mahenda

is this correct

every user can see, even if he/she did not logged in

$prepare = $connect->prepare($product_details); $prepare->execute(); $row = $prepare->fetch();

i shortened the code assume all variable are available

when user click the link with product picture, the link will open new page called product.php with product full detail from database in the product page the query accepted with get method $product_details = "SELECT * FROM product WHERE product_id=".$_GET['product_id'];

//link to the product <a href="<?php echo 'product.php?product_id='. $row['product_id'];?>"style="text-decortion:none;"> //on the product page, the url look like this localhost/maembe/product.php?product_id=2 what will happen when attacker see this id and how to change it

here my sample code <form> <input id="query" type="text" name="query" placeholder="search here..." autocomplete="off"> <button type="submit" value="query" >search</button> <div class="sugbx"></div> </form> //php code, assume we already run a whole php code ...... <ul class="list-group list-unstyled" style="cursor:pointer; color: #191919; position:absolute; top:12px;"> <?php foreach($query as $movie) { ?> <li class="list-group-item" onClick="searchValue('<?php echo $movie["movie_name"]; ?>'),;"><?php echo $movie["movie_name"]; ?></li> <?php } ?> </ul> <?php } ?> //ajax here $('#search').keyup(function(){ $.ajax({ type: 'GET', url: 'phpcode.php', data:'query='+$(this).val(), success: function(data){ $('.sugbx').show(); $('.sugbx').html(data); } }); }); function searchValue(val) { $('#query').val(val); $('.sugbx').hide(); } //ajax the input accept the value only after selecting one of the listed value on the suggesstion box and then i have to click the submit button the problem is, how to submit the value accepted when a list is clicked

here my header to be included in different pages such as home.blade what is wrong, because i'm getting error undefined variable t_page_title //header file <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"/> <head> <title><?php echo $t_page_title; ?></title> </head> <body> //home.blade file <?php $t_page_title = 'This is page title';?> @include('repeated.header')

so it means this is secure check what is happen when i'm trying searching http://localhost/member_app/results?page=1&search=mahenda i'm doubt with the number of page why is visible and how to hide them

$keyword = $_GET['search']; $search = $con->prepare("SELECT * FROM members WHERE name LIKE :keywword"); $search->bindValue(':keyword', '%' . $keyword . '%', PDO::PARAM_STR); $search->execute(); or $keyword = mysqli_real_escape_string($con, $_GET['search']); ........ which is better for securing search input and why uri is http://localhost/member_app/results?search=<script>alert('hi')<%2Fscript> after submission

I want to protect the database from being injected using both SQL injection and xss protection techniques so what is very useful.

which one is necessary while protecting form field

thank you so much now it is working

/*i have some pages and i want to user to see an appropriate title when user click new page example: at home page on the tab the title must be written as welcome at hendra|home and when user clicked on about page, the tab must show another title like this you are at hendra|about page how to do this in php*/ //head <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title><?php echo $title; ?></title> </head><!--/end of head--> <body> //index page <?php include_once('head.php'); $title = 'welcome at hendra|home'; ?> //about page <?php include_once('head.php'); $title = 'you are at hendra|about page'; ?>

help!