Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 09/11/2020 in all areas

  1. 2 points
    Short answer: it's safe. Longer answer: it's as safe as any other PHP file on your server. It's a common practice to put this script, or at least a script that defines variables/constants with database credentials, in a PHP file that is not located inside the web root (eg, outside of your public_html or www or whatever directory that your site is based in) because if it's not an actual page then it really shouldn't be in the root; this practice is easy to achieve when you get larger sites that have a single public_html/index.php that runs an "application" or some similar concept whose files are all outside the root.
  2. 1 point
    Removing the battery from a fire alarm does not make the fire go away.
  3. 1 point
    Seems to me that the best approach would be to fix the problem instead of disabling the warning.
  4. 1 point
    Very interesting. That seems like something to look into but I do move at a pretty slow pace. I really do appreciate the ideas.
  5. 1 point
    If $cat_id contains "" then the query will fail with a syntax error. But we don't know what's in it, nor do we know what's in your table - and we certainly have no idea what "don't work" means unless you tell us. Check if your query gave an error message.
  6. 1 point
    Welcome to the community. It is designed for those interested in learning and developing systems based on PHP and related technologies. We do not allow for advertisements. Members in good standing are allowed to place promotional links in their signatures. Messages created solely for the purpose of advertisements will be edited or removed.
  7. 1 point
    You do it in the same way you have in your get_post($pid) function, only this time pass the category id get_posts($cat_id)
  8. 1 point
    You can't put functions inside strings like variables. <?php $x = date('Y'); $y = 1989; $description = "In this classic lecture which was delivered over " . ($x - $y) . " years ago, etc etc....."; echo $description; // ==> In this classic lecture which was delivered over 31 years ago, etc etc..... ?>
  9. 1 point
    Have you tried putting a WHERE clause in your query, for example WHERE blog.cat_id = 4
  10. 1 point
    No you don't. You have a function perfectly capable of giving you the current session ID. Why do you think you have to take that value, which is going to be the same value every time you call the function so long as the session is active, and put it into $_SESSION for you to get it? If you want the session ID then call the function. Stop overthinking this. No. You see two session files. Containing session data. For two different sessions. How did you run those queries? That's a rhetorical question. You aren't supposed to tell me the answer. You're supposed to consider what the answer is and then continue thinking about the implications of that answer in order to find the answer to your question.
  11. 1 point
    I suggest you start your hunt for an answer over here.
  12. 1 point
    Is granting the ability for your web user to run any command as root without a password unsafe? Absolutely, you might as well just run your web server as root if your going to do that. If you're going to use sudo, then you want to limit the commands that can be run to exactly what is necessary. For example, at one point I had a page that would allow resetting an email password and the process to do so required root. I created a shell script with all steps necessary and I added this to my sudoers file: www-data ALL = NOPASSWD: /root/bin/reset-mailbox-password That allowed my public-facing web page to execute that command and only that command as root with sudo. That way if there were ever a security issue in the future that gave someone shell access as www-data they couldn't just run whatever they wanted to sudo and further compromise the machine.
  13. 1 point
    No, you should change the sudoers file to allow user apache to run that command. However, before you get yourself in trouble, please explain why you need web users to run restricted commands. Perhaps we can come up with a safer alternative.
  14. 1 point
    "Outside a class"? Screenshot #1: grve-wrapper selected below, bounding box shown above is too low, highlighted CSS on the right shows a few rules Screenshot #2: with the position:relative and top:50% rules disabled, the bounding box is in the correct location but the image is too high Screenshot #3: img selected (the one that's visible), bounding box shows it's too high on the page, highlighted CSS shows a few rules Screenshot #4: with the top:-50% rule disabled, the bounding box is in the correct location
  15. 1 point
    Hi Barand, Amazing code and you only read a description of my bookmark profile. You are a 'helluva' coder. Your expertise and mastery shows in your replies. I don't really need to change anything that you have posted other than names but i didn't post to get free code. I am trying to learn from your example. I'm reading about sql now so that i can think better about these problems and approprite solutions. I'd like to come to the same conclusions as you oneday. I really learn alot from you and i thank you for that. Meantime, i've changed the last login code and it works well. I was actuly just inserting your login into lastlogin then inserting the current login into current login. I guess it is easier to say that login becomes your last login before i update the login. I guess i was thinking wrong here. Your idea is better. I don't have time to add the book mark code today. I have alot of things to do and i am behind schedule. I'll read more about sql before i go to bed, then tomorrow i will tackle this topic. I finished adding the bookmark profile to each page, so all i have to do now is submit it to the dbase. This code example is a great start! I also have to read the data from the db before i can display the bookmarks. I do not have so much coding experience as you do, so i am a bit slow. I'll update the post when i can finish this feature. I'll let you see the final code here so you can offer an opinion if you want to do so. Thank you, Barand, i have learned alot about sql today. You are steeringme in the right direction!
This leaderboard is set to New York/GMT-04:00
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.