|
Sab669 posted:I started using Netbeans instead of N++. I don't think it was underlined in yellow, but maybe it was. loving impossible to notice yellow underlining on a white background through. I suppose there would've been a notification flag in the line-number section... But yea; pretty sure there was no "heads up" I thought that Netbeans would do this, but I guess it doesn't out of the box. phpcs (with PSR2 standards set) doesn't catch it either... PHPStorm does have a setting for it though.
|
# ? Feb 16, 2017 00:23 |
|
|
# ? Jun 8, 2024 07:43 |
|
Grump posted:EDIT: Post about a delete function. I ended up making unique pages for each row in my table and then adding a delete button on each page. In addition to needing to sanitize $url_id as someone above mentioned, it's probably better to write the function as delete_word($id) and not access the superglobal directly in the function body. (for reuse) Also, GET requests should always be safe (i.e. have no serious side-effects) as user-agents are allowed to issue "spurious" GET requests for pre-loading purposes and for caching purposes an http client may not even issue a request to the origin server at all! You want to use POST here. Luxury Communism fucked around with this message at 00:38 on Feb 16, 2017 |
# ? Feb 16, 2017 00:35 |
|
Scaramouche posted:This is a dumb question, but I have a wordpress plugin that has since updated and says that it no longer supports PHP 5.2 and under. I checked my phpinfo and it says 5.4.45, which theoretically checks out. However the impression I get is "if not compatible with 5.2 then it's 7.0 only"; am I safe to upgrade this plugin, or do I have to upgrade to PHP 7? If it says it no longer supports 5.2 or under, you should assume that they mean 5.3 and higher, not 7.0 and higher. You should be fine but you should also shoot an email off to the plugin author asking them to clarify the requirements for everybody.
|
# ? Feb 16, 2017 03:03 |
|
Yeah that's probably a euphemism for "namespaces"
|
# ? Feb 16, 2017 13:41 |
|
McGlockenshire posted:If it says it no longer supports 5.2 or under, you should assume that they mean 5.3 and higher, not 7.0 and higher. You should be fine but you should also shoot an email off to the plugin author asking them to clarify the requirements for everybody. Thanks, I'd already done that but was getting antsy about waiting for a response (still waiting...) so thought I'd post it here.
|
# ? Feb 16, 2017 23:47 |
|
rt4 posted:The most important thing about that code sample is that it takes user in put from $_GET['id'] and sticks it directly into a query. You need to use a parameterized query to prevent a malicious user from carrying out an SQL injection attack. So something like this? I don't need to fetch or bind my results since I'm deleting, correct? I kinda understand, but the documentation isn't doing a great job of explaining why this is protecting against malicious attacks. e: I'll probably get around to playing with PDO after I complete this CRUD app. Just wanna get some basic understanding down first. PHP code:
teen phone cutie fucked around with this message at 22:35 on Feb 20, 2017 |
# ? Feb 20, 2017 22:22 |
|
Grump posted:So something like this? I don't need to fetch or bind my results since I'm deleting, correct? quote:I kinda understand, but the documentation isn't doing a great job of explaining why this is protecting against malicious attacks. Imagine a world where id = '1 OR 1 = 1'. If you were doing plain old string concat, your query would end up being DELETE FROM words WHERE id =1 OR 1 = 1. The "OR 1=1" clause will match every single row in the table. With the prepared statement, the string '1 OR 1 = 1' would be filled in where the question mark is, complete with what are effectively quotes. Using prepared statements gives you a good degree of certainty that users will not be able to manipulate your SQL commands. (There are ways to gently caress up prepared statements with MySQL, but most of them rely on some pretty deep character encoding magic poo poo and you shouldn't worry about that quite yet. It's easy enough to defend against but there's an education barrier to doing it right.) Further, if id is only and must only be a positive whole integer, you need to validate that separately. You should be passing the id to delete to the function, not have the function pull it out of $_GET, and the code doing the calling should be responsible for making sure that it's going to pass that function a positive whole integer.
|
# ? Feb 20, 2017 22:45 |
|
McGlockenshire posted:Yes, only you also need to check that the query executed successfully. mysqli_stmt_execute returns a boolean. So is this as simple as wrapping mysqli_stmt_execute in an "if" statement? McGlockenshire posted:Imagine a world where id = '1 OR 1 = 1'. If you were doing plain old string concat, your query would end up being DELETE FROM words WHERE id =1 OR 1 = 1. The "OR 1=1" clause will match every single row in the table. Thanks. This is super helpful. I have never been able to wrap my head around SQL injections teen phone cutie fucked around with this message at 18:09 on Feb 21, 2017 |
# ? Feb 21, 2017 16:29 |
|
Grump posted:So is this as simple as wrapping mysqli_stmt_execute in an "if" statement? More than that, you need to actually do something appropriate if executing the delete fails, in a place where it makes sense. For example, rolling back a transaction and logging the error, and/or complaining to the user, or doing something else that tries to gracefully recover from an operation that shouldn't have failed. When driving, it's best practice to drive defensively. When doing defensive driving, you assume that every other driver can't see you and will make poor judgement calls. Defensive coding is a thing, too. Assume all your user input is tainted by maliciousness or stupidity, and assume every call you make outside your program can fail at any time for any reason. This means checking types, forcing validation, and always checking return values when operations can be successful or unsuccessful. This is a lot of work, but it puts you in a better place when one of those weird things that shouldn't fail finally fails and you've already tried to account for it. Deletes can fail. So can selects, and a select failing in a way that leaves an error code is some pretty serious poo poo. quote:Thanks. This is super helpful. I have never been able to wrap my head around SQL injections You should look up XSS, "cross-site scripting" some time as well. It's the same idea applied to HTML output, only with the added horror of Javascript being possible. There are many, many more types of content injection attacks, and some are even worse than these, like header injection. Validate and type check your inputs, properly escape your outputs, and talk to external services using the most safe method possible. The world is out to hack you. McGlockenshire fucked around with this message at 18:58 on Feb 21, 2017 |
# ? Feb 21, 2017 18:53 |
|
HTML Purifier is a decent library for sanitizing input and strips out most XSS content. Ideally you would sanitize the input with HTML Purifier, validate the sanitized input against some rules (valid ranges, format, etc..), and then store it in the database. Escaping output is ideal unless you are doing some sort of HTML based WYSIWYG editor.
|
# ? Feb 21, 2017 19:22 |
|
Mail question! I've got this script:code:
|
# ? Feb 21, 2017 22:13 |
|
BJPaskoff posted:It's emailing if I change "name@fakewebsite.org" to my Gmail address, but it won't email anything to an email on the same domain name as the site. I remember reading something about maybe it being an issue if the email and site are hosted with different hosts? I've fixed issues like this before with SMTP plugins for Wordpress, but this is the first mail script I'm troubleshooting. Any help would be appreciated! If you are using your domain's email, use the SMTP server provided by the host of the (MX records for the) domain. If you are sending as a gmail address, use Google's SMTP servers. Using your gmail address as the From address, but sending through your host's servers will significantly increase the likelihood of your mail being flagged as spam by the recipients. Never use mail(). It's poo poo. You can't troubleshoot it, you can't debug it, you can't control it, and when things go wrong like this, you are completely up a creek. Instead, use Swiftmailer if you can, but it's fine to use use PHPMailer if learning Swiftmailer seems overwheming. McGlockenshire fucked around with this message at 22:50 on Feb 21, 2017 |
# ? Feb 21, 2017 22:48 |
|
McGlockenshire posted:If you are using your domain's email, use the SMTP server provided by the host of the (MX records for the) domain. PHPMailer is pretty good and my goto for one off scripts, but it's definitely worth learning the API of Swiftmailer if you use any of the frameworks that use it as its core mail lib (Laravel, Yii, etc..)
