Jump to content

tsuby

Members
  • Posts

    9
  • Joined

  • Last visited

tsuby's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I have a basic page, called 'index.php' that has some content on it. When I click on a certain link, it reloads the content of a certain div with the contents of the file called 'blog.php'. 'blog.php' contains a link that has a class attribute = 'more': <a href="#" class="more" id="<?php echo $id; ?>">load more</a> And I have the following javascript code, in a separate file called 'loadmore.js'(the connection to this file is made in index.php) $(function() { $('.more').on("click",function() { var ID = $(this).attr("id"); if(ID) { $("#more"+ID).html('<img src="/./images/loading.gif"/>'); $.ajax({ type: "POST", url: "/./server_scripts/ajax_more.php", data: "lastmsg="+ ID, cache: false, success: function(html){ $("#main_body").append(html); $("#more"+ID).remove(); // removing old more button } }); } else { $(".morebox").html('The End');// no results } return false; }) }); However, when I click on my link and I have breakpoints in my .js file, nothing happens, it just redirects me to the top of the page. Do you have any idea what might be wrong?
  2. Let's say I'm on the following page: localhost/articles/25/article-title which is treated like view.php?article_id=$id When I'm writing the HTML code for the view.php page, I want to link it to a CSS file, but even though view.php is in the same folder as index.php is, the link is not working(it seems to me that it might be because of the friendly URL, but I'm probably wrong). In this case, how can I link the CSS and any other link correctly?
  3. Yes. The query for the tags is another one, but I don't have any problems with that as I don't need nonalphanumeric characters in the tags. $ok1 = mysqli_query($connection, "INSERT INTO blog_posts(title, text, date_posted) VALUES('$title', '$text', '$datestamp')");
  4. Ok, so I'm trying to add an article(title, content, tags) to my database. Each of those field is stored in POST. When i use a ' character in any of those fields, the query fails. (I previously used mysqli_real_escape_string on them) How should I filter the input in order for everything to be safe and for me to be able to use ' in those fields?
  5. Hey, thanks for the reply! I said I'm a newbie with PHP, not with coding in general. I can handle my stuff, if I can say so. I have been using the mysqli functions, I just wrote "mysql" in the previous post. At the moment, I'm building some kind of blog from scratch. That means some forms for adding the articles and editing them(those are already only accesible by login that eventually goes through to an admin panel) and the comments interface that the users can use(this one I have not thought it through yet, but it doesn't seem to be hard). I am aware that I must do my best to filter EVERY user input, but that's basically all I know about security. I would like to go more in depth and learn more and more on this topic as I think it's extremely important if you want to make some money out of it.
  6. I'm new to the PHP scene and I want everything I do to be perfectly(?) secure in terms of hackability. Could any of you be so kind to point me somewhere where I can take the steps necessary for learning to do so? Or just do a resume of the most common practices. The only site security practices that I am aware of are using mysql_real_escape_string, html_entities and strip_tags and I'm not totally sure when you are supposed to use those. Any other advice would be much appreciated!
  7. Thank you for your answer, I appreciate it. That is what I had in mind, also, but it didn't really seem elegant to me. Now that I look more closely on some websites that I wanted to take an example from, they really use this; and so I will not have any problem implementing it in my website. Again, thanks a lot for your answer!
  8. Hey guys! I have a little problem with link rewriting. For example, when I go to the page /articles/that-article-is-nice, I got the server to use /view.php?article_name=that-article-is-nice. My question is, how can I use that slug name(which was transformed previously) to get the wanted article from the database? Because in the database I would have something like 'That article is... nice.?', whereas my article_name variable is different: 'that-article-is-nice'. Can you give me any ideas on how I should approach this? My worst problem is SQL, I'm really not familiarised with it.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.