mahenda
-
Posts
146 -
Joined
-
Last visited
Posts posted by mahenda
-
-
On 9/29/2019 at 10:42 PM, requinix said:
You don't need to get the value. As far as I know. All you need to do is submit the form.Oh wait, you're not doing that.Your autocomplete function should put the value into the form. Click the LI, set it as the INPUT's value, and submit the form.
On 9/29/2019 at 10:42 PM, requinix said:You don't need to get the value. As far as I know. All you need to do is submit the form.Oh wait, you're not doing that.Your autocomplete function should put the value into the form. Click the LI, set it as the INPUT's value, and submit the form.
very helpful thanks
but what if i want to change the
SELECT * FROM posts WHERE title LIKE :search
to
SELECT * FROM posts WHERE title LIKE :search OR author LIKE :search;
and want to get both by using single list like
<li class="result" onClick="searchValue('<?php echo $row['some value here'];?>')"><?php echo $row['some value here'];?></li>
here the result on search will be
//title will display on key up
//author will display on key up
instead of
<li class="result" onClick="searchValue('<?php echo $row['title'];?>')"><?php echo $row['title'];?></li>
<li class="result" onClick="searchValue('<?php echo $row['author'];?>')"><?php echo $row['author'];?></li>
-
http://localhost/mysite/index.php to http://localhost/mysite/
http://localhost/mysite/about.php to http://localhost/mysite/about/
i'm using htaccess file and i;m able to get this one here
http://localhost/mysite/about where is"/"?
also how to change this one here
http://localhost/mysite/page?id=2
to
http://localhost/mysite/page/2
help
.htaccess
RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f RewriteRule ^(.*)$ $1.php [NC,L] php_flag register_globals 0 php_flag magic_quotes_gpc 0 php_flag magic_quotes_runtime 0
-
On 9/27/2019 at 10:30 PM, requinix said:
Oh! If I'll remove onclick function which is there for getting value after clicking , isnt possible to get such value in in input using jQuery if yes why and how?!
-
11 minutes ago, Barand said:
Because I preferred to pass the parameters in an array when executing instead.
let me return back again
is saw something like
localhost/maembe/product.php?product_id/2
or this
localhost/maembe/product.php?product/hot-coffee-found-here
when i click on the home link
but i have no idea on how to do that my own is
localhost/maembe/product.php?product_title = hot-coffee-found-here
i dont want that '=' sign if i'll use preg_replace() will be collect isn't it or anyway ?
-
8 minutes ago, Barand said:
Because I preferred to pass the parameters in an array when executing instead.
okey thanks
-
1 minute ago, requinix said:
If you want it to submit then make it submit. Fix the searchValue function so it does that.
an idea please
-
On 9/6/2019 at 5:44 PM, Barand said:
Not if $product_details is still as posted earlier IE
You need
$product_details = "SELECT * FROM product WHERE product_id = ?"; $prepare = $connect->prepare($product_details); $prepare->execute( [ $_GET['product_id'] ] );
thank you so much but why no bindParam()
-
On 9/6/2019 at 5:15 PM, ginerjm said:
Spelling error here....
style="text-decortion:none;"
style="text-decoration:none;"
-
//php code <?php include_once('con.php'); if(!empty($_GET['search'])) { $search = $connect->prepare('SELECT * FROM posts WHERE title LIKE :search'); $search->bindValue(':search', '%'.$_GET['search'].'%', PDO::PARAM_STR); $search->execute(); ?> <?php while($row = $search->fetch()) {?> <li class="result" onClick="searchValue('<?php echo $row['title'];?>')"><?php echo $row['title'];?></li> <?php } ?> <?php } ?> //ajax $('#inputsch').keyup(function(){ $.ajax({ type: 'GET', url: 'fetch.php', data:'search='+$(this).val(), success: function(data){ $('#box').show(); $('#box').html(data); } }); }); }); function searchValue(val) { $('#inputsch').val(val); $('#box').hide(); } //search box <form action="search.php"> <input id="inputsch" type="text" name="search" placeholder="search..." autocomplete="off" autofocus> <button type="submit" value="search" >search</button> </form> <div id="box"></div> //the problem here is when i click the result is only added to input, but i want it to autosubmit
-
3 minutes ago, mahenda said:
$prepare = $connect->prepare($product_details);
$prepare->execute();
$row = $prepare->fetch();is this correct
-
4 minutes ago, gw1500se said:
Are you using prepared statements? If so it is not a problem unless you don't want unauthorized users to see product details. In that case you would need to authenticate each user.
every user can see, even if he/she did not logged in
-
1 minute ago, chhorn said:
Oh yeah, your database will be deleted then.
