jodunno

Dear members, I have recently noticed something about php and my regex filter: a-z still allows A-Z. The same is true of a filename in php. I name a file hello.php and it is included if i call it as Hello.php. if (preg_match("/^[a-z\/\s_-]{3,116}$/i", $variable) === 0) { break(2); } is my regex incorrect? i am trying to check an entire string for matching characters. I usually create an array as a key and say if not in array. However, i cannot create an array for this particular string which could contain over 100,000 possibilities. Thus the use of regex. Perhaps my regex is incorrect or php is case insensitive. summary: the string Abc/Xyz gets through despite only regex of a-z. I would think that it should be A-Za-z. No? Best wishes.

sensitive data has many meanings. my site will be subscription based and member content is sensitive in my opinion. I don't want my private pages cached. one must pay me to view my work. I only use servers with unlimited data rates. My files are small. css is a bit large at 50kb for all site content but my html pages are typically under 10kb. I'm not concerned with cache. big tech companies do the opposite: 12kb css and a whopping 400+kb pages. I can see why they need that cache 🙂 I'd like to cache some things but caching headers are clear: cache or no cache (nostore). Private is not guaranteed so nostore is the best option for me. I've tried to find ways to reduce my code as much as possible. I am happy with 50kb css and 10kb pages. 15kb of the css is background photo data because i use a content security policy which disallows unsafe inline. I have no other way to allow background images other than including the css change in the css file and using php to dynamically write the selection to the body class. body class="myclass userselectedbg"I once tried using php tp dynamically create css files but it didn't work out very well. sometimes the css was missing and the data was broken (caching revalidation problem i guess).

Hi, I notice that you have the exaxt same code in several places but you use different selectors. .divL { box-sizing: border-box; padding: 5px; border-right: solid 1px #000000; border-left: solid 1px #000000; background: #eaeaea; width: 50% ; } .divR { box-sizing: border-box; padding: 5px; border-right: solid 1px #000000; border-left: solid 1px #000000; background: #eaeaea; width: 50% ; } nothing is different between divL and div R. You could combine the two as .LR and apply them to the class: div clas="MainClass LR h1" Best wishes.

Hi requinix, I am torn between version differences and corruption because i started having problems with Edge when i set cache control to no-store. Honestly. All of my css was breaking and it worked just fine up to the nostore change in xampp. I panicked and tried to fix the possible problems and it snowballed out of control. I almost wanted to cry about it because i've worked hard on my website now for three years. it is very upsetting. I decided to download the new edge and see if it works in new edge. I decided to place old edge browsers in the unsupported browsers section of my system requirements. i hate to do that but i am not a fan of browser detection and customized code. I never use browser detection in fact. Anyway, i've spent the past three weeks recoding my site. Everything that used to work in Edge is no longer working. I do remember downloading a critical update and installing it last year. Maybe something has changed since then. it just seems like Edge is broken somehow. Everything worked until the nostore policy. I cannot figure it out. By the way, i have two computers for different purposes: the one i am using to type here now is my internet computer. The other computer is my work computer which i never connect to the internet on the work computer. i activated my Windows system at purchase and never reconnected. I like to keep it clean and protect my files from the world. I have given up on this issue because i cannot find the problem. I have no idea why my code started breaking. little things like wobbly transitions, slow transitions, no word breaking when i explicitly code it, etc. so many things have gone wrong since i changed my cache control. On a positive note: i've cleaned my code and i am now in the reusable css group :-) I've also implemented image sprites which i've never done before, so the site is actually better now. I still wonder what happened. The exact same code inline was working last year. I am stumped. Best wishes.

Hi requinix, I'm sorry for the delay. I've been so busy the past few days. I've also recoded this slider since my last post. I've tested this slider and script for days now and it still breaks in Edge 38 on my work pc. Today i tried the code with Edge 44 on my Mother-in-law's computer and it works. Something must be corrupted with Edge on my work pc. I have no idea what is the problem. It seems like Edge 38 on my system is trying to apply all of my custom css instead of just -ms commands. I removed the -ms commands and the webkit code was displayed as well as NaN disappeared. I'll move on from this. I have the new chromium Edge and i can always test old Edge on my Mother-in-law's pc. Thank you.

