blackcell
-
Posts
439 -
Joined
-
Last visited
Posts posted by blackcell
-
-
Thanks dark.
-
Would using both or all three be overkill or have a negative influence?
-
All the matters pertaining to ajax that I have encountered don't usually provide good errors to troubleshoot. Just me. All I know if that it isn't working and I have copied the code from the example that worked and tried to re-write the asp script to php and it didn't work but did not give me any errors.
You know what thorpe, it's not that big of a deal, i will "SOLVE" the topic to shut the thread down.
-
I basically have an almost forum system that users enter text. I want to prevent them from creating huge scrolling marquees and savascript hijacking. I used htmlentities and it seems it replaced ' with /// (not for sure). I just need to know what function to use for html to store data as close as possible and prevent malacious or annoying input.
Thank for the great input guys.
If you want an example of what I am sterilizing check out this thread:
http://www.phpfreaks.com/forums/index.php/topic,201172.msg909800.html#msg909800
I have a function:
<?php function CleanFormData($input){ $input = htmlentities($input); $input = mysql_real_escape_string()($input); return $input; } >?Should I use strip_tags()?
-
What functions should be used to sterilize user submitted form data and protect against html injection, sql injection and javascript hijacking? Basically similar to a forum protection function.
Thanks in advance.
-
Could you provide an example? I find it simple but most are arguing that it is complex. I don't see it? Thanks.
-
Of course I am sorry...
Question: Does anybody see where I may be messing this up?
-
Ok I have updated the graphics a bit. Take a look now.
-
Ok I have updated the graphics a bit. Take a look now.
-
It worked this time. Thank You!
-
Then I am doing something else with the ajax....
index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <script type="text/javascript"> function ajaxFunction() { var xmlHttp; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); //alert("Firefox"); } catch (e) { // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); //alert("IE"); } catch (e) { try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); //alert("?"); } catch (e) { //alert("Your browser does not support AJAX!"); return false; } } } } xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { document.myForm.time.value=xmlHttp.responseText; } xmlHttp.open("GET","ajaxfunction.php",true); xmlHttp.send(null); } </script> </head> <body> <form name="myForm"> Name: <input type="text" onkeyup="ajaxFunction();" name="username" /> Time: <input type="text" name="time" /> </form> </body> </html> ajaxfunction.php <?php header("Expires: Thu, 01 Dec 1994 16:00:00 GMT"); echo date('g:i:s'); ?> -
Of course, apologies...
<style type="text/css"> table.HeadRow { background-color: #EEEEEE; border-collapse: collapse; border: 1px solid #ccc; } </style> <?php $panelBottom = " <table class='HeadRow' bgcolor='#EEEEEE' align='center' width='100%' height='100%' border='1'> <tr > <td width='64%' align='center' colspan='3'><b><big>My Priorities</big></b></td> <td width='1%' align='center' colspan='3'> </td> <td width='34%' align='center' colspan='3'><b><big>System Overview</big></b></td> </tr> </table> <iframe width='64%' height='265' frameborder='no' src='panel_main_assigned.php'></iframe> <iframe width='34%' height='265' frameborder='no' src='panel_main_overview.php'></iframe> <hr></hr> <table class='HeadRow' align='center' width='100%' height='100%' border='1'> <tr valign='top'> <td width='100%' align='center' colspan='3'><b><big>Recently Closed</big></b></td> </tr> </table> <iframe width='99%' height='180' frameborder='no' src='panel_main_recent.php'></iframe> <hr></hr> <table class='HeadRow' bgcolor='#EEEEEE' align='center' width='100%' height='100%' border='1'> <tr valign='top'> <td width='15%' align='left'>$reportBug </td> <td width='70%' align='center'><b><big> Bugs and Updates </big></b></td> <td width='15%' align='right'> $quickUpdate</td> </tr> </table> <iframe width='99%' height='70' frameborder='no' src='panel_main_development.php'></iframe> "; ?>I am still seeing vertical borders between rows. I want to think it is a bug with css/html because if you look here:
http://www.w3schools.com/css/tryit.asp?filename=trycss_table_border-collapse
at the example and remove the top table from the code and update, it totally screws up the good table. I have more instances of this too. ???
-
I am trying to get a simple ajax function to work but can't find a good example of how to write the remote script to work because it is in asp and I don't know what it does.
The asp script is
<% response.expires=-1 response.write(time) %>
and I need to know how to do something similar in php.
Thanks for any help.
-
With the collapse I am still getting between td borders. I thought this would work too but no luck.,
-
I want to completely collapse any borders on a table so that gaps do not appear between cells but I want to maintain the outside border of the table. I have worked with many examples and none are working. Is this impossible to do?
Also, I know I should use css tables but I am not converting because I don't have the time now.
-
Found a way around it.
-
Take a look at this example:
http://www.w3schools.com/js/tryit.asp?filename=tryjs_animation
How can I do that with text rather than images.
All I really need to know is what to use besides document.b1.src = "image.png"
-
I think you can since it is inline but why not just make it a session variable?
-
Do you guys know if paint.net has the ability to create gifs?
-
Anybody have recommendations on good software to create gifs?
-
I see...
I found something interesting and I have a theory as to why it happens.
I have a report that will query all records with field1 containing the char Y.
The possibilities for this field are Y or N.
This sql query takes FOREVER to run:
<?php $sqlQuery = "SELECT * FROM `table` WHERE `field1` != 'N'"; ?>
This sql query takes 20 seconds to rip through 4000+ records:
<?php $sqlQuery = "SELECT * FROM `table` WHERE `field1` = 'Y'"; ?>
I have an index on field1
Why is there such a time difference? Is it because when looking for != 'N' it leaves the possibility for everything else where looking for ='Y' will know what record to start on the index and rule all other possibilities out?
-
So by creating an index you are allowing mysql to look at the table from a different(more efficient) angle? This this is true, why not just have a built in mechanism for mysql that will create an index for each field when created?
-
I can create indexes but, how do you utilize them to optimize look-ups? Is it something that happens behind the scenes or do you have to tailor your queries to utilize them?
<?php $sqlQuery = "SELECT * FROM `sqlTable` WHERE `userDepartment` = 'ENG'"; ?>
Would I need to modify the example query above to optimize the look-up when there are 5000+ records?
Thanks for any help.
-
I have uploaded a newer version with some previously suggested changes.
Sterlizing Form Data
in PHP Coding Help
Posted
How do i get new line and carriage returns to turn to breaks or is that a manual process?