Search the Community

Hello - sincerely hoping someone out there will be able to help with this, or at least have a good idea on what's going on. I have created a 'Single Page Application' (SPA) type website, and have used PHP on the server-side. At present, nearly all my content files (XML, JPEGs, XSLT, CSS) are generated from PHP scripts. My design uses many source files, and some pages have many small images, so file caching by the client browser is very important. I have set HTTP Cache-Control response headers on everything, to inform the browser that it can and should cache everything. (Content changes get picked up when a version number changes in the URL.) So far, so good - or so I thought. My problem is that both Safari and Chrome on iOS do fresh requests of EVERYTHING that's come from PHP, every time the user opens the phone from screen-lock. So the site is fast and slick with everything loaded into cache, until a 20 second pause with the phone locked, and then everything is dog slow again the first time content is viewed. For my use-case, this is a huge usability (and server load) problem. I've noticed that this refreshing of content DOESN'T happen for regular static files. (I have a folder of static file PNG images, and these never get re-requested.) How can I make all the PHP-generated content appear to the browser to be static files, so that the browser's heuristics don't mistrust them and assume they will be changing despite the HTTP headers?????! I can't believe I'm having this problem, honestly. Never seen anything like it before, with browsers ignoring these Cache-Control directives. There's something really messed up with the logic on mobile devices....

The problem is as follow. 1. This is some old code thats been around for ages. 2. Mobile devices have different screen sizes. 3. Setting the session of the screen size lets me manipulate the various page width and image sizes to display on a mobile device based on the width. If a device has a screen width of x I want to make sure the image is set for that screen width. with different device screens, the image can be too big or small. 4. Setting the session also let me access that stores screen size of other functions on the page like resizing pop up boxes and so on. Hope that explains it

@gizmola it would seem that the Software as a Service model would be more in line with my thinking (since I fear my code being co-opted). How is this best implemented? In simple terms, if the customer wants users to complete a form, would I just re-direct them to a form on MY server? Wouldn't that seem a bit suspicious if detected?

The "Problems" tab is a list of problems detected by the IDE and/or various extensions. You clear the list by fixing the problems, or somehow otherwise turning off the error reporting. You can hide the tab entirely through the right-click menu on the tab area, and similarly for the problems list in the status bar.

the most common reason for a password_hash()/password_verify() to fail is because the database column is not long enough to hold the hashed value. another common reason are programming mistakes in the form/form processing code and a lack of server-side validation that results in the hash value not actually being from the password that was submitted in the registration code, or the value being used in the login code not being what you think it is. your post method form processing code should always trim the input data, mainly so that you can detect if all white-space characters were entered, then validate all inputs before using them.

PhpMailer is not sending html emails even with isHTML set to true $mail->Body = $message; $mail->isHTML(true); $mail->isHTML = true; if(!$mail->Send()) { return $mail->ErrorInfo; } Here is the html message <!doctype html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Site Title</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> I've tried to find a solution by searching but all everyone is saying is add $mail->isHTML(true); or $mail->isHTML = true; i have commented each out individually but still doesn't send html emails Any help at all would be much appreciated

for the posted information, the requested date range of 2025-05-06 to 2025-05-22 doesn't match any of the $seasonPrices data. It starts one day after the end of the May Day range and ends one day before the start of the Summer half-term range. it should use the base/default price for every day. since you are using a standard date format, you can directly perform date comparisons by order, as mentioned in the previous thread. you can directly compare a date to the $seasonPrices SeasonStart and SeasonEnd values to find if it is between a date range. i would write a function/class-method that accepts a date input, loops over the $seasonPrices data, returns the first price that is between the SeasonStart and SeasonEnd values, or returns zero (or some other easily detected value) if it reaches the end without finding a match. as a procedural function, something like - function get_price($date,$seasonPrices) { foreach($seasonPrices as $row) { // date between start and end if($row->SeasonStart <= $date && $date <= $row->SeasonEnd) { return $row->SeasonPrice; } } // no match return 0; }

