Web Development Questions That Don't Need Their Own Thread v2 - Developers

[QUOTE=ndeee;31129975]Possible, or just set to pages with 100% width and then whenever someone clicks on an arrow or whatever, you set display:hidden; for that specific div (which is really a page), and then show the page after it. This can be easily done using jQuery.[/QUOTE] Will that still have a sort of 'sliding' effect or will the page just appear? [QUOTE=timgames;31129445]Something like this? [url]http://melissahie.com/[/url][/QUOTE] Yeah, exactly like that except only horizontal scrolling, and I want the scrolling to occur within a particular <div> so that the elements which are the same on each page don't move

[QUOTE=Alcapwne;31130522]Will that still have a sort of 'sliding' effect or will the page just appear? Yeah, exactly like that except only horizontal scrolling, and I want the scrolling to occur within a particular <div> so that the elements which are the same on each page don't move[/QUOTE] You can make a sliding effect if you want; you'd be amazed at how many effects you can do with jQuery. Take a look at [url]http://api.jquery.com/[/url] for more information and help. Good luck, and hit me with a PM if you need any help or guidance.

Is jQuery really that amazing, or can I still do fine with what I'm given?

[QUOTE=SomeFaggot;31133767]Is jQuery really that amazing, or can I still do fine with what I'm given?[/QUOTE] If you need to do something with JavaScript, do it with jQuery, it makes life easier.

[QUOTE=Skorpy;31133916]If you need to do something with JavaScript, do it with jQuery, it makes life easier.[/QUOTE] I'm looking at the list of stuff it can do now, and a lot of it looks like it would save me quite some time.

I can't figure out how to change this [code]<center> <form method="post" action="../contact/mailme.php">  <table border="1" width="400" height="41" style="border-collapse: collapse" bordercolor="#000000"> <tr> <td height="4" width="95"> <b>Your Email:</b> </td> <td height="4" width="342"> <input type="text" name="email" size="45"></td> </tr> <tr> <td height="27" width="95"> <b>Your Name:</b></td> <td height="27" width="342"> <input type="text" name="subject" size="45"></td> </tr> <tr> <td height="20" width="95"><b>Message:</b></td> <td height="20" width="342"> <textarea name="message" cols="34" rows="3">Message here...</TEXTAREA></td> </tr> </table> <p> <input type="submit" name="submit" value="Submit"> <input type="reset" name="reset" value="Reset"></p> </form> <p> </p> </center>[/code] so it can fit into a rectangle this big: 273x440px [img]http://i.imgur.com/bZqo1.png[/img] I've tried changing everything that says width in it but it still stays like this: [img]http://i.imgur.com/XELm9.png[/img]

[QUOTE=QuickSnapz;31138154]I can't figure out how to change this [code]<center> <form method="post" action="../contact/mailme.php"> *<table border="1" width="400" height="41" style="border-collapse: collapse" bordercolor="#000000"> <tr> <td height="4" width="95"> <b>Your Email:</b> </td> <td height="4" width="342"> <input type="text" name="email" size="45"></td> </tr> <tr> <td height="27" width="95"> <b>Your Name:</b></td> <td height="27" width="342"> <input type="text" name="subject" size="45"></td> </tr> <tr> <td height="20" width="95"><b>Message:</b></td> <td height="20" width="342"> <textarea name="message" cols="34" rows="3">Message here...</TEXTAREA></td> </tr> </table> <p> <input type="submit" name="submit" value="Submit"> <input type="reset" name="reset" value="Reset"></p> </form> <p>*</p> </center>[/code] so it can fit into a rectangle this big: 273x440px [img]http://i.imgur.com/bZqo1.png[/img] I've tried changing everything that says width in it but it still stays like this: [img]http://i.imgur.com/XELm9.png[/img][/QUOTE] Try adding a 'width' value to your inputs: [php] <input type="text" name="subject" size="45" width="300px"> [/php]

[QUOTE=Alcapwne;31138281]Try adding a 'width' value to your inputs: [php] <input type="text" name="subject" size="45" width="300px"> [/php][/QUOTE] Didn't seem to do anything.

