Jump to content

jdlev

Members
  • Posts

    53
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

jdlev's Achievements

Member

Member (2/5)

0

Reputation

  1. The principles of santization are pretty straight forward, but I guess I was wrong about how much sanitizing wordpress does on your behalf. I though a lot of the wpdb functions actually took care of that for you? I agree 100% with your opinion on wordpress. It's great out of the gate if you want to do some dynamic stuff like manage user profiles, build forms, etc...but all of these stupid caveats it has when you won't to build something or customize something are really starting to get on my nerves. Where you from in NC, I'm actually from Charlotte (small world!)
  2. Since your submitting the form to itself, why not just use an if-then statement based on available post variables? Shouldn't be too hard to implement: Something simple like this should do the trick: if (!isset($_POST['com_firstname']){ //show form } else { //hide form } Also, I'm not sure you actually need to sanitize the data. I remember reading that certain methods used by wpdb like $wpdb->insert, etc are sanitized automatically by the $wpdb class (someone who's a bit more familiar with the wpdb class in wordpress, feel free to correct me if I'm wrong, but I think that's the case)
  3. Thanks for the tip requinix. I use the chrome tools all the time and didn't know you could see the request/response headers. Good idea, I'll give it a shot
  4. I'm running it through wordpress's wpdb function, so basically, I click a button to delete the record and nothing happens beyond the alert. It's also not the variable 'id', as I just updated it to 'deleteID' and it had no effect To be honest, I'm thinking about just ditching wordpress, but I'm hoping that once I get a handle on the numerous functions coupled with the various plugins it provides...it'll eventually make development easier. But so far, all it seems to do is slow me down lol. I found this example and it's functionality is exactly what I'm looking for...I just need to do it using wordpress's protocols: http://phppot.com/demo/ajax-add-edit-delete-records-in-database-using-php-and-jquery/
  5. I'm not sure what is wrong with my code, but I basically have a dynamic table with a delete button at the end of each row. A person clicks the row, I'd like the table to update and drop the row. Should be easy enough, but I can't get it. Here's where I'm at: jQuery(document).ready(function($) { jQuery(document).on('click', "#delete", function() { var deleteID = $(this).val(); alert("ID to Delete: " + deleteID); // script works fine to here an alerts me with the proper ID to delete. $.ajax({ type: 'POST', url: '../admin/del.php', data: {"action": "del", "element_id": id}, success: function(data) { alert("Question Deleted"); } }); }); Something has to be wrong with the above script, because I can handle post requests and db manipulation from php scripts just fine. Any ideas where I went astray? TIA for your help
  6. If I understand what you're asking, it sounds like you have an issue with including custom plugins you created -or- you're downloading other peoples plugins and they're not working... A) If they're other people plugins, you're activating the plugins after you download them, correct? B) If you made custom plugins, are you saving your custom plugins under the /wp-content/plugins folder? Are you including the header information on your plugins so wordpress knows where to find your plugin...like this: <?php /* * Plugin Name: xyz plugin * Author: Barak Obama * Description: My first plugin */ Once you have the correct header information on your custom plugin, you still have to activate it. Go to your plugins menu, and click activate underneath the plugin name. C) WP has a peculiar way of handling javascript and css. If you don't want to deal with the code, you can always use some plugins that are meant just for editing your css or using shortcodes to insert your javascript. For the coding purist, it's all about the hooks and where the files are located. If you have a custom plugin, wp has a lot of custom hooks to make adding your js/css easier. Here's an example of how to include a javascript file: Let's say you have the following file and folder structure: /wp-content/plugins/your-plugin/ my-plugin.php (this is your primary file where your plugin header info listed above would go) /js/ my_script.js You need to use a wordpress function called wp_enqueue_scripts() that imports your javascript so it appears on your main page. What you do is 'queue' your scripts - it's similar to 'include' or 'require' with php. You'll soon discover the wordpress codex is your best friend: http://codex.wordpress.org where all of these things like wp_enqueue_scripts() are detailed. First things first, we need an action hook to tell wordpress where to look for the functions: add_action('admin_enqueue_scripts', 'your_js_function'); // if you want to make the scripts available to admins only add_action('wp_enqueue_scripts', 'your_js_function'); // if you want your scripts available on the viewer side Next, we setup the function from the above add_action call, not the lack of the 's' on the 'wp_enqueue_script' - it's because it's a different function than the one we mentioned above: function(your_js_function) { wp_enqueue_script('script name', (plugins_url('/js/my_script.js',__FILE__))); } So here, the function 'your_js_function' is referenced by both of the add_action calls above. The wp_enqueue_script function calls the name of your js file. From there you see where the file is located. The plugins_url function gives wp the path to your plugin directory - in this case it's the 'your-plugin' folder we referenced earlier. From here, we insert the full path from the plugin base directory to your js file. __FILE__ is basically a way of referencing the current page. To test and make sure you JS is included in your homepage - go to the admin panel (if you used admin_enqueue_scripts) or your home page (if you used wp_enqueue_scripts), open the page source, and in the head of the page, you should see you JS file referenced. Hope this helps
