-
Posts
18 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Downloads
Gallery
Store
Posts posted by jmb272
-
-
I've never used Ruby on Rails or ASP.NET so I couldn't compare PHP to them.
But what I can say is, PHP has never let me down.
Every project I've worked on I've managed to get the job done with PHP.
-
Hi guys.
I'm writing my own MVC framework and I've written a CSRF token validation class to help prevent CSRF attacks.
This is my first attempt at writing a CSRF token validation class and I just wanted to get some feedback.
I've looked at how others have done it and sort of stuck to the general route that most people take when writing something similar.
<?php // Security measure. if (!defined('BASE_PATH')) { exit(); } class CSRF { private static $tokens = array(); private static $session_name = 'csrf_data'; /** * Loads CSRF token data from session into $tokens array. * * This method is called in the index.php file before a controller is loaded. * * @return void */ public static function init() { $session_name = self::$session_name; // Move CSRF token data from session to class field. if (isset($_SESSION[$session_name])) { self::$tokens = unserialize($_SESSION[$session_name]); unset($_SESSION[$session_name]); } } /** * Saves the CSRF data to a session. * * @static * @return void */ private static function save() { $session_name = self::$session_name; unset($_SESSION[$session_name]); $_SESSION[$session_name] = serialize(self::$tokens); } /** * Creates a new token. * * @static * @param string $name * @return string */ private static function generateToken($name) { $token = md5(uniqid(rand(), true)); self::$tokens[$name] = $token; self::save(); return $token; } /** * Validate a token by its name. * * @static * @param string $name * @param string $token The CSRF token included with the form data. * @return bool */ public static function validateToken($name, $token) { if (!isset(self::$tokens[$name])) { return false; } return ($token == self::$tokens[$name]); } } // End of CSRF class.
-
I wouldn't host anything with iPage, they caused me nothing but grief.
Same goes for JustHost and 1&1 Internet. Don't use any of them.
-
wow, ok, thanks alot. I would have carried on using tables but you've made me think twice.
-
What alternative is there to tables?
Floating Divs? I prefer to use tables as they work in almost every browser.
I have a lot of issues with floating divs, i'd switch to them however if Internet explorer was never invented.
however..
<html> <head> <title>My Website</title> <style type="text/css"> .center, body, #container { text-align: left; margin-left: auto; margin-right: auto; } #container { width: 900px; } #sidebar { float: left; width: 150px; } #content { float: right; width: 750px; } </style> </head> <body> <div id="sidebar"> <a href="?go=home">Home</a><br /><br /> <a href="?go=page-1">Page 1</a><br /> <a href="?go=page-2">Page 2</a><br /> <a href="?go=page-3">Page 3</a><br /> </div> <div id="content"> <?php $default = "content/home.php"; if (isset($_GET['go'])) { switch ($_GET['go']) { case "page-1": include("content/page1.php"); break; case "page-2": include("content/page2.php"); break; case "page-3": include("content/page3.php"); break; default: include($default); } } else { include($default); } ?> </div> </body> </html>
-
You could do something like this:
<html> <head> <title>My Website</title> </head> <body> <table width="100%" border="0" cellpadding="2" cellspacing="3"> <tr> <td id="sidebar"> <a href="?go=home">Home</a><br /><br /> <a href="?go=page-1">Page 1</a><br /> <a href="?go=page-2">Page 2</a><br /> <a href="?go=page-3">Page 3</a><br /> </td> <td id="content"> <?php $default = "content/home.php"; if (isset($_GET['go'])) { switch ($_GET['go']) { case "page-1": include("content/page1.php"); break; case "page-2": include("content/page2.php"); break; case "page-3": include("content/page3.php"); break; default: include($default); } } else { include($default); } ?> </td> </tr> </table> </body> </html>
- 1
-
Good call -- doing the searching within the MySQL query makes a lot more sense than the way I posted above.
Thanks. Yeah it will do, saves you having to fetch all the records and preg_match them.
When you have your results, if you want to highlight the criteria in the results you could do something like..
while ($row = @mysql_fetch_array($results, MYSQL_ASSOC)) { $field = $row['field_name']; $field = str_replace($_POST['search_criteria'], '<font color="#336699">'.$_POST['search_criteria'].'</font>', $field); echo $field; }
-
I've recently built a search function into my website.
This works for me.
$criteria = strtoupper($_POST['search_criteria']);
SELECT * FROM `tbl_name` WHERE UPPER(`field_name`) LIKE '%'.mysql_real_escape_string($critera).'%'
I've converted the search criteria and table field values to uppercase to make the query case insensitive.
-
-
Hello,
I have a table with fields date,day,and some data for each day.
I want to display the data on a weekly basis, (ie from Monday to Friday) along with options for next week and
previous week.
Could someone help me with this?
Why not get a twitter account and build/download a script to display your latest tweets?
-
I'd recommend using Notepad++, it just makes things easier.
Also, when u save a file in notepad, you're better off typing "name.html" including the quotes.
If you install notepad++, you can simply right click on your html file and select "Edit with Notepad++".
Alternatively, open notepad and drag your html file icon into the window to open it.
-
I know for a fact they use the meta description, the extract of text that google has used for some of my websites are the Meta Description tags.
Still, Google isn't the only search engine.
-
JustHost isn't bad. Its better than other web hosts i've used such as Streamline and 1&1 Internet.
You get free advertisement credit for google, yahoo & bidvertiser.
My package has unlimited/unmetered bandwidth & space and is about £6-7 per month.
-
Anyone else heard about the new .co TLD being released on 20th July?
Already preordered one, going to get some more tommorow. £20 a pop but its worth it.
The cheapest pre-ordering price I've found so far is heart internet which is £20, others like 123-reg charge £30.
So if you're interested in preordering one, i'd go with heart internet on price unless you can find a better deal.
-
Some of the code in the examples is cut off at the top.
You can find the full version by copying & pasting an extract of the tutorial above into google.com.
-
Like many others, i despise IE. However, i dont dismiss it when building a site.
If i add something to a web page that works in firefox, chrome, opera & safari but i cant get it to work in IE, i take it out.
Compatibility is my number 1 priority.
Search MySQL All Columns
in PHP
Posted
Do you get an error message?
Also can you post the context which this query is executed? as in the code surrounding the SQL in the PHP script.