Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Irate

  1. I was referring to the escape functions he has implemented.
  2. More secure, yes. However, there are still some things wrong with this... First thing, you're using the mysql module which is deprecated as of PHP 5.2 (I think, it might have been an earlier version number) and it will be removed in the next major PHP release. Second, you're checking for $_POST['regname'] which will give you an error if the variable is not yet declared - such as if the input field is simply left empty. You should preceed the line with if( isset($_POST['regname'] && !empty($_POST['regname'] ) Same applies for basically every POST and GET variable you want to query.
  3. Not all global variables are to be avoided, certain ones are pretty useful and nothing should keep you from using them (like the superglobal arrays $_GET, $_POST, $_SERVER etc. and constants; except if your script requires a certain type and deprecates the other). Using the global keyword breaks variable encapsulation and is usually a sign of doing it wrong.
  4. Example why escaping - for example a password field - is important. Say you have two input fields, one for username, one for password. You query the input as following, assuming you are using $_POST and the fields are named "user" and "pass", respectively: $query = "SELECT * FROM `users` WHERE 'user' = '".$_POST['user']."' AND 'pass' = '".$_POST['pass']."'"; Now, since you don't escape the values, the user might put in "admin" as username and "' OR =''" as password, leaving the above $query with following result: $query = "SELECT * FROM `users` WHERE 'user' = 'admin' AND 'pass' = '' OR = ''", so the user doesn't need to supply any password to log into any account he wants to. Same works with inserting a semi-colon and then creating a new database user with all priviledges granted etc.
  5. I don't think this forum condones data theft. If you are worrying that you could be banned, you surely are doing the wrong thing. Resort to open source resources or, even better, kindly submit a request to the remote server's administrator.
  6. You want to integrate one site into the other? Is that what you mean?
  7. Maybe use .phps files? That way you can even share your PHP source without having to worry that the browser does not display the source because of some possible errors when using .txt files.
  8. Most browsers nowadays do just that - they ask the user if they want to execute the geolocation part of the script, if there is any. There is no way to force the browser into sending the exact coordinates to your server (unless of course you use malicious approaches to this).
  9. I haven't worked with Comet either, but it's basically just establishing and maintaining a connection while waiting for the server to push responses to you, rather than pulling the data from the server with Ajax (though both work). JavaScript works on all browsers, so this should work, and you're not sending any confident data, so it's fine. JavaScript function for that... function setTitle(title){ document.title = title; return null; }
  10. You could also use a server-side push once something changed on the client side and/or server-side(Ajax and Comet are the keywords, here) and change the title with JavaScript.
  11. Maybe my time's ready in a few years, heh. Anyway, congratz, you deserved it.
  12. ... Nevermind me... Was thinking of something completely different.
  13. If you declare global variables, then yes, you can transfer variables to another script. Local variables, not so much. Variable scope's the keyword if you happen to struggle on that.
  14. Use $(obj).animate( { scrollTop: $(elementToScrollTo).offset().top } , 500, "swing", function(whenComplete){});. Also check out the documentation at the jQuery site if you need to know more about it. http://api.jquery.com/animate/
  15. jQuery requires to be loaded from an external source ( try http://code.jquery.com/jquery-1.4.2.min.js ) before you can use any jQuery functions, as jQuery is not integrated into the browser by default.
  16. Of course, my bad, quote issues there.
  17. Actually, alert and basically everything else supports the newline escape sequence in JavaScript.
  18. To get back to my suggestion, Stack Overflow has this small but handy topic about setting 403 errors for certain directories. http://stackoverflow.com/questions/11321998/htaccess-403-forbidden-exclusions
  19. Do you even get his point? Ajax is frankly said easiest to use with a framework... The developers do not have to make their work harder than it is when they can easily use premade stuff. So, assume this, because I use phpMyAdmin and don't hardcode all tables myself, that makes me a framework soldier? 'k.
  20. You could pass the number to a string function, then check for the first character. Or, better, remove any 0's not preceded by a 0 in a whole.
  21. Use the negative lookahead flag. ([a-zA-Z0-9+]{3,20}(?![^a-zA-Z0-9])) Should do the trick. Edit: I brushed up the regex a bit... and it didn't work out as I planned it to do. I'll think of something else.
  22. Irate


    Check the mod_rewrite.so module for Apache and their .htaccess and httpd.conf files for URL rewriting. Also, using global is more likely a sign of doing it wrong than right.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.