  7. I just ended up using the $_Server['DOCUMENT_ROOT'] global to get things working. Seems like gotten rid of the funky error I was getting before and after I logged in. Thanks everyone for the help. I really do appreciate it Good grief, I'd ask a question over on the wordpress forums and they were totally worthless.
  8. Hi Guys, Thanks for the help. I wasn't sure if wordpress was using PEAR already, and if I removed the include_path to the PEAR file from php.ini if that would screw up wordpress's functionality. For that matter, I can't even figure out why php isn't writing to the php_error log. I think I've properly setup everything in the php.ini file, but when I update it nothing happens. I have the path to the log file correct. I made sure a blank log file exists and that it's writable to the windows system user account - which I 'think' is what apache runs on. There was some weird file in there named NOEMPTY or some such thing which I don't understand. As for what was happening with the required() issues...It was weird. I'm building my first custom plugin for wordpress. When I would go to the index page, I'd get the required error - the 'Can't find required('xyz.php') directory' etc. So I'd change it to something like ../xyz.php, and it'd find it. Then as soon as I'd login and go to the wordpress admin menu, I'd get the 'can't find it' error again. So I'd go back into the file and remove the ../ and just go back to xyz.php, and it'd find it again. I have no idea what was causing the issue. I'll check out wordpress's plugin_dir_path() function and see if that may be a better solution.
  9. Hi Guys, I've got xampp running on my machine with wordpress, and had 2 security related questions: A) I was constantly running into issues with wordpress and trying to find includes. I'm building a plugin, so on the plugin's main file, I just added a 'set_include_path' function equal to the root directory of my website. Then, the require_once, and include functions that are also on that page seem to have stopped having issues. Are there any security issues with using the set_include_path, and setting it to say 'C:/htdocs/home'? B) I used Xampp to install apache, mysql, and php. Until recently, I had no idea what PEAR was. I'm curious though...is PEAR installed by default with PHP or Xampp? Thanks for any help guys
  10. I'm trying to decide how to setup user access to account information. So you have a universal table for user login information that associates that user with an account. That user only has access to that particular accounts information. Now lets say that user has a company address. Should I have another universal table where every account's company address is saved to the same table, but they can only access/edit their own address My_Database -Universal_Address_Table ---Address Company A record(only company A can see) ---Address Company B record (only company B can see) -OR- Should each account have it's own table for the addresses associated with it, so every account would have multiple iterations of the same structured table. My_Database ---Company_A_Address_Table ---Company_B_Address_Table So is one method more secure than the other? Is there a limitation on how much information MySQL can handle, because I'm hoping for a few hundred if not thousand accounts?
  11. I'm looking for the most efficient way to do this: 1) User enters number of days to see sales (ex. 30) 2) Database holds day (ex. 2013-07-08) & total sales for that day. 3) Data is sent to an array (or would a text or xml file be better to access the data?) 4) Data is extracted from array/file/xml and inserted into a graph to display data. So I suppose I could just run a for loop that looks at the database for 30 days, and returns all data, and the for loop packs the info into an array. Another way I guess I could do it is to give the SQL query an argument that says any days for today minus thirty days, add that information to an array. How would you guys go about doing it to maximize efficiency?
  12. If you use DEFINE to declare a variable, that is not visible to the end user is it? Would using the DEFINE function be the preferred method for declaring the connection variables for a database to ensure there isn't tampering if you have varying levels of MySQL access?
  13. I'm a dumbass. I can't believe I couldn't figure that out. Thanks for the help, I appreciate it
  14. So you can't call multiple variables from a function within a class? You need to make a function for each variable you want, and just call the function itself?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.