roopurt18

My question is why would you want to do this? I'm struggling to come up with a good reason to do so.

Funny!

Protection via obscurity just makes life more difficult for the programmer. If you've been a good developer and followed all of the best security practices, it shouldn't matter that your table names are predictable. Most of my recent projects have a single entry point (index.php) that kick-starts my framework. index.php is the only script file available via URL so none of my credentials will ever come out. Also, we encode source files where I work. Also, having lines that you comment in / out between servers is error-prone. You can detect which host you're on using better methods. <?php if( detection_method_says_dev_server ) { define( 'APP_DEV', true ); }else{ define( 'APP_DEV', false ); } // elsewhere in code if( !APP_DEV ) { error_reporting( 0 ); ini_set( 'display_errors', false ); } ?>

If you can't connect directly to the database, consider setting up a web service.

Use explode() and array indexing. ~OR~ Use strpos() counting 4 newlines, remember the position. Use strpos() to capture the 5th newline. substr() everything in between and trim().

I don't see a single PHP variable or statement there except print. Why don't you just exit PHP mode and just dump the HTML? Unless that's a simplified example of something else.

Why are you using this line of code: var aobj = new GetAjax(); GetAjax already returns an instantiated object, so why are you issuing new before GetAjax(). It should just be: var aobj = GetAjax();

I think I know how this can be done, but I don't like it. User logs into site A and authenticates as normal. In addition, site A generates a unique hash and sends it to site B along with the user it belongs to. Site B stores the hash. In the final output, include an img-tag that points to a script on site B; this script must accept the unique hash generated previously. The browser will try and load the image and hit the script on site B, which can compare the provided hash to its database. If the hash is found in the database, site B also starts a session and stores info for the user being logged in. Then site A can link to site B normally and site B should pick up that the user is logged in. It's messy and I really don't want to implement it though.

I guess site A could embed and iframe pointing to a URL on site B; the URL has any info needed in it and site B sets the cookie. Terribly insecure though.

No, they're not.

Say a business partnership is made between the makers of Product A and Product B. Each product has its own authentication system. What's the best to log a user into both systems when they log into either product?

When you click on File -> Open in an application, does the entire application shut down, reload, and display an open file dialog? That's what a non-ajax site has to do. You don't always have to make your application work without JavaScript. Some AJAX applications are meant to be run internally on an intranet where you control the environment and a requirement of the application can be that JavaScript has to be enabled.

AJAX allows for websites to behave more like traditional desktop applications. It's used more to improve the users' experience than to cut down network traffic.

I don't have a windows machine in front of me, but I recall setting the PATH variable by doing the following: 1. Right-click 'My Computer' and select properties. This opens a windows with tabs... 2. One of the tabs (forget which) will have a button labeled 'Environment' I think. 3. Clicking that button will open up a screen where you can set environment variables, one of which will be PATH. #2 and #3 might be iffy, but I know you configure the path somewhere in the screen that comes from 'My Computer' -> Properties. You might also try start -> run -> msconfig. There are various ways you can connect to MS SQL: a. PHP's mssql_*() functions. b. PDO c. ODBTP (Google it, also works wonders with FoxPro)

The OP wasn't asking how to check if JS was enabled or not in his browser but in the client's browser.

It's essentially the same thing as using bitmasks but more human readable. It doesn't have a specific name that I'm aware of nor any tutorials. When I built a permission system from the ground up on my last project it's the system I came up with off the top of my head.

http://www.google.com/search?q=nl2br

<noscript> is an HTML tag where the content is only rendered in a browser when JavaScript is turned off. The <noscript> tag I gave you has a single item in it, an invisible image. It just so happens that the src-attribute of the image points at a PHP script you create on the server. Hence this script is called by the client ONLY if JavaScript is disabled. In the noscript.php on your server, you set a session variable indicating that JavaScript is off. Then you fpassthru the contents of a 1x1 gif image (because it's supposed to be an image).

Include a no script tag that has a hidden 1x1 img that is actually a PHP script. In the head section of your template, but only add this part if $_SESSION['JavaScript'] is not yet set. <noscript> <img style="display: none;" src="/noscript.php" alt="Detecting JavaScript" /> </noscript> noscript.php <?php session_start(); $_SESSION['JavaScript'] = false; fpassthru( '/path/to/1x1.gif' ); ?>

Functions are objects and each object has memory associated with it. In the case of a predefined function (including ones you wrote yourself), the function (i.e. the object) exists only once and is referenced by the named attached to it. When you assign additional references to this object, all you are doing is creating memory for a new reference and NOT a new object. In the case of anonymous functions, I believe they are instantiated on the spot and then the reference points at the newly created object (i.e. the function). This means that a piece of code that operates in this manner that is repeatedly called will create many, many objects. I could be wrong, but you could test this easily enough. Create a loop that assigns a predefined event handler to 100,000 DOM elements and then assign a single lambda event handler to 100,000 DOM elements. Watch the memory usage of the browser during this process.

I disagree here. If it's user-submitted data that will never be displayed in its raw form, why spend the time to sanitize it every time the page is called? Sanitize it once and store it in the db to be more efficient. It's not like htmlentities can't be reversed or anything, if needed. You can't guarantee the data will never be displayed in its raw form. The only constant in software development is change and you can be sure that some day in the future you will want to change the way your software works. You also have the fact sanitizing routines not only change the raw data, but they can also increase its size beyond the capacity of the database field. Consider the following: #1 Your DB field has a width of N characters #2 The user enters N characters of data including HTML #3 Your program sanitizes by calling htmlentities() on the data before inserting into the database #4 You now try and insert N + X (where X is the number of characters added by htmlentities()) into a field N characters wide You have now irrevocably modified the original data. On top of it all you should always sanitize the data before displaying it to the user. Just because you sanitized it going in doesn't mean it's sanitized going out. How do you know someone hasn't compromised your database directly and issued their own INSERT INTO statements? You don't. Sanitize for the database going in. Sanitize for display / output only when needed. Necessary processing is not wasted processing. If you're really concerned about the performance cost, then implement a caching system.

Remember that when inserting data to the database you ONLY want to escape the data for what is proper for the database. For example, if you are saving someone's comments to a MySQL database, then you should ONLY be calling mysql_real_escape_string() on the data BEFORE saving it to the database. When you retrieve the data from the database to display in an HTML page, then you should sanitize it for output by calling strip_tags() or htmlentities() or any other routine. Store the data as close to it's original form as possible. Only perform further sanitation when necessary.

Don't do this.

I don't know Perl but there is a very good chance anything you can do in one you can do in the other. IMO it doesn't matter which one you learn because you will inevitably learn another language at some other point in time. Programmers that know a single language (with some exceptions) are extinct or soon to be extinct.

I can't speak for Google Adwords, but a web service is basically a way for you to create an API to your site that other people can interact with. Amazon provides, or provided at one point, a web service to query book information from their site. If you can find a working example of that or a tutorial on how to interact with it, it will give you a basic idea of what you can accomplish with a web service. As for creating a web service of your own, it takes a little effort but if you have the PHP SOAP extension installed it takes care of most of the work for you. The most difficult part is creating a proper WSDL file to describe the service; there are tools that can create a WSDL file for you but I prefer to make them by hand. I can't really be much more help than that as I'm no expert on interoperability.