Posts by Dani

Just say it.

"it"

This it not my forte but I just wanted to jump in here and apologize for moving this question to our programming forum. I’ve moved it back to the MS Windows forum after googling your problem and seeing it’s related to Microsoft Excel. Is that correct?

Good luck! Hopefully someone who can help will be around to help soon.

That’s not trolling. There are no such thing as good-natured trolls. Apparently you disagree with the Miriam-Webster dictionary. Sigh.

In conclusion, check if the user entered a valid URL. If they didn't, prompt them to try again. Don't accept any invalid URLs into your database. This way your database only consists of nice, properly formed URLs. Then, there's no need to ever use urlencode() or rawurlencode() when echo'ing out the URLs in your HTML.

I realized I needed to clarify myself here. If a URL is already valid, we don't need to use these functions designed to encode strings used to build a valid URL. However, you will still want to use htmlspecialchars() when echo'ing out the URL, in order for the HTML being generated to be valid.

Firstly, you're completely going down a horrible rabbit hole trying to transform potentially-malformed URLs that a user enters into valid URLs. Basically what you're trying to do is if you have a webpage with a form where a user is meant to enter a URL, they can enter "hello world" and it will try to convert that into a valid URL (http://hello%20world). Honestly, if you want to create a search engine, and the user doesn't enter a valid URL, just tell the user their URL is invalid, and call it a day.

The problem with the code snippet that you posted is that you cannot assume that the path and query string aren't already encoded, or partially encoded ... and you never want to encode characters that are already encoded.

For example, suppose I have:

page.php?q=hello world

Obviously that is wrong because URLs can't have spaces. So let's run urlencode() around 'hello world' and we get:

page.php?q=hello+world

But what if your end-user submits a URL that already looks like

https://www.domain.com/page.php?q=hello+world

That's a valid URL. We don't want to do anything to it, because if we were to run urlencode() over hello+world we would end up with:

https://www.domain.com/page.php?q=hello%2Bworld

That's not the URL we want!

Similarly, we don't want to run urlencode() or rawurlencode() if the URL is not valid, because it's possible that part of the URL is valid and part is not. The user did enter a malformed URL, after all. So we can't assume that every part of …

Now since I do not know what their url formats (url structures. eg. which part of url is path, which is query string, etc.) would be I can't know in adv where to manually place the raw_urlencode() on their urls before displaying their links on my SERPs.
So, how to check a user submitted url and get php to auto add the raw_urlencode() in the appropriate place before echoing the user submitted url ?

If a user feeds you a URL, you don't want to just go URL encoding it all willy nilly. That's because, 9 times out of 10, the user will already feed you a properly formatted URL (that is most likely already encoded). We don't want to encode an already-encoded URL, because double-encoding will lead to lots of problems.

I like to use the filter_var() function, which I think I mentioned to you a few posts back in another forum thread of yours.

You can use it as so:

if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo("Valid URL");
} else {
    echo("Not a valid URL");
}

As an example, if you have:

$url = 'http://example.com/Sales and Marketing/search';

the above code will say that the URL is not valid. But if you have either:

$url = 'http://example.com/' . rawurlencode('Sales and Marketing') . '/search';

or

$url = http://example.com/Sales%20and%20Marketing/search';    

the above code will say that the URL is valid.

Another option is:

// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);

What I would recommend is asking …

Sorry for the confusion. In my example when I had:

$expected_integer = $_REQUEST['integer'];

it was because I was talking about the URL:

page.php?integer=foo

The 'term' integer has no special meaning other than that was just what I happened to have used in my attempt to point out that an integer was expected by naming the query parameter 'integer' (arbitrary name).

The $_REQUEST[] array fetches parts of the URL query string. $_REQUEST['integer'] would be null, but $_REQUEST['tbl'] would give you links, $_REQUEST['bool'] would give you null, $_REQUEST['col_1'] would give you domain, etc.

I'm sorry, I'm not understanding your question. Whenever $c is a string, regardless of if the value of that string is bool or string, if you do settype($c, 'integer'); then the value of $c will be 0.

$c = 'blah';

settype($c, 'integer'); // Results in $c is now the integer 0
$c = intval($c); // Results in $c is now the integer 0
$c = (int)$c; // Results in $c is now the integer 0 (typecasting method)

The main use cases for var_dump() and var_export() would be for debugging purposes or logging errors.

