What is wrong with this code?: PHPFusion 9 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Trying to infuse a new infusion I get this error generated in my admin folder:

Code Download source

redirect(FUSION_SELF.$aidlink."&error=".$error);

It doesn't like the equals sign in &error=
Please help.

0 replies

Let me show you the entire coding:

Code Download source

$tabsettings = dbarray(dbquery("SELECT * FROM ".DB_BOOTSTRAP_TABS.""));
$error = 0;
if (isset($_POST['savesettings'])) {
 $result = dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
   bs_tab_style='".(isNum($_POST['bs_tab_style']) ? $_POST['bs_tab_style'] : "0")."',   
   if (!$result) { $error = 1; }
   redirect(FUSION_SELF.$aidlink."&error=". $error);
}

Also when I try to infuse I get an admin message saying "This item cannot be infused" however, it creates the table and adds the admin rights to the admin table. The table is static and does not have a Primary Key or an Index. Could that be the problem? I am running 9.10.10

0 replies

Your code is not safe at all. It's bad practise to put values directly into sql query.

Better and much safer (not tested)

Code Download source

if (check_post('savesettings')) {
   $data = [
      'bs_tab_style' => sanitizer('bs_tab_style', 0, 'bs_tab_style'),
   ];

   dbquery_insert(DB_BOOTSTRAP_TABS, $data, 'update');

   // this is the same thing but it doesn't look good
   /*dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
    bs_tab_style=:bs_tab_style,
   ", [
    ':bs_tab_style' : post('bs_tab_style', FILTER_SANITIZE_NUMBER_INT),
   ]);*/

   if (fusion_safe()) {
      addnotice('success', 'Updated....'); // thanks to sessions, after refresh you will see the notice and no need old style error messages
      redirect(FUSION_SELF.$aidlink);
   }
}

Also instead of $_POST['...'] you should use post('...') .

check_post('....') or for array check_post(['....']) is the same as isset($_POST['....'])
post('....') or array post(['....']) is the same as $_POST['....']
The same thing is for $_GET = get(), check_get()

First value is what you want to check and second sanitize filter https://www.php.net/manual/en/filter....nitize.php

Quote

This item cannot be infused

Probably you have already in DB tables that should be normally installed, if you delete em it should works but again check error logs

0 replies

@RobiNN Thanks man this is FINALLY some very valuable information! It's really hard to gather pertinent info from the docs and there are really not many ver9 infusions to glean from. I still don't really comprehend the multilanguage table stuff but maybe I'll try with this infusion.
Also I gather from your code that's it's ok to do more than 1 data field like this:

Code Download source

if (check_post('savetab1settings')) {
 $data = [
 'tab1_enable' => sanitizer('tab1_enable', 0, 'tab1_enable'),
 'tab1_name' => sanitizer('tab1_name', 0, 'tab1_name'),
 'tab1_content' => sanitizer('tab1_content', 0, 'tab1_content'),
 ];
 dbquery_insert(DB_BOOTSTRAP_TABS, $data, 'update');
 if (fusion_safe()) {
 addnotice('success', 'Updated....'); // thanks to sessions, after refresh you will see the notice and no need old style error messages
 redirect(FUSION_SELF.$aidlink);
 }
}

Maybe once I fix all the bad code it'll infuse but so far I have not been able to get it to infuse. I have checked everything I know to check. When it fails I have to go in and delete the table and the admin rights to try again.

0 replies

I documented over 200 core functions in new documentation https://www.php-fusion.co.uk/docs/ but these post(), get() etc. functions need be added.

I think it's much easier to find and understand something in this new documentation, I've added usage examples to probably every documented function. But writing everything takes some time. Btw. I wrote this new system completely from the scratch, every single page + the system itself and it's separated from PHPFusion core, so if something will not work on mian site, docs should be fine.

Anyway you can find em in this file https://github.com/PHPFusion/PHPFusio...L658-L1097.
I don't know if all, but most functions have a description, so you can find out what they do without documentation.

---

Here the second value is default, so if $_POST is empty, it will be used. And if post is string then set default value to empty string and not integer.

Code Download source

 $data = [
 'tab1_enable' => sanitizer('tab1_enable', 0, 'tab1_enable'),
 'tab1_name' => sanitizer('tab1_name', '', 'tab1_name'), // i assume this is string
 'tab1_content' => sanitizer('tab1_content', '', 'tab1_content'), // and this too
 ];

It's important for MySQL driver (many users probably uses MySQL PDO, but is good to have fully functional infusions on both versions). There was many bugs in core due to this.

Quote

so far I have not been able to get it to infuse

Did you checked infusions table? Maybe there is stored your infusion, if so delete because system thinks it's installed. Another reason could be incorrect sql query, but this info you can find in Error log. It shows stack trace that show exactly where is problem.

