Posted by Steve on 10/17/06 21:03

| > $add = isset($_REQUEST['add']);
| > $back = isset($_POST['back']);
| > $confirm = isset($_POST['confirm']);
| > $delete = isset($_REQUEST['delete']);
| > $edit = isset($_REQUEST['edit']);
|
| too many variables - so wrong for me you should to use only one and
compare
| bits in this variable
| for example delete = 1, add =2, edit = 4 ....and so on 2^x otherwise some1
| can send you all values at the same time - and your script won't work
| correctly so code below will produce an "error" i will remove it
| temportary - you know what you wrote there :)

OMG.

do you realize that for any language you write, executable time spent inside
YOUR code is less than 1%...even in moreso for scripting languages. too many
variables...LOL

do you also realize that MOST developers aren't familiar with how bitmasks
work. the goal in writting successful software is making it
maintainable...which necessitate legibility and understandability.

but hey, i can take your heat. at least mine is a response in concern and
kindness...NOT CALLING ANYONE STUPID FROM THE GET-GO.

| $id = isset($_REQUEST['id']) ?
| $_REQUEST['id'] : 0;
| $personFirstName = isset($_REQUEST['personFirstName']) ?
| $_REQUEST['personFirstName'] : '';
| $personMiddleName = isset($_REQUEST['personMiddleName']) ?
| $_REQUEST['personMiddleName'] : '';
| $personLastName = isset($_REQUEST['personLastName']) ?
| $_REQUEST['personLastName'] : '';
| $personUserName = isset($_REQUEST['personUserName']) ?
| $_REQUEST['personUserName'] : '';
| $personPassword = isset($_REQUEST['personPassword']) ?
| $_REQUEST['personPassword'] : '';
| $personRePassword = isset($_REQUEST['personRePassword']) ?
| $_REQUEST['personRePassword'] : '';
| $personEmail = isset($_REQUEST['personEmail']) ?
| $_REQUEST['personEmail'] : '';
| $personPhoto = isset($_REQUEST['personPhoto']) ?
| $_REQUEST['personPhoto'] : '';
| $setSiteAccess = isset($_REQUEST['setSiteAccess']) ?
| $_REQUEST['setSiteAccess'] : false;
| $copyUserPermissions = isset($_REQUEST['copyUserPermissions']) ?
| $_REQUEST['copyUserPermissions'] : false;
| $passwordMismatch = strtolower($personPassword) !=
| strtolower($personRePassword);
|
|
| you don't check values - wrong for me some cant set it manualy

the goal here, tard is simply to assign WHATEVER value to the
variables...rather than placing validation ALL OVER THE FREAKING PLACE. if
you look further down the code, THIS is where i validate the data coming
in...suck as the EMAIL address. what else IS there to validate, chump?

| (error will ocure there)
| > if ($back)
| > {
| > $add = false;
| > $delete = false;
| > $edit = false;
| > $method = '';
| > }
| > if ($confirm)
| > {
| > $add = false;
| > $delete = false;
| > $edit = false;
| > $method = '';
| > $sql = "
| >> if (!($delete || $confirm) && $method == 'put')
| > {
| > $sql = "
| > SELECT COUNT(*) PersonExists
| > FROM people
| > WHERE Id != '" .
| > $db->prepare($id) . "'
| > AND LOWER(UserName) = LOWER('" .
| > $db->prepare($personUserName) . "')
| > ";
| > unset($records);
| > $records = $db->execute($sql);
| > $personExists = $records[0]['PERSONEXISTS'] ? true : false;
|
| if your execute command don't use stripslaslehs then next error

you say this without knowing how my db::prepare() function work...you
fucking tard! see, i told you you were a troll. besides depending on how my
server is setup, i DON'T NEED TO STRIPSLASHES...nooby!

| (here next error from your values)
|
| > if ($action == 'add')
| > {
| > $sql = "
| > INSERT INTO people
| > (
| > FirstName ,
| > MiddleName ,
| > LastName ,
| > UserName ,
| > Password ,
| > Email
| > )
| > VALUES
| > (
| > '" . $db->prepare($personFirstName) . "' ,
| > '" . $db->prepare($personMiddleName) . "' ,
| > '" . $db->prepare($personLastName) . "' ,
| > '" . $db->prepare($personUserName) . "' ,
| > '" . $db->prepare($personPassword) . "' ,
|
| i preffer second type of insert much better - so hard to make mistake,
| you store not encoded password - wrong for me

thank GAWD i'm not doing things the way YOU prefer! lol. good programming in
general is wrong for you!

