Jump to content

colap

Members
  • Posts

    302
  • Joined

  • Last visited

Posts posted by colap

  1. I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?

  2. Just to clarify, I was just making the two examples comparable. One in raw HTML, with some simple PHP stuff. The other where the form tags are displayed with PHP.

     

    Is your question about whether you should use a function call to output the form? If so, that's really up to you. If you are looking for best practice, then perhaps it's using a template engine like benanamen suggested.  :shrug:

    How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.

  3. @Jacques1,

     

    You also told about cookies and sessions problem with require_once('content.php'); Can you please explain this also with example code? And what is that php-sandbox? Isn't depending on external third party library like twig a problem when you upgrade your project? Is it possible to avoid using template library or is it possible to do the same functionality with only plain php instead of using twig?

  4. function change_password_form() {
    		$change_password_form="";
    		$change_password_form=$change_password_form . 
    			'<form method="POST" action="change_password.php">			
    			<div>Type new password</div>
    			<div><input type="password" size="40px" name="new_password" /></div>
    			<div>Type new password again</div>
    			<div><input type="password" size="40px" name="new_password2" /></div>
    			<div><input type="submit" value="Change Password" /></div>			
    			</form>';
    		return $change_password_form;
    	}
    

    Is there any problem with this above code? Normally I was suggested to write php code inside html tag like this:

    <form method="POST" action="p.php">
    <input type="text" name="myname" value="<?php echo $somevalue; ?>" />
    <input type="submit" name="submi" value="Submit" />
    </form>
    

    What's the difference between these two?

    <title>My Title</title>
    
    $mytitle='My Title';
    <?php echo "<title>$mytitle</title>"; ?>
    

    Is there any problem if I echo html tag with php or make php string with html tag?

  5.  

    Another option is you create your typical entire HTML page, but you include placeholders to insert custom HTML.  You "could" then create custom PHP script to insert your custom content, but don't, and instead look into http://twig.sensiolabs.org/http://www.smarty.net/, etc, etc.

    <!DOCTYPE html>
    <html>
        <head>
            <meta charset="UTF-8">
            <title>myproject</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
            <script type="text/javascript" src="jquery-1.11.3.js"></script>
            <script type="text/javascript" src="javascript.js"></script>
        </head>
        <body>
            {{ content }}
            <div>Your footer on every page</div>
        </body> 
    </html> 
    

     

     

    If you do the inclusion on top of the script, that's a problem, because PHP cannot start/resume a session or send cookies once there's output (unless buffering is enabled).

     

    And as NotionCommotion already said, you should really use a template engine. Assembling HTML documents from various PHP scripts is 90s technology. Yeah, it kinda works, but it's cumbersome, inflexible, insecure and just hopelessly outdated.

     

    Modern template engines are far more powerful. You can define a base document and then override the page-specific parts. You can even change the title or add new CSS/JavaScript links to the head, which is not possible with a plain require_once.

     

     

    Is depending on third party library good? Isn't twig written in php? So why can't we make something like twig with plain php? {{ content }} , isn't it similar to require_once('content.php');? How did twig make this? What's the php code behind {{ content }} by twig?

     

    If you do the inclusion on top of the script, that's a problem, because PHP cannot start/resume a session or send cookies once there's output (unless buffering is enabled).

    Can you explain this with example code? I'm also curious to know about security issues of require_once('content.php');

  6.     <head>
            <meta charset="UTF-8">
            <title>myproject</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
            <script type="text/javascript" src="jquery-1.11.3.js"></script>
            <script type="text/javascript" src="javascript.js"></script>
        </head>
    

    That above head is common to every page. I want to put that in a separate head.php file. Then I want to require_once('head.php'); at top of every page. Is there any problem with this? I don't want to copy and paste that same head in every page.

  7. Use a JOIN, so you only execute a single query, and not the subquery. If you have 1000 comments your query will generate 1000 queries. Not good for server performance.