|
# ? Feb 21, 2017 22:56 |
|
BJPaskoff posted:Mail question! I've got this script: I am guessing you are on cPanel? It's because it's a piece of poo poo, if so. Pretty much only option is use a third party mail service
|
# ? Feb 21, 2017 23:18 |
|
McGlockenshire posted:If you are using your domain's email, use the SMTP server provided by the host of the (MX records for the) domain. I'm basically fixing another designer's mistakes so that the company won't lose the client. One of which is this email form - it's laid out well, but the form doesn't even use label tags or have a neat output when it does send an email. I'm probably going to install a Wordpress plugin, punch in their SMTP information into an SMTP plugin, and have it work that way. I'm not getting paid enough to figure out installing and configuring these PHP scripts, and all I have access to is their FTP and Wordpress login. Biowarfare posted:I am guessing you are on cPanel? It's because it's a piece of poo poo, if so. Pretty much only option is use a third party mail service Why is cPanel lovely? I've never used any alternatives. I have Lithium, which is supposedly a highly rating Goon-run host, and they use cPanel.
|
# ? Feb 21, 2017 23:45 |
|
BJPaskoff posted:I'm basically fixing another designer's mistakes so that the company won't lose the client. One of which is this email form - it's laid out well, but the form doesn't even use label tags or have a neat output when it does send an email. I'm probably going to install a Wordpress plugin, punch in their SMTP information into an SMTP plugin, and have it work that way. I'm not getting paid enough to figure out installing and configuring these PHP scripts, and all I have access to is their FTP and Wordpress login. For best results, use SMTP for all mail and authenticate against localhost with a real email address as configured in cPanel. Doing that will ensure proper mail delivery without stupid php headers attached. Install the cPanel SMTP plugin and be done with it. Also, if they never setup their MX records properly, all email addressed to their own domain will send to a local mailbox and not off-server if their mail is hosted elsewhere. This is typical when using G Suite or Office 365 and a 3rd party for DNS but not telling cPanel that the email is hosted by a 3rd party. cPanel is going to try and deliver mail to itself because it's the best option unless otherwise instructed. Some might call that lovely, but it makes perfect sense to me. Need more than that, submit a ticket and I'll try to help. DarkLotus fucked around with this message at 01:15 on Feb 22, 2017 |
# ? Feb 22, 2017 01:13 |
|
DarkLotus posted:Our mail runs through MailChannels and not direct to the internet like most cPanel hosts. This prevents blacklisting and bad IP reputations. Oh, sorry for the confusion! The PHP mail problem is separate from my cPanel question. I'm happy with Lithium, but this client isn't hosted with you (but they would be if they were my client directly).
|
# ? Feb 22, 2017 04:21 |
|
BJPaskoff posted:Oh, sorry for the confusion! The PHP mail problem is separate from my cPanel question. I'm happy with Lithium, but this client isn't hosted with you (but they would be if they were my client directly). I think that explains the problem then
|
# ? Feb 22, 2017 06:33 |
|
This is maybe a dumb question but a client wants an ordering website done and he's adamant he wants it in PHP and he wants me to do it. I'm alright with laravel but normally use .NET with the entity framework (which auto creates the db schema based mostly on your models). Does laravel has some sort of plugin like EntityFramework so I don't have to go create the database and modify my poo poo in two places at once?
|
# ? Mar 15, 2017 17:02 |
|
You're probably looking for Doctrine.
|
# ? Mar 15, 2017 17:39 |
|
Master_Odin posted:You're probably looking for Doctrine. This. While Laravel wants you to use the ORM it bundles, it's an ActiveRecord and comes with all the associated baggage. Doctrine is a Data Mapper and therefore comes with a completely different, but far superior, set of baggage. If you're coming from EF, then Doctrine will probably be more comfortable for you. Do be warned that doing Doctrine correctly requires code generation for proxy classes and whatnot, but you can have it do this on the fly during development to avoid having to constantly run external tools. Each and every one of the command line tools that it wants you to use can also be called programmatically (migrations, etc).
|
# ? Mar 15, 2017 18:07 |
|
McGlockenshire posted:
Great thanks guys. I'll make a little CRM and see how it works.
