phppup

So <form method="post"> will default to a SELF process that is slightly safer than the aforementioned?

Are these two pieces of code equal in risk? <form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>"> and <form method="post" action=""> Do they perform the same action? Are both vulnerable? Best practice to minimize vulnerability? Will using prepared statements nullify a hacking attempt? I was doing some reading and thought I'd ask the experts here.

So what do I need to do here so that CSS will toggle my paragraph on its own?

Just toying with CSS to get a result I've usually used JavaScript to achieve. I want to toggle a paragraph's visibility when a checkbox is clicked. .toggle input:checked { p { display: none; } } Obviously incorrect. Also, are there any pro/cons to using CSS over JavaScript?

I don't think I'm ready to code that at this point. But maybe.... Nonetheless, I've uncovered the <optgroup> tag, which seems to be what I was looking for from the start. And I think that better demonstrates how I wanted to "categorize" the options. Now I'd like to be able to collapse the options so that the initial drop-down is only a list categories, with each category list appearing as needed (iie: onclick) But I am making progress.

@requinix I understand what you're saying, but I think I am simplifying the list by categorizing the items. An admittedly backward example but, imagine you needed to know what was in each of the 42 aisles of a supermarket/Walmart. Before going down aisle 18, you would evaluate whether any of the sub-category items interested you, and the same for each subsequent aisle. If you're looking for cookies, you would skip the aisles containing frozen food and automotive items. Isn't that better than an infinite number of radio buttons? It is also expected that users will use this menu regularly, and (like a consistent shopper) learn where to find the sub-category item easily. My supermarket keeps cupcakes in the bread aisle, and I remember it. A different location (same company) puts the cupcakes in the cookie aisle. In either event, I can confirm that I'm in the right place by checking the signage before trekking up the aisle unnecessarily. That's my thinking.

I'm not sure if this requires a CSS or a JavaScript approach, so hear me out. Note: I've been toying with several coding approaches that will get the job done, but I'm seeking an ultimate answer. I have categories and sub-categories: eg: candy (gum, coco), fruits (apple, orange, pear), meat (burgers, steaks) etc. The user has to select ONLY one item, eg: what did you eat last? My thinking is to have a <select> drop-down menu with category titles. When an option is selected, a secondary drop-down should appear. I've got one very old school method that works by literally populating a second drop-down based on the first dropdown selection. But it needs to be promoted in a separate motion (not a seamless flow). I also have a partial CSS solution extracted from dropdown menu designs (which seems to be more of what I'm looking for). The real obstacle is that most users will be using Smartphones to make they're selections. As an Android user I'm familiar with how a <select> is displayed, yet a CSS menu using <a href> responds more like a webpage (and seems too small to view comfortably). Likewise, if a second tier <select> menu were to cover the phone's screen, there would need to be an easy way to go backwards (in the case of an incorrect category selection). Any guidance or solutions for this?

@kicken Understood. I saw similar solutions but couldn't understand why they were using such a convoluted approach. Now it makes sense. Thanks for the explanation. I'll give it a try.

I'm fiddling around on a W3 page in order to achieve a better understanding of current JS practices. Goal: if ANY of several paragraphs are clicked, send an alert message. //var a = document.querySelectorAll("p").addEventListener('click', fn); function fn(){ //var i;for (i = 0; i < a.length; i++) { //alert(this.innerHTML); //} alert(222); } I've managed to achieve success with querySelector to push out the alert for paragraph #1, but the querySelectorAll implementation seems to be causing me trouble. Insight and solutions to approaching this properly, please.

Any other people have insight or opinions on this?

I'm creating a form that will contain between 12 and 20 fields. After submitting and inserting into a db, a user can review a specific record (that uses SELECT * to repopulate the form's fields). At this point, data can be changed and empty fields can be completed. Here, the table will be updated. The presumably "easy way" would be to now UPDATE the entire record (and I'm sure that would work), but it occurs to me, that only fields that have been changed actually need to be updated. Is it more sensible and "proper" to only update fields that have changed? Or is it an unnecessary challenge? Is the overhead that is being reduced really worth the effort? Or is the overhead incurred by comparing values negating the savings? What is the best approach? I've seen articles indicating that JavaScript should do the comparison and then pass along the effected data. Any thoughts or suggestions? Thanks

I have my PHP spitting out an HTML table that includes a button for editing at the end of each row echo "<td><form action='' method='POST' <button type='submit' name='startEdit' value=".$row['id']." onclick='myFunction();'>Edit</button></form></td>"; I want a confirmation to pop up before advancement to the editing form page function myFunction() { if(!confirm('Do you really want to do this?')) { return false; } } Obviously, if TRUE is the result, I want the page to advance, and for FALSE, I want the page to remain. I have not been able to achieve the desired result either by changing the ACTION to action="xyz.php" OR with JS window.location.href = 'http://www.w3schools.com'; Please tell me what I am missing?