0 replies

@RobiNN Hard to post on my phone. I know that you must get very frustrated with so many people asking so many dumb questions. You don't show it though. You are so very much appreciated RobiNN and I for one am very appreciative. I'm a 72 year old dude on the last few miles of my life. Just want to say that there have been so many changes so fast it's hard to keep up. Bur I'm trying.

0 replies

This is by far the most incredibly frustrating and hair pulling thing I have ever encountered since I've been working with PHP-Fusion all the way back to ver6. No matter what I do my infusion refuses to INFUSE. I have corrected all the errors that were obvious, edited ALL of the files. I get weird errors from 'administration/infusions.php' and cannot figure out why. Here's the first error of 3:

Code Download source

foreach ($infs as $i => $inf) {
$adminpanel = !empty($inf['mlt_adminpanel'][LANGUAGE][0]) ? $inf['mlt_adminpanel'][LANGUAGE][0] : $inf['adminpanel'][0];
 Line 70 -- 1 hour ago
Undefined offset: 0

This is version 9.10.20: Has mlt table definitions become a requirement?
This is the second error:

Code Download source

$title = $inf['status'] > 0 ? '<a
 href="'.INFUSIONS.$inf['folder'].'/'.$adminpanel['panel'].fusion_get_aidlink().'">'.$inf['title'].'</a>' : $inf['title'];
 Line 89 -- 1 hour ago
Trying to access array offset on value of type null

It's almost as if it's not reading the locale file.
This is the third error:

Code Download source

echo "<div class='hidden-xs hidden-sm col-md-1 col-lg-1'><span class='badge'>".$adminpanel['rights']."</span></div>n";
 Line 93 -- 1 hour ago
Trying to access array offset on value of type null
echo "<div class='hidden-xs hidden-sm col-md-2 col-lg-1'>".(!empty($inf['version']) ? $inf['version'] : '')."</div>n";
95     echo "<div class='hidden-xs hidden-sm col-md-12 col-md-offset-2 col-lg-3 col-lg-offset-0'>".($inf['url'] ? "<a href='".$inf['url']."'
 target='_blank'>" : "")." ".(!empty($inf['developer']) ? $inf['developer'] : $locale['410'])." ".($inf['url'] ? "</a>" : "")."
 <br/>".($inf['email'] ? "<a href='mailto:".$inf['email']."'>".$locale['409']."</a>" : '')."</div>n";

Any inkling what's going on here?? It's as if it just can't read my infusion.php properly>

0 replies

This infusion team has a simple code so you can check how it works and mlt is not required (and never will be).

0 replies

User rights are unique?

In the past this was causing me a headache

0 replies

No that's not the problem. I actually have it working now. I'm really ashamed to admit what I found wrong. In my insert dbrow I had 4 fields that were separated by periods instead of commas. I have to figure out how to increase the font size in my home editor. Also my eyesight is declining rapidly. Any way it now works. Now I can work on the css and bootstrap stuff. Here is my url:
https://vortex.whisperwillow.net

Edited by Grimloch on 11-02-2022 07:45, 2 y

0 replies

@RobiNN
Hey man I just tried your code on my now fully functioning infusion and it doesn't work.

Code Download source

if (check_post('savetab1settings')) {
 $data = [
 'tab1_enable' => sanitizer('tab1_enable', 0, 'tab1_enable'),
 'tab1_name' => sanitizer('tab1_name', '', 'tab1_name'),
 'tab1_content' => sanitizer('tab1_content', '', 'tab1_content'),
 ];
 dbquery_insert(DB_BOOTSTRAP_TABS, $data, 'update');
 if (fusion_safe()) {
 addnotice('success', 'Updated....'); // thanks to sessions, after refresh you will see the notice and no need old style error messages
 redirect(FUSION_SELF.$aidlink);
 }
}

The db fields are NOT updated; why is that?

Edited by Grimloch on 13-02-2022 08:23, 2 y

0 replies

You also need to send primary key. E.g. 'tab1_id' => sanitizer('tab1_id', 0, 'tab1_id'), and in form add hidden input that has current id as value. Function dbquery_insert should autodetect it, but not always it's possible to detect.

0 replies

Then I may not be able to use that coding because my db table is static; non-incrementing though there is a primary key defined. All input to the db are UPDATES not INSERTS. Does that make a difference?

0 replies

Then set tab1_name as primary key dbquery_insert(DB_BOOTSTRAP_TABS, $data, 'update', , ['primary_key' => 'tab1_name']);

You can also always check codes in other infusions or core to see how to use it.

