msaz87

Is there any cURL-like function in javascript or only HTML that can post data to an external URL? I've used cURL to achieve this with PHP, but now I'm dealing with a form that's submitted and I want to be able to post some of the submitted fields to an external URL.

Your example works great, but is there any way to transfer the value associated in the array and not the label? The label displays in the text <input> and I'd like the corresponding value to go in the hidden <input>. Thanks for the help!

So in the jQuery there's actually two values, there's the "label" (jQuery, jQuery UI, Sizzle JS) and then the "value" (1, 2, 3). When the user selects what they want in the text <input> it displays the label, but I want the script to duplicate that entry in the hidden <input> but use the corresponding value. So if they chose "jQuery, Sizzle JS" in the text <input> then the hidden <input> would show "1, 3". Does that make sense? There's another example on the UI site that can display the different content, but I can't figure out how to merge that example with the one I'm currently working with, which allows for multiple entries: http://jqueryui.com/demos/autocomplete/#custom-data (this example only lets you input one response at a time).

I'm trying to modify an out-of-the-box jQuery UI autocomplete script, but I really don't know what I'm doing with javascript. The script works great as far as displaying what I want in the input where the autocomplete comes into play, but I want it to also insert each tag's hidden value into a hidden field. Here's the script (and link to UI page): <script> $(function() { var availableTags = [ { value: "1", label: "jQuery" }, { value: "2", label: "jQuery UI" }, { value: "3", label: "Sizzle JS" } ]; function split( val ) { return val.split( /,\s*/ ); } function extractLast( term ) { return split( term ).pop(); } $( "#tags" ) // don't navigate away from the field on tab when selecting an item .bind( "keydown", function( event ) { if ( event.keyCode === $.ui.keyCode.TAB && $( this ).data( "autocomplete" ).menu.active ) { event.preventDefault(); } }) .autocomplete({ minLength: 0, source: function( request, response ) { // delegate back to autocomplete, but extract the last term response( $.ui.autocomplete.filter( availableTags, extractLast( request.term ) ) ); }, focus: function() { // prevent value inserted on focus return false; }, select: function( event, ui ) { var terms = split( this.value ); // remove the current input terms.pop(); // add the selected item terms.push( ui.item.label ); // add placeholder to get the comma-and-space at the end terms.push( "" ); this.value = terms.join( ", " ); return false; } }); }); </script> The rest of the relevant code: <table class="formTable"> <th>Page(s) to add to:</th><td><input id="tags" name="pages" size="60" /> <input type="submit" value="submit" class="button" /></td> </table> <input type="hidden" name="pageIds" id="pageIds" /> So all I'm looking for it to do is to also insert the selected tags into the "pageIds" input, but use the value and not label as it's doing with the "tags" field. Any help is appreciated -- thanks!

I tried adding a reset, but it doesn't look like it affected the appearance in IE7 whatsoever

Hey All, I'm putting together a form and have run into an issue with the CSS as it degrade with IE7. The inputs/selects and labels don't line up. See the examples below for what I mean: IE7: All other browsers (except IE6): I can't figure out what in the CSS is causing the disruption... here's the relevant CSS: form.form { color:#515151 !important; font-size:12px !important; font-weight: normal; } form.form input.text { width: 145px; border: 1px solid #dfdede; margin: 0 0 6px 0; float: right; } form.form select { width: 145px; border: 1px solid #dfdede; margin: 0 0 6px 0; float: right; } form.form label { width: 100px; margin: 0 0 6px 0; padding: 0 16px 0 0; } Any help is greatly appreciated -- thanks!

Thanks -- I think that sounds reasonable. My main concern was to make sure I didn't miss anything before I got too far into the project and give myself the easiest way to add more protection down the road.

Well the point of those functions is to then stack all the sanitation methods within them so I'm not going back and changing anything outside of the functions. But I also was trying to gauge how much was going to be packed into each function and what considerations to include in it (since not every piece of data will have to sanitize the same way)

So my hope was to basically set up two functions, lets call them dataInSanitize() and dataOutSanitize(), and run those on every input/output from my database by the user. Would you say that for the In it's enough to just use something like mysql_real_escape_string() and for the out something like htmlspecialchars()?

