Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by mahenda

  1. every user can see, even if he/she did not logged in
  2. $prepare = $connect->prepare($product_details); $prepare->execute(); $row = $prepare->fetch();
  3. i shortened the code assume all variable are available
  4. when user click the link with product picture, the link will open new page called product.php with product full detail from database in the product page the query accepted with get method $product_details = "SELECT * FROM product WHERE product_id=".$_GET['product_id'];
  5. //link to the product <a href="<?php echo 'product.php?product_id='. $row['product_id'];?>"style="text-decortion:none;"> //on the product page, the url look like this localhost/maembe/product.php?product_id=2 what will happen when attacker see this id and how to change it
  6. here my sample code <form> <input id="query" type="text" name="query" placeholder="search here..." autocomplete="off"> <button type="submit" value="query" >search</button> <div class="sugbx"></div> </form> //php code, assume we already run a whole php code ...... <ul class="list-group list-unstyled" style="cursor:pointer; color: #191919; position:absolute; top:12px;"> <?php foreach($query as $movie) { ?> <li class="list-group-item" onClick="searchValue('<?php echo $movie["movie_name"]; ?>'),;"><?php echo $movie["movie_name"]; ?></li> <?php } ?> </ul> <?php } ?> //ajax here $('#search').keyup(function(){ $.ajax({ type: 'GET', url: 'phpcode.php', data:'query='+$(this).val(), success: function(data){ $('.sugbx').show(); $('.sugbx').html(data); } }); }); function searchValue(val) { $('#query').val(val); $('.sugbx').hide(); } //ajax the input accept the value only after selecting one of the listed value on the suggesstion box and then i have to click the submit button the problem is, how to submit the value accepted when a list is clicked
  7. here my header to be included in different pages such as home.blade what is wrong, because i'm getting error undefined variable t_page_title //header file <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"/> <head> <title><?php echo $t_page_title; ?></title> </head> <body> //home.blade file <?php $t_page_title = 'This is page title';?> @include('repeated.header')
  8. so it means this is secure check what is happen when i'm trying searching http://localhost/member_app/results?page=1&search=mahenda i'm doubt with the number of page why is visible and how to hide them
  9. $keyword = $_GET['search']; $search = $con->prepare("SELECT * FROM members WHERE name LIKE :keywword"); $search->bindValue(':keyword', '%' . $keyword . '%', PDO::PARAM_STR); $search->execute(); or $keyword = mysqli_real_escape_string($con, $_GET['search']); ........ which is better for securing search input and why uri is http://localhost/member_app/results?search=<script>alert('hi')<%2Fscript> after submission
  10. I want to protect the database from being injected using both SQL injection and xss protection techniques so what is very useful.
  11. which one is necessary while protecting form field
  12. thank you so much now it is working
  13. /*i have some pages and i want to user to see an appropriate title when user click new page example: at home page on the tab the title must be written as welcome at hendra|home and when user clicked on about page, the tab must show another title like this you are at hendra|about page how to do this in php*/ //head <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title><?php echo $title; ?></title> </head><!--/end of head--> <body> //index page <?php include_once('head.php'); $title = 'welcome at hendra|home'; ?> //about page <?php include_once('head.php'); $title = 'you are at hendra|about page'; ?>
  14. create table mimi (mimiId int(11) not null, mimiBody varchar(255) ); <?php //connecting to database include_once ('conn.php'); $sql ="SELECT mimiId, mimiBody FROM mimi"; $result = mysqli_query($conn, $sql ); $mimi = mysqli_fetch_assoc($result); $mimiId ='<span>No: '.$mimi['mimiId'].'</span>'; $mimiBody ='<p class="leading text-justify">'.$mimi['mimiBody'].'</p>'; ?> //what is next? i want to download pdf or text document after clicking button or link how to do that
  15. Now i want to insert reply on replies table i.e INSERT INTO replies(reply,commentId,userId) VALUES ('reply here',Id of the current comment, id of the current user); i'm using $_SESSION['userId'] to get current user info.but how to get id of the current comment where the current user want to comment any idea please
  16. CREATE TABLE posts ( postId INT(11) NOT NULL UNIQUE AUTO_INCREMENT, title VARCHAR(255) NOT NULL, author VARCHAR(24) NOT NULL, description TEXT NOT NULL, createdAt TIMESTAMP, PRIMARY KEY (postId) ); CREATE TABLE comments( commentId INT(11) NOT NULL UNIQUE AUTO_INCREMENT, comment TEXT NOT NULL, postId INT(11), userId INT(11), createdAt TIMESTAMP, PRIMARY KEY (commentId), FOREIGN KEY (userId) REFERENCES users(userId), FOREIGN KEY (postId) REFERENCES posts(postId) ); CREATE TABLE replies ( repId INT(11) NOT NULL UNIQUE AUTO_INCREMENT, reply TEXT NOT NULL, userId INT(11), commentId INT(11), createdAt TIMESTAMP, PRIMARY KEY (repId), FOREIGN KEY (userId) REFERENCES users(userId), FOREIGN KEY (commentId) REFERENCES comments(commentId) ); CREATE TABLE users ( userId INT(11) NOT NULL UNIQUE AUTO_INCREMENT, userName VARCHAR(100) NOT NULL,, email VARCHAR(100) NOT NULL, PRIMARY KEY (userId) ); how to retrive userName,comment, and createdAt from users and comments table while I have used userId as a Foreign key on the comment table if it isn't correct, correct me please
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.