
    Jan 2011
    Location
    Washington
    Posts
    7,828
    Thanks
    36
    Thanked 1,047 Times in 1,043 Posts
    Three big errors stand out.
    <center> is not correct, use CSS to do this

    An id is unique. You can have only one. You have hundreds of <form id="entrance"...

    and

    The UL tag should only have the list items <li> in it and not DIVs.
    Evolution - The non-random survival of random variants.
    Physics is actually atoms trying to understand themselves.

  3. #3
    Senior Coder deathshadow's Avatar
    Join Date
    Feb 2016
    Location
    Keene, NH
    Posts
    3,190
    Thanks
    4
    Thanked 463 Times in 451 Posts
    As @Sunfighter pointed out, your HTML is semantic gibberish... In particular the multiple fieldsets for no reason, fieldset around the submit (which is not a user editable input), lack of labels (PLACEHOLDER IS NOT A LABEL!!!), tags like <center> that haven't existed in HTML for over twenty YEARS, DIV where you can't even have DIV...

    ... and that's only compounded by the fact that your PHP is no winner either -- such as slopping your variables into your query string like you were still using the outdated outmoded mysql_ functions. It's called prepare/execute, USE IT!

    Just like the use of MD5 which hasn't been considered secure for a decade and a half. You should be using hash() with something like SHA256, SHA512 or Whirlpool.

    ... and really if you're using ANY of those you don't need all that other sanitatization nonsense even using the old "slop it into the query" approach.

    The PHP should probably be more along these lines. (untested, may be typo's, just to give you an idea)

    Code:
    <?php
    
    session_start();
    session_regenerate_id();
    
    include('conn.php');
    
    // associative array so you can tie specific errors to their input!
    $errors = []; 
    
    // I prefer array_key_exists, it just makes more sense.
    if (array_key_exists('submit', $_POST)) {
    	if (array_key_exists('code', $_POST)) {
    		$stmt = $db->prepare('
    			SELECT uid
    			FROM code
    			WHERE code = ?
    		');
    		// MODERN hashing, stop using MD5 this isn't 2003.
    		$hashed = hash('sha256', $_POST['code']);
    		// sucks we have to waste a variable just to bind
    		//ANOTHER reason PDO is better than mysqli!
    		$stmt->bind_param($hashed);
    		$stmt->execute();
    		$stmt->bind_result($uid);
    		if ($stmt->fetch()) {
    			$_SESSION['uid'] = $uid; // since you don't seem to set $login_user anywhere...
    			// load the resultant page here...
    		} else $errors['code'] = 'Incorrect Code';
    	} else $errors['code'] = 'Please Enter A Code';
    
    } else $errors['NotFromForm'] = true; // show form
    
    if (count($errors)) include('codeForm');
    Though as the comment in there says, this is why I prefer PDO... since if $db was a PDO object that query section would just be:

    Code:
    		$stmt = $db->prepare('
    			SELECT uid
    			FROM code
    			WHERE code = ?
    		');
    		$stmt->execute( [ hash('sha256', $_POST['code']) ] );
    		if ($uid = $stmt->fetchColumn()) {
    			$_SESSION['uid'] = $uid; // since you don't seem to set $login_user anywhere...
    			// load the resultant page here...
    		} else $errors['code'] = 'Incorrect Code';
    SO much simpler.

    Good rule of thumb, anyone telling you to do queries this way:

    Code:
    $sql = "SELECT uid FROM code WHERE code='$code'";
    Putting the variable into the query string like that? Well, they need a quadruple helping of Sierra Tango Foxtrot Uniform, and perhaps a good kick to the groin for good measure. Again this isn't 2003.
    “There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.” – C.A.R. Hoare, The 1980 ACM Turing Award Lecture
    http://www.cutcodedown.com

  4. #4
    New Coder
    Join Date
    Jun 2018
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well thanks for the vital information you have provided. But the lack of answering the question at hand concerns me. I know my everything is bad, as I am a beginner. Yes, it is to be expected. I will research what you have said and continue. But help of the issue would be nice...

    I know that everything is outdated but this is what I have come up with just researching on my own and putting it together... With help from other people on here on the html.
    Of course I recoded it into my own words but same format pretty much.

  5. #5
    New Coder
    Join Date
    Jun 2018
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    For your opinionated comments, I would like some more elaborate detailed explanations of what you mean. That would be nice. Let's see if you can do something that is asked.

  6. #6
    Senior Coder deathshadow's Avatar
    Join Date
    Feb 2016
    Location
    Keene, NH
    Posts
    3,190
    Thanks
    4
    Thanked 463 Times in 451 Posts
    Quote Originally Posted by soprosyne View Post
    But the lack of answering the question at hand concerns me.
    Code:
    		if ($stmt->fetch()) {
    			$_SESSION['uid'] = $uid; // since you don't seem to set $login_user anywhere...
    			// load the resultant page here...
    		} else $errors['code'] = 'Incorrect Code';
    See where it has the comment? Do your header() redirect or include() there for the requested page. GENERALLY I would just load the contents with an include instead of a redirect (but I build my php with the 'one index to rule them all' method), and if you use the redirect approach it should be checking that there's a session user id itself assuming it is on the same domain.

