Jump to content

Drongo_III

Members
  • Posts

    579
  • Joined

  • Last visited

Posts posted by Drongo_III

  1. I think the least disruptive way would be to slip a div in next to your facebook feed. Looking at the code it’s a bit messy – I assume you’ve built this with some sort of website builder. You have a UL tag that doesn’t nest anything correctly.

     

    Anyway you can edit your template file as per the below and it should work - obviously where my html/css incorprates content that is otherwise included via your cms you might wish to delete it.  I’m working off the source from the website here and not the template that generates the source but it might point you in the right direction.

     

    So inside #rechtscontent div (which is your central content area) I’ve wrapped your facebook feed in another div tag and floated this left. Then I've added another div below for your new content and floated this left. Then I added a div to clear the float. So if you past the below code into your template below the H2 tag you should get your extra small content area - make sure you backup first.

     

     

    I’ve used inline styles so you’ll probably want to give these divs classes or Ids and paste my inline styles to your style sheet.

     

    Let me know if this works for ya or if it causes any isssues.

     

    
    <div style="width: 292px; float: left;">
    
    <br />
    
    <br />
    <br />
        <b>Welcome back guys!</b><br />   
        <p>TruVibe 24/7 providing 24/7 music - Click the miniplayer to the left or one of the icons in the top right to start listening</p>
    <p>  <br>
    <iframe 
    
    src="//www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FTruVibeFM%2F176625075754610&width=292&color
    
    scheme=light&show_faces=false&border_color&stream=true&header=false&height=395&appId=127811827320277" scrolling="no" 
    
    frameborder="0" style="border:none; overflow:hidden; width:292px; height:395px;" allowTransparency="true"></iframe></p>
    <br />
    <br />
    <br />
    
    </div>			
    
    
    <!-- this is the extra content area you want -->
    
    <div style="190px; float: left;">
    YOUR CONTENT GOES HERE
    
    </div>	
    
    <div style="height: 0px; width: 100%; clear: both;"></div>

     

  2. Hi mate

     

    The thing is everything currently aligns nicely with your header image which is a solid image and not scalable.

     

    So if you added a box on the right you'd end up with it overhanging and that would look a bit crap. Is that what you want to happen tho? Or do you want to fit the box into the empty white space next to your twitter feed?

     

     

     

     

    Hi Drongo!

     

    Thanks for your reply,

     

    I wish to leave the menu on the left and add the one on the right for centent etc...

     

    If you need anything else please just let me know!

     

    Thank you!

  3. Yeah as per above post. You could access ID element in php through ajax by extracting an element's ID (using jquery) and posting it to your php script as a variable. But I can't really see why you'd want to do that :)

     

    You can also access an element's name via jquery but the more usual way is to use IDs.

     

     

  4. Hi boxer

     

    Am i understanding you right - you want to add your nav bar to the right as well as the left? Or move it altogether? Or are you just trying to setup a bar on the right to use for other content but styled like your nav bar?

     

    I'll help if i can understnad your question :)

  5. Where are the values coming from in the first place? Query string? Input form?

     

     

     

    Hi im not sure if this can be done or not but im trying to do a site without using mysql and i want to be able to compare 3 values and depending on the values have them aranged lowest to highest...

     

    for example:

    Apple = 8

    Pear = 3

    Bannana = 5

     

    so the results would be displayed like...

     

    Pear with a total of 3

    bannana with a total of 5

    Apple with a total of 8

     

    Is this possible using just PHP or will i need to use Mysql as well...

     

    Thank you

    Chris

  6. Thanks Mj

     

    I can see more what you mean now.

     

    I suppose this is a mindset you need to get into - bit like programming in general.

     

    Thanks for the advice - i've learned a lot!

     

    Drongo

     

     

    Like I said, it all depends on how the data would or could be used. But, most of the time I would simply use mysql_real_escape_string() before storing the data. If I did have a specific purpose where I needed to restrict certain input, then I would implement that as part of the validation logic. If there was something not kosher in the input I would not accept the input and provide an error back to the user. It is never, ever a good idea IMO to modify user input without their knowledge. For example, someone might think they are being smart to strip out any non-numeric characters for a phone number input. But, what if the user used letters in the phone number - which is perfectly valid from a human interpretation. If the phone number was simply for display purposes, then I would let them use letters. But, if the phone number was going to be used by some automated dialing application that only accepted numbers, then I would only allow numbers.

