|
When posting your question please:- Choose the correct forum for your message. Posting a VB.NET question in the C++ forum will end in tears.
- Be specific! Don't ask "can someone send me the code to create an application that does 'X'. Pinpoint exactly what it is you need help with.
- Keep the subject line brief, but descriptive. eg "File Serialization problem"
- Keep the question as brief as possible. If you have to include code, include the smallest snippet of code you can.
- Be careful when including code that you haven't made a typo. Typing mistakes can become the focal point instead of the actual question you asked.
- Do not remove or empty a message if others have replied. Keep the thread intact and available for others to search and read. If your problem was answered then edit your message and add "[Solved]" to the subject line of the original post, and cast an approval vote to the one or several answers that really helped you.
- If you are posting source code with your question, place it inside <pre></pre> tags. We advise you also check the "Encode HTML tags when pasting" checkbox before pasting anything inside the PRE block, and make sure "Ignore HTML tags in this message" check box is unchecked.
- Be courteous and DON'T SHOUT. Everyone here helps because they enjoy helping others, not because it's their job.
- Please do not post links to your question in one forum from another, unrelated forum (such as the lounge). It will be deleted.
- Do not be abusive, offensive, inappropriate or harass anyone on the boards. Doing so will get you kicked off and banned. Play nice.
- If you have a school or university assignment, assume that your teacher or lecturer is also reading these forums.
- No advertising or soliciting.
- We reserve the right to move your posts to a more appropriate forum or to delete anything deemed inappropriate or illegal.
When answering a question please:
- Read the question carefully
- Understand that English isn't everyone's first language so be lenient of bad spelling and grammar
- If a question is poorly phrased then either ask for clarification, ignore it, or mark it down. Insults are not welcome
- If the question is inappropriate then click the 'vote to remove message' button
Insults, slap-downs and sarcasm aren't welcome. Let's work to help developers, not make them feel stupid.
cheers,
Chris Maunder
The Code Project Co-fou
|
|
|
|
|
if (!isset($inactiv)) $inactiv = 0;
else $inactiv = my_time()-$inactiv*2592000;
With PHP 8.2, code line 2 gives following error:
PHP Fatal error: Uncaught TypeError: Unsupported operand types: string * int
Please suggest me a solution
|
|
|
|
|
The error message suggests (because you have not provided all the information) that the variable $inactiv contains text data rather than an integral value.
|
|
|
|
|
Greetings!
I have used phpDesigner8 for many years on Windows. I am now rebuilding my personal website ([DELETED].org) to run on OpenSuse Leap 15.4, using LAMP. I am wanting to find an editor that is a good as the one I'm used to to minimize my learning curve.
Suggestions?
|
|
|
|
|
Have you considered Visual Studio Code (shortly called as VSCode or Code)?
|
|
|
|
|
Hello, I get this error when updating or editing data in a "name" field, I leave this error in more detail: Fatal error: Uncaught Error: Call to a member function prepare() on null in C:\xampp\htdocs\pdo\conectar.php:46 Stack trace: #0 C:\xampp\htdocs\pdo\editar.php(20): Datos->setDatos('update candidat...') #1 {main} thrown in C:\xampp\htdocs\pdo\conectar.php on line 46
conectar.php:
<?php
class Conectar{
private $conn;
public function conectar(){
try{
$this->conn = new PDO("mysql:dbname=sistema\_votos;host=localhost", "root", "");
} catch(PDOException $error){
die("Error: ".$error);
}
return $this->conn;
}
public function setNames(){
return $this->conn->query("SET NAMES 'utf8'");
}
}
class Datos extends Conectar{
private $bd;
public function \_\_construct(){
$this->bd = self::conectar();
self::setNames();
}
public function getDatos($sql){
$datos = $this->bd->prepare($sql);
if (!$datos) {
echo "\\nPDO::errorInfo():\\n";
print\_r($this->bd->errorInfo());
die();
}
$datos->execute();
$this->bd=null;
return $datos->fetchAll();
}
public function getDato($sql){
$datos = $this->bd->prepare($sql);
$datos->execute();
$this->bd=null;
return $datos->fetch();
}
public function setDatos($sql){
$datos = $this->bd->prepare($sql);
$datos->execute();
}
}
editar.php
conectar.php:
<?php
class Conectar{
private $conn;
public function conectar(){
try{
$this->conn = new PDO("mysql:dbname=sistema\_votos;host=localhost", "root", "");
} catch(PDOException $error){
die("Error: ".$error);
}
return $this->conn;
}
public function setNames(){
return $this->conn->query("SET NAMES 'utf8'");
}
}
class Datos extends Conectar{
private $bd;
public function \_\_construct(){
$this->bd = self::conectar();
self::setNames();
}
public function getDatos($sql){
$datos = $this->bd->prepare($sql);
if (!$datos) {
echo "\\nPDO::errorInfo():\\n";
print\_r($this->bd->errorInfo());
die();
}
$datos->execute();
$this->bd=null;
return $datos->fetchAll();
}
public function getDato($sql){
$datos = $this->bd->prepare($sql);
$datos->execute();
$this->bd=null;
return $datos->fetch();
}
public function setDatos($sql){
$datos = $this->bd->prepare($sql);
$datos->execute();
}
}
I'm desperate, because I can't find the solution, add that I've tested the connection and with respect to that everything works fine, so it's not a connection problem.
