oz11

Anyway. I should be OK. Covered XSS, SQLi (PDOs and such), and CSRF (using tokens) and hashed everything i should hash with salt 🥳

Anyone else think bootstrap is just lazy? 😁

Thanks for looking at it. I manged to solve it.... the code looks like this now.... <script> // Function to initialize emoji selector for a comment section function initializeEmojiSelector(sectionId) { const section = document.querySelector(`.comment-section[data-section-id="${sectionId}"]`); const textarea = section.querySelector('.comment-textarea'); const emojiSelect = section.querySelector('.emoji-select'); const emojis = [ '(・ω・)', '(´・ω・`)', '(｡♥‿♥｡)', 'ヾ(⌐■_■)ノ♪', '(╯°□°）╯︵ ┻━┻' ]; // Populate the emoji selector dropdown emojis.forEach(emoji => { const option = new Option(emoji, emoji); // Create a new option element emojiSelect.add(option); // Add option to the dropdown }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { const cursorPos = textarea.selectionStart; // Get current cursor position const textBeforeCursor = textarea.value.substring(0, cursorPos); const textAfterCursor = textarea.value.substring(cursorPos); const newText = textBeforeCursor + selectedEmoji + textAfterCursor; textarea.value = newText; // Insert selected emoji at cursor position textarea.focus(); // Keep focus on textarea } }); } // Initialize emoji selectors for all comment sections on DOMContentLoaded document.addEventListener('DOMContentLoaded', function() { const commentSections = document.querySelectorAll('.comment-section'); commentSections.forEach(section => { const sectionId = section.getAttribute('data-section-id'); initializeEmojiSelector(sectionId); }); }); </script> <div class="comment-section" data-section-id="2"> <textarea class="comment-textarea"></textarea> <select class="emoji-select"></select> </div>

The only thing that will save us is web 3.0!!! 🤪

Thats a shame.. prob will be back once they learn they need to learn at some point in time.

When user selects emojiSelect2 ("select") it places the emoji into comment_text2.. but it only works on the first comment box.. I want to use the index increment to act as a unique identifier (indeed) and then use that in the functions parameter the javascript... this should then allow me to use the select form (including dropdown and textarea) for all the other comments,,.. should work just don't know how.

Oh, i always sanitize my inputs. But this is a bad idea for a fallback?

Can it not be done with index++ and function parameters? Maybe that would be more simple, and is kinda the direction I was going in.

user visits comment section user wants to input emoji via input/select - works on the first comment box, but there are multipul.. - doesnt work on comment box 2, 3,4 etc.. * seems to need a id of some sort inserted into the Javascript so that it can be used multi. Not sure how.

Hi. Yes, infinite inputs/select. Its in a looped comment system. 🦄

Anyone started using AI for code samples.. do we have to "adjust with the times" and embrace or totally distance ourselves? Is it the future? Will in the future we be placing AI gen code into objects daily? 😶‍🌫️ Got an opinion?

Hey! ... Is there any problem with using .. $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_FULL_SPECIAL_CHARS); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS); I use htmlspecialchars before on all my values already. Think of this as if i missed one. Is it OK?

I have this code (very cool)... document.addEventListener('DOMContentLoaded', function() { const emojiSelect = document.getElementById('emojiSelect2'); const inputText = document.getElementById('comment_text2'); const emojis = [ '(・ω・)', '(´・ω・`)', '(｡♥‿♥｡)', 'ヾ(⌐■_■)ノ♪', '(╯°□°）╯︵ ┻━┻' ]; // Populate the select dropdown with emojis emojis.forEach(emoji => { const option = document.createElement('option'); option.value = emoji; option.text = emoji; emojiSelect.appendChild(option); }); // Event listener for emoji selection emojiSelect.addEventListener('change', function() { const selectedEmoji = this.value; if (selectedEmoji) { inputText.value += selectedEmoji; this.selectedIndex = 0; // Reset dropdown to default option after selection } }); }); </script> Though I need to call it multiple times with no fixed number... <select id="emojiSelect2"> <option value="">Select an kaomoji</option> </select> <textarea name="comment_text" id="comment_text2" rows="2" cols="40" placeholder="Type comment reply here." required></textarea> ... here. This will loop a few times... say 30.. though my current code only allows the first iteration. I'm not very good at Javascript.,.. could someone show me how to write it to allow multiples inside the loop? Maybe gen an index(++) and drop that in. If so, how? Thanks guys and gals!

Cheers!