I'm going to be sanitizing various user inputs that will later be displayed and or manipulated against each other and displayed. Some of it will be used to query, so I want to make sure it's safe also. I guess from your perspective I should only sanitize the data coming in that will be used in a query and then sanitize the rest when it's coming out?

I'm looking to build a library of data sanitation functions for going into a MySQL database and was looking to see if anyone had suggestions on where to start or if there were any prepackaged functions out there. I've done some searching and I know you need a multitude of functions depending on the kind of data you're sanitizing and what you're doing with it, but I didn't have a lot of luck finding a good starting point. Any suggestions appreciated -- thanks.

Your code is outputting a value before it reaches the header, which causes it to fail. Identify what it's spitting out beforehand.

Thanks! The answers definitely clear up my confusion.

I'm incorporating a dynamic salt into my user system, but I'm not sure how to store the salt itself. The password is hashed and added to the database, but wouldn't you need to store the salt as plain text in the database in order to verify the login later? Also, I've read that using both a dynamic and static salt is good practice. If this is the case, is the static salt simply defined within the PHP? Or is there another method to storing it? Thanks for the help

array_merge for combining the two. What are you trying to do for the output?

How are you telling the script when to INSERT? From the looks of it, every time you visit this page it'll INSERT the session values, there's no specific trigger for it.

Something like this? $query1 = mysql_query("SELECT key FROM db1 WHERE something = 'something'") or die(mysql_error()); if( mysql_num_rows($query1) >= 1 ) { while( $row = mysql_fetch_array($query1) ) { $searchKey = $row['key']; } $query2 = mysql_query("SELECT key FROM db2 WHERE something = '$searchKey'") or die(mysql_error()); } else { echo "nothing found"; }

Well a simple thing to do would just add something like this to your loop: $num = 1; // define what number you want the list to start at // loop begins while ( $row = mysql_fetch_array( $rs ) ) { echo $num."<br/>"; $num++; // number increments by 1 each time loop repeats }

Show the code

And what about running an UPDATE/INSERT/DELETE query within a MySQL loop? Say someone did: $query = mysql_query(" SELECT * FROM table_name WHERE column_1 = 'something'") or die(mysql_error()); while($row = mysql_fetch_array($query)) { mysql_query("UPDATE table_name SET column_2 = '".$row['column_3']."'") or die(mysql_error()); } Is this a design flaw as well and too hard on the database when scaling or is it permissible?

I was able to ditch the nested loop... I think I just made it too complicated in my head and couldn't see through the fog. Is there ever a time when a nested loop is acceptable? Or is there pretty much always a more efficient way of handling things? Thanks for the help!

array_unique will do it

The data is just being viewed in tabular format... it's manipulated later if the user so desires, but on a row-by-row basis. This particular question deals with the high-level view. This is the output: But right now this utilizes the nested loops since the number of columns is variable.

I'm not sure what you mean by "piece" but let me try and go into a little more detail... A user creates a new form and it's inserted into table "reg_forms" -> the key from this is used to create a new table "reg_form_[key]" The user then creates whatever fields for said form they want... for instance they might create a first name, last name and e-mail field. Each one would be inserted into the "reg_fields" table, using its key to name the column and then insert a new column into the "reg_form_[key]" table with the matching "col_[key]" name from "reg_fields" After the user sets their form up on their site, a person can submit it and the data is inserted into "reg_form_[key]" So when the user goes into my site to view the submissions, this is where the nested loops come into play. One loop pulls all the columns from "reg_fields" and puts them into an array for use later. Then the first loop pulls every submission_id from "reg_form_[key]" and the nested loop within that uses the array and the submission_id to pull that row's data and output it for viewing. Not sure if that's any clearer...

It's dynamic because each user can create as many forms as they'd like... so in one part of the site they can create Form A, then later Form B, C, etc. and part of the process is they define what fields go into each of these forms, which is also a variable number that they dictate. When the form is created, it creates a new table in sequential order (e.g. reg_form_1, reg_form_2, etc.) When the user wants to view the results of their forms, they'll see a list of all the forms they've created and when they click on the one they want to see, that form's ID is passed on to the next page as $form_id. So since the names and number of fields in each form is different, that's why I did the nested queries to begin with... the first one pulling all the fields/columns for that particular form, then the nested one pulling each field's/column's results. Does that make sense?