Jump to content

phppup

Members
  • Posts

    759
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by phppup

  1. Yup. Already realized that, and appreciate the insight.

    But aside from a message/disclaimer advocating that the user "Hurry before the name is removed" there's really not much else to be done.

    [I suppose I could INSERT the name immediately and DELETE it if registration isn't completed within a given timeframe, but that seems like a lot of work in the babe of "convenience"... LOL]

    I guess the overriding questions are still: is it worth the effort? Does it compromise the website's security?

  2. This IDEA would be implemented in a REGISTRATION form, NOT a sign in.  The effort is strictly for user convenience to allow someone to check whether a username is available before completing additional steps to register.

    As for Little_Bobby_Tables, I would think that underscores in a name are harmless (and acceptable). So it's not about the name, but the additional characters that should be disallowed.

    My concern is the overall safety and security of the website, and NOT compromising it for user convenience.

    As for password strength, how much of that burden should be placed on the user?  If a user wants a weak password (and knows it is weak), is there a reason that I should not allow it to be acceptable?

     

  3. That sounds a tiny bit contradictory.

    I mean, changing a message is simple enough, but the end result will be the same.

    Wouldn't a simple user be unfazed by the terminology?

    Wouldn't a seasoned hacker read right through the thin veil?

    Is this REALLY something to stay away from?

    Please also address my other questions within the post.

    Are there characters or names that users should find unavailable. Is it safe to allow a user access to the name ADMIN? Or PHP? etc.

    And what about code alternatives? Which are best? Which to avoid?

  4. I want to accomplish two things: save some server overhead and create a friendlier user experience.

    Thus, prior to form submission, the user should have the opportunity to check whether the chosen username is available.

    As I've begun researching the topic, I've discovered AJAX, Vue, and XMLHttpRequest alternatives.

     

    Any suggestions and alternatives that would give me guidance would be appreciated.

     

    Additionally, are there any characters that should be expressly prohibited from use in a username (or other input field) that could aid malicious hackers in causing harm to my website, database, and files?

     

     

  5. Sorry, I never used Fiddle, etc.

    The images would go behind.

    Going back to the "window blinds" metaphor, imagine you extended a closed blind on the ground. Now you place a pizza box on top of it.

    The slats may overlap top to bottom (that's my secondary issue), but you will visibly see the right and left portions of each slat running from either end toward the center.

    The positioning and sizing is not the problem, yet.

    The real issue is establishing a single container with a right wing and a left wing that is positioned as a single unit.

    One instance (slat) is fine.

    But, repetitions jumble or hide the images when the code is like this:

    Quote

    <div  id='one of many'>

    <div style="z-index: -9; position: absolute">

             <img src="red.jpg" " >

               <img src="red.jpg" >

    </div>

    <div  style="z-index: -6; position: relative; float: right" >

         <img src="red.jpg" >

          <img src="red.jpg" >

    </div>

    </div>

    <div  id='two of many'>

    <div style="z-index: -9; position: absolute">

             <img src="red.jpg" " >

               <img src="red.jpg" >

    </div>

    <div  style="z-index: -6; position: relative; float: right" >

         <img src="red.jpg" >

          <img src="red.jpg" >

    </div>

    </div>

    It will function with ten <br> between each container, but the <br> causes displacement in other areas of the page.

    My thinking is that there's a triggering based on the size of the small image I am using. Once I 'clear' a certain placement. That is why I feel the problem is my use of ABSOLUTE and RELATIVE, but I haven't found a solution.

  6. At this point, which images to use, their size, etc. is not a concern (which is why I wanted a design that could offer flexibility later).

    What is a concern, is the ability of placing a table, form, or larger image in the center of the webpage as a central overlay.

    Additionally, if I wanted the lines of images to overlap (similar to the slats on a set of window blinds), then i believe the z-index comes into play (and is not functional without a "position" reference [think I read that somewhere].

    I've gotten a reasonable result from the code that I posted initially. BUT, when I place a second container (id='second of many') into the mix [essentially duplicating the code], the entire flow goes haywire.

    I'm guessing it has to do with my use of ABSOLUTE and RELATIVE, but I cannot seem to find the correct combination on my own 

     

     

  7. Probably as rudimentary as things can get, but I'll give it a try:

    On a webpage where X,Y,& Z each represent individual images.

     

    Left side ........................... Right side

    X X X                                      X Z X 

    X Z X                                      Y Y X 

    X Y Y                                      Y Z X 

    etc.

    with each side beginning at it's extreme end of page.

    Some overlap may occur, so a z-index capacity is necessary.

     

     

  8. Quote

     

    Quote

     

    Battlig with this code all weekend, and not getting the result I want.

    This bit of code should offer an understanding, but I'll explain more after removing the FAILED efforts.

