alexweber15

here are 5 good jQuery table/grid plugins: check out the demos and see what suits your needs the most (some have just too many features and are overkill) from what what you said the "Table Drag and Drop" might be the ideal one http://webplicity.net/flexigrid/ http://www.trirand.com/blog/ http://tablesorter.com/docs/ http://www.isocra.com/2008/02/table-drag-and-drop-jquery-plugin/ http://plugins.jquery.com/project/uiTableEdit

nice, only thing it doesnt mention is if the properties listed in the print page are the ONLY ones allowed or are EXTRA ones allowed... (maybe i missed something...)

hey Dan glad that link helped! still gotta get around to reading it myself...lol if you can post a demo link to help visualize im sure you'll get more help!

only way to do it with 1 image is to use image sprites, which unfortunately is not something ive dominated yet ??? here's 2 great articles on the subject that i haven't gotten around to reading but i'm sure have all the answers you need! http://www.alistapart.com/articles/sprites http://www.alistapart.com/articles/sprites2

as far as the special characters not displaying correctly its almost certainly an encoding problem... check to see if all pages have the same encoding specified (or more likely you might have forgotten to properly URLEncode data when POSTing using AJAX if not, you can always use htmlentities() or html_entity_decode() to transform the character if its appearing garbled. now, as far as moving to ajax/beginning ajax/etc i'm amazed at how many people insist on doing it the hard way! i'm totally for learning the basics of HTTP Requests and Statuses and whatnot but really you should be using a js library to do this kinda dirty work for you... there's so many to choose from: jquery, dojo, prototype, mootools, yui, etc personally, use use jquery and its ridiculously easy for ajax (simple form submit demo): HTML <!-- standard HTML form, theres no action only an ID associated with the form "login" --> <form id="login" method="post"> <input type="text" name="email" id="email" /> <input type="password" name="password" id="password" /> <input type="submit" value="submit" /> </form> AJAX - jQuery Style // this first line just starts executing code when the DOM is ready ([i]kind of [/i]like body onload) $(function(){ // select the form by its ID (#login) and intercept the submit event // the function here in an anonymous function that just tells the code what to do the form // submit is intercepted $('#login').submit(function(){ // serialize the form data for posting // $(this) is just a reference to the last selected object, in this case the form with ID // "login"; so we are calling the function serialize() on the form var serial = $(this).serialize(); // this is the fun part, call the $.post() function // first parameter is the URL, second is the data and optionally you can specify a callback // which will be executed once a "complete" response is received // notice how it has an argument "response" which is there the response will be stored $.post('submit.php', serial, function(response){ // here we just alert whatever the server sent back! alert(response); }); // IMPORTANT! don't forget to "return false;" or else the form will actually get submitted // again, without ajax return false; }); }); easy as that! once you get used anonymous functions the code becomes much more legible!

you can include a specific printing stylesheet... not sure how that works dynamically but here's how its done: <link rel="stylesheet" type="text/css" media="print" href="printstyles.css" /> never tried it myself so i'm unaware of any specific limitations this might have but i know for a fact that this exists and is used just google "css media print"

using only js and assuming you have a properly created XHR object stored in a variable called "xmlHttp": function post(){ if(xmlHttp){ var url = 'submit.php'; // the url you want to submit to var yourdata = document.getElemenyById('yourForm').serialize(); xmlhttp.onreadystatechange = XMLHttpRequestChange; xmlhttp.open("POST", url, true); xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xmlhttp.send(yourdata); Observations: - url can be any URL that will handle the POST, no biggie here - yourdata must be a set of "GET-style" key-value pairs; either you can format them by hand ie: var yourdata = "name=myname&age=myage&foo=bar"; if you do it by hand dont forget to URLEncode the values. - the better way to do the above step is to use the serialize() function instead: it can accept either a form as a parameter (assign an ID to the form and serialize the form based on its ID as in my example or it can also accept an associative array as a parameter and it will produce "POST-SAFE" content

If i understood your problem properly, i wouldn't use AJAX at all, (lose the sexiness of suggest box, enter the practicality of select box) i personally would have used mysqli or pdo here but keeping mysql for context include("*****.inc"); $result = mysql_query("SELECT bud_id, bud_name FROM bud") or die(mysql_error()); while ($row = mysql_fetch_assoc($result)){ $bud[(int)$row["bud_id"]] = $row["bud_name"]; } #### HTML #### <FORM action='#' method=post> <select name = "buds"> <?php foreach($bud as $bud_id => $bud_name){ echo '<option value="'.$bud_id.'">$bud_name</option>'; } ?> </select> <!-- last part remains unchanged --> <input type='hidden' name='BdgtFrom' value='<?php echo $_POST['BdgtFrom']; ?>'> <input name="Search_Voucher" type="submit" id="Search_Voucher" value="Search" class="Submit"/> </FORM> this way when you submit the form you will probably have both values (again do the var_dump) thing i mentioned in my first post and apologies if this doesn't make 100% sense its ridiculously late here...

