cyberRobot

After save.php processes the request, have you tried using a header redirect to go to PayPal? http://php.net/manual/en/function.header.php

For what it's worth, there are plugins that let you run PHP code inside a WordPress post. I haven't used any of the plugins...and I haven't looked into the potential security risks of adding one. Hopefully the plugin wouldn't allow visitors to run PHP code through the blog post comments section, for example.

There appear to be a number of examples when searching for "javascript change text with timer" in Google. https://www.google.com/#q=javascript%20change%20text%20with%20timer

If you want the quotes to change without the page refreshing, you need to use a client-side language, like JavaScript.

You will need to provide more information. Are you trying to pre-populate a form? So that way a form field has a default value before the user does anything? Or is the user doing something with the form / page that results in you inserting a value into a form field? If it's the latter, you will need to use JavaScript as kicken mentioned.

To hopefully answer your question more directly, there's nothing necessarily wrong with your code examples. If they run without errors, it's a valid solution. With that said, problems still arise depending on how you use the code. For example, if $somevalue below contains data the user can tamper with, like data from a POST variable, you are susceptible to XSS attacks. You need to escape the value before it is displayed to the screen. <input type="text" name="myname" value="<?php echo $somevalue; ?>" />

Just to clarify, I was just making the two examples comparable. One in raw HTML, with some simple PHP stuff. The other where the form tags are displayed with PHP. Is your question about whether you should use a function call to output the form? If so, that's really up to you. If you are looking for best practice, then perhaps it's using a template engine like benanamen suggested.

Thanks Barand!

When querying tables that are stored in different databases, I normally establish separate database connections, run separate queries, and combine the results in PHP. However, it appears that you can connect to one database and run a joined query on both databases, as long as the login credentials work for both databases. With that said, does anyone know of an issue with writing a query like the one below? SELECT alias1.columnName1, alias2.columnName2 FROM database1.table1 AS alias1 LEFT JOIN database2.table2 AS alias2 ON ... Note that I wouldn't use names like database1, alias1, etc. And you can ignore the "..." in the ON clause.

As a quick example, you can see how this forum shows the two blocks of code: <form method="POST" action="p.php"> <input type="text" name="myname" value="<?php echo $somevalue; ?>" /> <input type="submit" name="submi" value="Submit" /> </form> <?php echo '<form method="POST" action="change_password.php"> <div>Type new password</div> <div><input type="password" size="40px" name="new_password" /></div> <div>Type new password again</div> <div><input type="password" size="40px" name="new_password2" /></div> <div><input type="submit" value="Change Password" /></div> </form>'; ?>

For my response, I'll ignore the function part. An advantage for writing code like this <form method="POST" action="p.php"> <input type="text" name="myname" value="<?php echo $somevalue; ?>" /> <input type="submit" name="submi" value="Submit" /> </form> Is that the code blocks will be colored based on the HTML code versus PHP...depending on your IDE. However, if the code contains more PHP than HTML, it might be better to surround it with PHP tags.

Thanks for the thorough explanation Jacques1!

Reading through your (Jacques1) response again, I likely agree with most of your points. Based on the following: I imagine you are talking about importing a text file that only outputs the HTML tags. That isn't the most flexible way of doing things. I am still curious about the potential security issues.

Out of curiosity, what is inherently insecure about putting HTML tags, like the OP posted, and importing it with require_once()? A file imported through require_once() can be dynamic. For example, the imported file could contain a template class. The class can be set to customize the <head> tag content or any other part of the template. Note that I'm not arguing for or against third-party template engines. I'm just addressing some generalizations.

Yep, what maxxd said. Just be aware that you may need to add extra things to the <head> tag for specific pages. So either keep the <head> tags in the original documents. Or develop a way to inject code into your include file.

Hint: there is a tag in your code after the last <item> tag, but before the end </channel> tag. It rhymes with "batom".

It looks like the feed is technically valid. The last two things (guid and misplaced item) are suggestions. With that said, did you see the help links? guid help: https://validator.w3.org/feed/docs/warning/MissingGuid.html misplaced item help: https://validator.w3.org/feed/docs/warning/MisplacedItem.html

For what it's worth, it's fairly easy to tamper with POST variables. You could just go into the code inspector for your browser and modify the source code before submitting the form.

On a related note, did you see the "[help]" links to the right of the errors in the W3C validation page (https://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Fphp_class.teamluke.net%2FAssignment_9%2Frss.php)? They can help guide you to the solutions.

Most of the errors refer the tags used within the <item> tag. The available children tags (for <item>) are listed in the RSS 2.0 spec here: https://validator.w3.org/feed/docs/rss2.html#hrelementsOfLtitemgt The specification provides examples on how to use the tags. Note that the <title> tag is a child of <item> and not <link>. And there isn't a tag for <Price>, but you could add that information to the <description> tag.

The CDATA stuff isn't needed for the first <title> tag. For the <webMaster> tag, see the example in the RSS 2.0 Specification (https://validator.w3.org/feed/docs/rss2.html). For the second <link> tag (child of <image>), see the note in the RSS 2.0 Specification (https://validator.w3.org/feed/docs/rss2.html#optionalChannelElements).

The question has been moved to its own thread.

Did you change the call to mysqli_stmt_bind_param() as suggested by Barand? If not, try changing this mysqli_stmt_bind_param($statement, "siss", $name, $email, $password); To this mysqli_stmt_bind_param($statement, "sss", $name, $email, $password); The other thing that Barand mentioned refers to this portion $response = array(); $response["success"] = true; echo json_encode($response); No matter what happens with the query, you will get "true" since it's hard coded. Instead, you need to test the return value of the call to mysqli_stmt_execute(). More information can be found here: http://php.net/manual/en/mysqli-stmt.execute.php

Yep, sorry about that.

Sure, I have no argument there. And I am glad you are pointing these types of issues out. I'm learning a lot from your posts.