giantsfan24

Ironically I either figured it out that night or the next day. My apologies Hartley for the lost post but you'll always have the memory of the once great post lol. Anyway, it wasn't really me, it was a tutorial I found on closures. It's weird, in PHP, we don't really have to worry much about closures(maybe in more advanced you do). Anyway, here is the code that looks to do something very similar to Hartley's but instead of looping through the function creation, it just loops through the function(could be semantics as they accomplish the same goal: <script> $(document).ready(function() { function doCheck(i) { var classInfoHidden = null; var stepsVisible = null; $('#galleryImage'+i+'').mouseout(function() { var classInfoHidden = setTimeout(function(){ $('#image_info').css("visibility" , "hidden"); },2000); var defaultVisible = setTimeout(function(){ $('#default').css("visibility" , "visible"); },2000); }); $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Ecommerce_Site_3/ajax/getimageinfo.php?imageId=' + i, // The URL of the data to fetch. data: null, // Don't add any data to the URL. dataType:"html"}) // Execute response as a script. .done (function(html) { clearTimeout(classInfoHidden); clearTimeout(stepsVisible); $('#default').css("visibility", "hidden"); $('#image_info').css("visibility", "visible"); $("#image_info").html(html); }); }); } for (var i = 1; i <= 5; i++) { doCheck(i); } }) </script> What was so frustrating is that closures are very hard to explain and still really paint a picture in your mind. You just have to see it. The problem seemed to be that the for loop kept overwriting the variable i because the function was NOT being executed, just created. What both Hartley and I's examples do is execute the function with each iteration. Instead of hijacking my own thread, when I get curious, I'll google why PHP generally does have to worry about closures as much(if at all). Here are the two pages I saved that appear to have been my inspiration to unlocking it: http://stackoverflow.com/questions/2687679/jquery-ajax-inside-a-loop-problem http://www.mennovanslooten.nl/blog/post/62

Ok, so I am finally back to this. Hartley was absolutely right, this was a closure issue. By the time you "mouseover" the galleryimage, the variable i is already six. So I just spent the last hour trying to figure out how to get the variable i in my Ajax URL to properly assign the right variable for each DOM element in question('#galleryImage') Here is the code in question. I'll shorten it and space it out and add notes to show exactly what I want to do, what I've tried, and how that didn't work. //I'm trying to create a closure so when the for loop gets to that part of the code //(where the function would be called), it returns the variable i that exists in that //part of the for loop iteration, 1,2,3,4 etc //(i used n in the function definition to avoid confusion) function returnVariable( n ) { return function() { return n ; } }; for (var i = 1; i <= 5; i++) { //this part works. the for loop does create a mouseover event for each galleryimage //(1 through 6) $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId='+ returnVariable(i), //this is where I thought the function would work, but instead of returning the //variable i that exists in that part of the iteration, it returns the following //"http://localhost/Jindo_site/ajax/getimageinfo.php?imageId=function%20()%20{return%20n%20;}" //this is the net "effect" I want for each loop $('#galleryImage1).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=1, //next loop $('#galleryImage2).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=2, //next loop $('#galleryImage3).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=3, // and so on...again the galleryimage part works, but the URL does not. //I either get "imageId=6"(if I just use " + i) //or //"imageId=function%20()%20{return%20n%20;}" if I use the returnVariable() function defined above.

Good stuff, but I've discovered a hole in the striptags()(and even htmlspecialchars() and htmlentities(): you can still inject Javascript into the acceptable tags. The script doesn't need to start with "<script>". This is explained here. http://www.deepshiftlabs.com/dev_blog/?p=1885&lang=en-us There seam to be two solutions. 1.To simply not allow any submitted HTML to actually go on your site until you(or an authorized user) approves it(fairly easy with an extra column in the table called "approved"...then the PDO/mysqli will onyl return results that have a true or yes type value). XSS does nothing when stored in a database(not to be confused with sql injection, which prepared statements take care of), but can do damage if posted on your site. 2. You sanitize the HTML. The most popular seems to be something called "HTML purifier". I would imagine that's what this site, and the thousands of other sites that allow certain submitted HTML code on their site. P.S. Hartley, what you had described is a blacklist. Wouldn't a whitelist be better, since they are alrways coming up with new "bad" code that you would need to constantly update your blacklist

I was alking to one of the IT guys at work and he was telling me that a better career path may be database administration as opposed to being a developer. He was saying the entry level jobs are higher paying and they are more in demand since there are less of them. I wanted to get your thoughts on this? Would it be worth it to abandon developing and moving into DBA or can you do both?

