wilee

Ah! Thank you!

Ah right sry, I viewed it using Firefox 3.6.3

Hi all, I just started writing a template that looks as follows ... <body> <div id="frame"> <div id="left"></div> <div id="right"></div> </div> </body> ... the css is * { padding: 0; margin: 0; } #frame { height: 100%; width: 100%; min-width: 800px; } #left { float: left; height: 100%; width: 40%; min-width: 300px; } #right { float: right; height: 100%; width: 60%; min-width: 500px; } So both min-width of #left/#right 300px and 500px add up to 800px which is the min-width of #frame. Intuitively #left and #right should never be stacked vertically, as when the window size goes below 800px it automatically adds scrollbars to the window due to the min-width of #frame. However they do get stacked vertically when resizing the window below 800px.. They already get stacked with widht 820px or even more. As I set both padding and margin to 0, I don't see why they are already going to be stacked before windowsize < 800px. Any ideas?

Ok, it would not be too much of an issue to change the structure, as the current application is quite simple. Thank you for your help. Best, wilee

Wow, that was fast, I'm glad I found to this forum Thank you all for the replies @thorpe What I mean that the javascript is exposed in the index.php. So one easily can see the GET request to update.php?name=..&info=.. With that users could simply call this url externally, which is what I want to prevent. Isn't there a way hide the javascript in the code and/or pass a secret with the call to update.php? @greatstar00 That seems to be quite of a hack to me, but thanks for this suggestion. @phpchamps, PFMaBiSmAd I don't really see how that should work, could you elaborate? I would send a request to valid_request.php, which sets me the flag. But then I would need to request update.php, somehow? Additionally a user could also request valid_request.php? Or can I change my whole structure/design of the implementation in order to solve that? Best, wilee

Hi all, I'm currently working on a simple page index.php for a facebook app, that allows user to insert information using an AJAX (because I don't want my whole site to be reloaded in order to show the update) call to another php site update.php that does talk to my database. My code boils down to: index.php function updateUser(user, info) { // set xmlhttp xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { // show update } } xmlhttp.open("GET", "update.php?user="+ user + "&info=" + info, true); xmlhttp.send(); } update.php $db = mysql_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD); mysql_select_db(MYSQL_DB_NAME, $db); $user = $_GET['user']; $info = $_GET['info']; $sql= mysql_real_escape_string(INSERT INTO users (user, info) VALUES ('$user', '$info')) mysql_query($sql,$db) mysql_close($db); The problem I face is that update.php is publicly accessible. I'm not talking about SQL injection. It's more about the possibilty to input nonsense, as viewing at the source code one can find update.php easily. What I would like is to have update.php only accessible through my AJAX call or hide update.php from others. What are my possibilites? Is my design using AJAX and a call to a .php file in order to update a database is crap? Is there a design pattern for my usecase? Best regards, wilee