StevenOliver

... also, make sure to have mySQL error reporting on (if you don't have them on already).

I am glad you made day. I like funny too. My favorite color is green. What's your favorite color? I like macaroni and cheese.

OMG you are so much like an AI bot it's funny. You made my day!! 😀 (check this out: https://www.pandorabots.com/mitsuku/)

Discovered something: LetsEncrypt installs All the "http -> https" rules in a special conf file under "<VirtualHost *:80>" RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] But, if the URL already begins with https, then those rules don't get triggered (because those rules are under VirtualHost listening at http port 80). I noticed LetsEncrypt installs another file with <VirtualHost *:443>. Placing "non-www --> www" Rewrite Rules under that VirtualHost 443 heading now makes all my URLs look correct. HOWEVER..... I TRIED SOMETHING ELSE: Having some RewriteRules in one file under VirtualHost 80, and some RewriteRules in another file under VirtualHost 443 irritates me. So I deleted them and added the following code at the bottom of my apache2.conf file: <Directory /var/www/html/> RewriteEngine On RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\.example\.com$ RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301] </Directory> QUESTION: EVEN THOUGH THIS SEEMS TO WORK, IS THIS OKAY TO DO? ANY PROBLEMS WITH THIS?

Absolutely. I think I spent over a week experimenting! Almost every suggestion on the net that I could find, maybe hundreds of lines of code. Usually multiple redirects. Instead of one or two redirects, sometimes 3 or 4. Are you familiar with the free https service "LetsEncrypt?" If you have that on your server(s), what is your configuration?

LetsEncrypt forces "https" by adding these rules to /apache2/sites-enabled/000-default.conf <VirtualHost *:80> RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> Question: What is the "best practices way" to ALSO have "non-www" redirect to "www" (with the least possible redirects)? Concerns: Although http redirects to https just fine, I cannot get https://example.com to redirect to https://www.example.com properly. Thank you.

My math is better than my PHP.... so this stood out: $start = $page * $limit - 50; Is your math right? Do you mean: $page * ($limit - 50) or do you mean: ($page * $limit) - 50 (Sorry I don't have enough time to read your code to figure out which one it should be....)

Very respectfully, are you really writing code for Online Banking? I'm hoping you're just doing a college class assignment.

Requinix, as usual, your words are indeed wise, usually not what many want to hear, but usually the best-ever advice. Many questions are basically the same: "I botched my code, I don't want to fix it, what's the hack to work around the botch?" At least, that was my question :-) I have figured out the correct answer. There was a server misconfiguration whereby User was not linked to .bashr. Figuring out the fix was beyond my knowledge, but deleting some system software made it look like it works again (akin to, "My car is running rough, I yanked a handfull of wires out of my engine, now my car runs smooth"). The correct fix (for me, as best I can do), was deleting and reinstalling the User. Now, .bashrc works, and I created an alias "nano=nano -Ynone" so now I have the desired result and everything is in the lovely black and white, and I don't have any software missing. Regarding "Syntax is for the newbie millenials," yes, tongue-in-cheek indeed. That being said, I HATE a bunch of colored bs in my terminal.... big...stupid...colors. I'll leave it at "Syntax Highlighting is for the newbie millenials." 😁

Hi Requinix (oops I almost typed "high requinix" freudian slip hahahah), but no, I don't want any syntax highlighting at all. Syntax is for the newbie millenials..... My question was just about "will problems be caused by deleting nanorc" :-) Back in 1999, I used to use Pico, but I'm afraid to install Pico, because the website that has the repository has security seal error.... makes me nervous.

Question: Is it safe to delete nanorc (located in /etc/)? Reason: I don't like Nano's default syntax highlighting. Deleting "nanorc" appears to fix this (makes everything old-style black-and-white). Background info: I discovered -Ynone disables syntax highlighting (example: "nano -Ynone myfile.php"), so I created an alias. Problem: When accessing Ubuntu via my Mac Terminal, Bash does not read the .bashrc file where aliases are written (discussed extensively on 'SO'..... something about if my terminal emulator is a login shell, and that the "Source .bashrc" command has to be run at each login to 'activate' the .bashrc file.... something like that). Bad Solution: Deleting the "nanorc" file located in /etc seemed to get rid of all the undesired syntax highlighting for me. Is this "bad?" Will this be bad for the rest of the system? Will some daemon or process be constantly "looking for" the missing nanorc file? And, is there a better solution? Thank you

Okay, I meant semicolon.... @charlie321, no, it was not mentioned that your file was an actual ".html" file (file with suffix .html). A server's PHP interpreter will only parse PHP if it is ".php" file (file ending with .php suffix). In the olden days, I stupidly had a server directive whereby php would parse both .php files AND .html files. Stupid stupid stupid. Never never never do this. Anyway, your code shows the input was hidden, so you probably wouldn't have seen it just casually looking at your web browser, but if you would have looked in the source code, you would probably have seen the words "<?php echo....." all spelled out :-) Barand, thank you -- I didn't know you could leave the semicolon off the last line. I don't think I would make a habit of it, though.... I'm so used to semicolons.

you forgot the colon after echo time() While coding in PHP, having the following lines on top of all your PHP pages will save a ton of time. (Be sure to remove them before making your pages live to the public.): <?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); ?>

By default, PHP comes with some extensions disabled. Question 1: Is there a command (via command-line) to enable ALL extensions? Question 2: Are there any drawbacks to having all extensions enabled (e.g. slows it down, conflicts, etc.)? Thank you.

