Drongo_III

PS if you want to post your actual template file I can try edit it from there for you

I think the least disruptive way would be to slip a div in next to your facebook feed. Looking at the code it’s a bit messy – I assume you’ve built this with some sort of website builder. You have a UL tag that doesn’t nest anything correctly. Anyway you can edit your template file as per the below and it should work - obviously where my html/css incorprates content that is otherwise included via your cms you might wish to delete it. I’m working off the source from the website here and not the template that generates the source but it might point you in the right direction. So inside #rechtscontent div (which is your central content area) I’ve wrapped your facebook feed in another div tag and floated this left. Then I've added another div below for your new content and floated this left. Then I added a div to clear the float. So if you past the below code into your template below the H2 tag you should get your extra small content area - make sure you backup first. I’ve used inline styles so you’ll probably want to give these divs classes or Ids and paste my inline styles to your style sheet. Let me know if this works for ya or if it causes any isssues. <div style="width: 292px; float: left;"> <br /> <br /> <br /> <b>Welcome back guys!</b><br /> <p>TruVibe 24/7 providing 24/7 music - Click the miniplayer to the left or one of the icons in the top right to start listening</p> <p> <br> <iframe src="//www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FTruVibeFM%2F176625075754610&width=292&color scheme=light&show_faces=false&border_color&stream=true&header=false&height=395&appId=127811827320277" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:292px; height:395px;" allowTransparency="true"></iframe></p> <br /> <br /> <br /> </div> <!-- this is the extra content area you want --> <div style="190px; float: left;"> YOUR CONTENT GOES HERE </div> <div style="height: 0px; width: 100%; clear: both;"></div>

Hi mate The thing is everything currently aligns nicely with your header image which is a solid image and not scalable. So if you added a box on the right you'd end up with it overhanging and that would look a bit crap. Is that what you want to happen tho? Or do you want to fit the box into the empty white space next to your twitter feed?

Yeah as per above post. You could access ID element in php through ajax by extracting an element's ID (using jquery) and posting it to your php script as a variable. But I can't really see why you'd want to do that You can also access an element's name via jquery but the more usual way is to use IDs.

Hi boxer Am i understanding you right - you want to add your nav bar to the right as well as the left? Or move it altogether? Or are you just trying to setup a bar on the right to use for other content but styled like your nav bar? I'll help if i can understnad your question

Hi mate Is the background image one large graphic? Can you show the example? might be able to suggest somethnig then. Drongo

Where are the values coming from in the first place? Query string? Input form?

Thanks Mj I can see more what you mean now. I suppose this is a mindset you need to get into - bit like programming in general. Thanks for the advice - i've learned a lot! Drongo

It's a bit of a jungle this... I totally see your logic and it makes a lot of sense. When you say "store the code exactly as the user submitted it" - does this mean that you'd only ever escape the code and leave it at that? No santitisation? Lets assume you were just making a simple data capture form for instance so the purpose is pretty straightforward. Can you describe how you'd go about storing the data from this form so i can see how it should be done? (don't expect code or anything) Thanks, Drongo It is very important to ensure user submitted data does not "damage' your site. But, you need to analyze what you are doing and how you are using the data to determine WHEN and HOW you will do that sanitation. For example, you used FILTER_SANITIZE_STRING for all of the values - why didn't you use FILTER_SANITIZE_EMAIL for the email! But, that is really beside the point. You need to be very careful when imposing any arbitrary methods that will actually modify the user input. There are plenty of way to make the input safe without changing the 'intent' of the input. Rule #1 is that you always escape the input before using in a query. But, it gets trickier to determine what validations/escaping you should do for XSS, HTML tags, etc. The approach I almost always take is to simply store the code exactly as the user submitted it. Then when I retrieve the code I will 'escape' it as needed. If I am using the content in a web page I will use either htmlspecialcharacters() or htmlentities() to make it safe to be displayed in the web page. But, you never know how else you may need the data in the future. Maybe an RSS feed, output to an XML file, or ??? So, if you modify the data before you store it you make it difficult, if not impossible, to re-purpose the data for other purposes.

Well its not just sql injection its a sort of all round bit of a code to stop any nasties getting into my application. My main concern originally was whether sanitizing the data was some how conflicting with escaping it. I thought (and my understanding isn't great) that sanitising input was just a necessary part to ensuring incoming data is safe. That not the case?

Hurah! Thanks for your help Buddski. Much appreciated

I see that - that makes sense. So the way I have filtered and escaped my input in my example above should provide a good basic level of protection against injections etc? I just want to be sure i am not leaving a massive gap anywhere - quite paranoid about this sort of thing Drongo

Hi Buddski! Thanks for that. Does that mean you should always use filter_flag_no_quotes when sanitising strings - assuming you're going to use real_escape_string after? Is that a safe way to input into the database? Thanks Drongo

I have been mulling this over in anticipation of some more enlightened help. Could it be that because the validate function encodes html entities,like quotes, that when the escape function works it then doesn't see the array values as containing quotes and therefore is not escaping them? So does that mean that the data is in fact safe and the escape function is likely working?? Anyone? Hmmm