When debugging your code, you might want to be able to spit out the structure and contents of an array or object to understand what went wrong.

Dani, If my code will not prevent XSS attack then can you fix it without using http_build_query bcos I know how to use that one.

Sorry if I was unclear. The second code snippet you posted, that uses urlencode() or intval() for every variable in the query string, and that uses htmlspecialchars() for every variable that you echo out in your HTML code, is on the right track. It's okay that you are not sanitizing $i when you spit it out, because it's clear that there's absolutely no possible way for it to ever be anything other than an integer, so you're already safe there.

There are 3 simple rules to follow:

1. ALL HTML code should always be HTML sanitized. All variables that are echo'ed out in HTML should always be sanitized with htmlspecialchars(), regardless of where they appear in your HTML code (within links, not within links, etc.).
2. All query strings should always be URL encoded. You want to use urlencode() on every variable that appears within a query string.
3. All URL paths should always be raw URL encoded. You want to use rawurlencode() on every variable that appears within a URL path.

htmlspecialchars() escapes the characters: & < > " and converts them into & < > " and you always want to escape these characters in all of your HTML code, whether it's a variable or not. For example: <strong>This is my <code>!</strong> is invalid HTML, because <code> is interpreted to be an …

intval() is used when you want to convert a variable, no matter what type of variable it is, to an integer.

It can be useful if you are expecting the user to enter a number, but instead they enter a word, and you want to convert whatever they enter to an integer before they use it. For example:

// Retrieve a number from the query string
$expected_integer = $_REQUEST['integer'];

// Add 25 to the number passed in, and print it out
echo 25 + intval($expected_integer);

This prevent users from being able to do things like page.php?integer=foo and then causing errors because PHP can't figure out how to add 25 to the word foo.

PHP doesn't have a function called int() but there is a concept in programming called type casting, which is a native ability of the programming language (not through a function) to convert variables of one type into variables of another type. For example, you can do:

echo 25 + (int)$integer;

As a beginner programmer, there's not really a need to concern yourself with that. I have been doing PHP programming for 20 years and I can count on one hand how many times I've had to use typecasting. Just use intval() to sanitize user input when you're expecting an integer, before you use it.

A good use case for intval() is page navigation. For example, suppose you have document.php?page=1 and document.php?page=2 and document.php?page=3.

You will want to use intval() on the page number before you start using …

The URLs that you linked to for the two page formats are located at https://localhost/, which means that only you have access to them, since they're being served locally from your computer. Therefore, I can't tell what is on those pages.

You do want to HTML escape content with an URL, however. For example, I would do:

<a href="https://www.domain.com?foo=abc&amp;bar=def">Link</a>

and not:

<a href="https://www.domain.com?foo=abc&bar=def">Link</a>

Of course, the preferred way is to use http_build_query().

htmlspecialchars() does not prevent against SQL injections, however. It has nothing to do with SQL queries or SQL injection. Instead, it protects against XSS attacks (Javascript attacks), and things that have to do with how the web browser interprets your HTML code.

htmlspecialchars() works by escaping characters that have a special meaning in HTML code, such as < and > and " and &.

Protecting against SQL injections is important too. However, that's a different question/topic entirely, and involves protecting your SQL queries when you connect to a database. You can do that by protecting characters that are used in SQL queries, most notably quotes.

Both forms of injection attacks (both XSS injections that affect HTML code, and SQL injections that affect SQL queries), can be protected by using the filter_var() function. However, you would use different filters with filter_var() depending upon what you're trying to prevent from happening and what your needs are.

So a graphic designer who makes a graphic and puts it on a t-shirt is not a fashion designer?

LOL, goodness no! A graphic designer who makes a graphic and puts it on a t-shirt is a graphic designer who prints their graphics on a wearable medium. A fashion designer is the person who designed the t-shirt ... they either went to school for fashion design or are self-taught to understand measurements, neck lines, arm lengths, arm positioning, shirt length, shirt width, fabrics, stitching, sewing, etc.

To me fashion and graphic design are same.

Graphic design is an artist who makes digital artwork. Fashion designers create clothes. The OP had a failed spam attempt to promote a man's winter coat.

