Jump to content

Nico

Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by Nico

  1. I would not use md5() for creating the salt. It only returns letters from a-f (all lowercase), and numbers from 0-9. The "lorem ipsum" string you're MD5'ing is actually a much better salt by itself.Although, if you ask me, I would drop all this uniqid() and microtime() stuff, and write a function that returns a real random string, containing a wider range of characters, and perhaps even non-ascii characters.Oh, and in your en_crypt() function, put the salt behind the password. This makes brute forcing harder, or better said, it slows it down. Which is a good thing. return hash('sha256', $password . $salt);
  2. Unless you're suggesting to cast all function arguments inside the function, I'm still not sure what your point is. $items is defined in the arguments, so it's always there. I can say for certain that it's defined because the function must be called with at least one argument. Even if you pass an undefined variable to the function, it will exist inside it, because it's defined in the argument. It will throw a notice where you call the function with the undefined variable.Furthermore, PHP will automatically cast the variables if necessary. If your function expects a string, and you're passing boolean TRUE, then PHP will convert it to '1' (without errors and notices).So when I'm doing $items .= $menu_link;, and $items is boolean true, it'll be '1 + whatever $menu_link contains'Same for integers, floats, etc... Except for arrays, but then again you can set the array type hint in your function to prevent errors.function foo(array $myArray){ // $myArray can only be an array}
  3. You're missing equal signs in your form: name"Username" But for the love of God, stop using the mysql_* functions. They're old, deprecated, slow, ugly, and oh yeah... insecure as ######. With your code right now, I promise you you'll get hacked. Use PDO instead. You won't regret it. <?php$dsn = 'mysql:dbname=tutorials_blog2;host=127.0.0.1';$user = 'root';$password = '';$db = new PDO($dsn, $user, $password);$stmt = $db->prepare(" INSERT INTO posts (username, title, content, date) VALUES (?, ?, ?, UNIX_TIMESTAMP())");$result = $stmt->execute([$_POST['Username'], $_POST['Title'], $_POST['Content']]);if ($result){ echo '1 record added';}?> It looks complicated at first sight, but trust me, it's worth it.Read more here:http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developersphp.net/pdo
  4. The space is probably in your database. Either remove it from there, or trim() the output. echo "&character=" . trim($row['character_col']) . "&score_col=".$row['score_col'];
  5. Have you considered installing things like XAMPP? It's much easier to install, and comes with MySQL, phpMyAdmin, Apache, etc...
  6. I'm not sure what your point is. People were saying that $items is undefined, and accessing it would throw error notices. Which is not true. That's all. @OP: By the way, the array you had in your first post is just fine, don't let people confuse you. What you don't need is this: $CustomMenuLinks; ... this does literally nothing, you can remove that line. And the array you just posted in your last post is fine too. It's fine either way.
  7. Maybe it's just me, but I don't see any undefined variables? $items is defined in the function arguments. And arrays don't need to be initiated as arrays before you can add items without notices. Although, a faster way to append data to an existing string is doing this: $items .= $menu_link;
  8. I'm not sure why you're making such a big deal out of this. There's absolutely nothing wrong with using isset() like that. And isset() is about 5 times faster than is_null() since it's a language construct and not a function.
  9. isset() checks whether a variable is set, and not 'null', so the isset() check is not entirely pointless.
  10. While all the above is correct, you can also use commas to fix this. echo "line 2 is echo function : ", ifisset($var_jimmyjoy), "\n"; Although, if your function is echoing data, it's very likely you're doing something wrong. Edit: To answer your last question, yes, all functions return void (null) if you're not returning anything yourself. function ifisset($message){ return $message ?: '';}
  11. Nico

    Need help

    Okay, I'm ignoring your last sentence because I don't understand it at all. Back to your first post... the images are not displaying. Take a look at the source code of the page in your web browser, and make sure the paths are correct. Copy the path of one of the images and paste it into the address bar, see if that works.
  12. $newlot = implode('-', str_split($lot_number_indi_scan, 11)); ... assuming that the length of these codes is always eleven.
  13. You might want to take a look at PDO as well. I think it's much nicer.
  14. I prefer Memcached because you can store arrays and objets and don't need to serialize/unserialize (which is slow). Basically, to sum it up, you would store all your banned users in a database table, and only query it if Memcached or APC has nothing stored. This way you would only query the database once in a while. $cache = new Memcached(....); if (!$bannedUsers = $cache->get('banned_users')){ $bannedUsers = /* fetch users from database */; $cache->set('banned_users', $bannedUsers, 3600 * 24);} if (in_array($_SESSION['userid'], $bannedUsers)){ // banned} You could either flush the cache every time you ban a new user, or you can set the expiration date to something like one minute so it would automatically refresh. Also keep in mind that this table can grow with the time, and you may be loading a lot of IDs into the memory. I would add a time stamp and only load newer IDs, and prevent old IDs, whose sessions expired anyway, from logging in in the first place.
  15. Don't use CSS.Don't use XML unless you're caching your parsed pages. (It's slowww) The method you're using is just fine! Keep in mind that you can use HTML in your text bits. So you can have multiple paragraphs in one variable. If you have a lot of text on different pages, split it into different files.
  16. $pdfPath = __DIR__ . '/Spartiti/';
  17. On an unrelated, but more important note, don't ever validate uploaded files by the "type" in the $_FILES array. The reason for this is, that the "type" in the $_FILES array comes from the same source as the file itself... the user. And not only can the type vary depending on the browser you're using, it can also be faked. In other words, I can upload a .php file with an application/pdf content type, and your site would think it's safe. Always validate the file extension, and make sure that PHP doesn't parse it.
×
×
  • Create New...