| <br>
| > <div class="bullet" style="background:white no-repeat url('<?=
| > $site->imagesDirectory ?>bullet.jpg');">
| > People
| > </div>
| > <hr>
|
| again mistakes in this code (semantci error) - if some1 will see it then
| ROTFL - if you use css then dont use style in code this is .......

no mistakes that i see. wanna point them out in particular. you should
peruse w3c specs before you answer, as it is ENTIRELY appropriate to have a
css define an entity while using inline style to over-ride the base settings
in the css for said entity...since one is applied after the other. nooby.

|
| > <script language="javascript">
| > var skipValidation = false;
| > function validate()
|
| good solution is pass form to this function - onsubmit="validate(this)"

a compliment? no fucking way!

| > {
| > if (skipValidation){ return true; }
| > var warning = new String();
| > var el = record.personFirstName;
|
| document.record.....

document is assumed...read w3c and javascript spec. a bit more closely.

|
| > if (warning.length == 0 && trim(el.value) == '')
| > {
| > warning = "FIRST NAME is required.";
| > }
| > var el = record.personLastName;
| > if (warning.length == 0 && trim(el.value) == '')
| > {
| > warning = "LAST NAME is required.";
| > }
| > var el = record.personUserName;
| > if (warning.length == 0 && trim(el.value) == '')
| > {
| > warning = "USER NAME is required.";
| > }
| > var el = record.personEmail;
| > if (warning.length != 0 && !isEmail(el.value))
| > {
| > warning = "Invalid EMAIL.";
| > }
|
| did you see what you wrote ???? what do you think will be the error msg
when
| some1 won't fill any data? - the last error only!
| totaly wrong and no sense to to check all fields waste of processor time,
if
| one error then show it or just store all errors and show all at the same
| time

yes, i know what i wrote..fucking moron. YOU JUST DON'T UNDERSTAND IT. the
part you snipped is the part that sets focus on the FIRST INCORRECT DATA
ELEMENT SUPPLIED. i don't need to show ALL errors ALL at once...that is
confusing for the user...not that USER EXPERIENCE CONCERNS YOU!

plus...this is sample code. take it for what it is if there ARE
shortcomings.

|
| > unset($records);
| > $records = $db->execute($sql);
| > $id = $records[0]['ID'];
| > $personFirstName = $records[0]['FIRSTNAME'];
| > $personMiddleName = $records[0]['MIDDLENAME'];
| > $personLastName = $records[0]['LASTNAME'];
| > $personUserName = $records[0]['USERNAME'];
| > $personPassword = $records[0]['PASSWORD'];
| > $personRePassword = $records[0]['PASSWORD'];
| > $personEmail = $records[0]['EMAIL'];
|
| same here if no stripslashes execute then next error
|

same answer as before, you degenerate noob.


| > if (count($errors))
| > {
| > $displayedErrors = array_unique(array_values($errors));
|
| why? if you use text as a key in array there is no chances you will have 2
| same errors for same field otherwise if you will use same msg for errors
on
| few fields then just make more userfriendly msg and let him know what is
| wrong in msg not only check the fields

your limited imagination kills me! two fields may constitue the same error
description one and or both may be at fault, thus generating said
description. i simply want to show the error description once, you mindless
cad!

|
| > Password
| > <span style="color:#660000; font-size:10pt;"><?=
| > (isset($errors['personPassword']) ? '*' : '') ?></span>
| > </td>
| > <td colspan="2">
| > <input class="value"
| > name="personPassword"
| > maxlength="255"
| > type="text"
|
| no comment ... - wrong for me
|
|
| > Password Confirmation
| > <span style="color:#660000; font-size:10pt;"><?=
| > (isset($errors['personRePassword']) ? '*' : '') ?></span>
| > </td>
| > <td colspan="2">
| > <input class="value"
| > name="personRePassword"
| > maxlength="255"
| > type="text"
|
| again
|

again what? stripslashes are completely a matter of server configuration.
or, didn't you know that?!!!

|
| > <input name="confirm" type="submit" style="cursor:'hand';
| > width:100px;" value="Confirm&nbsp;" onclick="skipValidation=true;">
|
| cursor: hand deprecated, i won't write more about your tableless code and
| css :P

yeah, i usually use cursor:pointer since it jives in firefox...oh well, you
actually made a valid point! big fucking deal. and just so you know, hand is
an IE thing...POINTER is a w3c thing...so there HAS NEVER been a
depreciation of ANYTHING. toad.

| > <input name="delete" type="submit" style="cursor:'hand';
| > width:100px;" value="Delete&nbsp;" onclick="skipValidation=true;">
|
| value="Delete&nbsp;" - great

couldn't care less.

| > </form>
| > <script language="javascript">
| > record.personFirstName.focus();
| > record.personFirstName.select();
|
| document.record.....

