Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


maxxd last won the day on January 7

maxxd had the most liked content!

About maxxd

Contact Methods

  • Website URL

Profile Information

  • Gender
    Not Telling
  • Location
    North Carolina

Recent Profile Visitors

24,607 profile views

maxxd's Achievements

Prolific Member

Prolific Member (5/5)




Community Answers

  1. maxxd

    Anti XSS

    Does that mean that you've made sure you're using prepared statements, nonces for your CSRF, and proper XSS request headers or do you mean you feel fine altering user input because what you have looks like it's working as it is?
  2. The image tag is the main element in this situation - it's wrapped in a picture tag (the container), and the src elements can be thought of in the same way that media queries are in css. You need to have the img tag in the picture element to actually display the image source as defined by the src elements depending on their media attribute. Basically, in your situation the <img> tag is the only actual element in the structure. The rest of it is conditionals.
  3. If I remember correctly, you need to add the class attribute to the <img> tag. The picture tag is a container, and the source elements replace the inner image tag at the defined breakpoints.
  4. XMLHttpRequest is a bit outdated these days with the rise of the fetch API. That having been said, the fetch API can be a bit rough to wrap one's brain around if you're new to it. Either way, one option is to add an additional parameter to the AJAX calls (for instance, 'ajaxRequest') that isn't set in the normal call expecting a full page refresh. Check for that extra parameter in the processing code and you know how to return the data - either a JSON string of just the data or the entire page. I'm a little brain-fried, so I hope that makes sense...
  5. This is where an MVC-style approach to the server-side code comes in handy. The display logic is in the view, and the controller decides what to return. If the request to the controller is AJAX-based (or POST, in this case) the controller returns JSON-encoded data whereas if it's not, it returns the full compiled HTML.
  6. Whatever you end up doing with the email itself, do yourself a favor and use one of the major libraries instead of php's native mail() function. I'm most familiar with PHPMailer, but I believe laravel uses Symfony Mailer. Either is going to make your like much easier in the long run.
  7. You require_once and use statements need to be outside the function; they're global functions. You can then use the classes inside a function. So, the instance that works, just put everything after require statements into a function and call it normally.
  8. Structure-wise, I agree with mac_gyver. This is really no different than the hotel booking system you were working on before. A single cinema booking can consist of multiple seats, much like a single hotel booking can consist of multiple rooms. Take a step back, think about what you know from past experience, and re-evaluate your current data design; in this case I very much doubt that a "booking" is a single seat.
  9. The ajax call doesn't interact directly with the php - the only time it'll register a failure is when the call itself fails. So if you call a non-existent endpoint or if the server is down, the ajax call will invoke the error method. If however the php can't find the record or there is an error in your code that doesn't halt the execution of said code, there will still be a successful response from the server and the ajax will treat it as a successful response. What typically happens is the php script returns a json-encoded array with a 'success' index that indicates whether or not the php function worked. This is what I meant when I said 'just have php return the status of the call' - add a boolean to the return payload that can tell the javascript if the php failed in a manner that didn't cause a server exception.
  10. Sorry, I was multitasking and therefor distracted earlier (hence my deleted post). I can give you a quick example using the fetch() api though it's been a while since I've used jquery ajax functions so I couldn't get that working - hopefully this'll still give you a nudge in the right direction. Unsolicited opinion; it's worth looking into fetch() or axios() if you want to move beyond jquery. I find them both simpler to use and easier to read (especially axios). Having said that, there's nothing wrong with jquery but it's not something I personally have seen used for new development in a while. html: <form action="" id="my-form"> <input type="text" name="test-1" id="test-1"> <input type="text" name="test-2" id="test-2"> <input type="submit" value="Click me"> </form> javascript: let frm = document.getElementById('my-form'); frm.onsubmit = e => { e.preventDefault(); let dt = new FormData(e.target); dt.append('new-value', 'test-3'); let ret = fetch('/jstest2-handle.php', { method: 'post', body: dt }).then(d => { return d.text(); }).then(ret => { console.log(ret); }); } jtest2-handle.php: print(json_encode([ 'var1' => 'return1', 'var2' => 'return2', 'varPost1' => $_POST['test-1'], 'varPost2' => $_POST['test-2'], 'varPost3' => $_POST['new-value'] ])); The console.log() output is this: {"var1":"return1","var2":"return2","varPost1":"test1","varPost2":"test2","varPost3":"test-3"} Obviously I put 'test1' into the `test-1` input, and 'test2' into the `test-2` input.
  11. Yes - ajax will load the specified php script and it will execute. In your sample code, you're not passing a variable named 'submit', so your php code won't run. It's been a bit since I've used jQuery, but it should be a simple case of collecting the data and sending it in the second parameter of the $.post() method from the javascript. The php will receive the data and any output will be returned to the calling script.
  12. If all the code is yours, just have php return the status of the call. If you're interfacing with a third party API, check your developer tool's network tab. You can see the request being sent and chances are the third party sends a response packet. Either way, best bet is to console.log the ajax response.
  13. In most CSS setups, there's a containing div set with 'overflow: hidden' and an animated height - this then reveals the contents of any nested elements. AFAIR jQuery affects the height of not only the containing div, but the nested elements. So it makes sense that there's a difference in appearance - I'm not aware of a CSS-only solution that will do the "un-squishing" you can (as I recall, will) see with jQuery. That having been said, whether you're concerned about injection vulnerabilities or server downtime using a CDN-based version of jQuery, you pretty much don't need to be. As long as you're using (for instance) jsDeliver, cdnjs, or code.jquery.com, you can be reasonably assured that it's safe and reliable. And of course if the idea still bothers you, just download the file and include it directly from your own server. Funny aside - I didn't realize jQuery was still under active development until last week when I saw the v4 beta announcement.
  14. In addition to that, you're using $curPageName all over that code, but I don't see where it's defined outside the if conditional. This means that if $_GET['id'] is not set, neither is $curPageName.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.