-
Who's Online 0 Members, 0 Anonymous, 330 Guests (See full list)
- There are no registered users currently online
All Activity
- Yesterday
-
Anyway. I should be OK. Covered XSS, SQLi (PDOs and such), and CSRF (using tokens) and hashed everything i should hash with salt 🥳
-
Thanks for looking at it. I manged to solve it.... the code looks like this now.... <script> // Function to initialize emoji selector for a comment section function initializeEmojiSelector(sectionId) { const section = document.querySelector(`.comment-section[data-section-id="${sectionId}"]`); const textarea = section.querySelector('.comment-textarea'); const emojiSelect = section.querySelector('.emoji-select'); const emojis = [ '(・ω・)', '(´・ω・`)', '(。♥‿♥。)', 'ヾ(⌐■_■)ノ♪', '(╯°□°)╯︵ ┻━┻' ]; // Populate the emoji selector dropdown emojis.forEach(emoji => { const option = new Option(emoji, emoji); // Create a new option element emojiSelect.add(option); // Add option to the dropdown }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { const cursorPos = textarea.selectionStart; // Get current cursor position const textBeforeCursor = textarea.value.substring(0, cursorPos); const textAfterCursor = textarea.value.substring(cursorPos); const newText = textBeforeCursor + selectedEmoji + textAfterCursor; textarea.value = newText; // Insert selected emoji at cursor position textarea.focus(); // Keep focus on textarea } }); } // Initialize emoji selectors for all comment sections on DOMContentLoaded document.addEventListener('DOMContentLoaded', function() { const commentSections = document.querySelectorAll('.comment-section'); commentSections.forEach(section => { const sectionId = section.getAttribute('data-section-id'); initializeEmojiSelector(sectionId); }); }); </script> <div class="comment-section" data-section-id="2"> <textarea class="comment-textarea"></textarea> <select class="emoji-select"></select> </div>
-
The only thing that will save us is web 3.0!!! 🤪
-
What "fallback"? It doesn't make sense to have a "fallback". What you're doing is altering the data being passed to your script. You're saying "yes, you did type one thing, but I'm going to change it and pretend you typed something else". There are two basic parts to things like HTML and SQL and JSON and the like: you have the bits with values that you want to fill in (data), and you have the bits that are not data but fundamentally define how the HTML/SQL/JSON works (structure). Sanitization is about making sure that the data stays "data" and never crosses over into "structure".
-
Thats a shame.. prob will be back once they learn they need to learn at some point in time.
-
When user selects emojiSelect2 ("select") it places the emoji into comment_text2.. but it only works on the first comment box.. I want to use the index increment to act as a unique identifier (indeed) and then use that in the functions parameter the javascript... this should then allow me to use the select form (including dropdown and textarea) for all the other comments,,.. should work just don't know how.
-
They'll be back when they realize that the AI generated code doesn't* do exacty what they wanted. *edit - I seemed to have missed out a critical word🙄
-
Ever since AI I have seen tech forums like this one become very quiet which isn't surprising.
-
Maybe. I have no way of knowing what you intend to do with the index and the function parameters. Two things to bear in mind ID values must be unique - you cant have several inputs all with the id="comment_text2" When you define an event listener on page load, it is only attached to elements that exist when the page has loaded and not to elements you add dynamically.
-
Oh, i always sanitize my inputs. But this is a bad idea for a fallback?
-
Can it not be done with index++ and function parameters? Maybe that would be more simple, and is kinda the direction I was going in.
-
1. Never modify $_GET and $_POST. 2. Never sanitize values ahead of time. 3. Always work with pure, unaltered values, and reserve sanitizing values until the very last step according to what you're doing with those values. So yes, there is a problem with that there. Don't do it. You should only ever be doing two(ish) things: use prepared statements for your SQL, and use htmlspecialchars when outputting an unknown value into HTML. More than that is probably wrong and going to create problems for yourself in the present and/or future.
-
I like to use data attribute on these occasions. NOTE: use a class name for the selects and another for the inputs. Don't use ids. Maintain a count of how many comments the user adds and increment each time they add a new one. When creating a new select and input, give them both a data-id attribute with the value of the count. When emoji selected, get the value of the select's data-id. Look for the input with the same data_id and insert the emoji.
-
user visits comment section user wants to input emoji via input/select - works on the first comment box, but there are multipul.. - doesnt work on comment box 2, 3,4 etc.. * seems to need a id of some sort inserted into the Javascript so that it can be used multi. Not sure how.
-
And how is the user expected to interact with it? Can you display a form with a select and an input text user enters comment user clicks "Save" form is posted and comment saved page reloads Rinse and repeat as many times as required?
-
Hi. Yes, infinite inputs/select. Its in a looped comment system. 🦄
-
It would help if you explained what you are trying to achieve. Code that doesn't work only shows us what you don't want to do. What do want to do (30?) times in a loop. For example... Are you meaning there may be 30 emojis, or there will be 30 select/input text pairs?