If for some reason the dbquery _insert does not work in your code, use dbquery

Code Download source

dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
 tab1_enable=:tab1_enable,....
 ", [
 ':tab1_enable' : post('tab1_enable', FILTER_SANITIZE_NUMBER_INT),
]);

0 replies

OK here's what I've decided. Every infusion I've ever used or created have all used the isset, $post, $get, etc. variables and I've never experienced a problem of any sort. I have my infusion working perfectly as is so I'm going to stick with the "old school" way of doing things because it just works. It's working so well that I have absolutely NO errors at all on version 9.10.10 AND version 9.10.20. Thanks for your attempts ay helping me RobiNN as always.

0 replies

Well, I expected this. But I wanted you show much better and safer alternative and ofc. it takes patience if you've never worked with it.
At least use query params like this for some small security

Code Download source

dbquery("UPDATE table SET column=:value1", [
 ':value1' : 'value',
]);

Never puts php code directly into SQL query because it opens door for SQL Injections.

Old school v7 code style is bad and not safe at all. Problem is that people who used v7, learned from it really bad practices because system itself was coded to be simple as possible and this is bad in complex systems. And now, if someone sees v9, it scares them.

0 replies

Truthfully it scared the hell out of me at first but I've slowly learned bits and pieces of it and some things are relatively easy and others are very hard to grasp. But I will try the code above and see what happens. Thanks RobiNN.

0 replies

OK RobiNN. I still don't quite get it. How would I convert this:

Code Download source

$tab2_name = ""; 
$tab2_content = "";
$tabsettings = dbarray(dbquery("SELECT * FROM ".DB_BOOTSTRAP_TABS.""));
if (isset($_POST['savetab2settings'])) {
 $result = dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
   tab2_enable='".(isNum($_POST['tab2_enable']) ? $_POST['tab2_enable'] : "0")."',
   tab2_name='".stripslashes($_POST['tab2_name'])."',
   tab2_content='".addslashes($_POST['tab2_content'])."'");
}

To this:

Code Download source

$tab2_name = ""; 
$tab2_content = "";
$tabsettings = dbarray(dbquery("SELECT * FROM ".DB_BOOTSTRAP_TABS.""));
if (check_post('savetab2settings')) {
 $data = [
 'tab2_enable' => sanitizer('tab2_enable', 0, 'tab2_enable'),
 'tab2_name' => sanitizer('tab2_name', '', 'tab2_name'),
 'tab2_content' => sanitizer('tab2_content', '', 'tab2_content'),
 ];
 dbquery_insert(DB_BOOTSTRAP_TABS, $data, 'update');
 if (fusion_safe()) {
 addnotice('success', 'Updated....'); // thanks to sessions, after refresh you will see the notice and no need old style error messages
 redirect(FUSION_SELF.$aidlink);
 }
}

I forgot to mention that my infusion is ADMIN input only; no user input.

Edited by Grimloch on 14-02-2022 05:33, 2 y

0 replies

A good start would be to simply use query parameters

Your code

Code Download source

$result = dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
   tab2_enable='".(isNum($_POST['tab2_enable']) ? $_POST['tab2_enable'] : "0")."',
   tab2_name='".stripslashes($_POST['tab2_name'])."',
   tab2_content='".addslashes($_POST['tab2_content'])."'
");

The same code but values are set via query parameters

Code Download source

$result = dbquery("UPDATE ".DB_BOOTSTRAP_TABS." SET
   tab2_enable=:tab2_enable,
   tab2_name=:tab2_name,
   tab2_content=:tab2_content
", [
   ':tab2_enable' => (isNum($_POST['tab2_enable']) ? $_POST['tab2_enable'] : "0"),
   ':tab2_name' => stripslashes($_POST['tab2_name']),
   ':tab2_content' => addslashes($_POST['tab2_content']),
]);

0 replies

Thanks RobiNN as always; I got everything updated and it works great! I have another unrelated question. I have searched and searched and cannot figure where to make changes. My friend and I are both frustrated because the width of the panels in the Atom-X theme are not the same. We would love to be able to increase the width of the left panels to match the right OR decrease the width of the right panels. To us it's not aesthetically pleasing that they are different.

0 replies

Here you can change size of left and right panelsL77-L78

$right = ['sm' => 3, 'md' => 2, 'lg' => 2]; If you set 2 for right, then it will have the same width as left side, and more space for main content.

0 replies

Category Forum

Modifications and Requests - 9

Labels

9.10

Statistics

Views 0 views
Posts 22 posts
Votes 0 votes
Topic users 3 members

3 participants

Notifications

Track thread

You are not receiving notifications from this thread.

What is wrong with this code?

22 posts

PHPFusion

Resources

Community

Development