Hi Guys I'm a tad confused by what's going on when using real_escape_string. Could be that I'm using it incorrectly or that i'm not fully understannding it but here goes. I'm trying to sanitize the post data from a form then escape it before storing it in my database. The code is as follows: $validation_options = array( 'title_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'name_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'surname_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'address_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'town_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'postcode_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'telephone_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'email_2' =>array('filter'=>FILTER_SANITIZE_STRING), 'dob_2' =>array('filter'=>FILTER_SANITIZE_STRING), ); $validated = filter_input_array(INPUT_POST, $validation_options ); // Display results to test that it's working echo "<pre>"; print_r($validated); echo "</pre>"; // Run validated array through real escape for database $escaped = array_map('mysql_real_escape_string', $validated); // Display results to test that it's working print_r($escaped); echo $escaped['town_2']; But here's the issue. When I used the $validated array and deliberately entered quotes or double quotes into the form and then print the results of $escaped it doesn't add slashes. However, if i make up a new test array with say $testarray( 'TESTER' => "This is a 'test' and 'another test' " ); and run that through the same escape function and print the results it displays the backslahes around the single quotes. So does this mean that for some reason the $validated array is not being escaped? Or am I just getting something wrong? Any help would be very much appreciated! Drongo PS Indicentally before anyone points this out - i incorporate the DB handler elsewhere in the code.

Oh if i could reach out and kiss ya i would! Thank you adam for entertaining my noobish questions and for pointing me on the right track! Hurrah!

Genius! That worked and i think i now understand the issue a bit better. I changed my code to remove document write which means i don't need document.close - which in the true spirit of learning has spurred anotehr question. Can you tell me why this code only outputs the final version of the loop. What i mean is instead of repeatedly writing: "loop number 1", "loop number 2" it just prints "Loop number 5". Should i use append in a loop to see the recursive state? Thank you so much for your help thus far! <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="jquery_ui.js"></script> </head> <body> <script type="text/javascript" > $(document).ready(function () { var i = 0; while(i <= 5) { $("#text1").html("Loop number" + " " + i ); i++; } }); </script> <div id="text1" style="width: 400px; height: 300px; border: 1px solid #000;"> </div> </body> </html>

Hi AyKay I've modified the code as follows but still no joy :/ Any ideas? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="jquery_ui.js"></script> </head> <body> <script type="text/javascript" > $(document).ready(function () { var i = 0; while(i <= 5) { document.write("The number is " + i); document.write("<br />"); i++; } }); </script> </body> </html>

Hi Guys Trying to write a while loop to do validate a form. However when i came to testnig out a simple while loop it keeps crashing the browser and i'm not sure why. When i say 'crashes' the browser just endless appears to be loading and i can't refresh the page. Any ideas what is wrong with the following? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="jquery_ui.js"></script> <script> $(document).ready(function () { var i = 0; while(i <= 5) { document.write("The number is " + i); document.write("<br />"); i++; } }); </script> </head> <body> </body> </html> Any help is greatly apprecaited! Drongo

Hi Thanks for that mate! It's much clearer to me now. I didn't realise the hover function required a mouseover and mouseout event - for some reason i thought it just executed everything inside. It all makes sense now Thank you! Drongo

Thanks for the post! Afraid that doesn't quite help me to undersand the logic of the jquery :/ Anyone help?

Hi Guys I feel a bit silly asking this but I've started using a jquery drop down menu script. It's fantastically simple but I don't quite follow these two lines of code or see how it works as I'm not a huge user of jquery. The jquery is: $(document).ready(function(){ $('#cssdropdown li.headlink').hover( function() { $('ul', this).css('display', 'block'); }, function() { $('ul', this).css('display', 'none'); }); }); Ok I understand the .hover bit - so when someone hovers over the li.headlink elemenet it will display block. But i am confused about two points 1) The "ul,this" part - is that saying - When someone hovers over li.headlink then display the UL element inside the li.headlink element? 2) In conventional old javascript you'd use onmouseover and onmouseout to trigger the state change from 'block' to 'none'. But to me these lines of code are saying "when someone hovers over li.headlink then display it as a block then display it as none" - which to my poor logic would mean the item should not display at all. I suspect maybe it's a syntax thing and the comma between functions has something to do with it but i'm not sure. Can you someone explain why this works and what it's actually saying? Sorry to ask such silly questions but I like to understand the things i use and in honesty i don't with this most simple of scripts... Thanks Drongo

Hi Guys Bit of a noob question. I'm building a site that has a transparent content container div (to show background image). However, all the child elements of that div are also turning transparent and i can't seem to stop this. I tried setting the opacity of child elements but it didn't work. Anyone got any tips? I've read around though most of the posts are very old and they all suggest either absolutely positioning everything so there child elements aren't child elements. Or alternatively they suggest using a transparent png - but i kind of wanted to use just CSS. Is there a simple trick or are these my only alternatives? Thanks, Drongo

Thanks King That's a good point. I will make sure I express my opinions and get involved as much as possible. I think i will feel so much better once i meet my competition and get a glimpse of what's to come too. The great unknown is always so much worse than the reality - usually...

Cheers guys! The interview is on monday. So final few days of prep...it's knackering cramming by evening though when you're working flat out all day but gues these are the hopps we have to jump through to progress! I shall let you all know how it goes. Hopefully i'll be postnig a big fat smilie face Drongo