     

    There is also another problem with modifying the user input - the database field length. Many processes to modify input to make it safe will increase the character length. So, if you made the input field 20 characters, you might need to make your DB field much bigger to accept the 'escaped' input.

  7. It's a bit of a jungle this...

     

    I totally see your logic and it makes a lot of sense.

     

    When you say "store the code exactly as the user submitted it" - does this mean that you'd only ever escape the code and leave it at that? No santitisation? Lets assume you were just making a simple data capture form for instance so the purpose is pretty straightforward.

     

    Can you describe how you'd go about storing the data from this form so i can see how it should be done? :) (don't expect code or anything)

     

    Thanks,

     

    Drongo

     

     

    Well its not just sql injection its a sort of all round bit of a code to stop any nasties getting into my application. My main concern originally was whether sanitizing the data was some how conflicting with escaping it.

     

    I thought (and my understanding isn't great) that sanitising input was just a necessary part to ensuring incoming data is safe. That not the case?

     

    It is very important to ensure user submitted data does not "damage' your site. But, you need to analyze what you are doing and how you are using the data to determine WHEN and HOW you will do that sanitation. For example, you used FILTER_SANITIZE_STRING for all of the values - why didn't you use FILTER_SANITIZE_EMAIL for the email! But, that is really beside the point.

     

    You need to be very careful when imposing any arbitrary methods that will actually modify the user input. There are plenty of way to make the input safe without changing the 'intent' of the input. Rule #1 is that you always escape the input before using in a query. But, it gets trickier to determine what validations/escaping you should do for XSS, HTML tags, etc.

     

    The approach I almost always take is to simply store the code exactly as the user submitted it. Then when I retrieve the code I will 'escape' it as needed. If I am using the content in a web page I will use either htmlspecialcharacters() or htmlentities() to make it safe to be displayed in the web page. But, you never know how else you may need the data in the future. Maybe an RSS feed, output to an XML file, or ??? So, if you modify the data before you store it you make it difficult, if not impossible, to re-purpose the data for other purposes.

  8. Well its not just sql injection its a sort of all round bit of a code to stop any nasties getting into my application. My main concern originally was whether sanitizing the data was some how conflicting with escaping it.

     

    I thought (and my understanding isn't great) that sanitising input was just a necessary part to ensuring incoming data is safe. That not the case?

     

     

     

     

    Why do you think you need to use FILTER_SANITIZE_STRING to prevent SQL Injection?

  9. I see that - that makes sense.

     

    So the way I have filtered and escaped my input in my example above should provide a good basic level of protection against injections etc?

     

    I just want to be sure i am not leaving a massive gap anywhere - quite paranoid about this sort of thing :)

     

    Drongo

     

     

    It doesn't mean you should always use FILTER_FLAG_NO_ENCODE_QUOTES with mysql_real_escape_string, it all depends on the application.

    How you want the data stored etc, some cases may call for the encoded quotes to be stored in the databases others maybe not.

    I always use mysql_real_escape_string on all database inputs regardless of prior filtering/cleaning methods.

  10. Hi Buddski!

     

    Thanks for that. Does that mean you should always use filter_flag_no_quotes when sanitising strings - assuming you're going to use real_escape_string after? Is that a safe way to input into the database?

     

    Thanks

     

    Drongo

     

     

    FILTER_SANITIZE_STRING without the FILTER_FLAG_NO_ENCODE_QUOTES will encode quotes.

    Which means that mysql_real_escape_string has no "physical" quotes to escape.

  11. I have been mulling this over in anticipation of some more enlightened help.

     

    Could it be that because the validate function encodes html entities,like quotes,  that when the escape function works it then doesn't see the array values as containing quotes and therefore is not escaping them?

     

    So does that mean that the data is in fact safe and the escape function is likely working?? Anyone?

     

    Hmmm

     

     

    Hi Guys

     

    I'm a tad confused by what's going on when using real_escape_string. Could be that I'm using it incorrectly or that i'm not fully understannding it but here goes.

     

    I'm trying to sanitize the post data from a form then escape it before storing it in my database. The code is as follows:

     

    	$validation_options = array(
    
    
    'title_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'name_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'surname_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'address_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'town_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'postcode_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'telephone_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'email_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'dob_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    
    
    
    );
    
    
    $validated = filter_input_array(INPUT_POST, $validation_options );	
    
          // Display results to test that it's working
    echo "<pre>";
    print_r($validated);
    echo "</pre>";
    
    
          // Run validated array through real escape for database
    
    $escaped = array_map('mysql_real_escape_string', $validated);
      
           // Display results to test that it's working
    print_r($escaped);
    echo $escaped['town_2'];

     

    But here's the issue. When I used the $validated array and deliberately entered quotes or double quotes into the form and then print the results of $escaped it doesn't add slashes. However, if i make up a new test array with say

     

    
    $testarray(
    
    'TESTER' => "This is a 'test' and 'another test' "
    
    );
    

     

    and run that through the same escape function and print the results it displays the backslahes around the single quotes.