     

    You will need a recursive function to process the nested comments. Read the data into an an array (indexed on parent comment). Don't call queries recursively.

     

    Are you suggesting to avoid this following query?

    $sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC";

    Will this query run 1000 times if there are 1000 comments?

  8. Hi,

     

    Comment table:

    +-----------------+--------------+------+-----+---------+----------------+
    | Field           | Type         | Null | Key | Default | Extra          |
    +-----------------+--------------+------+-----+---------+----------------+
    | id              | int(11)      | NO   | PRI | NULL    | auto_increment |
    | user_id         | int(11)      | YES  |     | NULL    |                |
    | post_id         | int(11)      | YES  |     | NULL    |                |
    | comment_content | varchar(255) | YES  |     | NULL    |                |
    | created         | datetime     | YES  |     | NULL    |                |
    | modified        | datetime     | YES  |     | NULL    |                |
    +-----------------+--------------+------+-----+---------+----------------+
    6 rows in set (0.00 sec)

    Normally we get the list of comments associated with a post like this:

    select * from comments where post_id=<anypostid>

    Then we can do in this way:

    $sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC";
    $stmt_comments=$dbh->prepare($sql_allcomments);
    $stmt_comments->execute();
    $result_comments=$stmt_comments->fetchAll();
    ?>
    <div id="id_div_comment_content" class="cl_div_width_500px">
        <?php foreach ($result_comments as $value) { ?>
            <div class="cl_div_one_comment cl_div_border_solid cl_div_margin_bottom1px">
                <div><a href="/domain/user.php?id=<?php echo $value['user_id']; ?>"><?php echo $value['username']; ?></a>
                <?php echo ' at ' . $value['created']; ?>
                </div>            
                <div><?php echo $value['comment_content']; ?></div>
            </div>
        <?php } ?>
        
    </div>

    This is the new comment table with a parent_comment_id column:

    I'm trying to make a commenting system where someone can reply to a comment too.

    +-------------------+--------------+------+-----+---------+----------------+
    | Field             | Type         | Null | Key | Default | Extra          |
    +-------------------+--------------+------+-----+---------+----------------+
    | id                | int(11)      | NO   | PRI | NULL    | auto_increment |
    | user_id           | int(11)      | YES  |     | NULL    |                |
    | post_id           | int(11)      | YES  |     | NULL    |                |
    | comment_content   | varchar(255) | YES  |     | NULL    |                |
    | parent_comment_id | int(11)      | YES  |     | NULL    |                |
    | created           | datetime     | YES  |     | NULL    |                |
    | modified          | datetime     | YES  |     | NULL    |                |
    +-------------------+--------------+------+-----+---------+----------------+
    7 rows in set (0.00 sec)
    

    In this case, how can i list/get/query sub/nested comments of a comment?

    This is an example of nested commenting system. There are many comments under comments.

    https://www.reddit.com/r/programming/comments/z9sm8/reddits_database_has_only_two_tables/

     

    How can i do something like this?

     

    Any answer will be highly appreciated.

    Thanks in advance.

  9. Hi,

     

    What is the default $_SESSION expiry lifetime?

     

    I have used $_SESSION variables but it is not ending it's lifetime. It looks like it is infinite lifetime, but i didn't configure anything. Where to set session's lifetime, In php.ini files? Or do i have to use ini_set() function at top?

     

    Is session_start() written at top of php scripts or ini_set() function?

     

    Any help will be highly appreciated.

     

    Thanks in advance.

     

     

     

     

     

     

     

     

     

  10. How can i do multiple uploads with javascript?

     

    http://www.w3schools.com/php/php_file_upload.asp , this is to do image uploads with php.

     

    Is it possible to upload files with javascript?

     

    Can anyone post example code?

     

    Is it possible with jquery ajax ?

     

    How would i write this form for javascript upload?

    <form action="upload.php" method="post" enctype="multipart/form-data">

    It will be highly appreciated if someone helps.

     

    Thanks in advance.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.