|
|
|
|
|
The message (as far as I can tell) refers to the following:
public function getDatos($sql){
$datos = $this->bd->prepare($sql);
And it is telling you that the variable bd has not been initialised.
|
|
|
|
|
I want to redirect URLs with a query string to another query string using .htaccess
From: https://example.com/?smp=123456 (Any number after =)
To: https://example.com/?p=123456 (Same number as in From URL)
Please suggest me a code.
I tried following but it's not working.
RewriteEngine on
RewriteCond %{QUERY_STRING} ^/?smp=([0-9]+)$ [NC]
RewriteRule ^$ https://www.example.com/?p=$ [R=301,L]
|
|
|
|
|
I’m using a wordpress theme which has not received updates for 2 years, and they’re not giving any support for that theme but I love this theme.
After upgrading my server’s PHP version from 7.4 to 8.1 I’m getting an error_log.
PHP Warning: Attempt to read property "post_content" on null in /some-path/wp-content/themes/boldr-lite/functions.php on line 267
PHP Warning: Attempt to read property "post_content" on null in /some-path/wp-content/themes/boldr-lite/functions.php on line 268
I checked the functions.php and line number 267 and 268 as given below:
preg_match( '/<!--more(.*?)?-->/', $post->post_content )
|| preg_match( '/<!--nextpage-->/', $post->post_content )
And the full function including the above two lines as given below:
function boldr_trim_excerpt( $text = '' ) {
global $post;
$raw_excerpt = $text;
if ( '' === $text ) {
$text = get_the_content( '' );
$text = strip_shortcodes( $text );
$text = apply_filters( 'the_content', $text );
$text = str_replace( ']]>', ']]>', $text );
$excerpt_length = apply_filters( 'excerpt_length', 55 );
$excerpt_more = apply_filters( 'excerpt_more', ' [...]' );
$text = wp_trim_words( $text, $excerpt_length, $excerpt_more );
if (
(
preg_match( '/<!--more(.*?)?-->/', $post->post_content )
|| preg_match( '/<!--nextpage-->/', $post->post_content )
)
&& strpos( $text, $excerpt_more ) === false
) :
$text .= $excerpt_more;
endif;
}
return apply_filters( 'boldr_trim_excerpt', $text, $raw_excerpt );
}
remove_filter( 'get_the_excerpt', 'wp_trim_excerpt' );
add_filter( 'get_the_excerpt', 'boldr_trim_excerpt' );
Please suggest a solution to fix the issue
|
|
|
|
|
As with all such questions, the problem is that $post has not been initialised. Whenever a system complains about some action being attempted on null, or a NullPointerException is thrown, you need to look at the object that the message refers back to.
|
|
|
|
|
Following code has not been written using proper parameterised queries for database access.
I was unable to rewrite it as I'm not an experienced programmer.
I am grateful, if anyone can rewrite following code using proper parameterised queries to compatible with PHP 8.1 with MariaDB 10.3
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =".$_SESSION['m']." AND receiver_id=". (int)$_GET['id'].") OR (sender_id =".(int)$_GET['id']." AND receiver_id=".$_SESSION['m'].") ORDER BY `date_added` ASC";
$result = mysqli_query($conn,$query) or die();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
|
|
|
|
|
You're right. This code is not parameterized and would be prone to SQL injection attacks.
However, the parameterization of the queries is not that difficult; easier than string concatenation. You escape the parameter areas and then provide the values for the parameters.
$query = $db->prepare('SELECT * FROM users WHERE uid = ?');
$query->execute([$userId]);As you see, the string concatenation is removed and instead a simple escaped character is used. Try to rewrite the query, and if that doesn't work, we can help. 
Read more:
PHP: Prepared Statements - Manual
MySQLi: Bind in Execute - PHP 8.1 • PHP.Watch
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
After your supportive reply, I rewrote the code after studying the Manual, but it gives an error_log:
[12-Apr-2023 04:15:21 UTC] PHP Fatal error: Uncaught TypeError: mysqli::prepare(): Argument #1 ($query) must be of type string, mysqli_stmt given in /home/student/public_html/friendsphp8/message.php:8
Stack trace:
#0 /home/student/public_html/friendsphp8/message.php(8): mysqli->prepare(Object(mysqli_stmt))
#1 {main}
thrown in /home/student/public_html/friendsphp8/message.php on line 8
My code is as follows:
Please suggest me corrections 
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = $conn->prepare("SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC");
$stmt = $conn->prepare($query);
$stmt->bind_param("ssss", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
$stmt->execute();
$result = $stmt->get_result();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
OLD CODE IS AS FOLLOWS:
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =".$_SESSION['m']." AND receiver_id=". (int)$_GET['id'].") OR (sender_id =".(int)$_GET['id']." AND receiver_id=".$_SESSION['m'].") ORDER BY `date_added` ASC";
$result = mysqli_query($conn,$query) or die();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
|
|
|
|
|
The bind_param("ssss" statement declares all four parameter values to be strings ...