[QUOTE=QuickSnapz;31138466]Didn't seem to do anything.[/QUOTE] sorry I meant this: <input type="text" name="subject" size="45" style="width: 300px">

Also, try not to use tables Example conversion: [url]https://github.com/johnduhart/SyncWiki/commit/6160006d457962ff41ede11040f108deebce861d[/url]

-snip- didn't need to use the script in the end

I keep on getting an error for something that I'm testing [code]Parse error: syntax error, unexpected '{' in /home/zzlawlzz/public_html/testing/recieve/register.php on line 1[/code] My whole code is this [php]<?php if (!isset($_POST['username']) || !isset($_POST['password1']) || !isset($_POST['password2']) || !isset($_POST['email'])) { echo'uhm'; } ?>[/php] [sp]Fixed.[/sp]

I have a cron job set to run a php script. Everything on the php script works except this twitter function that uses curl to signin to my account and tweet something. However, the tweeting works if I manually run the script. Does curl not work in cron jobs? edit: nvm, it works after I split the cron up into 2 diff jobs. It was probably just timing out :)

[QUOTE=Alcapwne;31139679]Hi, I'm using this jquery plugin: [url]http://djpate.com/2011/01/01/animated-scrollto-effect-jquery-plugin/[/url] It allows you to make buttons which scroll to particular <divs> when clicked and it highlights the <div> when it gets to them. It was working for me, but then I did some stuff to create a static footer that always stays at the bottom of the screen. Now when I click each button, the appropriate <div> gets highlighted, but not scrolled to. I know it's very vague, but are there any things I might have done which would interfere? Thanks [editline]15th July 2011[/editline] the only think I can see which may have affected something is adding a 'min-height: 100%' to the div styles[/QUOTE] Did you try debugging the JS using an inspector?

Someone just told me using mysql_* functions is bad programming, and that I should switch to different methods of communicating with MySQL databases. Naturally he did not explain any different methods to me. So what should I use from now on? It's important that I can easily switch from mysql_* to whatever new method really easily without changing too much code.

[QUOTE=Marlamin;31171752]Someone just told me using mysql_* functions is bad programming, and that I should switch to different methods of communicating with MySQL databases. Naturally he did not explain any different methods to me. So what should I use from now on? It's important that I can easily switch from mysql_* to whatever new method really easily without changing too much code.[/QUOTE] There is PDO and it's for php5.x.x unless mysql_ is for 4.x.x i think.. PDO doesn't get mysql injected.

[QUOTE=Marlamin;31171752]Someone just told me using mysql_* functions is bad programming, and that I should switch to different methods of communicating with MySQL databases. Naturally he did not explain any different methods to me. So what should I use from now on? It's important that I can easily switch from mysql_* to whatever new method really easily without changing too much code.[/QUOTE] You should be using MySQLi, or PDO. One of the biggest advantages about these new methods is support for something called parametrization, which simplifies and standardizes sanitization of arbitrary user input used in queries. With mysql_* functions you would so something like this, roughly: [code]"SELECT * FROM things WHERE id=" . $id[/code] Now, $id would be sanitized prior to be being used here, but how? Most people use [B]mysql_real_escape_string[/B] and think they're safe (very wrong). Casting the variable to an int, or in other cases matching against regex patterns would probably do the trick, but it's inconsistent and very error-prone. With PDO you would so something like this (an example, there are other ways to achieve this): [code]"SELECT * FROM things WHERE id=:id"[/code] What exactly is [B]:id[/B]? It's a parameter placeholder that you can later assign, using for example a method like: [code]$query->bindValue('id', $_GET['id']);[/code] I'm using $_GET['id'] to emphasize the fact that you do not need to sanitize the input before this point. PDO takes care of that for you. Other PDO features include query optimization and compilation (done transparently, very useful specially if you're running the same query multiple times), and its driver-based database interface abstraction. PDO is very simple, but also chock full of little nice features. Check out its manual: [url=http://www.php.net/manual/en/book.pdo.php]PDO on php.net[/url]

[QUOTE=StinkyJoe;31171841]You should me using MySQLi, or PDO. One of the biggest advantages about these new methods is support for something called parametrization, which simplifies and standardizes sanitization of arbitrary user input used in queries. With mysql_* functions you would so something like this, roughly: [code]"SELECT * FROM things WHERE id=" . $id[/code] Now, $id would be sanitized prior to be being used here, but how? Most people use [b]mysql_real_escape_string[/b] and think they're safe (very wrong). Casting the variable to an int, or in other cases matching against regex patterns would probably do the trick, but it's inconsistent and very error-prone. With PDO you would so something like this (an example, there are other ways to achieve this): [code]"SELECT * FROM things WHERE id=:id"[/code] What exactly is [b]:id[/b]? It's a parameter placeholder that you can later assign, using for example a method like: [code]$query->bindValue('id', $_GET['id']);[/code] I'm using $_GET['id'] to emphasize the fact that you do not need to sanitize the input before this point. PDO takes care of that for you.[/QUOTE] Ah, great. Thanks. Looks nifty!

[QUOTE=StinkyJoe;31171841]Most people use [B]mysql_real_escape_string[/B] and think they're safe (very wrong)[/QUOTE] elaborate

[QUOTE=Catdaemon;31173803]elaborate[/QUOTE] [url]http://stackoverflow.com/questions/1220182/does-mysql-real-escape-string-fully-protect-against-sql-injection[/url]

[QUOTE=zzlawlzz;31173858][url]http://stackoverflow.com/questions/1220182/does-mysql-real-escape-string-fully-protect-against-sql-injection[/url][/QUOTE] so it is safe then?

