Balderick

Members
  • Content count

    70
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Balderick

  • Rank
    Newbie

Recent Profile Visitors

3,882 profile views
  1. I decided to go for routine 1and luckily the errors are gone, but the script does not give a result yet. I commented the addeventlistener line and the placed onSubmit in the form tag. <!DOCTYPE html> <html> <body bgcolor="grey"> <center> <br><br><br> <div style="height: 200px; width: 600px; border: solid 2px blue;"> <form id="my_form" action="" method="post" onsubmit="submitForm(event)"> Give your name: <input type="text" name="fname"> <br> <input type="submit" value="Send" > <!--<button type="button" onclick="submitForm(e)">send it</button>--> </form> </div> </body> <script> // Add a submit event handler to the form var form = document.getElementById("my_form"); // form.addEventListener("submit", submitForm, false); // error function submitForm(e) { // Cancel form submission e.preventDefault(); // // Build a query string from the form data var form = e.currentTarget; var query = "", element; for(var i = 0; i < form.elements.length; i++ ) { // error element = form.elements[i]; if(element.name) { query += encodeURIComponent(element.name) + "=" + encodeURIComponent(element.value); query += "&"; } } // Send a request var request = new XMLHttpRequest(); request.onreadystatechange = doSomething; request.open("POST", "prophp.php", true); request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); request.send(query); // Form data is here // Handle response here however you want to function doSomething() { if(request.readyState == 4) { if(request.status == 200) { // Success // // } else { // Error // // } } } } </script> </html> I use a php script to process the form data, both echo as well as the dump is not done; its like this: <?php echo '<br>test code here : '; if (isset($_POST['fname'])) { var_dump($_POST['fname']); // execute mysql queries } ?> I don not understand completely what is meant with what the target id element is (is that form?) , I put the form part above the javascript-part. What I would actually want is an extra div or p element to show the result.
  2. This is the script right now: <!DOCTYPE html> <html> <head> <script> // Add a submit event handler to the form var form = document.getElementById("my_form"); form.addEventListener("submit", submitForm, false); // error function submitForm(e) { // Cancel form submission e.preventDefault(); // // Build a query string from the form data var form = e.currentTarget; var query = "", element; for(var i = 0; i < form.elements.length; i++ ) { // error element = form.elements[i]; if(element.name) { query += encodeURIComponent(element.name) + "=" + encodeURIComponent(element.value); query += "&"; } } // Send a request var request = new XMLHttpRequest(); request.onreadystatechange = doSomething; request.open("POST", "prophp.php", true); request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); request.send(query); // Form data is here // Handle response here however you want to function doSomething() { if(request.readyState == 4) { if(request.status == 200) { // Success // // } else { // Error // // } } } } </script> </head> <body bgcolor="grey"> <center> <br><br><br> <div style="height: 200px; width: 600px; border: solid 2px blue;"> <form id="my_form" action="" method="post"> Give your name: <input type="text" name="fname"> <br> <input type="submit" value="Send" onclick="submitForm(event)"> <!--<button type="button" onclick="submitForm(e)">send it</button>--> </form> </div> </body> The errors are at 2 lines: form.addEventListener("submit", submitForm, false); and for(var i = 0; i < form.elements.length; i++ ) { as you see I changed e to event in onclick but no result yet.
  3. I changed that, but it throws a new error like this: TypeError: form.elements is undefined it has to do with this line: for(var i = 0; i < form.elements.length; i++ ) {
  4. Ok thanks for clarification Ingolme I used this form to implement it: <!DOCTYPE html> <html> <body bgcolor="grey"> <center> <br><br><br> <div style="height: 200px; width: 600px; border: solid 2px blue;"> <form id="my_form" action="" method="post"> Give your name: <input type="text" name="fname"> <br> <input type="submit" value="Send" onclick="submitForm(e);"> <!--<button type="button" onclick="submitForm(e)">send it</button>--> </form> </div> but the error thrown out is about this piece of code. e.preventDefault(); the error code says: Reference error is not defined. e has to be declared. I tried to change fname into e; but that didnt work. How is this solved?
  5. Thank you for the answer. Like I said I have not much experience with javascript and I have a lot of questions. With a lot I mean A LOT. I counted 10, so be prepared. I still gonna ask them, I hope your explanation clears a lot. - Which events have which sequence? (in response to: e.PreventDefault) - What is the use of e.CurrentTarget? - With which reason is the query variable made? - Is EncodeURIComponent a way of sanitizing/validation? o Is it (EncodeURIComponent) obliged (strongly recommended) in javascript or is SSL enough in most cases? - Which safety aspects should I heed at when making ajax forms? o Are these security aspect different from php? o With which reason is php sufficient or not? - Can you embed a javascript function inside a function? o How does html process this?