telling us that something doesn't work is pointless. we are not sitting next to you and didn't see what symptom or error you got that leads you to believe something didn't work. you must tell or show us what result you got and what the expected result should be. do you have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system, so that php will help you by reporting and displaying all the errors it detects? have you checked in the browser's developer tools, console tab for errors? you should use 'require' for things your code must have. require/include are not functions. the () around the path/filename do nothing and should be removed. $_GET['email'] is an input to your code. it may not exist. you need to use isset() to prevent errors when it doesn't exist and you must trim, then validate it before using it, when it does exist. the two session variables are also inputs to your code. they may not exist. you need to use isset() to prevent errors when they don't exist.

You've got three basic options for storage: a string, a number, or as binary A string is the obvious choice because human beings think of IP addresses as strings. You can support IPv4 and IPv6 easily because it's just a string. You can do exact searches because it's just a string, but CIDR-ranged searches are hard. A number is another choice, as an IP address is essentially a number. That's fine for IPv4 addresses, but the IPv6 is too large to support. Exact and CIDR searches are easy. There's also binary, which is probably the least convenient form to work with. It has the strengths of strings (variable-width) but its own disadvantages (binary data, inefficient ranged searches), as well as the strength of numbers (efficient storage) as well as their disadvantages (need to convert to/from string format). If you don't need ranged searches then use strings, if you think you need ranged searches then think again because you probably don't. Because this is one of those times where you can get lost overthinking the problem. Besides that, Don't store just the last IP address. Store all of them. Since you're dealing with user accounts you'll also have a session, and in there you can remember the IP address, and that means you can know if it changes (which would mostly mean a mobile device switching networks, but even that isn't especially common these days). Fun side effect of this is that you're more likely to think about session security, like how you should reauthenticate a user if a request comes from the "wrong" IP address...

Techanic Infotech is a versatile software development company renowned for its comprehensive service offerings. Specializing in web development, mobile app development, ewallet app development company, and custom software solutions, the company leverages modern technologies and agile methodologies to deliver top-notch products that align closely with client needs.With a strong emphasis on quality and client satisfaction, Techanic Infotech serves a wide array of industries including healthcare, finance, e-commerce, and education. Their solutions are tailored to address specific business challenges, showcasing their adaptability and expertise in crafting innovative software solutions.Backed by a team of seasoned developers, Techanic Infotech positions itself as a dependable partner for businesses seeking cutting-edge software development solutions. Their commitment to delivering value-driven outcomes underscores their reputation as a reliable and forward-thinking industry player.

We are Webslavery IT Services, a freelance web designing company who specializes in web design, web development and SEO. Webuild websites that are intuitive, adaptive to different devices, and stunning in design. We enjoy browsing through numerous designs and thematic styles from different websites and products for inspiration and find the evolving state of interactive websites particularly fascinating as we try our best to emulate them. Freelance Web Designing in Hyderabad For more Details Contact : Contact No: India:+91 8897931177,+91 9030361564 Web:http://www.webslavery.com/

what does the data look like? is there only one row of data or is there a set of rows of data? modern php no longer assumes that unquoted associative array indexes, that are not defined constants, are strings. you must use quotes around associate array indexes. if you tried the above code, did it produce php errors? do you have php's error_reporting set to E_ALL (it should always be this value) and display_errors set to ON, so that php will help you by reporting and displaying all the errors it detects?

Hi CBG, @mac_gyver actually posted the solution that you have chosen. And i want to say that mac_gyver and maxxd are better programmers and they have more experience than i do in this field. However, i disagree with any solutions that create a bunch of if branches because every step that a program takes can really slow it down. I definitely disagree that you cannot check it all at once. Personally, i recommend using the tools in the PHP toolbox to your advantage. I would do the following and be done with it: <?php $p = 'Yes'; $d = 'No'; $c = 'No'; $o = 'No'; $pinary = [$p] === ['Yes']; $nerror = [$d, $c, $o] === ['No','No','No']; if ($p && $nerror) { echo 'error'; exit; } echo 'No errors detected'; ?> then i would unset $pinary and $nerror to spare memory (even though 100% of coders would tell you not to do that). My point, is that you can check it all at once but you could do it differently. I would define an error and simply check if it is true.