Hello again, I've made progress with this problem. When inline it is working, so i checked my event code. Somehow the following code doesn't make sense to me. Perhaps it is not the correct method of acquiring updates numbers (slides through the range). document.getElementById('MyRangeLabel').innerHTML=MySlider.value; my slider works in Edge when i remove this code from the javascript. I can't figure out a way to update the innerHTML as i slide through the ranges. Anyone able to offer a solution? <label for="MySlider">TestRanges: <span id="MyRangeLabel">0</span></label> <input type="range" min="0" max-"5" value="0" id="MySlider" step="1"> onchange and oninput: how do i take the new range when sliding and change the innerHTML of the MyRangeLabel span? Thank you for any help.

i have a range slider and i use it to change the innerhtml of a label element to reflect the slide through the range. the code did not work until i added both onchange and oninput to the form element. I believe that ie browser requires onchange to work. I can't remember why i need both methods. All was working when it was inline. I now try to add both change and input as events attached to an external javascript file. The change and input works in chrome, new edge browser, firefox, ie and opera. The new code breaks in older Edge browsers. what is the problem? it works in Edge when the javascript is inline. Edge doesn't show the slider track and displays Nan when i try to use the slider thumb. Anyone know why? By the way, i can never get events to work for me. I have no idea why. I found a site with code that uses DOMContentLoaded and now my events work. So i stick with this code. I am not a JavaScript guru. event code: document.addEventListener('DOMContentLoaded', function () { document.getElementById('MySlider').addEventListener('change', function () { var MyRange = document.getElementById('MySlider').value; MySlideFunction(MyRange); }); }); Again, when the code is inline everything works in Edge. <form onchange="" oninput=""> Thank you for any help.

Update: this isn't an Apache problem. I have battled this issue now for three days and i found a culprit: Edge browser (versions 38 up until new chrome based version) break my css button tranform if clear cached data and files is selected. That is ridiculous. Like saying we aren't allowed to clear our cache to help espionage and data centralization. Absolutely garbage. I will be sure to mention this in my specifications/requirements page. All other browsers handle my files correctly. Microsoft is a piece of work. Anyway, Thank you for your time. By the way, no-store is the correct method of having pages not cached. no-cache is not correct. private is not correct. I had to research this subject. Best wishes and please stay healthy everyone. Corona virus is a big problem for us all.

so the problem persists after a boatload of testing. I have tried separating headers in apache: HEADER set Cache-Control "no-cache" HEADER set Cache-Control "no-store" HEADER set Cache-Control "private" I've discovered a new cause. I have my site set as homepage in Edge. The problem is started whenever i just close the browser (not log out), then open the browser and log back in. It appears as though the homepage is a cached version of the site? which should still check the server and detect a no-cache header. The problem is especially noticeable whenever i have Chrome open at the same time. I cannot recreate this wobbly css cache problem with new versions of Firefox but old versions also make my css unstable. Anyone know of a solution to this problem? otherwise, i have to tell people that they cannot make my site their home page and that they have to manually clear the cache. that is sh1tty.

Hello everyone, I don't know where to post this question because it is related to Apache and web browsers as well as php and programming design. I chose Apache because this is where the problem begins for me. problem: i have css code that uses transitions, transorm scale and transparency etc. so graphics heavy. Everything is okay in major browsers (IE/Edge, Firefox, Chrome and Opera). Now i want to control the cache. I set a Header in Apache to maxage=3600, private. I don't want a public cache when i have private protected pages (member subscriptions). Every browser except Edge is okay with my changes. Edge is creating multiple problems! My css transform icons are now unstable or wobbly during the transform/transition state. It is horrible. However, a bigger problem exists: my single page routing system breaks the home page in Edge. I route all requests through an page router, which then loads the appropriate content for index.php Now Edge does not show my home page. Instead i see only the last page loaded from the page router. understand? so home page, then click on link, linked page loads. click home link and it simply reloads the current page as index file. Why is this happening? All of my links are post requests, home page links are anchors. So i need to make home links also post requests? I wonder if my routing is the problem and other browsers are ignoring it? or is this an Edge issue, since only Edge is giving me a problem. Honestly, i am not a server configuration guru and i have no experience with proper headers. Anyone able to understand my problem and offer a solution? Best wishes.

