Web Dev Questions That Don't Need Their Own Thread v4 - Developers

[QUOTE=gokiyono;41928778]You are such a great help. It would be nice to know why that is.[/QUOTE] Oh, thought you just didn't understand it on that context. With prepared statements, values and the query go through different ways to the server; that way, when it comes across :value, it knows there will be a variable, no exceptions. Even if that value is value';DELETE * FROM users ; that's the value that the user sent, so it should be treated as a value. Without them, both value and query go trough the same 'tube'. If you send an unsanitized string, the server will just run it all, without difference between both (as it doesn't expect anything). Someone sends the value from the previous example? No way to know if that isn't the real query, so it will run it. (At least that is how I know it; correct me if I'm wrong.)

[QUOTE=Coment;41929010]Oh, thought you just didn't understand it on that context. With prepared statements, values and the query go through different ways to the server; that way, when it comes across :value, it knows there will be a variable, no exceptions. Even if that value is value';DELETE * FROM users ; that's the value that the user sent, so it should be treated as a value. Without them, both value and query go trough the same 'tube'. If you send an unsanitized string, the server will just run it all, without difference between both (as it doesn't expect anything). Someone sends the value from the previous example? No way to know if that isn't the real query, so it will run it. (At least that is how I know it; correct me if I'm wrong.)[/QUOTE] (First I need to say sorry for seeming a bit like a douche there) Hmm I though I could use htmlentities(); to convert them to... html entities

I do not understand how registering a domain name works. I've been reading up on it a bit, so for example I know that .info is an open generic top-level domain and it is operated by Afilias. But it looks like I can't actually buy a domain name directly through them. I [I]can[/I] buy a .info name from one of the usual sites (e.g. GoDaddy) but by what authority do they sell me that name? I can understand differing domain name prices if someone already owns the name, but what if it's some domain that no one has bought before (good old [url]www.5B9OHbFhYSym5B6b.info)?[/url] Is it worth shopping around for unclaimed domain pricing? What if I don't have a static IP address? Is there some administrative fee for updating your DNS record? (I know there's stuff like no-ip.com but I'm wondering if that's truly necessary).

[QUOTE=Larikang;41929624]I do not understand how registering a domain name works. I've been reading up on it a bit, so for example I know that .info is an open generic top-level domain and it is operated by Afilias. But it looks like I can't actually buy a domain name directly through them. I [I]can[/I] buy a .info name from one of the usual sites (e.g. GoDaddy) but by what authority do they sell me that name? I can understand differing domain name prices if someone already owns the name, but what if it's some domain that no one has bought before (good old [url]www.5B9OHbFhYSym5B6b.info)?[/url] Is it worth shopping around for unclaimed domain pricing? What if I don't have a static IP address? Is there some administrative fee for updating your DNS record? (I know there's stuff like no-ip.com but I'm wondering if that's truly necessary).[/QUOTE] I wouldn't worry about shopping around for domains because they are going to only vary by $5-$10 for a year. I would worry more about making sure you get your domain from a competent, reputable regsitrar (I use gandi.net for all of mine and would avoid godaddy if I were you). You will not be charged for editing your DNS settings, and if someone does try to charge you for that they're a horrible registrar.

[QUOTE=KmartSqrl;41930001]I wouldn't worry about shopping around for domains because they are going to only vary by $5-$10 for a year. I would worry more about making sure you get your domain from a competent, reputable regsitrar (I use gandi.net for all of mine and would avoid godaddy if I were you). You will not be charged for editing your DNS settings, and if someone does try to charge you for that they're a horrible registrar.[/QUOTE] Why do you avoid GoDaddy? It's what I use because it was simply the only one I had heard of when I started and I haven't had any problems since whatsoever.

[QUOTE=Coffeee;41930424]Why do you avoid GoDaddy? It's what I use because it was simply the only one I had heard of when I started and I haven't had any problems since whatsoever.[/QUOTE] GoDaddy is a hosting company aswell as a registrar, and most of us have experience of that web-hosting companies that does Domain Registers isn't as good as a company that focuses only on domain names. However, the main reason we avoid them is because [URL="https://www.google.com/search?q=godaddy+scandal&oq=godaddy+scandal&aqs=chrome..69i57j0l3.2693j0&sourceid=chrome&ie=UTF-8#fp=e5073ee9d189304e&q=godaddy+sopa&safe=off"]GoDaddy started support SOPA[/URL] which was a terrible decision that made them loose [B]72,354 domains in 7 days[/B]. GoDaddy has also had some downtime which is not acceptable considering how big of a company they are.

