Mudsaf

Hello, i'm wondering do i need to escape $_SERVER['REMOTE_ADDR'] when selecting from MySQL database (Prevent SQL injections)?

So can client modify his ip-address to attack the server?

Well there is nothing @Warning or issue. So basically chrome tells that there is 14 warnings but the warning information area is empty.

I'm just wondering does my website have bad code or chrome bugging.

Alright, so when i tested W3schools javascript disabled i got html code coded with html_specialchars for example < > it looked like this.

<div class='message error'> <strong>Javascript Disabled Detected</strong> <p>You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.</p> </div> <br />Toggle W3Schools

With tags displaying.

Thanks alot

Hello, i'm wondering if there is reversed code for <noscript></noscript>, example if JavaScript is enabled add code there?

Technically there's no security difference between mysqli_real_escape_string and prepared statements, but prepared statements ensure that you don't forget to escape a particular string leading to a potential security problem.

Thanks for info, could you show me example of prepared mysqli_query with couple of $_POST elements?

Hello, I've learned MySQL mostly and lately I've tried to change to MySQLi. I'm wondering how to insert data to database with preventing SQL injections?

On MySQL i used stipslashes + mysql_real_escape_string

Lets say if i have $_POST['uname'] and $_POST['upass'], which is best method to prevent SQL injections?mysqli_real_escape_string or prepared query? If prepared query could somebody show me example?

Math.ceil() will round up to the next number, but 1.00001 will round up to 2 as well. It's up to you to decide a threshold and create a function that chooses Math.ceil() or Math.floor() depending on what value it has.

Thanks

 

LOL

function rnd(u){if(u==1) {return 1}else if(u==1.2) {return 2}else if(u==1.00001) {return 1}else if(u==2.5) {return 3}else if(u==3) {return 3}else {return "this is a code joke!"}}

Lol x)

Well as you know there is jQuery form plugin. If i don't have JavaScript enabled the page would display "Success" instead of whole website style. So i'm wondering is there possible to return a "small success" variable from the posted page to the page where its sent.

No JavaScriptForm > Submit > Whole style & MessageJavaScriptForm > Submit > Message only

"Hello, i'm wondering atm..."

 

What is this word "atm?"

 

The whole idea behind Ajax is to send small amounts of data either from or to the client browser. Why do you now feel it is a "very bad method" to do that? Yes, you can write a page that will use "fallback" methods if Javascript is disabled or the Ajax object is unavailable.

atm = at the moment

So basically what i'm searching here is i want to receive small variable or something from submit page so i can check what happened there without receiving full html code.

Hello, i'm wondering which method i need to use tho get these values below working.

1 //This should return 11.2 //This should return 21.00001 //This should return 12.5 //This should return 33 //This should return 3

and so on, i guess you'll get my point. I've see that Math.round(); fixes it like decimal should work, but i want the number to go rounded to next higher number.

Hello, i'm wondering atm if there is possibility to receive data from ajax or jQuery method without receiving full HTML page. Example if i use jQuery form plugin and submit data, i want to see if the post goes through correctly without any errors. Also i wan't to be user friendly if guest doesn't have JavaScript enabled the page works normally with all styles and other stuffs.

Currently I've made blank PHP pages that writes data example "Success" and i check at JavaScript if the received html is "Success". Now i realized its very bad method to do that.jQuery form plugin

http://malsup.com/jquery/form/

Hello, I've graduated as programmer and i'd like to try making professional web-page. I want to know more about things listed below.

• How i can copyright my website legally. (Without company)Currently I've done this like here, i think its poor mans copyright tho.

  Copyright <published year>-<current year> by <myname>. All rights reserved (This is because i've used alot of libraries and i don't own them, but i have rights to use them).

Hi, the first thing i noticed was how big is your header, if you see this forum's header is very small.

Also the page keep refreshing, i found the setting, 2 seconds is a very short time. Remember that the webserver is a computer that handles every request, in a production enviroment with thousands of users that is going to burn the place down.

Maybe you could try to reduce the request doing ajax to the "shoutbox" only.

When i tried to enter http://beta.mudsaf.info then it listed your files, that is a small webserver configuration.

A index.php would be fine too, even if it is just the menu for now.

1) Well it seems like W3schools header is around same size as this topic header. (The logo is large tho, but its under developement atm)2) Well i know pure ajax would be better but i think php is way more secured and i know php and love to learn it more by developing shoutbox. I've tried to decrease the network usage much as possible per load so atm it uses 1/3 KB per refresh time if there is no new shouts. Also i need to reduce my code and make it lightweight as possible.3) I know there is no index.php or any other files, but its developement release, but i agree displaying website folders looks bad.

I'm not quite following, so basically if i receive $_POST what was posted at INPUT form and lets say the input form name = test

//Does it work like this & what ist he question mark at SQL sentence. Is it the first binded parameter?. if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {$stmt->bind_param("s", $_POST['test']);$stmt->execute();

Hello, i'm wondering does MySQLi function..

mysqli_prepare()

..prevent SQL injections (check link)

http://stackoverflow.com/questions/14011899/mysqli-real-escape-string-should-i-use-it

Well another question, do you really see difference between PDO queries & MySQLi queries?

So do you think that MySQLi might get removed in future because of PDO?

Hello, i'm wondering that is there possibility to MySQLi extension get removed since there is PDO with way more Database supporting and only a little slower.

Is the PDO new future of Database coding? If not why should i learn MySQLi instead of PDO straight away?

MySQLi: http://php.net/manual/en/book.mysqli.php

PDO: http://php.net/manual/en/book.pdo.php

Reply what you think about this topic.

Hello, i've tried to learn bit PDO connections but i'm wondering how the error checking works.

Example my code.

$con->exec("INSERT INTO first_example (value) VALUES ('2')") or die("LOL");

So basically the code above works? Anyone have good tutorials for PDO & is it that hard to learn PDO if i can do MySQL?

So PDO shall it be, thanks for reply.

Hello, i'm just wondering is MySQLi much different than MySQL? I have basic knowledge of MySQL and it seemed pretty similar & easy.

Example this

<?php$con = mysqli_connect("<hostserver>","<user>","<pass>","<database>") or die("<error>");$result = $con->query("SELECT userName FROM <users>") or die("<query_failed>");while ($row = mysqli_fetch_array($result)) {echo $row['<username>'] . "<br>";}if (isset($con)) {mysqli_close($con) or die("<some random closing problems>");}?>

PS: I know its improved extension of MySQL, but i wan't to know if there is major changes in code.

Ah i even might consider PDO since alot of databases supports it, would you suggest that?

http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/

Your php.ini file prob have magic_quotes enabled. Edit your php.ini and disable it.

magic_quotes_gpc = Off

The right answer is plenty, below is alot listed but i'm 100% sure there is plenty of more.

http://en.wikipedia.org/wiki/List_of_programming_languages

I found tutorial for style, but didin't find method to remove ID and CLASS attributes.

preg_replace('/style=(["'])[^1]*?1/i', '', $item, -1);