Hi again, I have 20+ years experience in programming. Do whatever you want but consider the following: When i first tried xampp with phymyadmin i couldn't login to my site either. I had to switch to the console. I rebuilt my database through the console and i logged in just fine. I think that phpmyadmin is difficult to use somehow. I filled in all of the data but it wasn' working. I find that the console makes it easier to build a database. Try to verify that your database is working using the console. If you need help with that, then let us know. Honestly, i have no problems since i switched to the console. Good luck.

Hi gizmola, Thank you for taking time to reply. I appreciate your expertise with this subject. I'm a bit like a programming sheriff: trust noone and nothing / suspect everything. I don't even trust my own code. i use a counter in my foreach loops to be certain that they cannot become infinite loops via tampering: $count = 0; $maxentries = 100; ++$count; if ($count === $maxentries) { //i said 100 so why is this still going? exit now } i have designed my site to detect as many errors as possible. if file exists, if function exists, if isset everything. I don't want to help a hacker wreck my site. No stepping stones from me. I look at everything and question everything. In this case, i was startled by the history of background image names in the idb file like a fingerprint. Your explanation is most helpful to me. I am comfortable with this info. I've retained update as it is the best option. I can only do so much anyway. Atleast now i know more than i did yesterday. Best wishes to you and all members. I hope that you have a pleasant day. Stay safe and healthy and make the most of life, my friends.

Hi requinix, No need to sigh, i'm sticking with update. Your opinion is good enough for me. Thank you for the lovely posts. You have been very helpful. Best wishes to you and all members.

Hi slotegraafd, I'm just a normal user here so you should wait for pros to help you. However, i would still like to offer my opinion about your posted code: pdo is a safer solution to interacting with a database. I recommend that you switch to pdo: https://phpdelusions.net/pdo I've never understood error arrays and pushing data into them. a simple binary switch can be used to deal with error scenarios and a variable or array for error messages only: $error = 0; if (empty(bla_bla)) { $errors = 1; $message = 'bla_bla contains no usable data'; } if($errors) { //code to handle errors } //else continue or no else if header relocation exit is used if $errors if one of the required fields is empty or erroneous then just cut out completely and stop evaluating the rest of the data. you should use password_verify to check the password. MAJOR security error here. Also, hashing passwords as a student testing login scripts is not necessary but it is absolutely necessary on live site. encryption is not a protection mechnism. Use hashes. skip for now but never forget to hash the passwords (which also requires a rehash if php changed something as the default encryption method.) you use a header relocate without an exit: header('location: home.php'); change this to: header('location: home.php'); exit; to stop evaluation of the rest of the script. i wouldn't escape input. I recommend that you validate input then compare login values. In any event, just use htmlentities with ENT_QUOTES or html special chars before outputting post data or using it in anyway. you have the following code: f (mysqli_num_rows($results) == 1) you need to verify that the usernames match and that the passwords match: if ($username === $resultfromdb && password_verify()) { } else {} password verify works like so: if (hash_equals($usernameFromDB, $username) && password_verify($password, $passwordFromDB)) { } else { } Start with pdo then try again. I'm sure that pro members will help you further. Good luck and i hope that you switch to pdo for security purposes. Learn proper coding early to save many headaches and problems.

Hi Requinix, it is a lovely informative post by you (as usual because i always enjoy your messages. I learn alot from you. I remember always that you helped me learn regex on my own and i always appreciate you.) Still, i am having difficulty excusing the history. I don't like that user background photo preferences are stored like a history or cache. bg preferences should be private. I have tried to find a method that removes the entry (from idb file as well), thereby replacing it with a new value. I thought that update does it but apparently not. interesting. I'd hate to have a history of user names and passwords even hashed passwords (which i use hashed passwords). i am not familiar with the term atomicity but i all ready think about this concept. worry is a better word. I know that i have to deal with delete at some point and i am not experienced enough to know correct methods. I figure that i would have to loop while error is not present or maximum tries/loops have been met. then store the original data before delete (via session variable at login). if delete successful then insert new value. if no error then operation complete. select new data and compare to new data post to verify no corruption. finished or rinse and repeat until max tries then restore old data and exit with error. I really don't know if this is correct procedure or not and it sounds alot like the built in transaction. anyway, i tried replace and it works but it seems to me that it is like deleting then reinserting. I suppose that i could encrypt all of my data and stick with update. But i would like to know what you think of replace? here is my quick and dirty test code at the console: create database testBed character set utf8mb4 collate utf8mb4_unicode_ci; use testBed; create table usersettings(id mediumint unsigned not null auto_increment, bgphoto varchar(32) default 'bgfactory', bgcategory varchar(3) default '0', primary key(id)); INSERT into usersettings SET bgcategory = 0; INSERT into usersettings SET bgphoto = 'testinsert', bgcategory = 1; describe usersettings; SELECT bgphoto FROM usersettings WHERE id = 1; SELECT * FROM usersettings; REPLACE INTO usersettings SET id=1, bgphoto = 'namechanged'; SELECT * FROM usersettings; what do you think about replace? do you suggest that i just encrypt and stick with update? Thank you very much for your expertise. Please stay healthy, requinix.

Hello, I am not a very good programmer and i really don't know professional methods to accomplish many taska. I've managed to build a login system for my website and it works. I've finally started revisiting my sql code to add new features and i noticed some files in mysql folder. One particular file is named after my user_settings table with .ibd extension. I looked at the file with Notepad++ and i see a sort of history of background images. I have a feature on my site which allows users to choose a background photo for the site. It seems that all of my selections are stored in this file like a history. I use the update sql command to write your new selection to the database. I now think that delete and insert is a better method to avoid this history. How is this process of changing field data normally done by pros? delete, then insert? update with a history is not good when changing passwords and usernames. I guess that i chose update because it worked. I thought that it deleted the current field data then added the new data. oops! Thank you and stay healthy.

Hi Barand, Amazing code and you only read a description of my bookmark profile. You are a 'helluva' coder. Your expertise and mastery shows in your replies. I don't really need to change anything that you have posted other than names but i didn't post to get free code. I am trying to learn from your example. I'm reading about sql now so that i can think better about these problems and approprite solutions. I'd like to come to the same conclusions as you oneday. I really learn alot from you and i thank you for that. Meantime, i've changed the last login code and it works well. I was actuly just inserting your login into lastlogin then inserting the current login into current login. I guess it is easier to say that login becomes your last login before i update the login. I guess i was thinking wrong here. Your idea is better. I don't have time to add the book mark code today. I have alot of things to do and i am behind schedule. I'll read more about sql before i go to bed, then tomorrow i will tackle this topic. I finished adding the bookmark profile to each page, so all i have to do now is submit it to the dbase. This code example is a great start! I also have to read the data from the db before i can display the bookmarks. I do not have so much coding experience as you do, so i am a bit slow. I'll update the post when i can finish this feature. I'll let you see the final code here so you can offer an opinion if you want to do so. Thank you, Barand, i have learned alot about sql today. You are steeringme in the right direction!

Hi Barand, wow! that is a pretty elegant way of including last login data. You're clearly an sql expert. I didn't know about COALESCE and i didn't think about a separate table for logins. Very nice example. Thank you! I will make a copy of your post and use it as a guideline for revamping my code. I will also need to redesign my database. I'll let you know how it goes. I am learning alot from you but most importantly how to be a better database designer/programmer. Thank you very much! I really appreciate your wisdom. Best wishes :-)

well i've tried the if (empty($lastLogin)) method and it works. I just display a simple message: 'details unavailable'. I don't want to detect a first login and maybe the null value isn't a first login anyway (perhaps corruption, tampering, etc). So, i will just use if empty(), unless there is a better method. Thank you.

Hello, I'm a total newbie with db and db design. I currently have a login system with screwed up logic (manually entered id primary keys) until i learn how to connect these tables by userid, hence relational. Anyway, i have two columns in the user settings table: currentLogin and lastLogin. If you sign in for the first time, then there is no last login. My page obviously shows an error on the first login. Otherwise, the last login is displayed the next time that you login. I want to be able to detect a first login so that i can display a message instead of the last login data, which will be null. How can i do this correctly? should i use a php if statement to detect null? if (empty($lastLogin)) ? basically, i don't want my php script to show an error when the database returns a null value. How can this be done correctly? Thank you.

By the way, i have to read about json encoded arrays. is this serialized like php serialize()? i'm not familiar with this so i will research json encode/decode. Thanks for he tip!

