Atli's Profile User Rating: *****

Reputation: 3858 Guru
Group:
Moderators
Active Posts:
6,851 (3.58 per day)
Joined:
08-June 10
Profile Views:
91,542
Last Active:
User is offline Yesterday, 10:14 PM
Currently:
Offline

Previous Fields

Country:
IS
OS Preference:
Linux
Favorite Browser:
FireFox
Favorite Processor:
Intel
Favorite Gaming Platform:
PC
Your Car:
Toyota
Dream Kudos:
275
Expert In:
PHP, Databases, Web Development
Icon   Atli has not set their status

Posts I've Made

  1. In Topic: PHP session that store id and name

    Posted 3 Sep 2015

    I've moved this to the PHP forum. Please try to post your questions in the right forums.

    Quote

    But i want to save it on both ID and NAME.

    What exactly do you mean by this?
    It's very unclear what you are in fact trying to achieve.


    By the way, line #9 of that HTML/PHP infusion code you posted is a monster. You should never try to cram that much logic into a single line. It makes the code way to hard to understand.

    Do the PHP logic in it's own, well organized section, and store whatever is supposed to be printed into the HTML in a variable. Then just print that variable into the HTML. Like:
    <?php
    if (isset($_POST["whatever"]) && $_POST["whatever"] == $someData["whatever"]) {
        $selectedText = 'selected="selected"';
    }
    else if (somethingElseIsTrue()) {
        $selectedText = 'selected="selected"';
    }
    else {
        $selectedText = "";
    }
    ?>
    <option <?= $selectedText ?> value="<?= $someData["whatever"] ?>"><?= $someData["nameOrWhatever"] ?></option>
    
    
  2. In Topic: Need some help with login function!

    Posted 1 Sep 2015

    View PostSherveen, on 01 September 2015 - 04:26 PM, said:

    View PostAtli, on 01 September 2015 - 09:24 AM, said:

    That doesn't make any sense. What did you do, exactly?

    sorry i meant mysqli i changed all the mysql codes into mysql is what i meant

    How so? You can't just add the "i" to the "mysql_" function calls. They aren't that similar.

    That wouldn't address the real problem either, which is the fact you are injecting variables into the query strings. Like andrewsw said: you should be using prepared statements.

    Read the link CTphpnwb posted carefully. It's an entirely different way to use databases, but it is what's being used today, and what will be used from now on, so you are better of learning that than wasting time fixing issues in the legacy "mysql_" functions.
  3. In Topic: Need some help with login function!

    Posted 1 Sep 2015

    That doesn't make any sense. What did you do, exactly?
  4. In Topic: cannot send email from script

    Posted 1 Sep 2015

    There is obviously no difference. Those are just two ways to do the same thing.
    Both of which are inappropriate.

    I get what you were trying to get across there, but you did it in possibly the worst way imaginable. Less experienced developers won't get the danger inherent in your example.

    In general, the error suppression symbol is a shortcut around proper validation and/or sanitation. There are obviously some cases where it can be used in an acceptable way, but not one of those come anywhere near raw user input, like you get from the $_POST array.


    Which is why I advice people to stay clear of it, unless they absolutely understand what it is doing under the circumstances, and the effect it will have. It can be a dangerous tool if people don't fully comprehend it, both (as in this case) as far as security goes, and by making debugging a pain.
  5. In Topic: cannot send email from script

    Posted 1 Sep 2015

    I'll have to strongly disagree with that advice.
    An "undefined" message is not even close to being the worst outcome from that kind of usage.

    You are making the form wide open to XSS attacks.

    All an attacker would have to do is fake a request like this, and they could run whatever JS code they wanted.
    POST /email_form.php HTTP/1.1
    Host: example.com
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Content-Length: 92
    
    last_name=%27%3E%3Cscript%3Ealert%28%27This+is+not+a+good+idea%21%27%29%3C%2Fscript%3E%3C%27
    
    


    You'd always have to introduce some sort of validation and/or sanitation, in which case dumping it all into the HTML, into that one line, is going to be a pain. Using a function, like the one I used in my previous snippet, would be preferable in pretty much all scenarios.

My Information

Member Title:
Enhance Your Calm
Age:
29 years old
Birthday:
September 5, 1986
Gender:
Location:
Iceland
Full Name:
Atli Ţór Jónsson
Years Programming:
12
Programming Languages:
Expert: PHP, SQL (MySQL, MSSQL), Web Development (HTML, CSS, Javascript, jQuery).

Studying: AngularJS, Node.js, Python, Ruby.

Dabble in: C#, VB.NET, Java, ActionScript 3, LUA, C/C++

Contact Information

E-mail:
Private
Yahoo:
Yahoo  atli.jonsson@ymail.com
Twitter:
Atli_Thor

Comments

  • (2 Pages)
  • +
  • 1
  • 2
  1. Photo

    Anuraj23 Icon

    24 Nov 2012 - 00:43
    hi
  2. Photo

    Atli Icon

    21 Sep 2012 - 03:19
    Hey lyster. Please post questions like that in the forums. That's what they're there for.
  3. Photo

    lyster Icon

    21 Sep 2012 - 00:40
    i just can't figure out what are the possible tables,,i want to know normalization well..u_u
  4. Photo

    lyster Icon

    21 Sep 2012 - 00:34
    hi there mr. atli..i hope you could give me some advices and idea on how to make an erd on my mini mortuary_system,thanks god bless you..
    by the way im a student of a state college here in the philippines.
  5. Photo

    kimimimi Icon

    26 Aug 2012 - 00:37
    please help me
  6. Photo

    xenoslash Icon

    19 Jul 2012 - 23:35
    You are quite possibly the most helpful member of the community. I wish I could +1 you more than once for every long (and useful!) post you make.
  7. Photo

    Maryam.m Icon

    23 Jun 2012 - 10:52
    hey i understood what should i do!!!
    i'm so happy :D :D
    tnx
  8. Photo

    polyosis Icon

    11 Jun 2012 - 16:49
    I would like to thank you on your advice with my site path and installation problems, you are most kind my friend.
  9. Photo

    Atli Icon

    14 Apr 2012 - 05:22
    Yea it seems to like you, Dimitri ;)
  10. Photo

    DimitriV Icon

    08 Apr 2012 - 19:20
    Your avatar… it blinked at me.
  11. Photo

    Atli Icon

    06 Nov 2011 - 19:49
    Hehe. Thanks guys :)
  12. Photo

    Dogstopper Icon

    06 Nov 2011 - 19:19
    Lookin' a little blue there. Cheer up man! You're a mod! Congratz!
  13. Photo

    codeprada Icon

    06 Nov 2011 - 18:34
    It's about time. Congrats on reaching blue status.
  14. Photo

    n00l3 Icon

    05 Sep 2011 - 12:59
    Happy birthday! :D
  15. Photo

    cupidvogel Icon

    03 Sep 2011 - 23:06
    I can't seem to like your reply to my jQuery post an hour ago (fantastic explanation it was), because the Javascript in my browser is somewhat malfunctioning. I will like it later, ok?
  • (2 Pages)
  • +
  • 1
  • 2