the file system path/filename must be to where the file is located on the disk, either using a relative path (relative to the file with the include/require starting in it) or an absolute path. a leading / refers to the root of the current disk, which is doubtful where that file is located, and which will be producing a php error about a non-existent path/file. you must get php to help you by reporting and displaying all the errors it detects. you can temporarily set php's error_reporting/display_errors in your code (you will want to remove the settings when you are done learning, developing, and debugging). you can add the following immediately after the first opening <?php tag in the main file - ini_set('display_errors', '1'); error_reporting(-1);

I am 100% in agreement with @jodunno on this. Media Queries is the right way to handle your problem. He provided some great links to look at. I understand that working with old code bases can be challenging. One way to work your way into it is to use a sandbox like codepen or jsfiddle and make a small proof of concept version that has a subset of the overall css and some markup, and just addresses the things you want to change in the UI. Chrome dev tools have a built in way of setting the client dimensions of the browser, to simulate a particular screen size, and there are also some extensions that do the same thing and make it a little simpler. When you first open the developer tools in chrome (using inspect) the first 2 icons let you turn on/off the device toolbar. With it on, you can set the dimesions so it simulates the dimensions of a device or you can manually set the dimensions. Then move those changes over into the new code. Hopefully it wasn't a huge mess of 100 scripts with the html markup copy/pasted everywhere, but even in a case like that, you can add a header.php and footer.php and start require_once() as you remove all the duplicate code. Last but not least, this is why a lot of css frameworks going back to bootstrap got popular fast, as they alll for the most part provide support for making your markup responsive.

If you want to hire the best iOS mobile app development company in the United States to make your brand more prominent in the digital space, then Zazz is a service provider you can always count on. Even though it is not very complicated to hire top agencies or connect with the best application developers, our team has expertise in iPhone and iPad app development which makes us a reliable iOS app development team.

my usage of htmlspecialchars is to protect you from someone trying, for example, JavaScript code in place of a name. Atleast htmlspecialchars would prevent the execution of code. You shouldn't use it on a username, email address, password etc. You will instead need to employ some sort of validation, such as regex to check names and numbers. ENT_QUOTES just converts quotations (&quot;). session_destroy: i do not know what you are creating/developing but a login/logout process will be a good idea. However, the session will be lost whenever the user closes the browser unless you are maintaining state with cookies. You could add a logout or destroy session button, which is a post to the test-sesh2.php page. Then in test-sesh2.php, detect a post with your destroy session input and implemement a session_destroy command: if isset $POST 'destroy' then session_destroy(); let us know if you need help implementing session_destroy or validating input...

Hi. I have an exsisting table Bank_Reason. I want to add an extra columb 'Colour' to it. I am getting an error when I try to change it. I have done a drop table and recreate. Can any help with this extra columb please. I worked fine before. P.S. I have noticed that i was missing a (`). NEW line INSERT INTO `Bank_Reason` (`ID`, `ReasonID`, `Reason`,`Colour`) VALUES. Makes no diffrence. DROP TABLE IF EXISTS `Bank_Reason`; CREATE TABLE IF NOT EXISTS `Bank_Reason` ( `ID` int(11) NOT NULL, `ReasonID` int(11) DEFAULT NULL, `Reason` varchar(20) DEFAULT NULL, `Colour` varchar(8) DEFAULT '#000000' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Dumping data for table `Bank_Reason` -- INSERT INTO `Bank_Reason` (`ID`, `ReasonID`, `Reason`,Colour') VALUES (1, 0, '---SELECT','#000000'), (2, 1, 'Other',','#0000ff'), (3, 2, 'Virgin Bank','#000000'), (4, 3, '_Spare_2','#000000'), (5, 4, 'CT','#ff00ff'), (6, 5, 'Energy','#c51010'), (7, 6, 'Mobile','#27b30b'), (8, 7, 'Virgin_BB','#06b8b6'), (9, 8, 'MNOPF','#00aa00'), (10, 9, 'Water','#aa7700'), (11, 10, '@Shops','#ff0000'), (12, 11, 'Online','#7777ff'), (13, 12, 'Cash','#000000'), (14, 13, 'Pablo','#000000'), (15, 14, 'Amazon Prime','#000000'), (16, 15, 'Ebay/Paypal','#7a061c'), (17, 16, 'Argos/Store cards','#000000'), (18, 17, 'Alexa Music','#000000'), (19, 18, 'HSBC','#aa00aa'), (20, 19, 'Amazon Orders','#aa7700'), (21, 20, 'State Pension','#301de8'), (22, 21, 'Home Insurance','#000000'), (23, 22, 'Lottery','#000000'), (24, 23, 'Rent','#000000'), (25, 24, 'Private Health','#000000'), (26, 25, 'Credit card **','#000000'), (27, 26, '_Spare_1','#000000');

