Posts by ryantroop

are you sure you have the correct URL? Are you sure they exist?

When posting questions like this, it really does help to have a "live" demo page available. That said...

A couple comments on what I do see...

you have a "fixed" footer, which removes it from the page flow no matter what - which means being structured inside the "container" element does nothing for you. In fact, it may be part of your problem depending on the browser and how it handles a fixed element inside a relative element (im pretty sure the "right" way for a browser to handle this is to ignore the relative element completely, but shrug who am I to say so?)

That said, your "container" element has a height of 100% - of what? Since your HTML and BODY tags do not have a given height, this particular bit of CSS is worthless. This means that all of the "height" comes from block elements with height that exists within the flow of the document within this container. So, if all of that adds up in size, and then you have your height 100%, you basically have double the height of the parent container - and if that causes an overflow on the page - then there's your problem.

So I went and plopped this into JS Fiddle (https://jsfiddle.net/kdvx5yes/) and you can see the result - it's not pretty. If that's not at all what your page looks like, then some other things appear to be missing, and not given to us via your code snippet …

To answer your question - yes, you would limit to only the last 10 posts with your query.

You query would look something like this:

select
  U.UserKey,
  M.MessageKey
from
  User U
    LEFT OUTER JOIN Message M ON M.UserKey = U.UserKey
 where
   M.MessageKey IN (select M2.MessageKey from Message M2 where M2.UserKey = U.UserKey order by M2.PostDate DESC LIMIT 10)
 order by
   U.UserKey (or whatever.. date?)

Of course, your mileage may vary... but this should hopefully get you started.

For speed, you may want to use an inner join instead of "IN", but then youre gonna have some struggles dealing with the LIMIT and the order.. truth be told, Im not sure how best to do it without an IN, but I've always been told that an IN can always be replaced by a JOIN of some sort.

To put it in other words, I believe what you are being asked is to take all the values from the first two rows and multiply them.

If you think of your 3x3 array as an array of arrays:

//demonstrative
int A[3][3] == [ [a,b,c], [d,e,f], [h,i,j] ];

You know the size of your arrays, so you can loop through them A[0][0] through A[0][2] and A[1][0] through A[1][2].

You can do this using two for loops (one for each dimension, that iterates through the sizeof each row), or using a single for loop for each dimension (since you know you only want row 0 and 1.

Alternatively, you can access them by pointer (since that's basically what they are under the hood any how).

Lots of ways to skin the cat..

Logically, dollars is just the floor(total/100) and the cents is total modulo dollars. Of course, you get in trouble when dollars is 0 so just do a check and make it modulo 1 instead. I would also do a check to make sure those ints are unsigned otherwise you get other math errors.

try stream_get_line instead.

http://stackoverflow.com/questions/16560755/fgetsstdin-automatic-line-break

Well, it very well can be old hardware... but.. anyway...

Things that destroy sessions:

-302 server side (a redirect from code).
-Non relative links.
-session_destroy()
-overriding the $_SESSION superglobal (say, assigning it as a variable, and not just a member of the super global. ex: $_SESSION = NULL instead of $_SESSION["User"] = NULL).
-Pretty much anything that sets a header before session_start() is called (which means, in that fancy dancy session function you have, it may be doing some work that happens twice before session_start() actually get called or completed.)

Lastly.. it is entirely possible that your hardware is so strangely slow that by clicking a link before the script has finished executing the next page that a redirect header is output (you will have to check your network activity), and thus destroying your current session by putting a new on that is set after the header is output.

If it's none of that, it might require a peek at your code to see what's up :-/ Or a server configuration...

:-/ I.. really don't know what to say here. The difference between a left join and a right join are... I guess a design choice...

however, I still think the answer above is a bit over complicated.. as seen here:

http://sqlfiddle.com/#!9/8ca784/2/0
(it's slow, I know, but let it load)

And to be quite honest, I feel this is as close to a homework query as you can get... so I didn't feel like answering it outright out of principle. Sorry if my assumption is incorrect, but this is pretty simple stuff for SQL :-/

Well... that's a design consideration... if you want a light weight landing page for quick scripts, then make one. Im not sure what heavy weight stuff you are going to be doing, but if it's a database lookup, or processing data in some way, it should be very fast. If you want to break up your pages into a recieve and process structure, that's fine too - you can use cURL at the end of the recieve script, send it off to a processing page, and be done with it. You can also spawn threads and let them take care of it as time permits, and set up a queue.