|
# ? Mar 15, 2017 19:28 |
|
This might be a longshot, but has anyone used curl in PHP to connect to the BigCommerce API?
|
# ? Mar 16, 2017 19:18 |
|
Grump posted:This might be a longshot, but has anyone used curl in PHP to connect to the BigCommerce API? Not personally, but given that their official PHP client library lists curl as a requirement, I'd expect it's fine.
|
# ? Mar 16, 2017 21:54 |
|
Yup. That's the exact documentation I've been staring at for an hour. Been trying to connect to this loving API through PHP with no luck. e: Got it to connect through Curl. gently caress PHP man teen phone cutie fucked around with this message at 22:30 on Mar 16, 2017 |
# ? Mar 16, 2017 22:06 |
|
Grump posted:Yup. That's the exact documentation I've been staring at for an hour. Look at Guzzle! It makes writing API clients a breeze! http://docs.guzzlephp.org/en/latest/
|
# ? Mar 17, 2017 00:58 |
|
Has anyone ever tackled the Travelling Salesman problem? I want to start at Location A, travel to B, C, D, E, F and G and return back to A in the most efficient route possible. At this point I prefer to use Google Maps because I haven't used any other mapping service but am no stranger to APIs and can use any of them. I basically just want a list, I don't even need to plot points on map. Just take a list of locations with a start and end point and build a route. No driving directions, literally just an ordered list of which location to go next from the previous location.
|
# ? Mar 21, 2017 19:04 |
|
Does this help you at all? https://developers.google.com/optimization/routing/tsp/tsp#directions_api
|
# ? Mar 22, 2017 13:16 |
|
-JS- posted:Does this help you at all? Yeah, I actually found that and with the optimize parameter it works pretty well. Just curious if anyone has done something different. Just never know...
|
# ? Mar 22, 2017 13:53 |
|
Hey all, I have been tasked with writing a webpage that will display log files that are on the device and give the user the option to click a button to download them all as a .zip. I'm trying to figure out how exactly to go about this I put this script together after reading up on ZipArchive PHP code:
HTML code:
edit: I think i found a solution, now to figure out how to make it an onClick'able script http://stackoverflow.com/questions/1754352/download-multiple-files-as-zip-in-php PHP code:
FAT32 SHAMER fucked around with this message at 20:29 on Mar 23, 2017 |
# ? Mar 23, 2017 19:47 |
|
Why are you onclicking it? It's a link, so make it a link to the script that causes the file download. Yes, you want a plain old regular hyperlink. Also you should make sure to set the proper cache control headers in addition to content type and disposition.
|
# ? Mar 23, 2017 22:28 |
|
McGlockenshire posted:Why are you onclicking it? It's a link, so make it a link to the script that causes the file download. Yes, you want a plain old regular hyperlink. It's a group of .txt files that will get bundled into a zip and downloaded... if I just link to the script it will work? Oh my god I'm so mad at myself right now
|
# ? Mar 23, 2017 23:04 |
|
funny Star Wars parody posted:It's a group of .txt files that will get bundled into a zip and downloaded... if I just link to the script it will work? Should yeah. If you link to a script and it executes, then its running.