I'm not clear on what account you have an issue with. In general, if it's anything you really care about, then take the time to set up 2 factor authentication. Emails that claim your account is locked and prompt you to re-authenticate are often Phishing attacks, where you never actually hit the site you thought it was, and for that reason, any emails like that should be ignored, not clicked on. You might want to inspect the original email and see if it was forged. Looking at the email headers and the src of any links usually tells you the story there. Pretty much all sites have now gone to informational messages if they detect changes to an account, or unusual activity. They never prompt you to "login" or to click some link. Email is unfortunately untrustworthy and all emails needs to be viewed with suspicion.

I fixed the wrong quote but there is still an error. When I put the code into Notepad++ Line 8 is a blank line under create table section. MySQL said: Documentation #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(3, 2, 'Virgin Bank','#000000'), (4, 3, '_Spare_2','#000000'), (5, 4, 'CT','#f' at line 8 DROP TABLE IF EXISTS `Bank_Reason`; CREATE TABLE IF NOT EXISTS `Bank_Reason` ( `ID` int(11) NOT NULL, `ReasonID` int(11) DEFAULT NULL, `Reason` varchar(20) DEFAULT NULL, `Colour` varchar(8) DEFAULT '#000000' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Dumping data for table `Bank_Reason` -- INSERT INTO `Bank_Reason` (`ID`, `ReasonID`, `Reason`,`Colour`) VALUES (1, 0, '---SELECT','#000000'), (2, 1, 'Other',','#0000ff'), (3, 2, 'Virgin Bank','#000000'), (4, 3, '_Spare_2','#000000'), (5, 4, 'CT','#ff00ff'), (6, 5, 'Energy','#c51010'), (7, 6, 'Mobile','#27b30b'), (8, 7, 'Virgin_BB','#06b8b6'), (9, 8, 'MNOPF','#00aa00'), (10, 9, 'Water','#aa7700'), (11, 10, '@Shops','#ff0000'), (12, 11, 'Online','#7777ff'), (13, 12, 'Cash','#000000'), (14, 13, 'Pablo','#000000'), (15, 14, 'Amazon Prime','#000000'), (16, 15, 'Ebay/Paypal','#7a061c'), (17, 16, 'Argos/Store cards','#000000'), (18, 17, 'Alexa Music','#000000'), (19, 18, 'HSBC','#aa00aa'), (20, 19, 'Amazon Orders','#aa7700'), (21, 20, 'State Pension','#301de8'), (22, 21, 'Home Insurance','#000000'), (23, 22, 'Lottery','#000000'), (24, 23, 'Rent','#000000'), (25, 24, 'Private Health','#000000'), (26, 25, 'Credit card **','#000000'), (27, 26, '_Spare_1','#000000');

a bunch of points - three ... in a relative file system path is invalid. you should be learning, developing, and debugging code on a localhost development system, such xampp. do you have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your development system, so that php will help you by reporting and displaying all the errors it detects? is the main page a .php page? what does the 'view source' of the resulting web page show in the browser? you should use 'require' for things your code must have. your goal is to produce ONE valid web page. the file that you require is not a complete web page, it is only the code/content that you want to be required at that point in the web page. you need to validate the resulting web pages at validator.w3.org all the navigation links you have shown are all the same. you should be dynamically building the web pages using a Content Management System (CMS), in which case the navigation links would be dynamically built too, based on the defined pages, instead of manually creating and managing a bunch of pages yourself.

You can always check to see if session is started: <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/clearwebconfig.php'; require_once "vendor/autoload.php"; // Import the ErrorHandler and Database classes from the PhotoTech namespace. use clearwebconcepts\{ ErrorHandler, Database, LoginRepository as Login }; // Create an ErrorHandler instance $errorHandler = new ErrorHandler(); // Set the exception handler to use the ErrorHandler instance set_exception_handler([$errorHandler, 'handleException']); // Create a Database instance and establish a connection $database = new Database(); $pdo = $database->createPDO(); // Create a LoginRepository instance with the database connection $login = new Login($pdo); $checkStatus = new Login($pdo); // Start session if not already started if (session_status() == PHP_SESSION_NONE) { session_start(); } // Redirect to dashboard if the user is already logged in if ($login->check_login_token()) { header('Location: dashboard.php'); exit(); } // Generate a CSRF token if it doesn't exist and store it in the session if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } // Detect environment $isLocal = in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']); $cookieDomain = $isLocal ? '' : DOMAIN; $cookieSecure = !$isLocal; // Set to true on remote server // Process the login form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Check if the submitted CSRF token matches the one stored in the session if (hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { // Sanitize the username and password input $username = strip_tags($_POST['username']); $password = $_POST['password']; // Verify the user's credentials if ($login->verify_credentials($username, $password)) { // Generate a secure login token $token = bin2hex(random_bytes(32)); // Store the login token in the database $login->store_token_in_database($_SESSION['user_id'], $token); // Set a secure cookie with the login token setcookie('login_token', $token, [ 'expires' => strtotime('+6 months'), 'path' => '/', 'domain' => $cookieDomain, // Adjusted for environment 'secure' => $cookieSecure, // Adjusted for environment 'httponly' => true, 'samesite' => 'Lax' ]); // Store the login token in the session $_SESSION['login_token'] = $token; // Redirect the user to the dashboard header('Location: dashboard.php'); exit; } else { // Log error message for invalid username or password $error = 'Invalid username or password'; error_log("Login error: " . $error); } } else { // Display an error message $error = 'Invalid CSRF token'; error_log("Login error: " . $error); $error = 'An error occurred. Please try again.'; } } // Generate a random nonce value $nonce = base64_encode(random_bytes(16)); ?> You can also make sessions persistent in your configuration and it's always best to start you session in your configuration file: session_set_cookie_params([ 'lifetime' => strtotime('+6 months'), 'path' => '/', 'domain' => 'localhost', 'secure' => false, // Since it's not HTTPS, set this to false 'httponly' => true, 'samesite' => 'Lax' ]); session_start(); ob_start(); // turn on output buffering if (empty($_SESSION['token'])) { try { $_SESSION['token'] = bin2hex(random_bytes(32)); } catch (Exception $e) { } } if (preg_match('/\.js$/', $_SERVER['REQUEST_URI'])) { return false; // Let the webserver handle JavaScript files }

Basically what is being described to you is a race condition. You aren't going to be able to hack around it. A PHP script runs on the server, and has "page/request" scope. The client provide an HTTP request, and the server provides an HTTP response, and the connection is closed. Ajax is used to make changes to the state of a fully rendered DOM on the client. You are not going to be able to trick PHP into doing some of its work -- delaying while the client's DOM is in a partial/indeterminate state, in order for ajax to spawn another request, and then have the original PHP script resume in the way you hope it will, all so that you can get access to session variables that didn't even exist when the original HTTP request was made. I have no idea why you are trying to store some client state in a session, given that browser dimensions are dynamic, relative to the device and decisions made by the client. It's not clear what you expect to do with these dimensions, which you're getting from javascript code, but you certainly don't need to put them into a session, and you haven't made an attempt to explain what problem you are trying to solve, but this is not the way to solve whatever problem that is. If you want to actually take the time to explain the "problem to be solved" we might be able to better advise you on ways to solve it.