Again, depending on what you are doing, and how much work really needs to be done, you may be trying to over-optimize before optimization is a problem :-/

As I understand it, the php module sits and listens to ports and creates an instance for each request. Therefore, without some sort of data caching, there should be no appreciable difference between the two methods you describe other than the overhead for traversing a directory.

I disagree that changing the header type of the AJAX call is the ONLY change that needs to be changed. The reality is, as long as a request without headers (or default headers) is being returned as plain text, it is a HUGE security vulnerability.

For my 2 cents, I would encourage you to look MORE into the nginx configuration to see if there is a way to set default headers.

After browsing through this:
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

You may also want to make a few other changes, as it seems to be a very straight forward primer for nginx configuration do's and don'ts..

from what I see you are already using try_files, and you should probably use that in the check for the file existence before the redirect as well. It is also possible that since you are not doing a "return" or stopping execution after the redirect, it is continuing to process further down the config file and try_files is actually returning the file you asked for, so behind the scenes you are getting a quick redirect, then a read of the file you just processed.

You may also be interested in this answer: http://serverfault.com/a/329970

Is the data coming in exactly the same? I cant imagine that two finger print readings are completely identical.

I don't know enough about your device or their API (or, really, the whole physical security thing as a whole), but I assume that the proper mechanics of this would be scan->process->save and then scan->process->match where "process" is some sort of algorithm that finds matching unique indicators of finger prints. The actual image itself is fairly worthless, IMO, unless you want to scan the entire database every time someone scans, and then reprocess the image and compare it to the new sample (which seems obnoxiously slow... but hey, it might be a more secure route :-/ )

http://vanilla-js.com/

SSL will do a number of things for you, including encrypting any plain text data moving between client and server.

If you simply want to obscure (or have a referential pointer to) data, you can do this very easily - but it's not security (most call it security through obscurity; aka doomed to fail).

As far as the GET/POST parameters are concerned, they will always be plain text to the client. If they need to be encrypted at run time, they have to be parsed on the page in their encrypted state, and your receiving script will have to know how to decrypt the data. Making a caesar ciper (http://practicalcryptography.com/ciphers/caesar-cipher/) is not all that complicated, but it's also easy to crack. If you want true encryption, you will have to read up on PHP's encryption/decryption methods and how to implement them. For what you are using them for, however, seems a bit overkill - but to each their own...

in:
.thumbnail .info

with the negative margin, also add "position: relative"

https://jsfiddle.net/6jbgqz0g/

<div class="parent">
  <div class="bottom"></div>
</div>

.parent
{
  position: relative;
  display: block;
  width: 300px;
  height: 200px;
  background-color: #25f;
}

.bottom
{
  position: absolute;
  width: 50px;
  height: 10px;
  left: 50%;
  margin-left: -25px;
  bottom: 0;
  background-color: #4ff;
}

So at this point I'm gathering that you did not initially write this, nor do you understand how the static keyword works in php functions. In order to explain some of this, I will have to explain some other things so I can get my point across clearly.

First - $pdo outside the function...
If you are not familliar with scope, you're going to get a crash course. In a blank <?php ?> block, any variable declared is considered in the "global" scope. This means any declared function, any sub function, any include, any whatever, can access the value of that variable without explicitly being passed into the function.

When functions run, they do something, and then the memory to said function gets released and "garbage collected." If inside of the function's scope you add the "static" keyword to a declared variable, it gets put in a psudo global state - basically, you tell PHP to NOT garbage collect it. This does a few things... one, it prevents the function from being "garbage collected," and second, it gives access to the variable outside of the function. In this programmer's opinion, this is bad design - if you want a global variable, make a global variable - making one on the fly from within a function is asking for trouble when debugging.

Now, the why - whoever wrote this for you had the intention of $pdo of being reused - and also to save trips to the database every time …

You will need to communicate more clearly what you are trying to accomplish.

The height of the inner boxes is irrelvant. I could have done 50% and given the container box a height, which in turn could be relative in height to another container.

Also, you clearly modified the code I provided as

.container .Box:first-of-type { height: 250px; }

is most definitely not in the fiddle I provided.