  6. Hello, I have a question about how to send form data to the database, without reloading the entire page. I discovered working with xmlhttprequest. I managed to show text from another file by implementing a javascript function with xhr into my script. I don’t know much about javascript and don’t understand how a javascript form should be added to an existing function. Finally this should run a php script executing the code to add the form data to the database. <!DOCTYPE html> <html> <body bgcolor="grey"> <center> <br><br><br> <div style="height: 200px; width: 600px; border: solid 2px blue;"> <div id="kn_ze"> <form id="my_form" action=""> Give your name: <input type="text" name="fname"> <br> <input type="submit" value="Send" onclick="loadXMLDoc();"> <!-- <button type="button" onclick="loadXMLDoc()">send it</button> --> </form> </div> </div> <script> function loadXMLDoc() { /* document.getElementById("my_form").submit();*/ var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { document.getElementById("kn_ze").innerHTML = this.responseText; } }; xhttp.open("GET", "prophp.php", true); xhttp.send(); } </script> </body> </html> test script to process the form data prophp.php : <?php echo '<br>test code here : '; if (isset($_POST['fname'])) { var_dump($_POST['fname']); // execute mysql queries } ?> 11) How are the form data placed in the existing function? (or should I create a second one? ) Maybe someone can help me out solving it.
  7. This I hear from the beginning I started php programming 2 years ago. But this a recommendation. A strong recommendation I presume, but does this say that everyone just follows these rules, or, that, it is not possible? The answer is no. Would you, therefore, not use mysqli and sanitize and validate all input in a proper way? I'm curious what your opinion is about that!
  8. Hi can someone explain how to create a mysql database in php using OOP prepared statements. I know how to do it with mysqli but I want to know if it can be done with placeholders and oop. a good and clear tut about is okay, but please provide a clear tut about using placeholders and prepared regarding CREATING a new database.
  9. 1) I have login scripts working in combination with database table and verify_password 2) the login scripts are RE-USED for another site 3) In the test fase I use the SAME database table values and copy these in phpmyadmin to a new table is it possible there is some kind of copy security or whatever in the encrypted original table values? I presume this because there is no password_verify match. It could be I'm overlooking something, but the password_verify($form_pw, $database_pw) procedure, does not need encryption BEFORE $form_pw is read? The only conclusion then is: the value in the newly copied table is not the same is in the original table. (of course I can also reinstall the registration scripts to test it, but i would like to rule out other causes ) EDIT: solved. silly me using the wrong password
  10. Sorry people here I have asked this before, so its a bit embarassing to me. But .... I have the following question. Its about using a function inside an if condition. The thing is that when I make a function with 2 returns in this case $data and $alternative I receive them both back. I ask this for grasping how a function acts inside an if condition. So my question is: how does the php engine ‘reason’? Is the outcome of the return ONLY POSSIBLE if you return 1 value inside an if condition; so either true or false ? Example: <?php function valid_someting($data){ global $alternative; $count=''; $count = strlen($data); if ( ($count < 8 && ($count > 4) ) ) { $data = preg_replace('/[^a-zA-Z0-9!@#$%^&*()\-_=+{};:,<.>]/', '', $data ); // $data = ltrim($data); $data = rtrim($data); return $data; } $alternative = $data; return $alternative; } $data = 'abcdabcdabcd'; if (valid_someting($data)) { echo 'color input field green'; } else if ($alternative == TRUE) { echo 'color input field RED'; } ?>
  11. oh wait. I figure out that the length of the hashed value is always 60 when you use password_bcrypt. I thought it would be doubling or exponential growing, but it is a fixed outcome, whether you choose a 5 letter password or a 160 chars long. this solves the database storage problem for setting the size of the column.
  12. Oh sorry I didnt mention I used bcrypt. If bcrypt only hashes that's okay. reading more at OWASP I discovered that the max password length they recommend is 160 chars. is there a way to calculate the size of the string stored after hashing it with bcrypt // password_hash // cost 11 ?
  13. I have a security question. Though I have gone through OWASP docs I still need to place specific things in the right perspective. It is actually quite brief regarding examples. But regarding security, I have to admit that I dont know much about how hackers are operating. What I know is that javascript can be included and mysql injection can be done if you don't escape well. I have a piece of regex to allow as much characters as possible for password input. So also the <> the dot . and the semi-colon ; and the string. After forcing the user to use the right characters the password is encrypted with blowfish. Im actually not sure what happens, because if you encrypt malicious code, you can finally make it work again when you decrypt it. Probably its naive to ask online for hacking examples, because then you inform hackers. Maybe if you cant make up any risky situation, you can give a recommendation for which characters should be avoided for a password input. All input is encryted with password_verify / Blowfish. Then prepared OOP queries store the variable in the database. regex: $var='/[!@#$%^&*()\-_=+{};:,<.>]/'; then the preg_replace does: if(preg_match_all($var,$pas_inp, $o)<2) { echo '<br><br>input should contain at least 2 special chars , try again'; return FALSE; } How risky (in which possible situations) is the use of: < > . ; $ & regarding javascript, mysql injection and other possible hacks. (sorry it is a very open question, but to avoid problems I have to start somewhere)
  14. [SOLVED]
  15. I guess I solved this by using amongst others str_replace for the unwished input and I found a regex online that replaced all except the % $url = preg_replace("/([^a-zA-Z0-9+&@#?=~_|!:,.;]+)/","",$url);