Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by colap

  1. Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax?
  2. I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?
  3. I want to unset session variable from inside function which is passed as function parameter. In this way: [codeunset($_SESSION['msg']); [/code]
  4. <?php if(session_id() == '') { session_start(); } $_SESSION['msg']="Updated."; psession($_SESSION['msg']); function psession($msg){ echo $msg; unset($msg); } ?> This doesn't unset $_SESSION['msg']. How can I unset it?
  5. @Jacques1, Why do you need to require_once(); before session_start();? <?php require_once(''h.php"); session_start(); ?> We can use htmlspecialchars() for escaping and can skip using twig for escaping.
  6. @Jacques1, Some say twig is slower than php. How true is it? http://stackoverflow.com/questions/9363215/pure-php-html-views-vs-template-engines-views Regardless, the use of PHP is still the fastest and most versatile way of templating.
  7. @Jacques1, We do with twig: echo $twig->render('page.php', array('vr' => constant('Twig_Environment::VERSION') )); Isn't it similar to: require_once('page.php'); What does twig do inside echo $twig->render(...);?
  8. How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.
  9. @cyberRobot, We see, there are php mvc frameworks with a form class. They call the form class functions to make html form and input elements. How do they do it then?
  10. I want to change my login account/username too. I want to login with "cola" not "php-coder".
  11. Is it possible to change my username from "php-coder" to "cola" ?
  12. @Jacques1, You also told about cookies and sessions problem with require_once('content.php'); Can you please explain this also with example code? And what is that php-sandbox? Isn't depending on external third party library like twig a problem when you upgrade your project? Is it possible to avoid using template library or is it possible to do the same functionality with only plain php instead of using twig?
  13. function change_password_form() { $change_password_form=""; $change_password_form=$change_password_form . '<form method="POST" action="change_password.php"> <div>Type new password</div> <div><input type="password" size="40px" name="new_password" /></div> <div>Type new password again</div> <div><input type="password" size="40px" name="new_password2" /></div> <div><input type="submit" value="Change Password" /></div> </form>'; return $change_password_form; } Is there any problem with this above code? Normally I was suggested to write php code inside html tag like this: <form method="POST" action="p.php"> <input type="text" name="myname" value="<?php echo $somevalue; ?>" /> <input type="submit" name="submi" value="Submit" /> </form> What's the difference between these two? <title>My Title</title> $mytitle='My Title'; <?php echo "<title>$mytitle</title>"; ?> Is there any problem if I echo html tag with php or make php string with html tag?
  14. Is depending on third party library good? Isn't twig written in php? So why can't we make something like twig with plain php? {{ content }} , isn't it similar to require_once('content.php');? How did twig make this? What's the php code behind {{ content }} by twig? Can you explain this with example code? I'm also curious to know about security issues of require_once('content.php');
  15. <head> <meta charset="UTF-8"> <title>myproject</title> <link rel="stylesheet" type="text/css" href="style.css" /> <script type="text/javascript" src="jquery-1.11.3.js"></script> <script type="text/javascript" src="javascript.js"></script> </head> That above head is common to every page. I want to put that in a separate head.php file. Then I want to require_once('head.php'); at top of every page. Is there any problem with this? I don't want to copy and paste that same head in every page.
  16. What's prepared query? What did you mean by 'putting user-submitted data directly into the query'? Can you post example?
  17. Are you suggesting to avoid this following query? $sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC"; Will this query run 1000 times if there are 1000 comments?
  18. Hi, Comment table: +-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | user_id | int(11) | YES | | NULL | | | post_id | int(11) | YES | | NULL | | | comment_content | varchar(255) | YES | | NULL | | | created | datetime | YES | | NULL | | | modified | datetime | YES | | NULL | | +-----------------+--------------+------+-----+---------+----------------+ 6 rows in set (0.00 sec) Normally we get the list of comments associated with a post like this: select * from comments where post_id=<anypostid> Then we can do in this way: $sql_allcomments="select *,(select username from users where id=user_id) as username from comments where post_id=$post_id order by created ASC"; $stmt_comments=$dbh->prepare($sql_allcomments); $stmt_comments->execute(); $result_comments=$stmt_comments->fetchAll(); ?> <div id="id_div_comment_content" class="cl_div_width_500px"> <?php foreach ($result_comments as $value) { ?> <div class="cl_div_one_comment cl_div_border_solid cl_div_margin_bottom1px"> <div><a href="/domain/user.php?id=<?php echo $value['user_id']; ?>"><?php echo $value['username']; ?></a> <?php echo ' at ' . $value['created']; ?> </div> <div><?php echo $value['comment_content']; ?></div> </div> <?php } ?> </div> This is the new comment table with a parent_comment_id column: I'm trying to make a commenting system where someone can reply to a comment too. +-------------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | user_id | int(11) | YES | | NULL | | | post_id | int(11) | YES | | NULL | | | comment_content | varchar(255) | YES | | NULL | | | parent_comment_id | int(11) | YES | | NULL | | | created | datetime | YES | | NULL | | | modified | datetime | YES | | NULL | | +-------------------+--------------+------+-----+---------+----------------+ 7 rows in set (0.00 sec) In this case, how can i list/get/query sub/nested comments of a comment? This is an example of nested commenting system. There are many comments under comments. https://www.reddit.com/r/programming/comments/z9sm8/reddits_database_has_only_two_tables/ How can i do something like this? Any answer will be highly appreciated. Thanks in advance.
  19. <?php echo '<div>' . $a . '</div>';?> <div><?php echo $a;?></div> Which one is better? Someone said the bottom one is better. Please explain.
  20. From phpinfo(); i see, session=> session.gc_maxlifetime = 1440 , that means 24 minutes. But why is the lifetime is infinite?
  21. I have html files. There would be a print link/anchor in html page. If i click the print link, it will convert the html to pdf then it will print the pdf file. How can i do it?
  22. Where is it configured/set to infinite lifetime by default? Which file?
  23. Hi, What is the default $_SESSION expiry lifetime? I have used $_SESSION variables but it is not ending it's lifetime. It looks like it is infinite lifetime, but i didn't configure anything. Where to set session's lifetime, In php.ini files? Or do i have to use ini_set() function at top? Is session_start() written at top of php scripts or ini_set() function? Any help will be highly appreciated. Thanks in advance.
  24. How can i do multiple uploads with javascript? http://www.w3schools.com/php/php_file_upload.asp , this is to do image uploads with php. Is it possible to upload files with javascript? Can anyone post example code? Is it possible with jquery ajax ? How would i write this form for javascript upload? <form action="upload.php" method="post" enctype="multipart/form-data"> It will be highly appreciated if someone helps. Thanks in advance.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.