0

Can someone tell me what does these lines of codes doing?

$username=$secure->EscapeCharacters($_POST["username"]);
$password=$secure->EscapeCharacters($_POST["password"]);
$password=$secure->hashPassword($password);
3
Contributors
4
Replies
39
Views
4 Years
Discussion Span
Last Post by IIM
1
  1. It assigns a value to $username variable, using EscapeCharacters() method of a $secure object (it is an example of object oriented PHP) to escape characters. $secure is an object derived from some class that is obviously designed to deal with user (form) input at login. There must be an instantiation code $secure = new ... somewhere prior to this code. The main goal of escaping characters is rendering safe some characters, that would make possible attacking or corrupting the data in the database. In mysql (and some other databases) the most dangerous characters are ' and ; so after escaping they become \' and \; and can not be used in injected queries. Google for SQL injection attack.
  2. It does the same with the input value for a password (escaping).
  3. It also hashes the value for password in order to store the hash in the database. Hashing is converting string into some value for later comparison. Everytime you hash a same string you get the same hash. You can not go the other direction i.e. you can not get the password form hashed string. This means you have a password hash in the database, not knowing what the password is, but you can always check if entered password is correct (so only user knows the password).

Edited by broj1

Votes + Comments
correct.:)
0

can you tell this part? what is it doing exactly?

$.ajax(
        {url:"php/search.php",
        data: "username="+username,
        type:"POST",
        success:function(data){
        $('#errprofilename').text(data);
        }
        }
        );
0

This is jQuery code, actually the ajax bit of it. jQuery is a javascript library that has various useful functionalities that work in most of browser (without you worrying about all the differences in browser implementations). Ajax is basically a technology or approach to update just a part of a web page contents without reloading the whole page. It uses Javascript XHR object for that and XML for datatransfer (but most people use JSON or just generate the return with PHP). Ajax can do all this asinchronously (while you are browsing, without disturbing your browsing experience).

The code above shoots an ajax call, calling search.php script that returns a result - data - (probably a search result), which is inserted into a HTML element with ID errprofilename. It is using HTTP post as a method (as opposed to get, put, delete ...).

Edited by broj1

1

This is Jquery code that is making an ajax call to "php/search.php".
Let us understand this line by line:-

First line Specifies that it is an ajax call.

url:URL to which the request is sent
async : is not specified so by default: true
data:Data to be sent to the server. It is converted to a query string, if not already a string.
type: type of request GET,POST,PUT,DELETE(not supported by all browsers).
It's appended to the url for GET-requests.

$.ajax(
        {url:"php/search.php",
        data: "username="+username,
        type:"POST",

This event is only called if the request was successful (no errors from the server, no errors with the data).It is a callback function.It says that change text of text with "id" errProfilename with the response data.

        success:function(data){
        $('#errprofilename').text(data);

        }
        }
        );
Votes + Comments
correct.:)
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.