justsomeguy

Moderator
  • Content count

    29,839
  • Joined

  • Last visited

  • Days Won

    343

Everything posted by justsomeguy

  1. Check that Wikipedia article, look at the EOCD table that lists the various offsets.
  2. If $sql is a boolean (true or false), then that probable means that your call to prepare failed. You should check if prepare worked before trying to run the other code. You should also make Id another placeholder in that prepared statement.
  3. I know what you're asking. I'm trying to figure out what happens when you run the code you showed. You said that nothing happens, but that's not correct. Something has to happen when you run code, it's not just going to not do anything. Either it's going to work, or there's going to be an error. Those are the 2 options. If it's not working to save the file, then you need to figure out what the error message says, and the 2 lines I posted will make sure that error messages are being displayed. Your other option is to figure out where your error log is and look there.
  4. The only way that password would be compromised is if you're on a shared server with poor security, where other accounts on the same server can read your files. If the server is configured correctly then that wouldn't be possible, but if it's not configured correctly then using a .ini file probably isn't going to fix anything. But yeah, the structure you show is what you're trying to describe.
  5. Those are 2 different languages, you can't mix them. They cannot share variables or anything like that. You're better off choosing a language and converting whatever code you need to convert to that language.
  6. Something has to happen when you run that code in the earlier post. Either it's going to create a new image, or there's going to be an error. If it's not creating a new image, then make sure you're looking for error messages in an error log and that all errors are being reported. You can add this to the top of your code: ini_set('display_errors', 1); error_reporting(E_ALL);
  7. If you put all of the coordinates in an array then you can use that loop variable to access each element in the array.
  8. ajax

    You don't execute the query in Javascript in the browser, database queries are executed on the server. You should send any data that needs to be part of the query to the server, execute the query there, and return the query result back to the browser. It's also a terrible idea to send the actual SQL query from the browser to the server, that's a fantastic way to get your site hacked. Send only the data that needs to be part of the query, and on the server use a prepared statement to add the data to the SQL query and send it to the database.
  9. Are you actually hosting the videos files? If so, your main concerns will be disk space and bandwidth.
  10. In the database, you store the timestamp of their last activity, so any time they load a page or click on a link you save the timestamp in the database. The number of people online is the number of people who have their last activity within a certain time range, like 10 or 15 minutes.
  11. That code sets the videoNode.src property to load the video, you can set that with any URL to have it play. Most of that code is about building the URL for a local file, if you already have a URL then you don't need much of that code.
  12. What happens when you run that?
  13. That custom 404 page doesn't give a lot of information, it doesn't help that it redirects to 404.html. Maybe the redirection isn't working. The normal way to redirect though is to send a Location header with the new URL. But, for testing, I would suggest not redirecting and making sure the PHP code works. Your PHP code has some errors in it, so maybe the server sees the PHP errors and redirects to 404 for some reason. Here are some of the issues with your PHP code: You're trying to call a function called $POST, but $POST isn't defined. If you want to get submitted values you get them from $_POST, which is an array, not a function. So, for example, you would use $_POST['name']. If your database connection fails you don't stop the script, the rest of the code still runs without a database connection. When you call mysqli_query, you used !$con which is going to send a boolean value instead of the actual connection. You need to use prepared statements when you're sending data to the database. The mysqli extension supports prepared statements, you need to use them to make sure your queries run and protect against SQL injection attacks. You send the same text ('Not inserted') regardless of whether or not the record was inserted in the database. If you use echo to send any output, sending a header after that will not work.
  14. I'm not sure what your question is, but it looks like you're trying to use a variable called tracingPresets that isn't defined. I'm not sure if your syntax for defining those variables is correct either.
  15. Surely that code would work with any valid URL for a video, right? Is there a reason that it's limited to the local machine?
  16. What does that link point to? Your code above says post.php, but the screenshot shows form.php. Are you pointing to the right file? And, if so, why would your server claim that a file isn't there if it is? If that's the case then you probably need to ask your host why it's claiming that files which exist don't.
  17. What's the problem, you submit the form and get a 404? If that's the case, then make sure the file with the form and the file that you're submitting to are in the same folder.
  18. Search for the account name for your version of Windows or IIS. It used be called IUSR_ followed by the machine name.
  19. I'm not sure how Windows permissions specifically work, but in addition to Everyone make sure that you have the IIS account also set up with permissions. Maybe the IIS account specifically doesn't have read access and that overwrites the permissions for Everyone, but like I'm said I'm not sure specifically how it works in Windows.
  20. I'm not sure what you mean by that. I'm just saying that in terms of validation, sanitizing, etc, that you can't rely on Javascript, it's a convenience for the user at best, and that the final word is what you do on the server. As long as the server is sanitizing the data and not trusting that the form submitted everything in the right format then you should be fine.
  21. There's no code involved, this is just a program you run. The options that are available when running it should be given in the help for the program.
  22. More or less. I was saying that if you are referring to a non-static member then you use $this to refer to the instantiated object, but you don't use $this when accessing static members. There's some information in the manual about variables in general: http://php.net/manual/en/language.variables.php And about classes: http://php.net/manual/en/language.oop5.php Particularly these parts: http://php.net/manual/en/language.oop5.properties.php http://php.net/manual/en/language.oop5.visibility.php http://php.net/manual/en/language.oop5.paamayim-nekudotayim.php Using $this is how you refer to the instantiated object inside the code for the class. When I refer to a static class I'm talking about a class that you don't instantiate, only define.
  23. Well, I can use my browser to specify my own Javascript file to run on your site, but I can't change your code. I'm saying that Javascript shouldn't be used as a protection mechanism for submitted data, because I can submit any arbitrary data I want to by creating my own request. I don't need to use your form or your page at all to submit a post or get request to any endpoint on your server. People trying to attack websites know that, and you have to know it when dealing with application security. The general rule is to not trust any submitted data, everything needs to be validated and, if necessary, sanitized.
  24. No, objects aren't automatically global. Javascript uses the same scope chain to look for any variable, whether it's an object or not.
  25. Well, then in that case the documentation doesn't matter and whatever the program is telling you is the final word. Maybe it's a different version than what the online documentation describes.