Hi Barand, Thank you for the tips. You are very kind to take time to help a newb. I appreciate your post very much! I've made notes from your post. I will use a table like you mentioned. I am not really new to php/sql but i am obviously not a programmer. I suck, actually. I have alot of trouble with database design. I have not mastered this concept. I made a login system three years ago for the first time in my programming tenure. So i have a dtabase of users. I will just add this table to this database like you mentioned. Thank you for the count() function tip. I didn't realize that sql has this function. Very nice, indeed! and very helpful post from you. i can explain a bit more while sticking to the bookmark db problem/topic: i actually built my own routing system which does not use query strings. I use forms and session variables to load pages through a single index file. So the "link" is a partial path to the php file system to load the correct "page" in a single page template. Somewhat spaghetti code but i do not like frameworks. I am happy for now. I will get better over time. Anyway, the bookmark will be a collection of known data from the template page: page link as a db title to detect duplicates: path/to/data (path is always the root. bookmarks are only used within these pages. thus path is like c:/) css icon display: i use icons to represent the links to pages and this is either a round icon or rectangular icon (which holds a photo). icon photo link: each icon has a unique photo, so i need this data to get the correct icon for the bookmark. language: i use a multi language file system so this is important to display the correct icon title by language. so here en-us, en-uk, de-de etc. icon title: all ready present on the page as a variable ($pageTitle) all of the above is my bookmark profile. now i just need to store each bookmark <101 into a database. Then figure out how to read these entries to display them on your bookmarks page (i guess a loop to read each entry and store each entry into an array?) I figure that serialized profiles will make this an easier task. How to know duplicate entries? i figure that a bookmark title (the page link) can be used. Thus, i can easily detect if this page is all ready bookmarked or not. I will give it my best try and post any problems here. Remember, i am not a guru/programmer. Thus, i may need alot of time to get this set up. Your tips will help me. Thank you!

Hello SQL gurus, details of system: xampp installation with MariaDB v10.1.30 with PHP v7.2.1 I have set up my website file system to include a bookmarking system. The foundation is intact now i need to set up the database to store the values of the bookmarks. click on my bookmark icon which will submit a bookmark profile block for storage in the database (a serialized array of necessary values). I want to limit the bookmarks to 100 entries per user. i don't know exactly how to build this table and retrieve the data. is anyone able to offer design tips? i figure that i should make a database named bookmarks with a table for each user? then add an id row and a bookmark title (for duplicate detection) and the serialized profile for redisplay. I guess one can select all data in the table but how should i store each result for analysis and redisplay of the profile? i am not an sql guru. i currently only use simples select statements. I hope that someone can offer some tips. Thank you!

so here is my simplified non-regex code: $checkname = 'Ruecken<script>alert(\'F**k off!\');</script>seiten<wbr>&shy;tiere'; $wbrshy = '<wbr>&shy;'; $nameFilter = strpos($checkname, $wbrshy); $temp = null; if ($nameFilter !== false) { $temp = str_replace('<wbr>&shy;', '?', $checkname); $temp = htmlentities(htmlentities($temp, ENT_QUOTES), ENT_QUOTES); echo $temp . '<br>'; $checkname = str_replace('?', '<wbr>&shy;', $temp); echo $checkname; } else { echo htmlentities(htmlentities($checkname, ENT_QUOTES), ENT_QUOTES); } so now i can check string length less than 50 (after extracting/preserving wbr shy and adding one for the question mark which will make 48+q mark = 49). before the string length check, i can use a simple regex to check for \p{L} to enforce letters only (thus preserving my question mark method). however, i don't need to apply htmlentities because i have an error page set up. if the name does not conform, then none of the icons are displayed. you will see the error page in place of the content. hackers are much smarter than me, so i'm not playing around with non conforming names. who knows what it is? i move on as error. I think this solution is much easier, faster and better than a regex solution. Once again, Thank you for your time and patience and understanding. thread closed.

so today i have tried multiple cominations and they have failed as you had predicted. I really don't want to ignore html code and seek only script. I really just wanted to verify letters plus optional wordbreak with soft hyphen. Rather than spend weeks trying to learn the correct regex statement, i have a better idea: i will check each name for wbr shy code, extract the code and set the extracted text to a temp variable, then apply html entities to the string, then reapply the wbr shy. a bit more work but better than rattling my brain for weeks trying to get the regex correct. Thank you for your time and patience.