I just installed Ubuntu 20.04. Via command line, what's the best way to install/activate PHP 7.4: This way? simply type "apt install php" Or this way? type these commands: apt -y install software-properties-common add-apt-repository ppa:ondrej/php apt-get update apt install php7.4

Easy. First, pause your page (make it private) because it is a security risk right now. 1.) Turn on error reporting in both PHP, and mySQL. 2.) Echo your query (echo "$q";) and directly try what's echoed in mySQL. 3.) When you get it working, sanitize, sanitize, and sanitize (at very minimum, do mysqli escape string functions). 4.) You have "if ($_POST["add_record"])", but how do you know if a record was actually inserted? You might want to do a quick mySQLi query to make sure a valid record was inserted. Always assume the worst, e.g. "people are trying to hack your website now," "nothing is getting inserted into mySQL," "my code is not doing what I want it to do," "we will be in lockdown forever LOL," and then you'll be good :-)

With PHP security, it's important to really learn what you are doing -- no guesswork! If you google "password_hash" you'll see a lot of explanations and examples. In the "olden days" passwords were encrypted, and stored in a database (which could later be hacked). Many encryption functions can result in strings that can be easily decrypted. In fact, there are a lot of websites that will attempt to decrypt your "super-duper encrypted string" for you, and usually do it in about 5 seconds. Nowadays, password "hashing" is popular. The password_hash function uses a random string each time to generate a "hash," which, when tested against the original password (using "password_verify"), will result in either a 'true' or a 'false.' You've noticed when you use "password_hash" you will get a different result each time. That is because this function uses a random string. In the case of your example, "PASSWORD_BCRYPT"). However, regardless how many password_hash results are generated against a specific password, they will all verify as "true." Nowadays, most websites choose to store actual password hashes in databases, rather than actual passwords. Instead of "PASSWORD_BCRYPT" it is popular to use "PASSWORD_DEFAULT" because as new algorithms are invented with PHP upgrades, "PASSWORD_DEFAULT" supposedly uses the latest and greatest. So, if it were me, even though "PASSWORD_BCRYPT" is considered pretty darn good, I would use "PASSWORD_DEFAULT" instead. Again, "security related PHP issues" is not the place to just throw in any line of code you found off the net as one might do when searching for "cool CSS button effects," etc. At the very minimum, do some googling and understand what you are doing. Google "password_hash" "password_verify" and learn all the caveats.

gizmola, thank you for mentioning that "Can I use" site. That should definitely be useful for me. Another site I use is that one that displays what my website looks like in different browsers. I forgot the name of it, but I like to be cross-platform. Nothing bugs me more than websites that say "You must use xyz to view this site properly."

Thank you all! This will work in Netscape Navigator, right? Javascript sure has come a long way since the 90's.

Requinix, thank you! When you say "inline event handlers," do you mean "onClick" and "onInput?" With my simple script, what are some things that could go wrong?

This is the best I can do. This appears to work whether the visitor hand-types their input, or pastes their input: <script> var character_count = 5; var multiples = 1; function show_alert(n) { if (n > (character_count * multiples)) { alert(" At least 5 more characters were entered. "); multiples++; } } </script> <textarea onInput="show_alert(this.value.length);" > </textarea> Your thoughts please?

Question: How do I get an alert after every input (keypress or paste) of 5 or more characters are pasted into a textarea? // This doesn't work: function alert_every_five() { var incrmt = 5; if ( document.getElementById("my_input").value.length > incrmt ) { alert("you input another five-or-more characters"); incrmt += 5; } } Example: Visitor types the words "Good day! How are you today?" Desired effect while typing: As soon as visitor types the "d" in "day," the alert should trigger. No more alerts should trigger until each 5 character increment (i.e. as soon as they type the "H" in "How," the "r" in "are" etc. etc.). Desired effect while pasting: Alerts should trigger only if "5-or-more" characters are input: If visitor pastes "good day! How are you today?" : just one alert. If visitor pastes "good day" and then "How" and then "are you today?" : alert after "good day" and no more alerts until "are you today" is pasted. Thank you!

Requinix, thank you. Here are my thoughts: 1.) Regarding Microsoft, I think the line of code "else { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }" simply helps cover all bases. 2.) Using jquery looks cool and a jquery function only needs a couple lines to type. 3.) However, adding jquery.js turns my 4K page into a 50K, and at least I "see" what's going on when using the XMLHTTP style. 4.) I like "decision making" and I dislike how jquery is a 50k of intimidating code, of which I need only a couple lines of anyway. So, I would choose the XMLHTTP style, and I'm ready to dig through all my code and replace the jquery version with the XMLHTTP version. However, if you said that jquery is a.) safer, or b.) more browser compliant, or c.) traps errors better, or d.) better in some other way, I would change my code back to jquery. So I'm curious which one you'd choose?

Background: I'm comparing 2 styles of Ajax: 1.) "jquery style" 2.) "ActiveXObject Microsoft.XMLHTTP style" Question: Is one better (faster, more cross-browser compliant) than the other? My experience: Both seem equally fast. The Microsoft style is a bit longer, but I don't have to load jquery.js to my page! Code Examples: Jquery style on my PHP page: function getInfo(ProductNumber){ $.ajax({ url:'Ajax-PHP-Page.php?ProductNumber='+ProductNumber, success: function(html) { document.getElementById("my_div").value = ''; document.getElementById("my_div").value = html; } }); } Microsoft style on my PHP page: function getInfo(ProductNumber) { if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp = new XMLHttpRequest(); } else { // code for IE6, IE5 xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { document.getElementById("my_div").value = this.responseText; } }; xmlhttp.open("GET","Ajax-PHP-Page.php?ProductNumber="+ProductNumber,true); xmlhttp.send(); } Thank you!!

No problem. A perfect place to start is by learning a bit more what PHP is about (browse this). Then this should help you with your question: https://www.php.net/manual/en/reserved.variables.post.php