I would encourage you to play with the fiddle a bit, and learn some CSS. There are many many ways to do what you are (likely) asking using pure CSS without any javascript hackery.

If you REALLY need fluid layout and you want size indepenence, you may want to look into flex-box layouts, but they are still currently difficult to use due to cross browser compatability (and vendor prefixing).

Edit:

here is the same thing, using the container element to provide height for the inner elements:
https://jsfiddle.net/08c1g4cm/1/

The .Circle class can also be modified to take height from the parent using % but I did not know if that is what you want/need. Also, if you are going to have text, you will need some way to scale that as well (such as using em instead of px).

All I see there is a container div and 3 child divs. Two relative positioned divs are block with height and width, one is absolutely positioned with appropriate margins / positions set (either with calc() on margin or top/left) - it also has a border radius of 50%

I am unsure if I understand your question correctly.. as this seems pretty straight forward.

Is this what you are talking about?
https://jsfiddle.net/08c1g4cm/

The whole point of the private key is that it is stored only on the desitination server (or, in oAUTH's case, it is also stored on the Provider's box who acts as the authenticator, so it's in 2 places) - i.e., it is private. If the user in question got a hold of the private key, you likely have other security breeches to worry about (like, the fact that they have user access to your destination machine, or the machine of the Provider).

It sounds like you are fishing for flaws in security systems. There is a reason we rely on standards, and what everyone is telling you is current best practices and standards - that's because they are, for the most part, vetted and proven safe. Regardless if we are talking about MITM attacks or not, the method of securing the transmitted data remains the same. Somehow, some way, you encrypt the data you want to send, and it is unencrypted on the other end. If it doesn't match up or is somehow broken, it's considered insecure. End of story.

In regards to your "hypothetical," it is impossible to know how the individual in question did what they did without some form of forensics to back up the claim, or some sort of proofing that duplicates his actions. It's really just that simple - there is no way, short of a mental exercise in futility, that anyone here will stumble upon the exact way someone cracked one single stream …

Disclaimer: This is my understanding of how all this works - if I am mistaken, or uninformed, I would love to be better educated on the topic.

So the way you as a programmer defensively do this is to use a method similar to oAUTH 2.

You have a package (your data), which is encrypted with a key. The bundled package is sent along with the unencrypted state (or you can encode it or whatever you like (base64 is popular)), as well as the PUBLIC key for the recipient machine to decode your data, and the encryption method (which you can ommit if you know the method since it's your application, but obscurity will only get you so far).

Over HTTPS, this will go a step further and do a handshake to verify the machine that it is receiving data from is consistent. As far as Man in the Middle attacks, you will forever be vulnerable because you do not set up direct connections between machines when communicating over the internet. There are routers, load balancers, and every other type of machine out there. It will happen. It does happen. Move on with your day and code defensively to expect it to happen.

Now, lets look at what your little data package is gonna do. Since it is encrypted and encoded, the man in the middle would have to be able to do a number of things quickly. Intercepting the data is one thing - since you have to send …

You would need to iterate over your $data array.. soo...

for ($Lup = 0; $Lup < sizeof($data); $Lup++)
  echo StringifyCartArray($data[$Lup]);

Or some variance of that, depending on your need.

it all depends on your data structure... I cant possibly answer your question without knowing more about how the data looks.

From your example, your most basic data had only 4 parts, so it would be silly to iterate through only 4.

If you have, say, 50 fields, then yes - iteration is likely the best method, but then you kinda lose the customization of your string based on index...

youre asking theory questions at this point - instead, why not show an example of what you are actually working on and you will get far superior answers that are more relevant to your exact problem. I can show you all the tools in the world by pointing you to php.net, but without knowing the job it's impossible to tell you the right one. (think, jack hammer to hang a picture? I think not..).

In my opinion...

extract() can be dangerous if you have an array key that matches a variable you already have in use in the namespace. In reality, all that extract is doing under the hood is looping through they array with a foreach loop, and using the $key part to declare a variable for you (to many developers, this kind of automation and magical creation of variables is bad since you did not declare it explicitly and therefore risk overwriting something of your own on accident, making a near impossible to find bug in your code).

If your array is always going to be the same, I would encourage you to make a sub function that processes by index, something like:

function StringifyCartArray($aArr)
{
  return $aArr[0] . " ( " . $aArr[1] . " x " . $aArr[2] . " ) " . $aArr[3];
}

Or, if this in a function already, simply access the variables by array index.