    Of course if you're going cross-domain, you're SOL (s*** outta luck) unless you can pass something to it via getData.

    What you asked for is pretty much right there, you had the header() in yours so you were ALMOST there. It's just by all appearances you're learning from some really bad sources.


    Quote Originally Posted by soprosyne View Post
    For your opinionated comments, I would like some more elaborate detailed explanations of what you mean.
    Which ones in particular do you need clarification on -- whilst my ATTITUDE about it might have seeped in, most of what I said isn't opinion it's a matter of the how, what, why, and where of the entire reason mysqli and PDO exist.

    See the 'slopping variables into query strings' thing. We've been told for a decade and a half now to stop doing that, pretty much from the DAY PDO and mysqli were introduced. It's WHY ->prepare/execute EXISTS in both of them.

    Putting variables into the query string always risks injection, even if you run all that sanitizing stuff -- which is also extra work and manual string processing people might forget to do -- simple fact is you're basically playing with commands that should be static.

    Data should be kept separate from queries, and that's WHY prepare was created, so the query can be sent SEPARATE from the data, so there's no risk of injection and you don't have to waste time on a sanitation step. (Sadly PDO's default behavior is to "emulate prepares" which undoes much of this, but that's easy to turn off... it's actually the first thing I do after connecting.).

    The LACK of prepare support on the old "mysql_" functions is one of the many reasons we were told to stop using them, why they were deprecated nearly a decade ago, giant red warning boxes added to PHP.net about them eight years ago, throw warnings as of PHP 5.6 and flat out do not even EXIST in PHP 7.

    Using the same broken methodology in mysqli or PDO is therefor the OPPOSITE of good practice. That's not opinion, that's FACT! If you're doing it that way you've completely missed the point of the change. Now, that's NOT on YOU! That's on whatever resources you're learning from that are at LEAST a decade behind the curve.

    The rule of thumb is:

    ->query -- use when you have no variables and expect results

    ->exec -- use when you have no variables and expect no results

    ->prepare -- whenever you have variables to plug into the query, use this!

    One nice thing prepare/execute/bind brings is less logic inside the loop, and the ability to POEM. "Prepare Once, Execute Mostly". It's an old database concept that it's nice to see the return of since it makes doing repetitive operations simpler.

    For example, check this out. (this is done with PDO)

    Code:
    $inserts = [
    	'a' => 50,
    	'b' => 75,
    	'c' => 0
    ];
    
    // assumes $db is a connected PDO object
    $stmt = $db->prepare('
    	INSERT INTO data (
    		name, value
    	) VALUES (
    		:name, :value
    	)
    ');
    
    $stmt->bindParam(':name', $key);
    $stmt->bindParam(':value', $value);
    
    foreach ($inserts as $key=> $value) $stmt->execute();
    That would insert all the array keys and values into the name and value in the database, and the only thing we have to do inside the loop is the execute. The "placeholder" labels (started with colons) tells the query where to insert our values, and bindParam links those placeholders directly to those variables... almost like when you pass by reference. When the value of those variables change, the next PDOStatement->execute can see it.

    Pretty slick.

    Now, an opinion I did state is my preference for PDO over mysqli. I would think the code examples might illustrate why... but let's do something simple like a user login with sql side password checking... which is pretty much what you were trying to do just without the username.

    Code:
    // assumes $db is a connected mysqli object
    $stmt = $db->prepare('
    	SELECT id
    	FROM users 
    	WHERE username = ?
    	AND password = ?
    ');
    $_POST['password'] = hash('sha512', $_POST['password']);
    $stmt->bind_param(
    	'ss',
    	$_POST['username'],
    	$_POST['password']
    );
    $stmt->execute();
    $stmt->bind_result($id);
    if ($stmt->fetch()) {
    	// logged in user handling here
    } else {
    	// login failed
    }
    A nice thing about PDO is that you can skip binding and directly pass parameters as an array to execute. This is handy when you aren't going to POEM and just need a quick and dirty send.

    Code:
    // assumes $db is a connected PDO object
    $stmt = $db->prepare('
    	SELECT id
    	FROM users 
    	WHERE username = ?
    	AND password = ?
    ');
    $stmt->execute([
    	$_POST['username'],
    	hash('sha512', $_POST['password'])
    ]);
    if ($id = $stmt->fetchColumn()) {
    	// logged in user handling here
    } else {
    	// login failed
    }
    Way simpler/cleaner/clearer. PDOStatement's "fetchColumn" method is also nice when all you're doing is pulling one value like a user id or a count(*)

    Something else PDO supports is labels as placeholders instead of the question marks.