    Quote

    <div  id='one of many'>

    <div style="z-index: -9; position: absolute">

             <img src="red.jpg" " >

               <img src="red.jpg" >

    </div>

    <div  style="z-index: -6; position: relative; float: right" >

         <img src="red.jpg" >

          <img src="red.jpg" >

    </div>

    </div>

    This sort of works, but really doesn't because when the code is REPEATED to create a second, third, etc. row, images are dislodged and hidden or lost completely.

     

    The end result that I am trying to achieve is:

    A set of images beginning from left to right.

    A set of images on the SAME axis/line beginning at right to left (heading for a collision midway).

    The ability to repeat this SINGLE double-ended row multiple times consecutively while maintaining the location of the images.

    NOTE: currently I have kinda achieved my goal with <br /> but this is NOT acceptable because other elements on the page get shifted rather than being layers that are positioned accordingly on the page.

    The ability to successfully repeat the process has been the kink that unravels the process.

  9. In a PHP file [php_one.php], I wrote some PHP code that contained a form.  I used ECHO to write the HTML inside of the PHP tags.

    On another PHP page [php_two.php], I wanted to show the code that was used to create the first page [php_one.php].

    My first effort provided an interesting result, since the PHP code was readable.  However, all HTML code was visible in its executed form.

    There was an actual input field and a submit button (not the code used to produce them) in the context of my coding.

    I have tried using:

    file_get_contents("FILE")
    $array = file("FILE")
    readfile("FILE")

    All results were similar and carried the same problem.

    How can I view code so that even the HTML is visible as code?

  10. Quote

    if you are asking this because the mysqli prepared query programming interface is ridiculously overcomplicated and inconsistent, switch to the much simpler, more consistent, and better designed PDO extension. 

    Can I establish the binding by using the PDO prepared statement while all other code is procedural?

  11. In lieu of prepared statements, will this work effectively?  Is it overkill?

    $username = mysqli_real_escape_string($conn,$_POST["username"]);
    
    	$username = strip_tags(trim($username));

    Can I write it this way:

    $username = mysqli_real_escape_string($conn,strip_tags(trim($_POST["username"])));

    Are prepared statements a guarantee for defeating an injection attack?  Or should they be used in conjunction with the above (or other) coding to bolster a database's defenses?

  12. @requinix  YES, I am beginning to think that low grade server fees come with a high price.

    I suppose I should be happy that I've excelled to the point of catching the errors and seeking [something closer to] perfection.

    Although it may have been easier when I didn't notice these mistakes and was simply happy to have a result generated.  LOL

  13. And while we're discussing anomalies, I am trying to determine when a SUBMIT button with a value = 'submit' is clicked.

    $A = $_POST['click1'];
        echo "<br>1 ".$A."<br>";echo "<br>2 ".$_POST['click1']."<br>";
     
    if(isset($A))  { echo "YES, the value is: ". $A; } else { echo "NO the value is: " . $A; }
    if(isset($A))  { echo "YES, the value is:".  $_POST['click1']; } else { echo "NO the value is: " .  $_POST['click1']; }
    if(isset($_POST['click1']))  { echo "YES, the value is: ". $A; } else { echo "NO the value is: " . $A; }
    if(isset($_POST['click1']))  { echo "YES, the value is:".  $_POST['click1']; } else { echo "NO the value is: " .  $_POST['click1']; }
    

    None of my echo messages are grabbing $A, although I seem to have it declared.

    What did I do wrong here?

    Is there a better way to determine if a specific input='submit' is selected?

  14. While playing with some code, I wrote these few lines of script.

    $_SESSION["favcolor"] = green;
    
    echo "Session variable is ". $_SESSION["favcolor"] ;

    I tested the code and everything worked fine.
    But then, I noticed an error in my coding: I had accidentally forgotten the QUOTES around the word GREEN.

    I corrected the code

    $_SESSION["favcolor"] = "green";

    But when I tested it, the page would not open/load.

    Then I removed the quote marks and restored the line to it's original state
     

    $_SESSION["favcolor"] = green;

    And things worked fine.

    Shouldn't the quote marks be required?
    Why am I having this issue?
    Is it really an issue, or should I just accept that it works WITHOUT the quotes and be satisfied with that result?

  15. @requinix

    I don't know EXACTLY what you think I should "look carefully" and hope to see.

    If it was obvious, i'd have already spotted it, and not have asked the question.

    The best I can summize that you're eluding to is that errors occur.

    But do those errors affect the end result?

    In an instance where I do, in fact, know what tables are in my db, the question is even more appropriate: was NOT EXIST created for only lazy db designers??

    Or is there a realistic usage?

  16. I have discovered that if I try to create a table within a database,  and the table name already exists, the existing table remains intact.

    It does not get overwritten or removed. And my code has error messaging to indicate the disparagy.

    Likewise, there is built in SQL errors that will be thrown (if made visible).

    So, is there any benefit to using:

    CREATE TABLE IF NOT EXISTS

    as opposed to just CREATE TABLE when writing code??