-
Anyone started using AI for code samples.. do we have to "adjust with the times" and embrace or totally distance ourselves? Is it the future? Will in the future we be placing AI gen code into objects daily? 😶🌫️ Got an opinion?
-
Hey! ... Is there any problem with using .. $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_FULL_SPECIAL_CHARS); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS); I use htmlspecialchars before on all my values already. Think of this as if i missed one. Is it OK?
-
I have this code (very cool)... document.addEventListener('DOMContentLoaded', function() { const emojiSelect = document.getElementById('emojiSelect2'); const inputText = document.getElementById('comment_text2'); const emojis = [ '(・ω・)', '(´・ω・`)', '(。♥‿♥。)', 'ヾ(⌐■_■)ノ♪', '(╯°□°)╯︵ ┻━┻' ]; // Populate the select dropdown with emojis emojis.forEach(emoji => { const option = document.createElement('option'); option.value = emoji; option.text = emoji; emojiSelect.appendChild(option); }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { inputText.value += selectedEmoji; this.selectedIndex = 0; // Reset dropdown to default option after selection } }); }); </script> Though I need to call it multiple times with no fixed number... <select id="emojiSelect2"> <option value="">Select an kaomoji</option> </select> <textarea name="comment_text" id="comment_text2" rows="2" cols="40" placeholder="Type comment reply here." required></textarea> ... here. This will loop a few times... say 30.. though my current code only allows the first iteration. I'm not very good at Javascript.,.. could someone show me how to write it to allow multiples inside the loop? Maybe gen an index(++) and drop that in. If so, how? Thanks guys and gals!
- Last week
-
You want to encrypt a stream using functionality that encrypts files? That doesn't sound right... "No such file or directory" sounds relevant. Does the $messageData file exist, and is it readable by PHP? Does the $encryptedMessage file exist, or at least its parent directory, and is it writable by PHP?
-
Anybody have any recommendations for a web-hosting provider that will offer PHP, SQL, email, and other assorted features that would be beneficial (like the ability to run CRON jobs, etc.)? @ginerjm I noticed in a recent thread that you cautioned against GoDaddy. Who would you suggest as an alternative?
-
Hi all, I have php-7.4.4-Win32-vc15-x86, installed and want to use openssl_pkcs7_encrypt in order to encrypt a stream. I prepare all input, checked all are ok, and after calling openssl_pkcs7_encrypt, if (!openssl_pkcs7_encrypt($messageData, $encryptedMessage, $filestream, [])) { // Check OpenSSL errors while ($error = openssl_error_string()) { echo "OpenSSL error: $error\n"; } } else { echo 'Encryption successful'; } I get error message: OpenSSL error: error:02001002:system library:fopen:No such file or directory OpenSSL error: error:2006D080:BIO routines:BIO_new_file:no such file Please note that the cert file is read using: $certfilepath = "C:/Users/user1/testfolder/test.cer"; $filestream = file_get_contents($certfilepath); I think something has to do with openssl environment, because everything else seems fine. Please help.
-
I agree with mac_gyver except for the use of OR in the WHERE clause. Consider this product table... +------------+-------------------------+ | product_id | description | +------------+-------------------------+ | 1 | Black mamba | | 2 | Fireball XL5 | | 3 | Single coat black paint | | 4 | Coat of many colours | | 5 | Black coat XL | | 6 | Not of interest | +------------+-------------------------+ Code... $search = 'coat black xl'; $params = array_map(fn($v)=>"%$v%" , explode(' ', $search)); $q1 = "SELECT description FROM product -- search query using OR WHERE description LIKE ? OR description LIKE ? OR description LIKE ? "; $q2 = "SELECT description FROM product -- search query using AND WHERE description LIKE ? AND description LIKE ? AND description LIKE ? "; Results... Results using OR +-------------------------+ | description | +-------------------------+ | Black mamba | | Fireball XL5 | | Single coat black paint | | Coat of many colours | | Black coat XL | +-------------------------+ Results using AND +---------------+ | description | +---------------+ | Black coat XL | +---------------+ A couple of other options are open to you FULLTEXT Add fulltext index on description and $q3 = "SELECT description , MATCH(description) AGAINST('coat black xl') as relevance FROM product WHERE MATCH(description) AGAINST('coat black xl') ORDER BY relevance DESC " ; +-------------------------+-------------------+ | description | relevance | +-------------------------+-------------------+ | Black coat XL | 0.18123811483383 | | Single coat black paint | 0.18123811483383 | | Coat of many colours | 0.090619057416916 | | Black mamba | 0.090619057416916 | +-------------------------+-------------------+ NOTE: with fulltext, words of 3 or less characters (eg "XL") are ignored. Use separate columns for category, colour and size and search on those.