and what exactly is the problem with the last posted code? here are some points for the current code - you should use a single database extension. now that you have used the much simpler and better designed PDO extension, all your code should be updated to use the extension. you should NOT use the mysqli_real_escape_string() function, which probably doesn't have the character-set set, to match your database tables, when the connection was made, then put these pieces of data directly into the sql query statement, as this can allow sql special charters in a value to break the sql query syntax. you should use a prepared query. converting a query that has php variables being put into it into a prepared query is straight forward. if you need, someone can post a list of instructions how to do this. you should use a get method form when determining what will be displayed on a page. this is so that if someone finds a result they want to return to or share with someone, they can bookmark the URL or share the URL and be able to return to the same result. the search form should be on the same page as the result and the form should be 'sticky' and repopulate the fields, selected options, checkboxes, and radiobuttons with any existing values so that if the search doesn't find what the user expects, they can simply make changes to the search values and try again. all the search form processing code should be inside the conditional statement testing if the form has been submitted. the current code will produce a bunch of php errors and likely produce no search result and output if the page is requested without any form data. you need to trim, mainly so that you can detect if all white-space characters were entered, then validate all input data before using it. the search inputs you have shown are all 'required'. if they are not all valid, you should output error messages stating what is wrong with them and NOT run any of the query/output code. if you want to make any of these search inputs 'optional' you will need to dynamically build the WHERE part of the query and only include the terms that have search values. the use of LEFT JOIN doesn't make sense (to me). it indicates that you want to get marks data that may not have any student or school associated with it. you should just use a JOIN if you only want marks data that has school/student data. if a query doesn't match any data, you should output a message stating so, rather than outputting nothing. you need to apply htmlentities() to dynamic values being output in a html context, right before/as they are being output in order to prevent any html entities in a value from being able to break the html syntax.

Don't know if I should post this here or in the jquery forum. But here is the deal. My index.php has the following .... <?php session_start( [ 'cookie_lifetime' => 86400, ]); //session_start(); //$SID = session_id(); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); include_once( '../gallerysoftconfig.php'); include_once( 'functions.php'); include_once( '../iconfig.php'); include_once( 'indexPreChecks.php'); include_once( 'sessionChecks.php'); include_once( 'screenDetect.php'); //print_r($_SESSION); //$xyz = $_SESSION['gs_session_screen_width']; //echo "Width: $xyz <br>"; As you can see lots commented out for testing Then the issue is in screenDetect.php And here is screenDetect.php <?php if( isset($_REQUEST['sw'] ) ) { $screenWidth = $_REQUEST['sw']; $_SESSION['gs_session_screen_width'] = $screenWidth; //$s = $_SESSION['gs_session_screen_width']; //echo "New session processed: $s"; return; } if(isset($_SESSION['gs_session_screen_width']) ) { $screenWidth = $_SESSION['gs_session_screen_width']; //echo "Session processed: $screenWidth"; return; } if(! isset($_SESSION['gs_session_screen_width']) ) { echo ' <script src="https://apis.google.com/js/platform.js" async defer></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js"></script> <script type="text/javascript"> var screenWidth = screen.width; $.ajax({ type: "POST", url: "/screenDetect.php", data: {sw: screenWidth}, success: function() { } }); </script> '; } ?> There are some comments there that I use for validation But the story is, that the ajax call is simply getting the device screen size and calling it self with a POST. That works just fine The if( isse($_REQUEST['sw']) ) does get executed and sets the session. I have validated this by assigning the session to a variable and it does print it. I even do a print_r($_SESSION) and I see it. However, when I pickup the code in index.php, the session that was set there is no longer visible. Its like it never existed. I have tried the session_start() at the begining of screenDetect but no luck. Any idea what is going on ??? Thanks JT