Of course, in the example above, if you have a two dimensional array, ($data), you would pass in $data[0], eg:
$message = StringifyCartArray($data[0]);

Reasoning:
As I understand it, arrays in PHP are not "really" arrays - they are more like iterable hash maps (like in javascript). These hashmaps are stupid fast already, so why bother iterating if the data is never going to change? And even if it does, if you abstract it out to a function, all you have to do is change the function to consume the …

I am a little confused as to what you are trying to do...
You have the solution to your question in your original code, it seems.

Can you show an example of your expected output, please?

I also question the need for making a file for each email sent, especially by name of the sender..

If you have database access, you should probably use it. You can templatize a single php page, and get the values from the database for that user. That way, you also have a paper trail of all the emails you sent out, and you wont be sucking up so much disk space making new files.

Just my 2c

Looks like StefanRafa is not a valid column name in your table kladilnica

Try adding quotes around '{User}' on line 18.

You are not asking the function to return the set, you are asking the function to return the second element of the set. (return x[1])

If you want the set returned, simply return x

It's likely something you will have to contact the host to help you with. Most of the time, shared VMs will have a hard cap limit on what they can execute and how many resources they can take up, based on what you pay for.

As an alternative, how about you limit your query down to something a little more realistic. If you are getting that many results with a 10gb database, what good is all that data doing you? You may consider pagification, or simply being more concise with the data you are looking for.

You may also wish to look at their TOS as it references exactly what is happening to you :-/

TL;DR - call them or fix it so you're not pulling so much data.

You can use a combination cookie/ip as well as javascript localStorage. You can hold a session in localStorage that will re-initialize regardless of cookie or ip change. However, localstorage can be wiped out just as easily as cookies. Most people dont bother clearing cookies anymore, however.

The only way you can realistically track an individual's activity is by forcing them to log in through some fashion, and keeping that session data available. IP Addresses, LocalStorage, and Cookies, are tools you can use to track, but all of them are (as you stated) deletable or mutable in some fashion.

The other option is to look into browser fingerprinting. However, this too is mutable in some fashion (uninstalling a plugin, or changing a timezone), and therefore if you really want to look at uniqueness, you will have to implement a combination (or persistent cookie / evercookie), or have some sort of login mechanism.

Realistically, IP addresses don't change very fast. You can likely timestamp an ip address, and if it is within some range (1 week? 2 weeks? a month?) then you ignore the click. You can combine this with any sort of cookie / session / finger printing you like, but ultimately, it will be prone to failure somewhere along the chain without a user initiated session.

including stdlib.h and time.h...

     srand (time(NULL));
     int iRand = rand() % 20 + 1;  //give me a random number between 1 and 20

More info can be found here:
http://www.cplusplus.com/reference/cstdlib/rand/

Note, however, that this method is only pseudo random, as noted in the link. Other options that can better support a uniform approach to random generation in C can also be found here:

http://stackoverflow.com/questions/822323/how-to-generate-a-random-number-in-c

note: this is not my code, but from the link above --

    /* Returns an integer in the range [0, n).
     *
     * Uses rand(), and so is affected-by/affects the same seed.
     */
    int randint(int n) {
      if ((n - 1) == RAND_MAX) {
        return rand();
      } else {
        // Chop off all of the values that would cause skew...
        long end = RAND_MAX / n; // truncate skew
        assert (end > 0L);
        end *= n;

        // ... and ignore results from rand() that fall above that limit.
        // (Worst case the loop condition should succeed 50% of the time,
        // so we can expect to bail out of this loop pretty quickly.)
        int r;
        while ((r = rand()) >= end);

        return r % n;
      }

}

I have never used SQLite, so I cannot comment on that one - however, if you are going to be using an internet based system of data management, MySQL is a fine choice.

Without some sort of pre-processing, and making some sort of tokenized batch and sent to either a stored proceedure or a series of functions to untokenize, there is little you can do to run a mass update like this. However, tokenization should be very fast, and since it's just string manipulation up front whatever you are using should also process very fast.

The speed deficit you are experiencing is likely that you are doing thousands of inserts, which causes a lock on the tables, which in turn will have to adhere to any foreign key constraints and locks you have in place. No matter what you do, since you have to insert or update, you will always have these table locks, even with tokenization - however, if you tokenize you take one more thing away from your database software to have to deal with.

On the other hand, if you are pre-parsing, and all you are doing is running the same "insert into A (col1, col2, col3) values (val1, val2, val3);" over and over, you can't really get any faster than that. At that point, you will have to see if your processing code is taking long or the database (or both), and begin to optimize based on which is taking the longest. If you are trying …

I had a typo on line 10. It should read :

var myFriends = [
{firstName: "Bertrand", lastName: "Michel"}, 
{firstName: "Michel", lastName: "Bertrand"}, 
{firstName: "Henri", lastName: "Michel"}, {}
]; //this is an array of objects
var myFamily = {lastName: "Michel"}; //this doesnt have to be an object, but whatever.. in fact, you don't even use this?
var myFamilyMembers = []; //this is an empty array
var oObj; //declare outside to save cycles
for (var i=0;i < myFriends.length;i++) { //iterate through the array
    oObj = myFriends[i];  //set oObj to be the member of the array by index
    if (oObj.lastName && oObj.lastName == "Michel")  //check the value directly (I think you mean here oObj.lastName == myFamily.lastName)
        {
              myFamilyMembers.push(oObj);
         }
console.log(myFamilyMembers); //Im not sure you want to do this with each pass, but whatever floats your boat...
}

I encourage you to read the comments, and follow along with what the code is actually doing. You are misunderstanding the types of loops presented.

You are confusing an iterative loop (for loop) with an object lookup loop (for-in loop). They are not interchangable in any way, and will give completely different results. Example..

for (var i = 0; i < 10; i++) //this says, as long as i is less than 10, continue doing this
{ 
    console.log(i); //write the value of i to the console
}

for (var c in oObj) //walk through the object oObj, and let the variable c represent the "name" of the parameter
{
  console.log(c); //write the name of …

In your example, myFriends is an array of objects. (Ln. 1)
Your iteration is for object notation on Ln. 8. the for ... in construct only works on "objects" that have properties. Now, since everything in javascript is an extension of a root "Object" (other than primitives) your code does not fail. All you have done is map the variable "friend" to be a reference to a property of an "array object" that you are then iterating through. You are lucky that you are not getting any errors, as you are trying to reference a property that simply does not exists in the properties of an array, and the JS VM should have considered this a problem.

Here is what you are trying to do...

var myFriends = [
{firstName: "Bertrand", lastName: "Michel"}, 
{firstName: "Michel", lastName: "Bertrand"}, 
{firstName: "Henri", lastName: "Michel"}, {}
]; //this is an array of objects
var myFamily = {lastName: "Michel"}; //this doesnt have to be an object, but whatever.. in fact, you don't even use this?
var myFamilyMembers = []; //this is an empty array
var oObj; //declare outside to save cycles
for (var i=0;i < myFriends.length;i++) { //iterate through the array
    oObj = myFriends[iLup];  //set oObj to be the member of the array by index
    if (oObj.lastName && oObj.lastName == "Michel")  //check the value directly (I think you mean here oObj.lastName == myFamily.lastName)
        {
              myFamilyMembers.push(oObj);
         }
console.log(myFamilyMembers); //Im not sure you want to do this with each pass, but whatever floats your boat...
} …

You cannot, in any fast way, compare objects directly in JS.

The only way to check values is to iterate through the object and compare values directly for what you are looking for (or, as you pointed out, simply check the value directly). Since all an object really is on the inside is a giant hash map, lookups like this are very fast - as long as you know the key.

Your example is a little vague on what you are trying to accomplish. What is your end goal, and maybe someone can point you in the right direction.

To iterate, in case that was your question, you would do something like this:

//I am looking for "two"
var oObj = {a: "one", b:"two", c:"three"};
for (var cParam in oObj)
{
    if (oObj[cParam] == "two")
        {
              console.log("Found!");
              break;
         }
}

I too went from teaching to programming. I had the same worry as you did. The best advice I can give you is to bring code examples with you to any interview, stuff you can explain in your sleep, and be prepared for the interviewer to push you past your comfort area. They will determine if you are what they are looking for, and if they want / need to train you.

Your skill set may be perfect for an older code base, and your experience may be perfect for a company looking to groom a specific style of programmer. If you know your fundamentals, can explain at least SOME code and know the principles behind what you are doing, and are friendly and easy to work with then it really comes down to if they like you and if you are what they are willing to invest in.

If you want to be a professional programmer, be a professional programmer. If you see yourself there, it will be.

As a side note, I learned more from sitting in a handful of interviews than I did in any academic setting - simply by being exposed to production code and being challenged to use my knowledge. You will get to read some interesting stuff, and see how people tackle problems differently than you do, or how you were taught - sometimes in ways you didn't even think of trying!

Interview for whatever position you like :-) What's the worst that will …

Your JS function needs to accept a parameter, and the PHP ouputs said parameter...

while($row = mysql_fetch_array($res)){                       
echo "<tr>".
"<td> <p><button onclick=func({$row[0]}) >View</button></p>  </td>" 
    ."</tr>";

is technically "fine" (assuming $row[0] actually prints something), though I do not think you should have a <button> tag inside a <p> tag. You may want to replace the paragraph tag with a <div> instead, but I don't know your markup or your particular needs.

however, your script should be something like...

<script>
function func(foo)
 {
    window.open("window.php?myParam="+foo,'Eployee Details','width=545,height=326,resizable=yes,scrollbars=yes,status=yes');
 }
</script>

and then window.php should accept a GET paremeter of myParam (or whatever you want to name it).

Once you return something in JS (and most other languages) any data further down is ignored. So, your scoped "name" function returns with firstName + lastName, and the rest is forgotten.

I cannot think of any way to do what you want without making a new method

Instead...

function person(first, last, age, eye) {
    this.firstName = first;
    this.lastName = last;
    this.age = age;
    this.eyeColor = eye;
    this.name = function() {
        return this.firstName + " " + this.lastName
        }

    this.capitalize = function() {
        return this.firstName.charAt(0) + " " + this.lastName.charAt(0);
        }
    };
}

var myFather = new person("John", "Doe", 50, "blue");
document.getElementById("demo").innerHTML = "My father is <b>" + myFather.name() + "</b>";

document.getElementById("demo2").innerHTML = "His captial letters are <b>" + myFather.capitalize() + "</b>";

However, if your intention is to make chainable methods then you will need to change the way you think in terms of script.
Instead, think of the object as a container (or a class) that has mutable characteristics that have built in getters and setters (unless you decide not to do that, in which case you will also have to change your syntax a bit).

example of chainable methods:

var foo = function()
{
  this.Data1 = null;
  this.Data2 = null;
  this.bar = function(value)
  {
    //do something to my data
    this.Data1 = value;
    return this;
  }

  this.bar2 = function(value2)
  {
    //do soemthing to my data2
    this.Data2 = value2;
    return this;
  }
}

//I can now do...
var myFoo = new foo();
myFoo.bar("hi").bar2(22);
document.getElementById("whatever").innerHTML = myFoo.Data1 + …

The only way to dynamically size an iframe is to let the frame load and at the end of the onload event make a call to the parent that returns the content's scrollHeight and scrollWidth.

You can do it the other way (by querying downward) but in my experience you get some serious timing issues with the layout because you can't guarantee that the CSS is applied when the iframe considers itself "loaded"

You will also have to set the actually height and width attributes on the iframe, as it will not accept CSS modifiers.

generally, the way this works -- the you write your connection + query in PHP, gather your data, and use PHP to format the output. This can be its very own .php page, or a library, or however you see fit.

Since PHP will format your output (and set the appropriate headers for the data type), all you will need to do is call that page via an AJAX call, and either JSON.parse the text response from PHP or hope that the browser understands the headers and believes you that it's JSON data as the return.

Once you have your data in JSON format, you can use it as an object (or, any of the data types that your data is in, be it an array or just a parameter block).

You can use Javascript to iterate through your data, set whatever needs to be set, and allow your styles to control layout as needed.

Of course, if this is a one off page, it may just be easier to have PHP do all of this and not need the AJAX call at all. AJAX is for dynamic pages that need to update without a full page refresh.

Based on your use case, I do not think that a hash is sufficient for your needs. A hash is one-way, and then you do a comparison lookup against the hash.

What you seem to want is encrypted text, with a method for decryption within your application.

Depending on your program language of choice, you will have lots of options on what method of encrypt/decrypt you can use, including the algorithm and whatever data you want to string together (i.e., your data + your salt). Your salt can be anything that is unique to the platform (such as a GUID).

By simply hashing, you will just be putting a hashed version of "yesican" into the registry instead of a plain text version - however, if you cant decrypt it, then you will end up having to use the hash instead of the plain text for the password. (i.e, the hash becomes the password, and the plain texts is irrevokably lost).

I am not a VB writer, but this should at least get you started:
https://msdn.microsoft.com/en-us/library/ms172831.aspx

They are out there.

More likely, you will find companies that make automated pen-testing tools, which they license for use on your system. Their job is to update their tools to attempt to breach your system using common (and some less commong) hacks and methods.

You, of course, are also free to write tools of your own - but that's a full time job in itself to try and keep up with the latest and greatest threats to any given platform, language, and mode of data shuttling.

All the best security flaws are implemented with the best of intentions.

Tomorrow, your C# stack could blow up because a major vulnerability in .NET surfaces. Likewise, the years and years of unstructured code that is poured in from the open source community to manage and update PHP is bound to have loop-holes. Windows gets patched regularly for all their security updates, and Linux kernals are just as open to problems.

Your question comes down to this:

As Im walking down the street, which do I need to be more worried about?
A brick falling on my head and killing me?
The sidewalk giving way and I fall into a sink hole and killing me?
Someone robbing me and then killing me?
A heart attack, with no help, thus killing me?

The reality is - you can't ever really know until that crap happens. Code defensively to be pro-active, and keep up to date on latest threat vectors. You alone will likely never be able to manage all the possible attacks and vulnerabilities available to attack a web platform. You can mitigate much of it, though, and that comes with learning best practices, and thinking about what the most nefarious of users will do to destroy your system.

There are also a number of tools available to automate attack vectors and see if you have any insecurities. On top of that, you can write your own tools to verify you are not having an issue with …

Part science, part art. It's a way to challenge ourselves to solve new (to us) problems, and give us a puzzle to not only solve, but improve upon when everything finally works. It is a beautiful, fairly universal mode of communication, and there is just something so peaceful about code that not only runs fast, but its also aesthetically pleasing to read.

I think what priteas is trying to get across to you is that you need to change your thinking.

Consider it this way: "only display the box when there are images to display."

That way, you are not trying to "fix" something post render or mid build.

Whatever system you use to process payment (either a payment gateway directly, or a service like paypal) will likely have a copy/paste or include PHP script for simple transactions that you call (like a function, or doing a cURL call to), or a more robust API that you can make your own code for, as long as you follow their standards.

Yes, there is likely a fee. Most will charge a monthly or annual fee, as well as a % of transaction fee (usually between 1 and 3%).

heh... I think diafol was trying to say why not store the images on a web server, and only store the paths (ex: http://mysite.com/images/myimage.jpg) to the images on that web server in the database - that way you are only retrieving a small amount of text (the URL) as opposed to base64 encoded garbage, that will take however long the transfer time is to load EVERY SINGLE TIME you load a page - as opposed to a cached image (png, jpg, etc...) that will only have to load once, and then any time the user comes back the image is ready to go and will significantly lower your page load times.

While storing image data in the database is not a bad thing, it certainly is a "right tool for the job" sort of thing.

If you are going the database route - which you seem intent on doing - then you will still need a valid html <img> tag, and set it's source to the output of the database.

While databases are very fast, in terms of web development, in general, the database is the slowest component. Bogging it down by doing a very long read with upwards to a megabyte of data for each image, will only make things slower.

Each user has a specific, unique, identifier, yes?

Pre-pend your root object with that decorator.

Ex:

UserData:{foo:1};

Can instead be:

1331UserData:{foo:1};

Then your code can look for said data by something like:

localStorage[userID + "UserData"];

Mind you this is all pseudo code so you'll still have to do some work.

Happy coding!!

It is highly unlikely you will get a time stamp that perfectly matches another down to the millisecond. However, you can always do your query something like

select MIN(id) where date = 'mydate'

That way if you have an exact match, only the first id will be returned, and since it's first in the table they were obviously first to submit.

None of them alone will do much of anything.

Facebook will likely have the largest user base, and will also allow public display. Twitter is more of a social communication platform. Linked In would be sorta good for your b2b market.

Even if those are not your big 3 in your market, whatever one you decide to work with, you need to attract followers / subscribers and keep it relevant. Just having the page made does nothing for you.