  17. I have a form with several text fields.

    For example (sorry, no code insert option on my phone)

    Quote

    <form method="post"> Enter value1 :<input type="text" name="str1"><br/> Enter value2 :<input type="text" name="str2"><br/> <input type="submit" >

    I would like to scan the INPUTS to determine which fields were left empty.

    Using !isset (to the best of my knowledge) would require that I list each input individually.

    Is there a PHP alternative that, similar to JavaScript, would allow me to evaluate every INPUT or TEXT field to then list those left empty?

  18. You need to RUN the script.

    This is done by calling it.

    If your DOMAIN NAME is:. mydomain

    And the file in the root folder is xyz.php

    Then, open a browser and type in the address bar: mydomain/xyz.php

     

    Another tip: You can remove the: include_once("db_connect.php") and replace it with the actual connection information DIRECTLY in the script.

    This is NOT an optional method to use, but a good troubleshooting technique to determine whether a connection problem is due to the scripting code or the connection code.

    Once everything is working, you can expand and confidentially use the include_once("db_connect.php") format.

  19. I hope this entry finds everyone safe and healthy.

    I am trying to extract table data and schema info from a database WITHOUT knowing the field names.

    Essentially, I want to connect to the database and have the information for each table deposited into an HTML format (just like I'd see if I accessed the db directly).

    I've found several methods online, but all use DEPRICATED coding that will no longer function.

    Any code or links to assist in resolution would be appreciated. 

    Stay safe, and thank you.

  20. Thanks.

    I use Procedural, but will try to adapt your modifications.  I think I see your logic here although these two lines have me a little confused (regarding their Procedural translations).

    $updatedID = $_POST['IDs'] ?? 0;
    
    $message = $updatedID == $row['id'] ? $msg : '';       // is this the row that was updated?

    Also, can I use prepared statements with Procedural method.  Looked a few times and didn't find a clear confirmation.

  21. Sorry, lost tiny pieces in effort to cull personal comments.

    $sql = "UPDATE $table SET comment='$comment' WHERE id=$IDs";
    
    if (mysqli_query($conn, $sql)) {
      echo "Record updated successfully for $IDs";   //appears at top of table and confirms $IDs value is active
    } else {
      echo "Error updating record: " . mysqli_error($conn);
    }
    
    $sql = "SELECT * FROM $table ";
    if($result = mysqli_query($conn, $sql)){
        if(mysqli_num_rows($result) > 0){
    
        echo "<table>";
    
      while($row = mysqli_fetch_assoc($result)) {
    echo "<tr>";
    echo "<td>id: " . $row['id']. "</td>" ;   echo "<td>Name: " . $row['firstname']. "</td>" ;   echo "<td>other: " . $row['other']. "</td>" ;
                    
    echo "<td> <form method='POST' action=' '>";
    echo "<textarea name='comment' > " . $row['comment'] . " </textarea></td>";
    echo "<td> <input type='submit' name='submit' value='Save text' />";
    
    //echo "<td> <input type='submit' name=' " . $row['id'] . " ' value='Save text' />"; //tried but didn't work
    echo " <input type='hidden' name='IDs' value=' " . $row['id'] . " '> ";
    
    //if(isset($IDs) { echo "Variable is set.<br>".$IDs; }
          
    //limits effect to ONLY appearing when clicking submit button #3 but displays for ALL rows
    if(isset($IDs) && $IDs == 3) { echo "Variable is set ".$IDs; }   
      
    }
    echo "</form></td>";
                echo "</tr>";
            }
            echo "</table>";
    
     

     

     

     

  22. 
    $sql = "UPDATE $table SET comment='$comment' WHERE id=IDs";
    
    if (mysqli_query($conn, $sql)) {
      echo "Record updated successfully for $IDs";   //appears at top of table and confirms $IDs value is active
    } else {
      echo "Error updating record: " . mysqli_error($conn);
    }
    
    $sql = "SELECT * FROM $table ";
    if($result = mysqli_query($conn, $sql)){
        if(mysqli_num_rows($result) > 0){
    
      while($row = mysqli_fetch_assoc($result)) {
       echo "<td>id: " . $row['id']. "</td>" ;   echo "<td>Name: " . $row['firstname']. "</td>" ;   echo "<td>other: " . $row['other']. "</td>" ;
    
    echo "<td> <form method='POST' action=' '>";
    echo "<textarea name='comment' > " . $row['comment'] . " </textarea></td>";
    echo "<td> <input type='submit' name='submit' value='Save text' />";
    
    //echo "<td> <input type='submit' name=' " . $row['id'] . " ' value='Save text' />"; //tried but didn't work
    echo " <input type='hidden' name='IDs' value=' " . $row['id'] . " '> ";
    
    //if(isset($IDs) { echo "Variable is set.<br>".$IDs; }
    //limits effect to ONLY clicking submit button #3 but displays for ALL rows
    if(isset($IDs) && $IDs == 3) { echo "Variable is set ".$IDs; }   
      
    }
    echo "</form></td>";
    }

     

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.