An example where designers can showcase their work. Also, Grate Artiste is great fun.

Sorry, I don't get it? That looks like graphic design, not fashion design?

What does that link have to do with fashion design?

Good-natured trolling, perhaps

That's an oxymoron. The literal definition of trolling is "to antagonize others by deliberately posting inflammatory, irrelevant, or offensive comments or other disruptive content."

A spammer recently bumped this thread and I started typing out a reply before I realized that it was someone who just copied/pasted an earlier post (which I'm going to delete just as soon as I finish typing this). I already had stuff typed out, so for anyone who still comes across this thread nowadays seeking the same help, I would recommend that you download WordPress and install it on your home server. WordPress powers a great majority of the web, and nearly every blog and content-based site. It's free to download and install yourself. It just costs money if you want them to host it for you on their servers.

You will need to install a PHP web server on your server as well as a database such as MySQL to power dynamic content (such as blogs, forums, etc.), beyond just static HTML pages that never change.

Good luck future bloggers!

A trolling vibe?! The guy is sitting with a cup of coffee and encouraging people to walk up to him to talk.

Also, I'm 99.9999999999% sure that the sign in front is Photoshopped. No clue what the original was intended to say.

68 year olds can still get out, sit in the sun, and talk to people. I urge you to take a folding table and chair, plant it on your front lawn, and sit out there with a sign that says, “You don’t belong on my lawn. Change my mind.” I’m excited to hear how it goes.

My point was simply that telling him to get a life implied that he was doing something other than being witty and trying to socialize and strike up conversations with other programmers.

In any case, the usefulness of a thing in no way depends on the thing's label. I guess in the end I would tell the guy in the picture to get a life.

The guy looks like he's having a good time enjoying the outdoors while attempting to (or perhaps, succeeding to) strike up interesting programming conversations and discussions with passersby. One could argue the people that are sitting alone, in their house, in front of their computer, posting on a forum should get a life. :-P

-Save images as JPEGs whenever possible.

Try .webp actually :)

Another alternative (that's a bit more brute force or heavy handed) is to use a CDN such as Cloudflare, which serves all your images from its super fast servers, and automatically optimizes them as .webp to boot. Cloudflare has a free tier and it's been gaining in popularity over the last handful of years.

So I just did some Googling and read that AdGuard Home acts as a DNS server "that re-routes tracking domains to a "black hole".

My guess is that it is set up to be too strict, and you're basically rerouting so much to this black hole that you're not fetching the content you need to build the webpages. For example, if you have it set up to redirect all AJAX requests or CSS or JS or so forth to a black hole, then most websites will cease to function.

The web is probably working for you only when you provide an alternate (proper) DNS server that is correctly finding the real locations of these domains.

I consider a framework as a set of libraries that make doing a particular something easier. I consider PHP a C framework because it's essentially a bunch of wrappers and libraries for C code that are designed for web-based programming. I can't speak for Python.

Hello and welcome to DaniWeb!!

What you are describing is a Javascript technique called infinite scrolling. Here at DaniWeb, we use this technique on pages such as https://www.daniweb.com/programming/web-development/6 and the Javascript library that we use can be found at https://infinite-scroll.com/

Depending on how the infinite scroll is generated, you may or may not be able to use PHP-issued cURL requests to scrape the contents.

For example, the way that we do it here at DaniWeb, is that our pages are actually paginated (into page 1, page 2, page 3, etc.). We then have some Javascript that tells the web browser that when the end-user scrolls to the bottom pf page 1, load up the contents of page 2, and inject them right into the HTML at the bottom of the page 1 that the user is viewing. Then, as they continue scrolling down, load up the contents of page 3, and so on and so forth. With that type of setup, one could easily issue cURL requests individually to page 1, page 2, and page 3.

However, that does not appear to be what Youtube is doing. (Alas, they are much more sophisticated that my measly method.) The only way I think you can retrieve the contents beyond the subsequent first load of the search query would be to use a headless web browser that is capable of emulating scrolling down a page.

A headless web browser is basically an automated web browser that is not interacted with, …

Sorry, I don't know enough about Python (beyond a single programming course in college, 20 years ago) to make a judgement call. But I would definitely say that PHP is a web framework for C. (I mention PHP b/c that's what I'm knowledgeable in.)

Maybe it needs an update to include "don't feed the students answers."

That's not against our rules.

<img id="photo" img src="photo.jpg>  The pjoto is in same folder as code.

You are missing the closing quote after photo.jpg. You also have an extra img inside the tag. It should be:

<img id="photo" src="photo.jpg">  The pjoto is in same folder as code.

The Films opening div tag is missing its closing bracket.

<div id="Films"

It should be:

<div id="Films">

The Profile opening div tag is also missing its closing bracket.

<div id="profile"

It should be:

<div id="profile">

IDs must be one word, and typically lowercase.

<div  id = " Favorite Artists"></div>

Should probably be something like:

<div id="artists">Favorite Artists</div>

In the CSS, you have:

photo{
    border-width:2ox;
    border-color: blue;
}

If your CSS is selecting an element tag (<h1>, <div>, etc.) then you can just select that tag, as you've correctly done with h1 { ... } and h2 { ... }.

If your CSS is selecting elements that have a particular class, then you preface that selector with a .. For example, you will want to use .border { ... } to select something such as <div class="border"> ... </div> but I don't see you using the border class anywhere in your HTML, so that part of your CSS is currently being unused.

If your CSS is selecting elements that have a particular ID, then you preface that selector with a #. For example, to style <div id="profile"> then you would have CSS that looks like #profile { ... }.

You currently have CSS that looks like photo { …

If the webpage keeps disappearing and then reappearing in Google’s index when you manually resubmit it, it is most likely because Google doesn’t consider the quality of that page as valuable.

You also have no control over what portion of a webpage Google chooses to show in the search results. Often Google will actually rename your title tag, and use a different description relevant to the search query.

Here's task - Add a CSS rule for all span elements that are children of h2 elements that sets the text color to #FA9F42 and its font size to 0.75em.

This applies to all <span> tags that are anywhere inside <h2>. In other words, the span can appear as either a direct child or as a descendant of the h2 tag. So if you have something like: <h2><i>Blah<span>Blah</span></i></h2> then it will apply to that span, even though it is not a direct child of <h2>, but a descendant. (Since it's a child of <i> and <i> is a child of <h2>).

h2 span {
    color: #FA9F42;
    font-size: .75em;
}

On the other hand, in this case, the span is only triggered if it is a direct child of h2. It would not be triggered by my example above where the span is nested inside i.

h2 > span {
    color: #FA9F42;
    font-size: .75em;
}

Ah, just noticed you have another thread started about how to post code as well.

Once you show your HTML as well as the CSS you have so far, and exactly what you’re trying to accomplish, I’ll be able to help you out.

You can also post code as a text file attachment, but it won’t be highlighted or get line numbers.

Click the little code button (third from the left in the editor toolbar) to insert code.

You may have encountered a weird error message trying to log into DaniWeb today.

We were victim to a signup attack yesterday where 1000+ bots figured out a way around our CAPTCHA and signed up. I've tightened up the signup + login forms today to prevent this from happening again in the future. In the meantime, there were moments of things not working on and off, as I was tweaking the settings, because, let's face it, I code in production.

Oh, it seems that that column of the database has some characters in the string that PHP is having a difficult time with.

I would use PHP's built-in filter_var() function.

https://www.php.net/manual/en/function.filter-var.php

https://www.php.net/manual/en/filter.filters.sanitize.php

Do you know what in the serial number specifically PHP is choking on? It's very odd that the page is just timing out. I've never seen that before.

But as soon as I use the serial number as a variable, then the query fails without any error messages or warnings.

Can you explain to me what you mean by as soon as you use the serial number as a variable? When you do echo $serialnumber; and get the correct output, you are using the serial number as a variable?

Oh I see. So the page is timing out.

I’m addition to setting the field collation, are you setting it on the php side as well for the MySqli connection?

I would store them as plain text, but I suppose it does matter what purpose you are storing the data for. Does it need to be searchable?

This isn't the type of question we answer anymore here at DaniWeb because, in the past, it just turned into a gigantic spam-fest.