please include your POST handler script to help one thing that caught my eye is that the input name is "BgtID" whereas the variable is "$BgtId"... try doing this at the top of your post handler: die(var_dump($_POST)); to see what variables and values its actually passing... also, besides using more friendly variable names (helps ppl here figure out whats goin on!) here's a suggestion on how to improve part of your code: MySQL Fetch <?php include("*****.inc"); $result = mysql_query("SELECT bud_id, bud_name FROM bud") or die(mysql_error()); while ($row = mysql_fetch_array($result)) { $bud_id[] = $row["bud_id"]; $bud_name[] = $row["bud_name"]; } ?> no need to declare the arrays beforehand or use a counter! I'm assuming that you're listing all of the "bud_names" in the textbox and whenever the user picks one it will the one of the hidden fields with the corresponding "bud_id" right? since PHP is served as static HTML, there is no way of dynamically changing the value of "bud_id" using PHP, you'd actually have to use js instead: HTML Form - AJAX Enabled <FORM action='#' method=post> <input name="bud_name" type="text" size="50" rel="Suggest" autocomplete="off" data="<?php for($i=0; $i<count($bud_name); $i++) echo $bud_name[$i]; ?>" onchange="updateHiddenField();"/> <input type='hidden' name='bud_id' value=''> <!-- rest remains the same --> <input type='hidden' name='BdgtFrom' value='<?php echo $_POST['BdgtFrom']; ?>'> <input name="Search_Voucher" type="submit" id="Search_Voucher" value="Search" class="Submit"/> </FORM> and then of course you'd have to create some JS to find the corresponding index of the selected "bud_name" and use document.getElementById('bud_id').innerHTML('foo') to fill it but really, easier ways if you must use ajax would be to either: 1) retrieve only the "bud_name" and the "bud_name" input's onchange() or on the submit button's onclick() or even after POSTED query the DB to find the corresponding ID 2) store the selected "bud_name" array index somewhere (in this case you'd be better off going with the FOR instead of FOREACH loop) and then retrieving that value and populating the "bud_id" hidden field with it on the input's onchange() event

just jumping on the bandwagon here with a few tips: - write it for just plain ol PHP first and make sure it works! - download and install firebug - only NOW add the AJAX stuff, using firebug's console.log(), to help find where you're doing this wrong couple AJAX-related tips too... - doing it by hand is a good learning experience but using a library such as jquery, dojo, prototype, etc makes it SO much easier to make and interpret AJAX requests - also, i didn't check your code line by line, but in order to get your PHP script to return values to the AJAX call you should either set appropriate headers (XML/JSON - and even plaintext if you want to be pedantic) before the output or if you wanna be lazy for testing just use die($return value) for plain text. ( simply returning values from a PHP script wont get received by the AJAX call )

i've had problems in the past with PHP SESSIONS not saving/updating or even displaying properly when using 1 static page and using ajax for server-side requests... is this is a side-effect of no refreshes? any workarounds? thanks! -Alex

thanks! i actually did google the subject extensively but haven't gotten around to reading all the articles i bookmarked... but its a pretty solid idea to get codes on the forums and elsewhere to try and find vulnerabilities as i go along! i still dont get the part about cookies though... ??? :'(

thanks!

read a lot about this but i just dont seem to be getting it... im not sure what the problem is... ok so instead of normally posting a form, i use javascript to post it... same thing right? the problem afaik is with the ajax reply, which is usually in json/xml (basically, plaintext) and which could be intercepted... ive read about: - sending a salt before the content for encryption - sending session id along with data - encrypting multiple times this all seems a bit twilight zone... can anyone please explain where exactly the problem is and recommend 1 or 2 good solutions please? thanks!

gotcha!

so this is what the new uber function looks like: <?php function clean_recursive($value) { if (is_array($value)) { foreach($value as $k=>$v) { $value[$k] = clean_recursive($v); } } else { if(get_magic_quotes_gpc() == 1){ $value = stripslashes($value); } $value = trim(htmlspecialchars($value,ENT_QUOTES,"utf-8")); //convert input into friendly characters to stop XSS $value = mysql_real_escape_string($value); } return $value; } //test $do = clean_recursive(array('somet"h"\'in"g', 'lol"', array('l\'ol'))); print_r($do); any objections?

Thanks again DarkWater! questions still remain:

thanks! shouldn't I trim() it? at any point?? and also, when would i use htmlentities() vs htmlspecialchars() ... thanks!

im sorry admins, not sure if this is the appropriate board if not please move it. basically, as far as cleaning data for mysql insertion, ive read that these 2 functions are important and also that you should undo magic_quotes_gpc() if its available and implement mysql_real_escape_string() instead.... so far so good! but where does stripslashes() come into play? thanks! -Alex

this is what i usually but im sure theres better ways of doing it: function clean(&$val){ trim(strip_tags(htmlspecialchars($val))); } im sure addslashes() or mysql_real_escape_string() should be there somewhere but im not sure... someone comment please? -Alex

thanks for the tip dude!

funny thing is the first example works in javascript if im not mistaken...

having 2 issues here can someone plz help me out? 1- if(condition){ return $variable1; } else { return $variable 2;} how can i write this as a ternary statement? return condition ? $variable1 : $variable2; doesnt work and neither does this: condition? return $variable1 : return $variable2; and most importantly: 2- if($this->settings['stickyID']){ $this->settings['id'] = &$this->settings['name']; }else{ $this->settings['id'] = $this->settings['name']; } i wanted to rewrite this as: (stickyID is bool btw) $this->settings['id'] = $this->settings['stickyID'] ? &$this->settings['name'] : $this->settings['name']; much simpler right? i get an error with the & though.... thanks!

thanks! i was wondering why the css didnt work

im developing a new app and i decided to put pretty much all of my files except for css, js and images 1 level below the public/htdocs/www folder... im considering putting everything there including css etc but i cant get it to find the file (too many "../../") is this good or bad practice? is there any kind of convention for this stuff? thanks!