Hi. How would i go about adding a WHERE clause to this query... SELECT *, l.link_id , l.url , l.title , t.term , d.content , d.link_id , SUM(MATCH(t.term) AGAINST('w00t' IN BOOLEAN MODE) + MATCH(url, title) AGAINST('w00t') + MATCH(d.content) AGAINST('w00t')) as `rank` FROM links l JOIN terms t ON l.link_id = t.link_id JOIN links_description d ON d.link_id = l.link_id WHERE MATCH(t.term) AGAINST('w00t' IN BOOLEAN MODE) OR MATCH(url, title) AGAINST('w00t') OR MATCH(content) AGAINST('w00t') GROUP BY title ORDER BY `rank` DESC LIMIT 200; Ive tried the following, but it doesn't work, SELECT *, l.link_id , l.url , l.title , t.term , l.content_type , d.content , d.link_id , SUM(MATCH(t.term) AGAINST('w00t' IN BOOLEAN MODE) + MATCH(url, title) AGAINST('w00t') + MATCH(d.content) AGAINST('w00t')) as `rank` FROM links l JOIN terms t ON l.link_id = t.link_id JOIN links_description d ON d.link_id = l.link_id WHERE MATCH(t.term) AGAINST('w00t' IN BOOLEAN MODE) OR MATCH(url, title) AGAINST('w00t') OR MATCH(content) AGAINST('w00t') AND MATCH(l.content_type) AGAINST('docume') // <----------------------- GROUP BY title ORDER BY `rank` DESC LIMIT 200; Does not filter the results at all, based on content_type.

Know a good work around? Maybe error exceptions?.. Like if there is an error, is there a way of displaying a custom error message instead of this?

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 syntax error, unexpected '+' in /opt/lampp/htdocs/sites/codany/000001 (copy 1)/test/submit0r.php:544 Stack trace: #0 /opt/lampp/htdocs/sites/codany/000001 (copy 1)/test/submit0r.php(544): PDOStatement->execute(Array) #1 {main} thrown in /opt/lampp/htdocs/sites/codany/000001 (copy 1)/test/submit0r.php on line 544 Hey. Do you know why I get this error when i search for "c++"? I'm thinking it could be a vulnerability maybe?

SELECT *, MATCH(terms.term) AGAINST("search") + MATCH(links.title) AGAINST("search") + MATCH(links.url) AGAINST("search") as `rank` FROM links, terms WHERE links.link_id = terms.link_id AND MATCH(terms.term) AGAINST("search") OR MATCH(links.title) AGAINST("search") OR MATCH(links.url) AGAINST("search") GROUP BY title ORDER BY `rank` ASC LIMIT 200; Hey.. added a join and it works now. Just had to dust off my university SQL brain for this one Thanks pal. Ps. this forum has saved my ass so many times. Thanks. Love ya.

Not sure what column to set as FULLTEXT

Sorry, not too familiar with that.. what would that achieve? Edit: found this [ https://dev.mysql.com/doc/refman/8.0/en/fulltext-search.html ] but still need help.

Thanks. I changed it abit just so it would make my brain work.. SELECT links.link_id as linkID , links.url , terms.term FROM links JOIN terms ON links.link_id = terms.link_id WHERE terms.term LIKE '%music search%' OR links.url LIKE '%music search%'; However, i need it to use MATCH AGAINST so it supports multiple terms and uses a rank to order them. Think of it like a search engine.

To illustrate see the screens below..

Hey... My now normalized database looks like this.. +---------------+ | links | +---------------+ | link_id (PK) |-----+ | url, title | |+---------------+ +---------------+ | | terms | | +---------------+ | | id (PK) | +-----<| link_id (FK) | | term | +---------------+ TABLE: links TABLE: terms My code looks like this.. SELECT *, MATCH(terms.term) AGAINST(?) + MATCH(links.title) AGAINST(?) + MATCH(links.url) AGAINST(?) as `rank` FROM links, terms WHERE MATCH(terms.term) AGAINST(?) OR MATCH(links.title) AGAINST(?) OR MATCH(links.url) AGAINST(?) GROUP BY title ORDER BY `rank` ASC LIMIT 200 How would I go about associating my term column with the link_id and make this search function work, so that the terms are working with the 'rank' and the results work with said rank? It worked before normalization, but not sure how to make it work in this new scenario. Thanks, chaps.

Thanks so much for helping me man. I'll "normalized" the db and it all functions way better now. Thanks. Took me till 6:30 am but its done. I thought originally I was doing ok, but a properly 'lized DB is the way to go. woo

Hey.. i have this code. Though the form is shown on the page after entering the password, and its gone as desired when I reload the page.. how do I get it to not show on the next page before having to reload?? $room = $_GET['room']; $salt = 444422; if($_SESSION['in_chat']!=$room.$salt){ $stmt = $pdo->prepare("SELECT pass_code FROM `chatrooms` WHERE name =?"); $stmt->execute([$_GET['room']]); $pass_checker = $stmt->fetch(); $hash = $pass_checker['pass_code']; if($hash!=null AND $_SESSION['in_chat']!=$room.$salt){ ?> <form action="" method="POST" name="passcheck"> <input type="password" name="password_"><input type="hidden" name="chat_pass"><input type="submit" value="Submit"></form> <?php } if(isset($_POST['password_'])) { if(!password_verify($_POST['password_'], $pass_checker['pass_code'])) { echo "Wrong password"; exit; } else{ $_SESSION['in_chat'] == $room.$salt; } } else{ exit(); } } Note: "salt" is just there so i can test the sessions without resetting. Thanks!