Hint: Use Prepared Statements.
$prepare = $connect->prepare($product_details);
$prepare->execute();
$row = $prepare->fetch(); -
1 minute ago, chhorn said:
Nothing will happen as you do not use any variable - except for $row what will raise an undefined variable/undefined index error.
i shortened the code assume all variable are available
-
13 minutes ago, gw1500se said:
Exactly what are you trying to protect? The answer depends on what 'product.php' does with 'product_id'.
when user click the link with product picture, the link will open new page called product.php with product full detail from database
in the product page the query accepted with get method
$product_details = "SELECT * FROM product WHERE product_id=".$_GET['product_id'];
-
//link to the product <a href="<?php echo 'product.php?product_id='. $row['product_id'];?>"style="text-decortion:none;"> //on the product page, the url look like this localhost/maembe/product.php?product_id=2 what will happen when attacker see this id and how to change it
-
here my sample code
<form> <input id="query" type="text" name="query" placeholder="search here..." autocomplete="off"> <button type="submit" value="query" >search</button> <div class="sugbx"></div> </form> //php code, assume we already run a whole php code ...... <ul class="list-group list-unstyled" style="cursor:pointer; color: #191919; position:absolute; top:12px;"> <?php foreach($query as $movie) { ?> <li class="list-group-item" onClick="searchValue('<?php echo $movie["movie_name"]; ?>'),;"><?php echo $movie["movie_name"]; ?></li> <?php } ?> </ul> <?php } ?> //ajax here $('#search').keyup(function(){ $.ajax({ type: 'GET', url: 'phpcode.php', data:'query='+$(this).val(), success: function(data){ $('.sugbx').show(); $('.sugbx').html(data); } }); }); function searchValue(val) { $('#query').val(val); $('.sugbx').hide(); } //ajax
the input accept the value only after selecting one of the listed value on the suggesstion box and then i have to click the submit button the problem is, how to submit the value accepted when a list is clicked
-
here my header to be included in different pages such as home.blade what is wrong, because i'm getting error undefined variable t_page_title
//header file <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"/> <head> <title><?php echo $t_page_title; ?></title> </head> <body> //home.blade file <?php $t_page_title = 'This is page title';?> @include('repeated.header')
-
19 minutes ago, Barand said:
That has already been answered in the previous post...
The query string has been automatically url_encoded prior to submission.
so it means this is secure
check what is happen when i'm trying searching
http://localhost/member_app/results?page=1&search=mahenda
i'm doubt with the number of page why is visible and how to hide them
-
$keyword = $_GET['search']; $search = $con->prepare("SELECT * FROM members WHERE name LIKE :keywword"); $search->bindValue(':keyword', '%' . $keyword . '%', PDO::PARAM_STR); $search->execute(); or $keyword = mysqli_real_escape_string($con, $_GET['search']); ........ which is better for securing search input
and why uri is
http://localhost/member_app/results?search=<script>alert('hi')<%2Fscript> after submission
-
I want to protect the database from being injected using both SQL injection and xss protection techniques so what is very useful.
-
which one is necessary while protecting form field
-
14 minutes ago, Barand said:
Put your PHP code before the HTML code in your scripts.
Then things like $title can be given a value before you output them
thank you so much now it is working
-
/*i have some pages and i want to user to see an appropriate title when user click new page example: at home page on the tab the title must be written as welcome at hendra|home and when user clicked on about page, the tab must show another title like this you are at hendra|about page how to do this in php*/ //head <!doctype html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title><?php echo $title; ?></title> </head><!--/end of head--> <body> //index page <?php include_once('head.php'); $title = 'welcome at hendra|home'; ?> //about page <?php include_once('head.php'); $title = 'you are at hendra|about page'; ?>
-
help me ,clean url
in Apache HTTP Server
Posted
i want to change the link looking like
http://localhost/mysite/product?name=trouser
to
http://localhost/mysite/product/trouser
and this one below
http://localhost/mysite/article?title=this%20is%20 new%20product
to
http://localhost/mysite/article/this-is-new-product
help me please because when i use a str_replace it work but noresult is displayed
.htaccess
RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f RewriteRule ^(.*)$ $1.php [NC,L] php_flag register_globals 0 php_flag magic_quotes_gpc 0 php_flag magic_quotes_runtime 0