scootstah

What does that have to do with including a WHERE clause for the password? You'd have SQL injection either way.

Your code works. Example here: http://jsfiddle.net/hjqs4L4f/ You need to remove the td selector from this line though: $('table th:eq(' + _index + '), table td:eq(' + _index + ')').addClass('pink');Otherwise, both the cell and the header get colored pink. I also added this at the top to remove the color from other cells when you click a new one (not sure if that is desired or not): $('table th').removeClass('pink'); $('table td').removeClass('red');I don't see you using any <th></th> in your example HTML though, which may be why you can't get it to work?

You're confusing the way HTML works with how filesystems work. The filesystem has no idea what "example.com" is. Filesystem directories are not based on domain names. On UNIX-based systems the filesystem is a tree structure, and begins with a "/". The "/" is referred to as "root". By using a "/" at the beginning of a path name, you are starting from the root of the filesystem. That is an absolute path. If you want to start from any other directory you would use a relative path, by omitting the "/" from the beginning. Since you're on Windows, a "/" means the root of the partition that the script was executed from. So if your PHP file is located in C:\, then "/" would refer to C:\. If your script is located in F:\, then "/" would refer to F:\. You must be mistaken, because that's simply not how it works.

Fair enough.

Hmm, excellent point. That would be nasty. EDIT: Although, that's kind of not solving anything. If you have an SQL injection vulnerability, couldn't you just change the column value for an admin's password or token? Or, promote yourself to admin level?

Ah, I believe the reason is so that you get A-Z and not A-F. So in fact you're getting a lot more entropy by hashing it.

Of course, but why does that matter? You're storing the same length value of the same entropy whether you hash it or not. So what is the point of hashing it? EDIT: I guess part of my question is, why not just store it plaintext?

Why hash it instead of just using bin2hex()?

It's probably being cached somewhere. Do you run APC? What is the application?

This a perfect example of why I tell people not to waste their money on programming degrees.

The request would be server -> payment gateway, not client -> server.

That's not entirely true. The official repository only goes to 5.4, but you can easily install 5.6 or 7 with RPM's or compiling from source. Also, contributors will still fix security bugs for package versions in the official repositories. And, running multiple PHP versions on the same server is pretty clunky. There isn't really any good reason to do that. If you need two different versions get two different servers.

ComputerColumbus, you seem to have a very poor understanding of even the most very basic programming concepts. You need to back up in your learning and work on understanding things like variables and function arguments. Make sure that before you move on to a new topic, you fully understand the one you just finished. If you do not understand how variables work you will never be able to create your own programs.

Attribute selectors

You only use password_hash() when registering. To login, you use the plain-text password and compare it to the hash from the database. password_verify($plainTextPassword, $hashFromDatabase);.

First of all, var_dump() doesn't return anything. So your $id will be null. Secondly, parse_url() returns an array not a string. Did you look at the manual? EDIT: Oops sorry, you're using a component flag, so it does return a string.

http://php.net/parse_url And then http://php.net/manual/en/function.parse-str.php

Beat me to it. More and more projects seem to be running with this, so in my opinion, you should too. It means that when you cross paths with these other projects, everything is already familiar and natural.

Those are headers, I see no error. You said the script works when you visit from a browser, but does it work when you visit from the command line? Cron is not a browser, it uses command line programs. Can you post your script?

Being "good" at Dreamweaver doesn't make it produce less shitty code.

I think it's important we define the term "better". Dedicated servers are better for some things, and VPS' are better for some things. It really depends what you're trying to achieve.

I think you mean Virtual Private Server, also known as a VPS. This really comes down to your ability to manage such a server. You will need knowledge of the Linux command line, and knowledge of how things like web servers and database servers work, how to edit and manage configuration files, how to manage log files, how to setup security, etc. If you had to ask this question it means you are probably not ready to take all of that on. Dreamweaver is garbage. You need to know how to write code, not generate it. Any code editor will let you create websites with PHP. Which one is best is a highly opinionated and personal question. For me, I recommend PHPStorm or Sublime Text.

Don't sweat it man. Do research on all of the things that you struggled with or didn't know. This is how we grow. Interview questions are largely bullshit anyway. They're more about memorization and pointless trivia than they are actual coding ability.

https://github.com/mexitek/phpColors Found this.

Just showing your employer that you care this much to get it right will say a lot all on its own.