|
# ? Mar 24, 2017 00:23 |
|
Hey guys, more dumb noob questions and I will admit that a lot of it involves javascript so if it's better suited to that thread feel free to let me know. I'm trying to make it so that a user can select files that they wish to download or delete from the server (this is an offline embedded device with a lighttpd instance running so that the client has a pretty file management interface) and I can't figure out how exactly to tell the php what to do when the user clicks a button (either download the selected files as a zip or delete them). Here's my code:PHP code:
PHP code:
edit: trimmed the code up to get to the few spots that need to be looked at, ignore any weird floating divs that seem to be out of place edit2: I should also mention that I've forked PHP DirectoryLister to do this and while it's saved me a lot of time having to do a lot of the work for myself, for some reason the zipfiles his code creates dont have anything added to them which has been driving me crazy trying to figure out as well. FAT32 SHAMER fucked around with this message at 21:40 on Apr 3, 2017 |
# ? Apr 3, 2017 21:26 |
funny Star Wars parody posted:Hey guys, more dumb noob questions and I will admit that a lot of it involves javascript so if it's better suited to that thread feel free to let me know. I'm trying to make it so that a user can select files that they wish to download or delete from the server (this is an offline embedded device with a lighttpd instance running so that the client has a pretty file management interface) and I can't figure out how exactly to tell the php what to do when the user clicks a button (either download the selected files as a zip or delete them). From this snippet, it looks like you're generally confused with order of execution, and what executes on server and what on client, and how to share data between the two. HTML code:
JavaScript code:
Right after that you define a JavaScript function named rec, which also happens to have a syntax error. Are the two supposed to be related? Is the rec function actually supposed to be toDelete? The syntax error is that you just stick 'delete_selected.php' deletestuff together like that, you need an operator (probably +) between them, except that would probably end up as an invalid URL. It's not clear what deletestuff would contain, from the parts you pasted. HTML code:
JavaScript code:
Which brings me to, suddenly toDelete is an array, but you were using it as a function above. I think the first thing you should consider is whether you actually need to use JavaScript at all. In your post in the general programming questions thread (which reminded me of this, I had intended to reply earlier but forgot about it) you mention that this thing will run locally only on a small computer, not over the internet. In that case you know something about the performance, you know there will only be a single user at a time, and you know that transfer speed and latency between client and server are both as perfect as they can be. So you don't need to use client side scripting to mask over the performance of regular network connections. The much simpler solution, which may be what the original thing you're modifying already does, is to just have a plain old HTML form, no JS, you submit, which then batch deletes all the checked off files, and returns a new page with a new directory listing. Optionally with a log at the top/bottom about changes made. If you really do want a dynamically updating view, you need to completely rework this. You should probably make an array of plain old checkboxes with no events attached. Then have a button you attach a JS event handler to, that event handler then finds all checked boxes, collects the data into a form submission format, uses an XMLHttpRequest to call a PHP script on the server, and waits for then processed the response. The PHP script it calls should accept the form input generated by the JS, process the files, and return a JSON object containing status for each element the JS requested things to be done for. When the JS receives this response, it can go over the returned JSON, find the checkboxes for the files successfully deleted, and replace those checkboxes with a message that the file was deleted, or any error that maybe occurred. Edit: I made a sequence diagram. nielsm fucked around with this message at 09:27 on Apr 8, 2017 |
|
# ? Apr 8, 2017 09:17 |
|
I'm gonna try that out on Monday, I have no idea what I was trying to do with that as it currently is so thanks for the tips, it's really appreciated
|
# ? Apr 8, 2017 18:35 |
|
I have a Symfony console command that for some reason outputs every line I send to it with IO redirection. Here's the command:php:<? protected function execute(InputInterface $input, OutputInterface $output) { $output->writeln('Enter emails, one per line:'); $emails = (function (): \Generator { while ($email = readline()) { if (Validator::email()->validate($email)) { yield $email; } } })(); $output->writeln('Added ' . Contact\addBulk($this->db, $emails) . ' email addresses.'); } ?> Am I misunderstanding something about readline or the shell? code:
spiritual bypass fucked around with this message at 13:41 on Apr 12, 2017 |
# ? Apr 11, 2017 17:25 |
|
Looking for a PHP coder for a relatively easy webpage project. Hit me up if interested in making a little side money. SA-Mart thread https://forums.somethingawful.com/showthread.php?threadid=3817116
|
# ? Apr 15, 2017 00:22 |
|
Post more details, because that doesn't sound like a simple project.
|
# ? Apr 15, 2017 00:47 |
|
|
# ? Jun 8, 2024 07:43 |
|
revmoo posted:Post more details, because that doesn't sound like a simple project. Yeah I guess I don't know how hard it is, but I've done some image manipulation stuff in the past and don't remember it being terribly difficult. But here's a graphic representation of what I need to do. Let me know what you think.
|
# ? Apr 15, 2017 01:07 |