Thanks. I think I'm still confused about the connecting between your IP address and your domain name. At least, I don't see where you set up that association or how you would update it after the fact if your IP changes. gandi.net has a pretty extensive API but I can't find anything IP related other than their hosting service.

[QUOTE=Larikang;41930815]Thanks. I think I'm still confused about the connecting between your IP address and your domain name. At least, I don't see where you set up that association or how you would update it after the fact if your IP changes. gandi.net has a pretty extensive API but I can't find anything IP related other than their hosting service.[/QUOTE] You point your domain to DNS servers (e.g. Cloudflare) and those DNS Servers in turn point to your IP address.

[QUOTE=Larikang;41930815]Thanks. I think I'm still confused about the connecting between your IP address and your domain name to your hosting companies name servers. At least, I don't see where you set up that association or how you would update it after the fact if your IP changes. gandi.net has a pretty extensive API but I can't find anything IP related other than their hosting service.[/QUOTE] If you have web-hosting from some company, you only need to change the name servers for your domain name. However, if you host it from your own dedicated server/vps/home pc, you need a DNS server or you need to use no-ip or similar as your registrar/transfer your domain. It's easy to setup a DNS server, although, two IP-addresses are required and it's a pain in the ass if your behind a NAT router/firewall.

or you can use cloudflare as a DNS server

[QUOTE=Svenskunganka;41930990]If you have web-hosting from some company, you only need to change the name servers for your domain name. However, if you host it from your own dedicated server/vps/home pc, you need a DNS server or you need to use no-ip or similar as your registrar/transfer your domain. It's easy to setup a DNS server, although, two IP-addresses are required and it's a pain in the ass if your behind a NAT router/firewall.[/QUOTE] Ok, that really clears it up. Why do you need two IPs though? Is the DNS not allowed to resolve a name to itself?

[php]$db->exec("INSERT INTO SteamUsers (steamID64, steamName, privilege, item_prefs, user_prefs, join_date) VALUES ('$profile', '$userName', '$privilegeLevel', 'None', 'None', '$time') ON DUPLICATE KEY IGNORE"); [/php] Is this safe? Also I want to make the script not add the key again once it's inserted but I get an error when I use it. Exception : SQLSTATE[HY000]: General error: 1 near "ON": syntax error

It looks like you're using PDO but you're not using [url=http://php.net/manual/en/pdo.prepared-statements.php]prepared statements[/url]

[QUOTE=Banana Lord.;41931575]It looks like you're using PDO but you're not using [url=http://php.net/manual/en/pdo.prepared-statements.php]prepared statements[/url][/QUOTE] That thing looks so much like a simplified prepared statement that I thought it was one. :( Well I guess I'll do a real prepared insert then. What about the (Exception : SQLSTATE[HY000]: General error: 1 near "ON": syntax error) ? I'm mostly trying to fix that.

[QUOTE=01271;41931717]That thing looks so much like a simplified prepared statement that I thought it was one. :( Well I guess I'll do a real prepared insert then. What about the (Exception : SQLSTATE[HY000]: General error: 1 near "ON": syntax error) ? I'm mostly trying to fix that.[/QUOTE] Might just have to do with the fact that the arguments aren't escaped? Try a prepared statement and it might fix the other problem. You shouldn't need the single quotes around the VALUES anymore, so something like: [code] $stmt = $db->prepare("INSERT INTO SteamUsers (steamID64, steamName, privilege, item_prefs, user_prefs, join_date) VALUES (:profile, :userName, :privilegeLevel, 'None', 'None', :time) ON DUPLICATE KEY IGNORE"); $stmt->bindParam(':profile', $profile); $stmt->bindParam(':userName', $userName); ... $stmt->bindParam(':time', $time); $stmt->execute() [/code]

Anything to help out with web design? Literally any tips, links for reading or just simple stuff. I'm decent at getting stuff to [B]work[/B] but making it look pretty can be really tough. And I really want to work on that, so smite me!

[QUOTE=Moofy;41940471]Anything to help out with web design? Literally any tips, links for reading or just simple stuff. I'm decent at getting stuff to [B]work[/B] but making it look pretty can be really tough. And I really want to work on that, so smite me![/QUOTE] Using a framework like [URL="http://getbootstrap.com/"]Bootstrap[/URL], [URL="http://foundation.zurb.com/"]Foundation/[/URL] or [URL="http://www.99lime.com/"]Kickstart[/URL] can make things look pretty with not too much effort. As long as you customize them and not just use the default theme things can look nice!