     

     

    So does this mean that for some reason the $validated array is not being escaped? Or am I just getting something wrong?

     

    Any help would be very much appreciated!

     

    Drongo

     

    PS Indicentally before anyone points this out - i incorporate the DB handler elsewhere in the code.

  12. Hi Guys

     

    I'm a tad confused by what's going on when using real_escape_string. Could be that I'm using it incorrectly or that i'm not fully understannding it but here goes.

     

    I'm trying to sanitize the post data from a form then escape it before storing it in my database. The code is as follows:

     

    	$validation_options = array(
    
    
    'title_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'name_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'surname_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'address_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'town_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'postcode_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'telephone_2'				=>array('filter'=>FILTER_SANITIZE_STRING),
    'email_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    'dob_2'					=>array('filter'=>FILTER_SANITIZE_STRING),
    
    
    
    );
    
    
    $validated = filter_input_array(INPUT_POST, $validation_options );	
    
          // Display results to test that it's working
    echo "<pre>";
    print_r($validated);
    echo "</pre>";
    
    
          // Run validated array through real escape for database
    
    $escaped = array_map('mysql_real_escape_string', $validated);
      
           // Display results to test that it's working
    print_r($escaped);
    echo $escaped['town_2'];

     

    But here's the issue. When I used the $validated array and deliberately entered quotes or double quotes into the form and then print the results of $escaped it doesn't add slashes. However, if i make up a new test array with say

     

    
    $testarray(
    
    'TESTER' => "This is a 'test' and 'another test' "
    
    );
    

     

    and run that through the same escape function and print the results it displays the backslahes around the single quotes.

     

     

    So does this mean that for some reason the $validated array is not being escaped? Or am I just getting something wrong?

     

    Any help would be very much appreciated!

     

    Drongo

     

    PS Indicentally before anyone points this out - i incorporate the DB handler elsewhere in the code.

  13. Genius!

     

    That worked and i think i now understand the issue a bit better.

     

    I changed my code to remove document write which means i don't need document.close  - which in the true spirit of learning has spurred anotehr question.

     

    Can you tell me why this code only outputs the final version of the loop. What i mean is instead of repeatedly writing: "loop number 1", "loop number 2" it just prints "Loop number 5".

     

    Should i use append in a loop to see the recursive state?

     

    Thank you so much for your help thus far!

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="jquery_ui.js"></script>
    
    
    
    
      
      </head>
    <body>
    
    
    
      <script type="text/javascript" >
      $(document).ready(function () {
      
      
    		var i = 0;
    
    	while(i <= 5)
    
    	{
    	 $("#text1").html("Loop number" + " " + i );
    	i++;
    
    	}
    
    
    });
    
    
    
      </script>
    
    
    
    <div id="text1" style="width: 400px; height: 300px; border: 1px solid #000;"> </div>
    
    
    </body>
    </html>
    

     

     

     

    The never-ending loading is Firefox-specific. The main problem here is that you're writing to the document after it's finished loading (using jQuery's document ready event),  which is effectively starting a new document stream and you're loosing the previous content.

     

    Firefox continues to load because technically this document hasn't been closed, other browsers just close it automatically. If you added document.close() after your loop you will see it stops. As I said though, you're going to always overwrite your previous content here, you need to either write in-line (within the body without the ready event) or just append the contents to an element (recommended).

  14. Hi AyKay

     

    I've modified the code as follows but still no joy :/

     

    Any ideas?

     

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="jquery_ui.js"></script>
    
    
    
    
      
      </head>
    <body>
    
    
    
      <script type="text/javascript" >
      $(document).ready(function () {
      
      
    		var i = 0;
    
    	while(i <= 5)
    
    	{
    	 document.write("The number is " + i);
    	 document.write("<br />");
    	i++;
    
    	}
    
    
    });
    
    
    
      </script>
    
    
    
    </body>
    </html>
    

     

     

     

     

     

     

     

     

    1. you are not specify what type of language is to be parsed.. you will need to specify..

