#1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,653
    Rep Power
    171

    Edit new users guide.


    Hi;

    The thread was closed so I post here. Please delete this after you fix the post below.

    Item #20 of post #1 in New Users Guide is a bad lesson and it is not secure. It is in the NEW USERS GUIDE. New users don't know about security much and copy paste the code from the "guide". Like I did for a while.

    Thank you
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,988
    Rep Power
    9397
    Edited:
    #20 How can I have my form fields "remember" on subsequent submit?

    Easily! Simply make use of isset() and the PHP ternary operator to give your form field a value only if a specific variable is set:
    PHP Code:
    echo '<input type="text" name="demo" value="' . ( isset( $_POST['demo'] ) ? favorite_escaping_function($_POST['demo']) : '' ) . '" />'
    (Substitute the "favorite_escaping_function" with whatever you use to escape user input: htmlspecialchars(), htmlentities(), filter_var(), etc.)
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,850
    Rep Power
    6351
    Thanks guys. I wrote that whole new user guide in an hour at 3am and much of the example section was copied from a much older user guide.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    676
    Rep Power
    7
    I've never read that til now, n just curious about 1 thing. In the #16 Why am I getting the error "Headers already sent"?, the final sentance states, "It's best to remove the closing PHP tag from all your files anyway."
    1.) Does this mean it is in best practive to leave your php hang open at the end of the file?
    2.) As a thought if using such file as an included file, would it even need the opening tag since php is whats including it?
  8. #5
  9. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,850
    Rep Power
    6351
    It's best practice to start each PHP file with <?php and not to close any of them unless you're explicitly outputting plaintext on purpose.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by Triple_Nothing
    2.) As a thought if using such file as an included file, would it even need the opening tag since php is whats including it?
    Everything outside of PHP tags gets printed, so if you have no opening tag, the source code of your included file will appear on the screen.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,988
    Rep Power
    9397
    Originally Posted by Triple_Nothing
    1.) Does this mean it is in best practive to leave your php hang open at the end of the file?
    Yes: for one it removes the chance that there might be accidental trailing space at the end of the file. Such space may be outputted and thus breaking any header()s, session_start()s, setcookie()s, and other functions you may use later on in execution.

    Originally Posted by Triple_Nothing
    2.) As a thought if using such file as an included file, would it even need the opening tag since php is whats including it?
    IIRC a future version of PHP, I don't know which, may support a type of file which is purely PHP code, thus no opening <?php required.

    But for now yes, you still need it.

IMN logo majestic logo threadwatch logo seochat tools logo