oz11

nevermind. it sucks.. i tried. We all fail somtimes.

Is this a good idea.. in a layered security sorta way... if ($_SERVER["REQUEST_METHOD"] == "GET" || $_SERVER["REQUEST_METHOD"] == "POST") { // List of SQL injection terms to blacklist $sqlInjectionTerms = array('DROP', 'DELETE', 'UPDATE', 'INSERT', 'SELECT', 'AND', 'TRUNCATE', 'UNION', 'SELECT * FROM'); // Function to check for SQL injection terms in request parameters function checkForSqlInjection($requestData, $sqlInjectionTerms) { // Check if $requestData is an array if (!is_array($requestData)) { return; // Exit function if $requestData is not an array } foreach ($requestData as $param => $value) { // Check if $value is a string if (!is_string($value)) { continue; // Skip iteration if $value is not a string } foreach ($sqlInjectionTerms as $term) { if (stripos($value, $term) !== false) { // Detected potential SQL injection; terminate script execution // die("Potential SQL injection detected in parameter: " . htmlspecialchars($param)); echo $string = "FLAG:".bin2hex(random_bytes(10)); echo "<br>"; die (" error: 000ajfw5"); } } } } // Check for SQL injection in GET parameters if ($_SERVER["REQUEST_METHOD"] == "GET") { checkForSqlInjection($_GET, $sqlInjectionTerms); } // Check for SQL injection in POST parameters if ($_SERVER["REQUEST_METHOD"] == "POST") { checkForSqlInjection($_POST, $sqlInjectionTerms); } } yes, I already use PDOs.

Anyway. I should be OK. Covered XSS, SQLi (PDOs and such), and CSRF (using tokens) and hashed everything i should hash with salt 🥳

Anyone else think bootstrap is just lazy? 😁

Thanks for looking at it. I manged to solve it.... the code looks like this now.... <script> // Function to initialize emoji selector for a comment section function initializeEmojiSelector(sectionId) { const section = document.querySelector(`.comment-section[data-section-id="${sectionId}"]`); const textarea = section.querySelector('.comment-textarea'); const emojiSelect = section.querySelector('.emoji-select'); const emojis = [ '(・ω・)', '(´・ω・`)', '(｡♥‿♥｡)', 'ヾ(⌐■_■)ノ♪', '(╯°□°）╯︵ ┻━┻' ]; // Populate the emoji selector dropdown emojis.forEach(emoji => { const option = new Option(emoji, emoji); // Create a new option element emojiSelect.add(option); // Add option to the dropdown }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { const cursorPos = textarea.selectionStart; // Get current cursor position const textBeforeCursor = textarea.value.substring(0, cursorPos); const textAfterCursor = textarea.value.substring(cursorPos); const newText = textBeforeCursor + selectedEmoji + textAfterCursor; textarea.value = newText; // Insert selected emoji at cursor position textarea.focus(); // Keep focus on textarea } }); } // Initialize emoji selectors for all comment sections on DOMContentLoaded document.addEventListener('DOMContentLoaded', function() { const commentSections = document.querySelectorAll('.comment-section'); commentSections.forEach(section => { const sectionId = section.getAttribute('data-section-id'); initializeEmojiSelector(sectionId); }); }); </script> <div class="comment-section" data-section-id="2"> <textarea class="comment-textarea"></textarea> <select class="emoji-select"></select> </div>

The only thing that will save us is web 3.0!!! 🤪

Thats a shame.. prob will be back once they learn they need to learn at some point in time.

When user selects emojiSelect2 ("select") it places the emoji into comment_text2.. but it only works on the first comment box.. I want to use the index increment to act as a unique identifier (indeed) and then use that in the functions parameter the javascript... this should then allow me to use the select form (including dropdown and textarea) for all the other comments,,.. should work just don't know how.

Oh, i always sanitize my inputs. But this is a bad idea for a fallback?

Can it not be done with index++ and function parameters? Maybe that would be more simple, and is kinda the direction I was going in.

user visits comment section user wants to input emoji via input/select - works on the first comment box, but there are multipul.. - doesnt work on comment box 2, 3,4 etc.. * seems to need a id of some sort inserted into the Javascript so that it can be used multi. Not sure how.

Hi. Yes, infinite inputs/select. Its in a looped comment system. 🦄

Anyone started using AI for code samples.. do we have to "adjust with the times" and embrace or totally distance ourselves? Is it the future? Will in the future we be placing AI gen code into objects daily? 😶‍🌫️ Got an opinion?

Hey! ... Is there any problem with using .. $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_FULL_SPECIAL_CHARS); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS); I use htmlspecialchars before on all my values already. Think of this as if i missed one. Is it OK?

I have this code (very cool)... document.addEventListener('DOMContentLoaded', function() { const emojiSelect = document.getElementById('emojiSelect2'); const inputText = document.getElementById('comment_text2'); const emojis = [ '(・ω・)', '(´・ω・`)', '(｡♥‿♥｡)', 'ヾ(⌐■_■)ノ♪', '(╯°□°）╯︵ ┻━┻' ]; // Populate the select dropdown with emojis emojis.forEach(emoji => { const option = document.createElement('option'); option.value = emoji; option.text = emoji; emojiSelect.appendChild(option); }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { inputText.value += selectedEmoji; this.selectedIndex = 0; // Reset dropdown to default option after selection } }); }); </script> Though I need to call it multiple times with no fixed number... <select id="emojiSelect2"> <option value="">Select an kaomoji</option> </select> <textarea name="comment_text" id="comment_text2" rows="2" cols="40" placeholder="Type comment reply here." required></textarea> ... here. This will loop a few times... say 30.. though my current code only allows the first iteration. I'm not very good at Javascript.,.. could someone show me how to write it to allow multiples inside the loop? Maybe gen an index(++) and drop that in. If so, how? Thanks guys and gals!