    <script type='text/javascript'>

     

    2. this function is not a listener.. and ouputs to the browser, so it should be placed in the body of your page instead of the head

  15. Hi Guys

     

    Trying to write a while loop to do validate a form. However when i came to testnig out a simple while loop it keeps crashing the browser and i'm not sure why. When i say 'crashes' the browser just endless appears to be loading and i can't refresh the page. Any ideas what is wrong with the following?

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="jquery_ui.js"></script>
    
    
    
    
      <script>
      $(document).ready(function () {
      
      
    		var i = 0;
    
    	while(i <= 5)
    
    	{
    	 document.write("The number is " + i);
    	 document.write("<br />");
    	i++;
    
    	}
    
    
    });
    
    
    
      </script>
      
      </head>
    <body>
    
    </body>
    </html>
    

     

    Any help is greatly apprecaited!

     

    Drongo

  16. Hi

     

    Thanks for that mate! It's much clearer to me now.

     

    I didn't realise the hover function required a mouseover and mouseout event - for some reason i thought it just executed everything inside.

     

    It all makes sense now :)

     

    Thank you!

     

    Drongo

     

     

     

     

    I will help you to understand this better.

     

    1. This is saying.. when the user hovers over the li.headlink within the element of id cssdropdown, display all ul elements and li.headlink elements as a block..

     

    2. the jquery hover function accepts 2 arguments, the first argument is a custom handler to handle the onmouseover event.. the second argument controls the onmouseout event, so that code is stating when the mouse is hovered over the element, set the css of the elements ul and li.headlink as block, when the mouse is not hovered over the li.headlink element.. display the ul and li.headlink elements as hidden again..

     

    this link should help as well...

    http://api.jquery.com/hover/

  17. Hi Guys

     

    I feel a bit silly asking this but I've started using a jquery drop down menu script. It's fantastically simple but I don't quite follow these two lines of code or see how it works as I'm not a huge user of jquery.

     

     

    The jquery is:

     

    
    	$(document).ready(function(){
    		$('#cssdropdown li.headlink').hover(
    			function() { $('ul', this).css('display', 'block'); },
    			function() { $('ul', this).css('display', 'none'); });
    	});
    
    

     

    Ok I understand the .hover bit - so when someone hovers over the li.headlink elemenet it will display block. But i am confused about two points

     

    1) The "ul,this" part - is that saying - When someone hovers over li.headlink then display the UL element inside the li.headlink element?

     

    2) In conventional old javascript you'd use onmouseover and onmouseout to trigger the state change from 'block' to 'none'. But to me these lines of code are saying "when someone hovers over li.headlink then display it as a block then display it as none" - which to my poor logic would mean the item should not display at all. I suspect maybe it's a syntax thing and the comma between functions has something to do with it but i'm not sure. Can you someone explain why this works and what it's actually saying?

     

     

    Sorry to ask such silly questions but I like to understand the things i use and in honesty i don't with this most simple of scripts...

     

    Thanks

     

    Drongo

     

     

     

  18. Hi Guys

     

    Bit of a noob question.

     

    I'm building a site that has a transparent content container div (to show background image). However, all the child elements of that div are also turning transparent and i can't seem to stop this.

     

    I tried setting the opacity of child elements but it didn't work.

     

    Anyone got any tips?

     

    I've read around though most of the posts are very old and they all suggest either absolutely positioning everything so there child elements aren't child elements. Or alternatively they suggest using a transparent png - but i kind of wanted to use just CSS. Is there a simple trick or are these my only alternatives?

     

    Thanks,

     

    Drongo

  19. Thanks King

     

    That's a good point. I will make sure I express my opinions and get involved as much as possible.

     

    I think i will feel so much better once i meet my competition and get a glimpse of what's to come too. The great unknown is always so much worse than the reality - usually...

     

    :)

     

     

    To add what Gizmola said, take initiative! Most people are so nervous they forget to answer any questions. I can't tell you how many times I've seen someone that I wanted to hire, but when it came to the group interview they completely bombed it because they didn't say a peep on their own.

  20. Cheers guys!

     

    The interview is on monday. So final few days of prep...it's knackering cramming by evening though when you're working flat out all day but gues these are the hopps we have to jump through to progress!

     

    I shall let you all know how it goes. 

     

    Hopefully i'll be postnig a big fat smilie face :)

     

    Drongo

     

     

    Well either way, once you get done with your interview, tell us how it went.

    When is your interview?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.