[QUOTE=benbb;41940566]Using a framework like [URL="http://getbootstrap.com/"]Bootstrap[/URL], [URL="http://foundation.zurb.com/"]Foundation/[/URL] or [URL="http://www.99lime.com/"]Kickstart[/URL] can make things look pretty with not too much effort. As long as you customize them and not just use the default theme things can look nice![/QUOTE] Seems interesting, I'll have a look at it! And if any others has anything feel free to shoot too!

[QUOTE=benbb;41940566]Using a framework like [URL="http://getbootstrap.com/"]Bootstrap[/URL], [URL="http://foundation.zurb.com/"]Foundation/[/URL] or [URL="http://www.99lime.com/"]Kickstart[/URL] can make things look pretty with not too much effort. As long as you customize them and not just use the default theme things can look nice![/QUOTE] Using those as a design crutch is just going to lead to uninspired derivative designs. If you want to get better at design you should read up on design as much as you can and absorb as much good design as you can. Spend time on design galleries and pay attention to what it is that makes something look good.

[QUOTE=KmartSqrl;41943915]Using those as a design crutch is just going to lead to uninspired derivative designs. If you want to get better at design you should read up on design as much as you can and absorb as much good design as you can. Spend time on design galleries and pay attention to what it is that makes something look good.[/QUOTE] Yeah. Definitely take inspiration from other sites. Use StumbleUpon or something similar to find good looking sites for inspiration, or check out WAYWO.

- snip -

[QUOTE=andersonmat;41732978]Here's the problem: there is no [b]good[/b] way to go about securing the contents of the database. Either you have an encryption key locally or you have one remotely. If you're going to be accessing the data frequently, then it doesn't make sense to have it remotely. If it is local, then if someone compromises the machine you are shit out of luck because now they have the data and the key to decrypt it. If you're storing it remotely are you still going to have access to it? If someone gets your source code are they going to be able to do the same actions you are (get, delete, update, etc)?[/QUOTE] Quoted for reference since it's been a while since I've been in here. What about encrypting the data in the database in addition to data file encryption? I know this comes with some performance hits. And on that note, what about using Zend Guard to encrypt the source code?

Is there a way to just make emails that work with gmail without installing an SMTP server? I use gmail and currently I have an SMTP server installed and I forward all emails to gmail, pretty redundant.

Looking for ridiculously cheap web hosting with the following features: 200GB + Bandwidth 1.5 GB of space 2 SQL databases Thats pretty much all I need. Anyone know a company that will do this yearly for under £12?

[QUOTE=Chizbang;41964460]Looking for ridiculously cheap web hosting with the following features: 200GB + Bandwidth 1.5 GB of space 2 SQL databases Thats pretty much all I need. Anyone know a company that will do this yearly for under £12?[/QUOTE] thats a lot of bandwidth reqiured. Not sure of any that cheap.

[QUOTE=Chizbang;41964460]Looking for ridiculously cheap web hosting with the following features: 200GB + Bandwidth 1.5 GB of space 2 SQL databases Thats pretty much all I need. Anyone know a company that will do this yearly for under £12?[/QUOTE] Get a VPS. [url]http://lowendbox.com/[/url]

[QUOTE=benbb;41964649]Get a VPS. [url]http://lowendbox.com/[/url][/QUOTE] thats not less than £12/year

[QUOTE=FrankPetrov;41964673]thats not less than £12/year[/QUOTE] Oh. Yearly? That's asking a lot! [url]http://lowendbox.com/?s=yearly&searchsubmit=Find[/url] There's a few here.

Is it just me or does sublime text only finish some tags, selectors and stuff like that? In school we work on NetBeans (because we have to) - and I kinda got used to it finishing automatically, can I make sublime do that too? :v:

[QUOTE=Moofy;41972913]Is it just me or does sublime text only finish some tags, selectors and stuff like that? In school we work on NetBeans (because we have to) - and I kinda got used to it finishing automatically, can I make sublime do that too? :v:[/QUOTE] Sometimes, I wish it would do the opposite. I usually tab indent before the bracket, so something like [i]body[/i] becomes [i]border-style[/i] and many other assorted words.