$stmt->bind_param("ssss", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
... but you then cast the two id values to be integers so there is a mismatch. The parameter specification string should be "siis", meaning "string, integer, integer, string". See PHP: mysqli_stmt::bind_param - Manual[^].
|
|
|
|
|
I changed ssss into siis, again it makes an error_log:
[12-Apr-2023 08:04:27 UTC] PHP Fatal error: Uncaught TypeError: mysqli::prepare(): Argument #1 ($query) must be of type string, mysqli_stmt given in /home/student/public_html/friendsphp8/message.php:6
Stack trace:
#0 /home/student/public_html/friendsphp8/message.php(6): mysqli->prepare(Object(mysqli_stmt))
#1 {main}
thrown in /home/student/public_html/friendsphp8/message.php on line 6
|
|
|
|
|
The error message is clear, parameter number 1 is not a string. So you need to look more closely at exactly what type each of these items is. You cannot make guesses or assumptions when working in this environment, you must be accurate and stick to the rules. So when you get an error message, first look at what the line in question is trying to do and examine why it is failing.
|
|
|
|
|
Finally I was able to solve the code.
Here what I did,
Old code line:
$query = $conn->prepare("SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC");
New code line:
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC";
Old code line:
$stmt->bind_param("siis", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
New code line:
$stmt->bind_param("siis",$_SESSION['m'],$_GET['id'],$_GET['id'],$_SESSION['m']);
Final Code:
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC";
$stmt = $conn->prepare($query);
$stmt->bind_param("siis",$_SESSION['m'],$_GET['id'],$_GET['id'],$_SESSION['m']);
$stmt->execute();
$result = $stmt->get_result();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
Thanks for your valuable suggestions to fix this issue
|
|
|
|
|
I was using a PHP script for a simple message service without any issue upto PHP 7.4, but when I upgrade the PHP version into 8.1, it gives following error_log when trying to send a new message containing "'" eg: I'm ok brother
PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'm ok brother
')' at line 1 in send_message.php:9
Full code of send_message.php
<?php
include_once 'include/config.inc.php';
include_once 'include/options.inc.php';
include_once 'include/security.inc.php';
include_once 'include/functions.inc.php';
include_once 'templates/'.C_TEMP.'/config.php';
if( isset($_POST['message']) && isset($_POST['sender_id']) && isset($_POST['receiver_id']) && $_POST['message'] != "" && $_POST['sender_id'] != "" && $_POST['receiver_id'] != "")
{
mysqli_query($conn,"INSERT INTO ".C_MYSQL_MESSAGES."(`sender_id`,`receiver_id`,`message`) VALUES (".$_POST['sender_id'].",".$_POST['receiver_id'].",'".$_POST['message']."')");
echo 1;
}
else
{
echo 0;
}
?>
Please suggest me a solution
|
|
|
|
|
Add some code to print out the full statement when it is built. But a far better solution would be to use proper parameterised queries for database access. It has the advantage that you can quickly diagnose issues like this, but more importantly it protects you from SQL injection attacks.
|
|
|
|
|
Actually did you see anything wrong in that code?
When trying to store simple text message with ' character (I'm ok brother), it stops processing further and make above mentioned error_log.
mysqli_query($conn,"INSERT INTO ".C_MYSQL_MESSAGES."(`sender_id`,`receiver_id`,`message`) VALUES (".$_POST['sender_id'].",".$_POST['receiver_id'].",'".$_POST['message']."')");
I think
$_POST['message'] part or near has some issue
Can you help me to resolve?
|
|
|
|
|
Udaya Arunakantha wrote: Can you help me to resolve?
Yes, but you need to do what I suggested above. Whatever is causing the problem can only be discovered by displaying the complete message that MySQL is trying to process.
|
|
|
|
|
According to your tips, I was able to fix this issue by adding the following code line:
$_POST['message'] = mysqli_real_escape_string($conn, $_POST['message']);
|
|
|
|
|
That may work for now, but your code is still vulnerable to SQL injection attacks. You really should change to using proper parameterized queries for all SQL.
|
|
|
|
|
Yes I will have to check whole script, this is an old PHP script.
|
|
|
|
|
I decided to remove this post as it's not appropriate to ask huge support for free.
Sorry..
modified 11-Apr-23 12:39pm.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
