colap
-
Posts
302 -
Joined
-
Last visited
Posts posted by colap
-
-
I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?
-
I want to unset session variable from inside function which is passed as function parameter.
In this way:
[codeunset($_SESSION['msg']);
[/code]
-
<?php if(session_id() == '') { session_start(); } $_SESSION['msg']="Updated."; psession($_SESSION['msg']); function psession($msg){ echo $msg; unset($msg); } ?>
This doesn't unset $_SESSION['msg']. How can I unset it?
-
@Jacques1,
Why do you need to require_once(); before session_start();?
<?php require_once(''h.php"); session_start(); ?>
We can use htmlspecialchars() for escaping and can skip using twig for escaping.
-
@Jacques1,
Some say twig is slower than php. How true is it?
http://stackoverflow.com/questions/9363215/pure-php-html-views-vs-template-engines-views
Regardless, the use of PHP is still the fastest and most versatile way of templating.
-
@Jacques1,
We do with twig:
echo $twig->render('page.php', array('vr' => constant('Twig_Environment::VERSION') ));
Isn't it similar to:
require_once('page.php');
What does twig do inside echo $twig->render(...);?
-
Just to clarify, I was just making the two examples comparable. One in raw HTML, with some simple PHP stuff. The other where the form tags are displayed with PHP.
Is your question about whether you should use a function call to output the form? If so, that's really up to you. If you are looking for best practice, then perhaps it's using a template engine like benanamen suggested.
How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.
-
@cyberRobot,
We see, there are php mvc frameworks with a form class. They call the form class functions to make html form and input elements. How do they do it then?
-
That can't be changed.
The forum allows logging in with both the username and the display name.
I can't login with "colap" display name. Why?
-
You can change your display name over here.
I want to change my login account/username too. I want to login with "cola" not "php-coder".
-
Is it possible to change my username from "php-coder" to "cola" ?
-
@Jacques1,
You also told about cookies and sessions problem with require_once('content.php'); Can you please explain this also with example code? And what is that php-sandbox? Isn't depending on external third party library like twig a problem when you upgrade your project? Is it possible to avoid using template library or is it possible to do the same functionality with only plain php instead of using twig?
-
function change_password_form() { $change_password_form=""; $change_password_form=$change_password_form . '<form method="POST" action="change_password.php"> <div>Type new password</div> <div><input type="password" size="40px" name="new_password" /></div> <div>Type new password again</div> <div><input type="password" size="40px" name="new_password2" /></div> <div><input type="submit" value="Change Password" /></div> </form>'; return $change_password_form; }
Is there any problem with this above code? Normally I was suggested to write php code inside html tag like this:
<form method="POST" action="p.php"> <input type="text" name="myname" value="<?php echo $somevalue; ?>" /> <input type="submit" name="submi" value="Submit" /> </form>
What's the difference between these two?
<title>My Title</title> $mytitle='My Title'; <?php echo "<title>$mytitle</title>"; ?>
Is there any problem if I echo html tag with php or make php string with html tag?
-
Another option is you create your typical entire HTML page, but you include placeholders to insert custom HTML. You "could" then create custom PHP script to insert your custom content, but don't, and instead look into http://twig.sensiolabs.org/, http://www.smarty.net/, etc, etc.
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>myproject</title> <link rel="stylesheet" type="text/css" href="style.css" /> <script type="text/javascript" src="jquery-1.11.3.js"></script> <script type="text/javascript" src="javascript.js"></script> </head> <body> {{ content }} <div>Your footer on every page</div> </body> </html>
If you do the inclusion on top of the script, that's a problem, because PHP cannot start/resume a session or send cookies once there's output (unless buffering is enabled).
And as NotionCommotion already said, you should really use a template engine. Assembling HTML documents from various PHP scripts is 90s technology. Yeah, it kinda works, but it's cumbersome, inflexible, insecure and just hopelessly outdated.
Modern template engines are far more powerful. You can define a base document and then override the page-specific parts. You can even change the title or add new CSS/JavaScript links to the head, which is not possible with a plain require_once.
Is depending on third party library good? Isn't twig written in php? So why can't we make something like twig with plain php? {{ content }} , isn't it similar to require_once('content.php');? How did twig make this? What's the php code behind {{ content }} by twig?
If you do the inclusion on top of the script, that's a problem, because PHP cannot start/resume a session or send cookies once there's output (unless buffering is enabled).
