Jump to content

benanamen

Members
 View Profile  See their activity

  • Posts

    2,134

  • Joined

  • Last visited

  • Days Won

    42

 Content Type 

Posts posted by benanamen

    xss protection?

    in HTML Help

    Posted

    @jaques1, just how many times and places do you actually need to set the character encoding?

     

    So you have

    header('Content-Type: text/html;charset=utf-8');

    <meta charset="utf-8"

    html_escape($test_input, APP_HTML_ENCODING)

    $dsn = "mysql:host=$dbhost;dbname=$dbname;charset=$charset";  

     

    And also have mentioned the server can set the character encoding. Seems redundant to have to explicitly set it in so many places. Not to mention Mysql as well, but I assume that is different.

    Is a single JSON MySQL retrieval faster than individual rows?

    in MySQL Help

    Posted · Edited by benanamen

    Your problem is your query. You need to join the tables. That is the whole reason it is so slow. The WHERE clause is killing it.

     

    This kind of thing should be done in a JOIN

    WHERE    building_products.id = product_id

    Also, name is a reserved word. Change it to something like color_name.

     

    Unless height, width, length, and quantity are something other than numbers, you shouldn't be using varchar for the column type.

    IF in mysql WHERE clause

    in MySQL Help

    Posted · Edited by benanamen

    And good luck making an application like this multi-lingual.

     

    Solidly makes the case. I personally have not done anything multi-lingual which is why I think in 100% sql and I am always the sole programmer. One point that does make Barand's answer is if you're querying from the console to get the same result.

     

    whenever the wording changes, you'll be busy finding and updating those strings in the code

     

    Valid point.

    Copyright Assignment

    in Miscellaneous

    Posted

    After research, there are no license issues with the aforementioned softwares as you said. I am not anyone's employee so this does not fall under the "Work For Hire" laws. As an independent contractor I automatically own the copyright to the code unless there is a written transfer of those rights.

     

    The solution that made sense is what @kicken proposed. Thanks for the feedback to both of you.

     

     

     

    Alternatively you could try and retain your ownership of the code and just license it to them. The terms of the license would permit them to sub-license it to other companies in exchange for some sort of fee to you such as a yearly payment or a per-sub-licence payment.

    I have trouble sending data to database using PDO, any help would be appreciated.

    in PHP Coding Help

    Posted · Edited by benanamen

    For starters you never insert user supplied data directly into the database. You are using PDO incorrectly. You need to use parameterized queries.

     

    Since you didn't post your form code it is impossible to tell if submit is even properly set. You should not be depending on the status of a button name to be submitted in order for your code to work. I am on my phone at the moment so I cannot post you the proper links to look at.

    Copyright Assignment

    in Miscellaneous

    Posted

    Thanks for the reply. I have concluded that licensing is the right direction as opposed to copyright transfer. Issues currently identified with copyright transfer is:

     

    A: App includes third party code and their licensing parameters may be an issue. (Jquery, bootstrap..) 

    B: App contains often used code such as login, forgot password, and password reset. Could not transfer ownership of that code.

     

    So, question is now narrowed to compensation for a licence to sub licence and the conditions for that. I always give an "implied" unwritten license for exclusive use to the hiring company that it was developed for. To date, I would never use or need anything I have developed.

     

    Any additional feedback on this welcome.

    Copyright Assignment

    in Miscellaneous

    Posted

    I am 192 hours into a project and NOW the owner of the company (not the one who I have been working with) wants a contract signed which includes the assignment of copyright ownership. My rate was based on the exclusive use of the application as a complete work for use by this company only.

     

    They tell me now that they want to licence the app to other companies in their industry.

     

    My question is, how have any of you dealt with the assignment of copyright (Ownership of the underlying code). Do you work at an increased hourly rate?, Negotiate a flat rate for the transfer of copyright? Since there is much more they want to do it is impossible to know how much more code there will be for them to own so doing a flat rate agreement today doesn't seem wise.

     

    In all my years of coding this has never come up.

    the word (Bro) offensive?

    in Miscellaneous

    Posted

    For me, on this forum it doesn't come across right. I personally don't get offended but it still doesn't come across right to me. It might have something to do with the more professional sense of this forum. And in a professional setting you wouldn't be calling people bro.

    • Like 1

    Warning: htmlspecialchars() expects parameter 1 to be string, array given

    in PHP Coding Help

    Posted

    You have to explicitly reference them:

     

     

    Perfect! That did the trick. 
     
     
    Your code is also vulnerable to XSS:
    $_GET['p'] is dropped into the markup with no protection whatsoever.
    htmlspecialchars() without any flags and any character encoding is dangerous. It could work out, but it could also fail miserably. You should always specify the character encoding and at least set the ENT_QUOTES flag.

     

     

     
    Thanks, but I am quite aware of that. The code is just a quick example to demonstrate the specific problems mentioned.
     
    The $_GET['p'] is on the TODO LIST and relates to a previous discussion you and I had on ways to "encrypt" the url to stop id # changes.
     
    The code was  cut from a page that has not been updated per your suggestions from another post. All other pages have been updated as such:
     
    <?= !empty($note) ? htmlspecialchars($note, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') : '';?>

    Warning: htmlspecialchars() expects parameter 1 to be string, array given

    in PHP Coding Help

    Posted · Edited by benanamen

    Here is a problem I have never run accross. The code will demonstrate. I have two sets of first/last name arrays to enter to DB and one non array random required field.

     

    On submit with empty random field, required error displays as should, but array fields get error:

     

    Warning:  htmlspecialchars() expects parameter 1 to be string, array given. Not sure how to handle this. Google not much help.

     

     

    PART 2

     

    Assuming first problem has been fixed, I want to require at least one first and last name. (Think Husband and wife, only need one minimum) How would I go about requiring just one first/last name set? 

     



    
<?php
    
        echo "<pre>";
    
        print_r($_POST);
    
        echo "</pre>";

    
if ($_SERVER['REQUEST_METHOD'] == 'POST')
    
    {
    
    //------------------------------------------------------------------------------------
    
    // Check Missing Fields
    
    //------------------------------------------------------------------------------------
    
    $error = array();
    
    if (empty($_POST['random']))
    
        {
    
        $error['random'] = 'Random Field Required.';
    
        }

    
    //------------------------------------------------------------------------------------
    
    // Check for errors
    
    //------------------------------------------------------------------------------------

    
    if ($error)
    
        {
    
        $error = implode("<br >\n", $error) . "\n";
    
?>
    
<div class="row">
    
    <div class="col-md-offset-2 col-md-8">
    
        <div class="error_custom"><?= $error ?></div>
    
    </div>
    
</div>
    
<?php
    
        }
    
    else
    
        {
    
        //Insert to DB
    
        }
    
    } // End POST
    
?>

    
<!DOCTYPE html>

    
<html>

    
<head>
    
  <title>Hello!</title>
    
</head>

    
<body>

    
<form class="form-horizontal" action="<?= $_SERVER['SCRIPT_NAME'] ?>?p=<?= $_GET['p'] ?>" method="post">

    
<div class="form-group <?= !empty($error['name_first'] ) ? 'has-error' : '' ?>">
    
   <label class="col-md-4 control-label" for="name_first">First Name <span style="color: #FF0000;">*</span></label>
    
   <div class="col-md-4">
    
      <input id="name_first" name="name_first[]" type="text" placeholder="First Name" class="form-control input-md" value="<?= !empty($_POST['name_first']) ? htmlspecialchars($_POST['name_first']) : '';?>">
    
   </div>
    
</div>


    
<div class="form-group <?= !empty($error['name_last'] ) ? 'has-error' : '' ?>">
    
   <label class="col-md-4 control-label" for="name_last">Last Name <span style="color: #FF0000;">*</span></label>
    
   <div class="col-md-4">
    
      <input id="name_last" name="name_last[]" type="text" placeholder="Last Name" class="form-control input-md" value="<?= !empty($_POST['name_last']) ? htmlspecialchars($_POST['name_last']) : '';?>">
    
   </div>
    
</div>


    
<div class="form-group <?= !empty($error['name_first'] ) ? 'has-error' : '' ?>">
    
   <label class="col-md-4 control-label" for="name_first">First Name <span style="color: #FF0000;">*</span></label>
    
   <div class="col-md-4">
    
      <input id="name_first" name="name_first[]" type="text" placeholder="First Name" class="form-control input-md" value="<?= !empty($_POST['name_first']) ? htmlspecialchars($_POST['name_first']) : '';?>">
    
   </div>
    
</div>


    
<div class="form-group <?= !empty($error['name_last'] ) ? 'has-error' : '' ?>">
    
   <label class="col-md-4 control-label" for="name_last">Last Name <span style="color: #FF0000;">*</span></label>
    
   <div class="col-md-4">
    
      <input id="name_last" name="name_last[]" type="text" placeholder="Last Name" class="form-control input-md" value="<?= !empty($_POST['name_last']) ? htmlspecialchars($_POST['name_last']) : '';?>">
    
   </div>
    
</div>

    
<!-- Text input-->
    
<div class="form-group <?= !empty($error['random'] ) ? 'has-error' : '' ?>">
    
   <label class="col-md-4 control-label" for="random">Random Required <span style="color: #FF0000;">*</span></label>
    
   <div class="col-md-4">
    
      <input id="random" name="random" type="text" placeholder="Random" class="form-control input-md" value="<?= !empty($_POST['random']) ? htmlspecialchars($_POST['random']) : '';?>">
    
   </div>
    
</div>

    
<div class="form-group">
    
   <div class="col-md-offset-4 col-md-4">
    
    <input type="submit" name="submit" value="Submit" class="btn btn-primary">
    
   </div>
    
</div>

    
</form>

    
</body>
    
</html>

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.