So this is on the CLIENT side? And therefore has nothing to do with server settings? [I guess I read too quickly. No wonder this is such an unreliable method... LOL]

I did not, but I have no issues with viewing the <img src> when written directly into the HTML. Does the remote content setting handle the capability for exactly what I'm trying to accomplish? [of course it does, right... LOL]

I'm trying to track an email message by adding an image to an email. (a very rough attempt to just get a result) <img alt="" src="http://yourwebsite.com/record.php width="1" height="1" border="0" /> My understanding being that when the email is opened, the script will be called, and then send the image to the email. However, the code seems to be ineffective in passing the image. My desktop email shows no image, and my cellphone image shows an error/no image symbol I've tried code as simple as header("Content-Type: image/gif"); readfile("blank.gif"); and as complex as //Full URI to the image $graphic_http = 'http://yourwebsite.com/blank.gif'; //Get the filesize of the image for headers $filesize = filesize( 'blank.gif' ); //Now actually output the image requested (intentionally disregarding if the database was affected) header( 'Pragma: public' ); header( 'Expires: 0' ); header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' ); header( 'Cache-Control: private',false ); header( 'Content-Disposition: attachment; filename="blank.gif"' ); header( 'Content-Transfer-Encoding: binary' ); header( 'Content-Length: '.$filesize ); readfile( $graphic_http ); with no success. What am I missing? PS: I've tried it at the top and the bottom (where I would want it) of my email message, but no joy.

@maxxd I've found allot of ambiguity in the vague endorsements for being able to achieve a reliable count in this manner. But the "unreliable" crowd seems more consistent. That's why I created the post here for an honest dialogue. I, like you, considered the possibility that certain email providers might receive special treatment. However, that reality would strongly lean towards the topic of collusion and violations of Federal anti-trust statutes that would probably temper that behavior. Then again, I'm not gonna say it can't be happening. [But do you REALLY think a company would act unlawfully on the pristine roads of the internet highway?? *scratching my head*]

@maxxd but how do THEY do it? If they are using a method that I can use in PHP, then I would assume they have all the same obstacles.

I want to be able to distinguish between emails that the recipient ignored and emails that were opened. I've looked at code with a header item Disposition-Notification-To but indications are that this is easily turned off and therefore an unreliable choice. Other alternatives state that placing a .gif image in the email's body is effective. But some indicate that it, too, is often blocked by major email providers. Either way,I have not found a working example to test for myself. Additionally, I plan to use this primarily when sending an email to an address that is NOT maintained by Google or Yahoo etc. More likely to momandpop.com type domains (that may have a GoDaddy-ish hosting plan). Any helpful information would be great.

I think there are methods available.

I want to send an email via php (no problem) Now I want to get a confirmation when the email is opened. I've seen a few bits of code but nothing that seems very well defined. Any guidance or direction to valuable explanations or links would be great. Thanks.

@ginerjm OK, yes. Not sure if it will "error" but it was a quick example of my thought process. Now I understand that you were pointing out my loopiness.

@kicken Thanks for the help, but I wasn't as clear as I should have been. I'm not interested in the page loading speeds (at this time) I am only trying to determine how long each user remained on the specific page before advancing. This would let me know if a question was too complicated, or maybe randomly answered. Hypothetically, it would take more than 3 seconds to write 500 words versus cut & pasting. Likewise, if it took 20 minutes to add 3 + 3, then maybe you were distracted from the webpage, etc. Or, maybe my design or layout is not easy enough to follow.

@ginerjm Care to explain why?

I want to assemble a multi-page questionnaire/quiz whereby submitting page 1 will lead to page 2 etc. I have locked in the time that each page loads by using unset($_SESSION['start']); if($_SESSION['start'] == ""){ $_SESSION['start'] = time(); } at the top of each page However, I am having difficulty in getting the time at submission. I realize I can simply use the start time of page 2 as the submission time for page 1, but that would technically be incorrect, right? In actuality, a page would load (and the time recorded). A person would submit after any amount of expended time (and that would be recorded) Then there would be a gap before the next page loaded. How can I effectively obtain these events? Or am I unnecessarily overthinking this?

@gizmola Thanks. And yes. Again, I haven't started to write the actual code, but that was my thought process (especially since so many of the tags fit such a similar format. I guess I've actually come quite a way (thanks to those that have helped me HERE). *i wonder if it's time to change my username???!?*