Can you explain this with example code? I'm also curious to know about security issues of require_once('content.php');
-
<head> <meta charset="UTF-8"> <title>myproject</title> <link rel="stylesheet" type="text/css" href="style.css" /> <script type="text/javascript" src="jquery-1.11.3.js"></script> <script type="text/javascript" src="javascript.js"></script> </head>
That above head is common to every page. I want to put that in a separate head.php file. Then I want to require_once('head.php'); at top of every page. Is there any problem with this? I don't want to copy and paste that same head in every page.
-
- don't use SELECT *, specify the columns required
- use a prepared query instead of putting user-submitted data directly into the query
What's prepared query? What did you mean by 'putting user-submitted data directly into the query'?
Can you post example?
-
Use a JOIN, so you only execute a single query, and not the subquery. If you have 1000 comments your query will generate 1000 queries. Not good for server performance.
You will need a recursive function to process the nested comments. Read the data into an an array (indexed on parent comment). Don't call queries recursively.
Are you suggesting to avoid this following query?
$sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC";
Will this query run 1000 times if there are 1000 comments?
-
Hi,
Comment table:
+-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | user_id | int(11) | YES | | NULL | | | post_id | int(11) | YES | | NULL | | | comment_content | varchar(255) | YES | | NULL | | | created | datetime | YES | | NULL | | | modified | datetime | YES | | NULL | | +-----------------+--------------+------+-----+---------+----------------+ 6 rows in set (0.00 sec)
Normally we get the list of comments associated with a post like this:
select * from comments where post_id=<anypostid>
Then we can do in this way:
$sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC"; $stmt_comments=$dbh->prepare($sql_allcomments); $stmt_comments->execute(); $result_comments=$stmt_comments->fetchAll(); ?> <div id="id_div_comment_content" class="cl_div_width_500px"> <?php foreach ($result_comments as $value) { ?> <div class="cl_div_one_comment cl_div_border_solid cl_div_margin_bottom1px"> <div><a href="/domain/user.php?id=<?php echo $value['user_id']; ?>"><?php echo $value['username']; ?></a> <?php echo ' at ' . $value['created']; ?> </div> <div><?php echo $value['comment_content']; ?></div> </div> <?php } ?> </div>
This is the new comment table with a parent_comment_id column:
I'm trying to make a commenting system where someone can reply to a comment too.
+-------------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | user_id | int(11) | YES | | NULL | | | post_id | int(11) | YES | | NULL | | | comment_content | varchar(255) | YES | | NULL | | | parent_comment_id | int(11) | YES | | NULL | | | created | datetime | YES | | NULL | | | modified | datetime | YES | | NULL | | +-------------------+--------------+------+-----+---------+----------------+ 7 rows in set (0.00 sec)
In this case, how can i list/get/query sub/nested comments of a comment?
This is an example of nested commenting system. There are many comments under comments.
https://www.reddit.com/r/programming/comments/z9sm8/reddits_database_has_only_two_tables/
How can i do something like this?
Any answer will be highly appreciated.
Thanks in advance.
-
<?php echo '<div>' . $a . '</div>';?> <div><?php echo $a;?></div>
Which one is better? Someone said the bottom one is better. Please explain.
-
From phpinfo(); i see, session=> session.gc_maxlifetime = 1440 , that means 24 minutes. But why is the lifetime is infinite?
-
I have html files. There would be a print link/anchor in html page. If i click the print link, it will convert the html to pdf then it will print the pdf file. How can i do it?
-
Where is it configured/set to infinite lifetime by default? Which file?
-
Hi,
What is the default $_SESSION expiry lifetime?
I have used $_SESSION variables but it is not ending it's lifetime. It looks like it is infinite lifetime, but i didn't configure anything. Where to set session's lifetime, In php.ini files? Or do i have to use ini_set() function at top?
Is session_start() written at top of php scripts or ini_set() function?
Any help will be highly appreciated.
Thanks in advance.
-
How can i do multiple uploads with javascript?
http://www.w3schools.com/php/php_file_upload.asp , this is to do image uploads with php.
Is it possible to upload files with javascript?
Can anyone post example code?
Is it possible with jquery ajax ?
How would i write this form for javascript upload?
<form action="upload.php" method="post" enctype="multipart/form-data">
It will be highly appreciated if someone helps.
Thanks in advance.
A question about csrf token in login form submission
in PHP Coding Help
Posted
Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax?