Jump to content

colap

Members
  • Posts

    302
  • Joined

  • Last visited

Profile Information

  • Gender
    Male

colap's Achievements

Advanced Member

Advanced Member (4/5)

0

Reputation

  1. Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax?
  2. I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?
  3. I want to unset session variable from inside function which is passed as function parameter. In this way: [codeunset($_SESSION['msg']); [/code]
  4. <?php if(session_id() == '') { session_start(); } $_SESSION['msg']="Updated."; psession($_SESSION['msg']); function psession($msg){ echo $msg; unset($msg); } ?> This doesn't unset $_SESSION['msg']. How can I unset it?
  5. @Jacques1, Why do you need to require_once(); before session_start();? <?php require_once(''h.php"); session_start(); ?> We can use htmlspecialchars() for escaping and can skip using twig for escaping.
  6. @Jacques1, Some say twig is slower than php. How true is it? http://stackoverflow.com/questions/9363215/pure-php-html-views-vs-template-engines-views Regardless, the use of PHP is still the fastest and most versatile way of templating.
  7. @Jacques1, We do with twig: echo $twig->render('page.php', array('vr' => constant('Twig_Environment::VERSION') )); Isn't it similar to: require_once('page.php'); What does twig do inside echo $twig->render(...);?
  8. How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.
  9. @cyberRobot, We see, there are php mvc frameworks with a form class. They call the form class functions to make html form and input elements. How do they do it then?
  10. I want to change my login account/username too. I want to login with "cola" not "php-coder".
  11. Is it possible to change my username from "php-coder" to "cola" ?
  12. @Jacques1, You also told about cookies and sessions problem with require_once('content.php'); Can you please explain this also with example code? And what is that php-sandbox? Isn't depending on external third party library like twig a problem when you upgrade your project? Is it possible to avoid using template library or is it possible to do the same functionality with only plain php instead of using twig?
  13. function change_password_form() { $change_password_form=""; $change_password_form=$change_password_form . '<form method="POST" action="change_password.php"> <div>Type new password</div> <div><input type="password" size="40px" name="new_password" /></div> <div>Type new password again</div> <div><input type="password" size="40px" name="new_password2" /></div> <div><input type="submit" value="Change Password" /></div> </form>'; return $change_password_form; } Is there any problem with this above code? Normally I was suggested to write php code inside html tag like this: <form method="POST" action="p.php"> <input type="text" name="myname" value="<?php echo $somevalue; ?>" /> <input type="submit" name="submi" value="Submit" /> </form> What's the difference between these two? <title>My Title</title> $mytitle='My Title'; <?php echo "<title>$mytitle</title>"; ?> Is there any problem if I echo html tag with php or make php string with html tag?
  14. Is depending on third party library good? Isn't twig written in php? So why can't we make something like twig with plain php? {{ content }} , isn't it similar to require_once('content.php');? How did twig make this? What's the php code behind {{ content }} by twig? Can you explain this with example code? I'm also curious to know about security issues of require_once('content.php');
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.