    Code:
    // assumes $db is a connected PDO object
    $stmt = $db->prepare('
    	SELECT id
    	FROM users 
    	WHERE username = :name
    	AND password = :pass
    ');
    $stmt->execute([
    	':name' => $_POST['username'],
    	':pass' => hash('sha512', $_POST['password'])
    ]);
    That could also be done with bindValue thus:

    Code:
    // assumes $db is a connected PDO object
    $stmt = $db->prepare('
    	SELECT id
    	FROM users 
    	WHERE username = ?
    	AND password = ?
    ');
    $stmt->bindValue(':name', $_POST['username']);
    $stmt->bindValue(':pass', hash('sha512', $_POST['password']));
    $stmt->execute();
    The advantage of the names is ... well, imagine that instead of just two fields we have twenty... all those question marks can get REALLY confusing really quickly. It can provide code clarity -- and I'll take clear legible code over "hurr durz eyes dun wanna types" any day of the week. When I talk about minimalism, I don't mean byte saving obsession.

    Another advantage of the array approach is that, well, you can pass an associative array, so lets say you had a form like this:

    Code:
    <form action="/newUser" method="post" id="newUser>
    	<fieldset>
    		<label for="newUser_username">UserName:</label>
    		<input type="text" id="newUser_userName" name="newUser[:name]">
    		<br>
    		<label for="newUser_email">E-Mail:</label>
    		<input type="text" id="newUser_email" name="newUser[:email]">
    		<br>
    		<label for="newUser_pass">Password:</label>
    		<input type="text" id="newUser_pass" name="newUser[:pass]">
    		<br>
    		<button>Submit</button>
    	</fieldset>
    </form>
    The processing to add this user could be simplified down to:

    Code:
    // we'll assume you validated the form first
    
    $_POST['newUser'][':pass'] = hash('sha512', $_POST['newUser'][':pass']);
    
    $stmt = $db->prepare('
    	INSERT INTO USERS (
    		username, email, password
    	) VALUES (
    		:name, :email, :pass
    	)
    ');
    $stmt->execute($_POST['newUser']);
    Mind you I'd have a LOT of checking of that $_POST array before I'd send it to the query, but just look at how much that simplified handling it. I don't have to realEscapeString a blasted thing, and they come from client-side with the proper associations already built! that beats the ever living tar out of the old:

    Code:
    $query = sprintf(
    	"
    		INSERT INTO USERS (
    			username, email, password
    		) VALUES (
    			'%s', '%s', '%s'
    		)
    	", 
    	mysql_real_escape_string($_POST[':name']),
    	mysql_real_escape_string($_POST[':email']),
    	mysql_real_escape_string(hash('sha512', $_POST[':pass']))
    );
    mysql_query($query);
    I also like it because it means a lot less screwing around worrying about what type of quote I'm using... wait am I using doubles? singles? Should this be a backtick? Yeah, screw that.

    Another thing I dislike about mysqli is the stupid wasteful 'functional wrappers' that are nothing more than a crutch for the people coming from the outdated mysql_ functions and/or those who are just plain 'afraid' of objects. Part of what makes them so mind-numbingly stupid is that for all intents and purposes from an implementation standpoint they are LITERALLY nothing more than:

    Code:
    function mysqli_execute($db) { $db->execute(); }
    Seriously, if the difference between "mysqli_execute($db);" and "$db->execute();" is so hard that anyone out there "NEEDS" those function based versions, just do the rest of us a favor and back away from the keyboard now.

    Another strike against mysqli, and it's a REALLY annoying one is that ->prepare/execute in it returns mysqliStmt object, whilst ->query and ->exec return mysqliResult. The result being that code written for one is harder to transform to another, and all that binding can get REALLY annoying. With PDO bindResult is optional and you can just "$row = $stmt->fetch();" regardless of which type of query you call. That you basically need to learn two different ways of handling results from calling ->prepare vs. query/exec is just putting the herp into that derp. Laugh being I've seen people jump through some crazy hoops writing massive 'wrapping' libraries for mysqli given how you HAVE to 'bindResult' to get anything out of prepares -- instead of simply switching to PDO which out of box already does what they're trying to do.

    Hmm... what else did I mention... oh, MD5... that's been rainbow tabled to death. That's not opinion, that's FACT. It was never really a secure hash and now that it's completely reversible even by just a simple Google search, you might as well be storing those codes without any hashing at all! Seriously, MD5 a value, type it into Google Search with " md5" after it, and you've got a good chance of it telling you the original value -- defeating the POINT of hashing.

    Hence the GIANT RED WARNING BOX in the PHP.NET manual for it:
    PHP: md5 - Manual

    Don't take my word for it, take the word of the official documentation for the language!

    ... hmm, I linked to "placeholder is not a label", the deprecated HTML is well documented, and that just leaves the semantics. I can go into that in detail if you want, let me know.

    That answer your questions, or did you have something else in mind?
    “There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.” – C.A.R. Hoare, The 1980 ACM Turing Award Lecture
    http://www.cutcodedown.com

  7. #7
    New Coder
    Join Date
    Jun 2018
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks man, that was honestly very awesome information. I have never done mySQL and no one has ever explained it to me until now. Now also, I think I understand what you have told me about my initial question, but I'm not exactly 100% sure. I will do some messing around with it to try and understand. I am also very noob at PHP obviously.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •