Replies
- ParticipantLevel: InitiatedPosts: 8
Hi Brajesh,
As expected, your code works like a charm! Thank you very much.
If you have the time to one last advice, about the timestamp format in the update function, this would be great. I’m trying to improve my attention on security matters, but I know nothing about SQL injections… But I won’t avoid this subject, of course.If you don’t have the time, no worries.
Thanks a lot, again, you have no idea ho much you’ve helped me.
Have a nice day!
Goyelle
- ParticipantLevel: InitiatedPosts: 8
Hi Brajesh, thank you again for your help!
I had a doubt about the “=” and checked the different comparison operators, then first changed to “==” but as you guess, it didn’t work either!
Thanks for your clarification, I will change that later, learn more about selecting a variable and get back.
Thanks a lot again, you “hope it helps” but it sure will!
Regards,
Goyelle
- ParticipantLevel: InitiatedPosts: 8
I found a solution! This site is my lucky charm, after so many days…
I couldn’t understand why the update code was executed while the condition wasn’t true – and sometimes not, and actually I still don’t get it, but I changed the control and the comparison like that:
$results = $wpdb->get_var( "SELECT COUNT(*) FROM $table WHERE form_id = $forformid AND userID = $foruserid",ARRAY_A);
became
$results = $wpdb->get_row( "SELECT * FROM $table WHERE userID = $foruserid AND form_id = $forformid",ARRAY_A);and
if ($results=1)
became
if (!empty($results))The function is now:
public function save() { global $wpdb; $table = $wpdb->prefix .'hf_submissions'; $data = array( 'data' => json_encode( $this->data ), 'form_id' => $this->form_id, ); foreach( array( 'userID', 'ip_address', 'user_agent', 'submitted_at', 'referer_url', ) as $prop ) { $data[ $prop ] = $this->$prop; } $foruserid = $data['userID']; $forformid = $data['form_id']; $results = $wpdb->get_row( "SELECT * FROM $table WHERE userID = $foruserid AND form_id = $forformid",ARRAY_A); if (!empty($results)){ $wpdb->update( $table, $data, array( 'userID' => $foruserid, 'form_id' => $forformid) ); } else { if( ! empty( $this->id ) ) { $wpdb->update( $table, $data, array( 'id' => $this->id ) ); return; } // insert new row $num_rows = $wpdb->insert( $table, $data ); if( $num_rows > 0 ) { $this->id = $wpdb->insert_id; } } }I can know store form data from different users and different forms, one and only row for each pair on the user id and the form id, I can update or insert forms!
Now I need to add the format parameter to protect the update command from SQL injection, that’s right?
I can’t find the right format for the timestamp data. Is it a string? If anyone know, I’d be happy to know as well!If anyone can tell me if my code is ok or awful, it would be a great help to improve myself. I’m trying to understand so many things that I can’t judge the efficiency of my code and its security level.
Maybe this would help anyone else too, anywhere else.
Thanks in advance!
Goyelle
- ParticipantLevel: InitiatedPosts: 8
Hi Brajesh,
Thanks again, I’m sorry, I read too fast the path you gave me (I did’nt even see the typo).
Moving the changed home.php file from:wp-content/themes/orbis-child/mediapress/templates/mediapress/default/buddypress/groups/home.php to yourtheme/mediapress/default/buddypress/groups/
to:
wp-content/themes/orbis-child/mediapress/default/buddypress/groups/home.php to yourtheme/mediapress/default/buddypress/groups/
was the right way to do it! I clear that in case someone would need this.
I’m really grateful, thank you for your time! I’m changing this topic status to “solved”.
Have a nice day,
Goyelle
- ParticipantLevel: InitiatedPosts: 8
Hi, thank you so much!
I couldn’t find the right CSS class but I’m glad I wasn’t completely mistaken when I trid to fix this.
It’s working when I change it directly in the file which is in this plugin folder, but not when I copy home.php in folders with the same path in my child theme folder. I guess I’m not doing it the right way. I’ll try to fix this later.Thank you very much for your time and efficiency! You’re awesome.
Regards,
Goyelle - ParticipantLevel: InitiatedPosts: 8
- ParticipantLevel: InitiatedPosts: 8
Maybe a little bit of code could be interesting, the two are in the
<div id="item-body" class="item-body">element:– Here is the HTML code of the member page (subnav ok):
<nav class="bp-navs bp-subnavs no-ajax user-subnav" id="subnav"> <ul class="subnav"> <li id="gallery-my-gallery-personal-li" class="bp-personal-sub-tab current selected" data-bp-user-scope="my-galleries"> <a href="http://localhost/[mysitename]/members/[myusername]/mediapress/" id="gallery-my-gallery"> My Gallery </a> </li> <li id="create-personal-li" class="bp-personal-sub-tab" data-bp-user-scope="create"> <a href="http://localhost/[mysitename]/members/[myusername]/mediapress/create/" id="create"> Create a Gallery </a> </li> <li id="type/photo-personal-li" class="bp-personal-sub-tab" data-bp-user-scope="type/photo"> <a href="http://localhost/[mysitename]/members/[myusername]/mediapress/type/photo/" id="type/photo"> Photo </a> </li> <li id="type/video-personal-li" class="bp-personal-sub-tab" data-bp-user-scope="type/video"> <a href="http://localhost/[mysitename]/members/[myusername]/mediapress/type/video/" id="type/video"> Video </a> </li> <li id="type/audio-personal-li" class="bp-personal-sub-tab" data-bp-user-scope="type/audio"> <a href="http://localhost/[mysitename]/members/[myusername]/mediapress/type/audio/" id="type/audio"> Audio </a> </li> </ul> </nav>Here is the code on the group page (not well-styled):
<div role="navigation" id="subnav" class="item-list-tabs no-ajax mpp-group-nav"> <ul> <li> <a href="http://localhost/[mysitename]/groupes/[mygroupname]/mediapress"> All Galleries </a> </li> <li> <a href="http://localhost/[mysitename]/groupes/[mygroupname]/mediapress/my-gallery/"> My Galleries </a> </li> <li> <a href="http://localhost/[mysitename]/groupes/[mygroupname]/mediapress/create?_wpnonce=91aff55c29"> Create Gallery </a> </li> </ul> </div>Thank you again!
Regards,
Goyelle - ParticipantLevel: InitiatedPosts: 8