read more specs and you may grow an understanding of js.

| > $lastSort = isset($_REQUEST['lastSort']) ?
| > $_REQUEST['lastSort'] : '';
| > $sort = isset($_REQUEST['sort']) ?
| > $_REQUEST['sort']
| >> 'LASTNAME';
| > $sortDirection = isset($_REQUEST['sortDirection']) ?
| > $_REQUEST['sortDirection'] : 'ASC';
| > if ($sort == $lastSort){ $sortDirection = $sortDirection == 'ASC' ?
| > 'DESC' : 'ASC'; }
|
| again you dont check values - wrong for me
|

again, i'm simply ASSIGNING the values to variables. validation is
elsewhere. you should note how terribly consistant i am in methodology. see
how that helps in code maintenance and understandability? oh well, probably
not.

| > $lastSort = $sort;
| >
| > $group = $_REQUEST['group'];
| > $page = $_REQUEST['page'];
| > $pages = $_REQUEST['pages'];
|
| again you dont check values - wrong for me

get a clue!

| > $recordsPerPage = $_REQUEST['recordsPerPage'];
| > if (!is_numeric($group)){ $group = 0; }
| > if (!is_numeric($page)){ $page = 1; }
| > if (!is_numeric($pages)){ $pages = 5; }
| > if (!is_numeric($recordsPerPage)){ $recordsPerPage = 10; }
|
| totaly wrong 123.45 is numeric too so next code is totaly wrong too .....

you're an imbassil...run 123.45 through the algorythm and see if the math
fails to work! idiot!

| > $sql = "
| > SELECT COUNT(*) RecordCount
| > FROM people
| > ";
| > unset($records);
| > $records = $db->execute($sql);
| > $recordCount = $records[0]['RECORDCOUNT'];
| > $currentPage = $page;
| > $group = floor((($page - 1) * $recordsPerPage) /
| > ($recordsPerPage * $pages));
| > $navigation = array();
| > $page = $group * $pages + 1;
| > $lastPage = $page + $pages;
| > $maxPages = ceil($recordCount / $recordsPerPage);
| > $range = ($currentPage * $recordsPerPage) - $recordsPerPage;
| > if ($group)
| > > style="border-bottom:1px solid lightsteelblue; border-right:1px
| > solid lightsteelblue; cursor:pointer; font-size:8pt;"
| > title="Click to sort"
| > onclick="document.location='<?= $_SERVER['PHP_SELF']
| > ?>?lastSort=<?= $lastSort ?>&sortDirection=<?= $sortDirection
| > ?>&sort=LASTNAME'" >Last Name</th>
| >
|
| .... you should have a array with possible sort and with loop make it and
| pass ofc only int value no string as a $sort
| thech check array_key_exists in this array and use value in query and you
| will have error handler for this one variable

if a user wants to fuck with the query string, let them. the results are
simply what they are whether good or bad. it doesn't effect anything
involving security or data integrity...which is my concern. you may happily
fuck off now.


| > $sql = "
| > SELECT Id ,
| > FirstName ,
| > MiddleName ,
| > LastName ,
| > UserName ,
| > Email
| > FROM people
| > ORDER BY " . $sort . " " . $sortDirection . "
| > LIMIT " . $range . ", " . $recordsPerPage . "
|
| db inssues for your code - means next error


nope.

|
| > <a
| > class="menuItem"
| > href="<?= $_SERVER['PHP_SELF']?>?edit=1&id=<?= $record['ID']
| > ?>" style="font-size:7.25pt; font-weight:normal;
| > text-decoration:underline; white-space:nowrap;"
| > title="EDIT [ <?= $description ?> ]"
| > >Edit &#9655;</a>
| > <br>
| > <a
| > class="menuItem"
| > href="<?= $_SERVER['PHP_SELF']?>?edit=1&delete=1&id=<?=
| > $record['ID'] ?>"
| > style="font-size:7.25pt; font-weight:normal;
| > text-decoration:underline; white-space:nowrap;"
| > title="DELETE [ <?= $description ?> ]"
| > >Delete &#9655;</a>
|
| here is your first error should be passed $action variable with int value
| and then error handling

no error...why not set this up on your server and try to make it blow up.

| i was so tired and i show you only few most important mistakes my
| experienced i18n developer, have fun :)


most of what you call 'mistakes' are from your lack of understanding and
experience. like i said, set this up on your server and make it blow up. use
different browsers...make it blow up. use different whatever...make it blow
up.

you may fuck off now.

• Next in forum: Re: on input form showing error message for duplicate entry.
• Prev in forum: Re: on input form showing error message for duplicate entry.
• Thread view: Re: on input form showing error message for duplicate entry.

[Reply to this message]