[QUOTE=Catdaemon;31174202]so it is safe then?[/QUOTE] Im guessing only if you use UTF-8 other wise no.

[QUOTE=zzlawlzz;31174430]Im guessing only if you use UTF-8 other wise no.[/QUOTE] It's changing the charset with a query (meaning the characters aren't escaped properly) that causes the problem not the specific encoding. I imagine the same is true of a PDO, no?

[QUOTE=Catdaemon;31173803]elaborate[/QUOTE] mysql_real_escape_string is great at its job, even PDO uses it on older mysql versions: it strips characters from a string that are deemed unsafe to use in a query, it does NOT do this in a parameter context - it doesn't care. Take this example: [code] "SELECT * FROM things WHERE foo="bar" and id=" . mysql_real_escape_string($_POST['id']) [/code] Given $_POST['id'] being equal to "[b]1 OR 1=1[/b]", the final query, even with mysql_real_escape_string, would be the following: [code] "SELECT * FROM things WHERE foo="bar" and id=1 OR 1=1" [/code] Now you have an SQL injection, since the contents of $_POST['id'] had no problematic characters. This is obviously a specific scenario, but given the amount of applications out in the wild using this method, you can bet your ass you'll find this vulnerability thousands of times. And I'm not even including other encoding-specific headaches. Another word of advice - there's currently a proposal to [b]softly deprecate the legacy mysql library, which will most likely pass[/b]. The library won't be gone any time soon (if it did, we'd have about 15 years(?) worth of shit breaking all over the place), but it's the start of a push towards more modern options, namely Mysqli or PDO. I really have to write that PDO guide, don't I?

[QUOTE=StinkyJoe;31174566]mysql_real_escape_string is great at its job, even PDO uses it on older mysql versions: it strips characters from a string that are deemed unsafe to use in a query, it does NOT do this in a parameter context - it doesn't care. Take this example: [code] "SELECT * FROM things WHERE foo="bar" and id=" . mysql_real_escape_string($_POST['id']) [/code] Given $_POST['id'] being equal to "[b]1 OR 1=1[/b]", the final query, even with mysql_real_escape_string, would be the following: [code] "SELECT * FROM things WHERE foo="bar" and id=1 OR 1=1" [/code] Now you have an SQL injection, since the contents of $_POST['id'] had no problematic characters. This is obviously a specific scenario, but given the amount of applications out in the wild using this method, you can bet your ass you'll find this vulnerability thousands of times. And I'm not even including other encoding-specific headaches. Another word of advice - there's currently a proposal to [b]softly deprecate the legacy mysql library, which will most likely pass[/b]. The library won't be gone any time soon, but it's the start of a push towards more modern options, namely Mysqli or PDO. I really have to write that PDO guide, don't I?[/QUOTE] But that's just moronic. It's obvious that that will happen - so in fact there is nothing wrong with using mysql_real_escape_string at all. Thanks. I only ask because lots of legacy code uses it at work.

[QUOTE=Catdaemon;31174622]But that's just moronic. It's obvious that that will happen - so in fact there is nothing wrong with using mysql_real_escape_string at all. Thanks. I only ask because lots of legacy code uses it at work.[/QUOTE] Obviously there's ways to prevent this from happening, and it's not even anything too complicated (heck, in this case simply casting $_POST['id'] to an int would've done the trick), but as you can assume, people writing code without a lick of knowledge regarding these issues are a dime a dozen. Also, it's most likely your work's legacy code will be phased out before the mysql library even starts throwing E_DEPRECATED, so assuming it's safe, don't worry too much about it.

[code] $data = array( 'Username' => $username, 'Password' => $password, 'FirstName' => $firstname, 'LastName' => $lastname, 'EmailAddress' => $email); $STH = $DBH->prepare("INSERT INTO " . $the_table . " ( Username, Password, FirstName, LastName, EmailAddress ) value (:Username, :Password, :FirstName, :LastName, :EmailAddress)"); [/code] Nevermind, I figured it out.

-snip- late

I have no clue why they decided substituting data into a command string was ever a good idea in the first place

How can I stop it from creating a new line every time I close a tag? here's my code: [php]<hr><h6>About Me</h6><hr><h6>Rates</h6><hr><h6>Contact</h6><hr>[/php] And it essentially goes <br> after each piece of text, because of the end tag :( But I need to have the end tags where they are. [editline]18th July 2011[/editline] nevermind, solved the problem using different classes for each of the pieces of text, but it would be nice to know the answer for future reference :)