However, I would recommend finding lots of links to such resources at www.blackhatworld.com

However, I don't believe backlinks from forum posts will be very useful to you from an SEO perspective. This is especially true because your websites appear to be very niche ecommerce sites. I would start a blog on your website targeted to your potential customer, and then try to gain backlinks to those blog articles. You will have a much easier time than getting backlinks to ecommerce product pages, and Google loves long form content pages much more than product description pages. Also, you're going to want to make sure that the backlinks come from sites written in Vietnamese (or whatever language your website is written in), and are on-topic and relevant.

Sometimes we want to know if the webpage was fetched over an SSL connection (e.g. the URL begins with https:// instead of http://). This way, if an end-user is accessing an insecure version of our site, we can redirect them to the secure version.

The following PHP function called no_ssl() returns true if the end-user is not using SSL, and false if they are. This way we can redirect them as so:

if (no_ssl())
{
    // For the purposes of HSTS, we don't want to change the HTTP_HOST
    header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], TRUE, 301);
    exit;
}

You'll notice I made a reference to HSTS in my code comment. HSTS is a policy that, when implemented by a domain (e.g. example.com), as we have, effectively forces [compliant] web browsers to only load the secure (https) version of all resources located on that domain.

Is it working?

So far, so good. Slowly and steadily. The biggest thing I've done in the past 5 years that had the biggest wins was noindexing thin content and adding non-content pages to robots.txt.

For me it's been posting long form tutorials and then linking to them from social media.

Why not use static in your first example?

Honestly, because I wasn't aware that it would produce something different than self::VAR!

If you print the variable after construction is complete then the Bar instance should show "bar".

Doing something like this, still results in foo being printed out twice:

class Foo {
    const VAR = 'foo';

    public function echo() {
        echo self::VAR;
    }
}

class Bar extends Foo {
    const VAR = 'bar';
}

// This will print out 'foo'
$foo = new Foo();
$foo->echo();

// This still prints out 'foo'
$bar = new Bar();
$bar->echo();

Putting what pritaeas is suggesting to code, it would look something like this:

$path = $SERVER['SCRIPT_NAME'];
echo "\nThe path is: $path";

$pieces = explode('/', $path);
echo "\nThe pieces are:";
var_dump($pieces);

$last = end($pieces);
echo "\nThe last piece is: $last";

When I was building my API, I lived in Postman.

For some reason, PHP class constants don't play nicely with inheritance.

For example, suppose you have the following code:

class Foo {
    const VAR = 'foo';

    public function __construct() {
        echo self::VAR;
    }
}

class Bar extends Foo {
    const VAR = 'bar';
}

// This will actually print out 'foo' even though we would expect it to print out 'bar'
$bar = new Bar();

You can see here that there is a class Foo that has a constant variable named VAR, and the constructor function for that class (that executes when a new object of that type is created), says to print out the value of that variable.

We then have a second class Bar that extends class Foo. With this type of inheritance, child class Bar is meant to inherit all properties and methods from its parent class Foo. The problem, unfortunately, is that this doesn't extend to constants. The solution to this problem is to use ReflectionObjects. The code below demonstrates the proper way to retrieve a class constant that obeys inheritance.

Hi,

Do you still need help with this? I'm a bit confused what you're trying to do because it looks like you're trying to use PHP's number_format() on a Javascript value, which isn't something you can do.

But I don't understand one thing that why do you want to record the bot traffic?

It can be useful, from an SEO perspective, to keep track of how Googlebot crawls your site. I've since updated this code block to also send to Google Analytics whether the page has been noindexed nor not. So now in my Google Analytics, I have views called "Broken Pages", "Indexable Pages", and "Wasted Crawl Budget". The Broken Pages view is any page that doesn't return 200 OK, so I can find a list of all URLs googlebot encountered that might be a 301 or a 404, and I can fix those. Wasted Crawl Budget is any page that Google crawled that was noindexed, so I can optimize my internal linking structure so Googlebot never has an opportunity to encounter any page that's noindexed. (Unless it's from an outside backlink).

Oh that site is PURE AWESOMENESS!

I’ve made some UI changes to our forums page after my husband told me it looked too old school and like a 1990s webpage.

Let me know your thoughts: https://www.daniweb.com/forums

As you may have noticed, I also made some changes to the sorting and filter buttons on forum listing pages. Some of you were complaining that you didn’t understand why forum pages showed just the “recommended” topics and in a random order, so I tried to make it more intuitive what is happening behind the scenes. No functionality has been changed. This is strictly a UI tweak.