I'll probably come back to this when I have a free hour to devote to it. I have no doubt it's exactly what you said. Thanks again.

The website is learnasp4.com . The basic course is totally free and other than the computer generated voice(sounds like a very proper English gentleman), it really does a good job of walking thru step by step. Hartley, I meant that it is just set up very different than Dreamweaver. It almost seams one with the code, rather than as Dreamweaver, that seams like it's allowing you to access your code through it but the program itself is not interfering. It could be that I haven't really gotten into the main C# part of the videos yet and he's just going thru all the stuff Visual Studio can do. I've never taken a formal course in Dreamweaver and after seeing this, perhaps I should. It is amazing though that I can just about understand all the C# code I've seen so far(simple as it may be). C# seams to be a combination of PHP and JS( a very simple, perhaps naive statement on my part), in that it has event handlers(and other client side code) like JS but is server based(so I would imagine it can do alot of the more indepth server code PHP handles as well). That makes sense as it seems to be a more general language where PHP is geared directly to web based server side code.

Thanks alot Margaux. Good tips. Lucky enough, all of those are on my to-learn list this year. I'm breaking it down. Instead of learning one at a time, I'm learning asp.net(and C#) today. Tomorrow is client side day, which means learning or expanding in something the client will actually see(JS, Jquery, CSS/3 HTML/5 and yes Responsive Web Design). Third day is my work day, where I actually work on my current project(of course that can be added to other days as well). That's my little roadmap for this year at least( I know you were dying to know)...and let me tell you, if you've never worked with asp.net and Visual Studio Express before, you are in for a bit of a shock. I love Dreamweaver and am feeling like a total newb right now working without it lol, but i can't wait until I can put asp.net and C# on my resume under skills since it opens up a hole new avenue since alot of corps use asp.net, not php so my options expand. Anyway Thanks alot again guys. I really appreciate it. Hartley, I took your advice and found a free asp.net online tutorial. It's quite extensive. If Larry doesn't mind, I will post the link here as it assumes you don't know any C#(which I don't) but already, I can understand much of the language I am seeing.

Good deal guys. I guess it's true. Learning one programing language makes each successive language easier to learn since alot of the concepts are the same, just the syntax is different. Maybe a better question would be knowing my history, which would suggest would be the most beneficial to my career: ASP, Jquery(more of it anyway), or Responsive Web Design, or maybe a technology I haven't mentioned. I'm not looking for definitive answers, more your thoughts and experiences.

Coupe things. In the code I was using I did substitute the 1 for the variable i like you showed. It did work in the sense that it created 6 events on the six thumbnails. The part I still can't understand is that url part of the $.ajax function didn't work with the i variable. It wasn't being sent/received by the php ajax page. Anyway, I'm sure your right that it must have been something with my code but I'm not going to spend 2 hours looking for it. Thanks for the help. You are the Larry when Larry is out being Larry.

Unfortunately not, because even though the JS/JQ loop works, it doesn't create the code/function 6 times, it just loops through the function definition 6 times(essentially overwriting itself with each loop) and since those 6 definitions are not output to the browser(my initial fear), the browser only recognizes one script block, with one function definition(the final loop). It was a little experiment that unfortunately didn't work. Luckily there is a pretty easy solution. Since the JS/JQ code is already on a page with PHP on it, I can just run the script block through a PHP for loop six times using the PHP $i variable/string. Bottom line is the browser needs to see six function definitions and that won't happen with a JS, only an PHP echo type loop(or whatever the programming language you use that mirrors echo) . A cleaner way would just be to create a separate PHP include file but since it just experimenting, I just want to make sure it works before I pretty it up lol. Anyway, thanks for the tips and the advice with spacing my code. EDIT Just tried running thru a PHP for loop and it works perfectly(I'll post the code when I'm less tired. It was weird though. The JS/JQ loop did work by assigning the event handler to each of the six thumbnails, so it seams it was creating 6 function definitions but for whatever reason, the URL for the ajax request did not recognize the variable i. Very very odd.

Ok, so I'm attempting to use ajax to bring up the images description when you click on the image thumb nail. To do so, I'm running my function definition through a for loop, replacing select parts of the function to correspond to the image number selected. When it is output in the browser, the code below $(document).ready(function() { is only output once, not 6 times. Does this matter? I'm not nearly as familiar with JS/Jquery as PHP and want to make sure the for loop would be asigning the variable i through six loops. Please also note I have not yet replaced the variable "i" in the for loop because I am still figuring out the syntax for that also. I want to replace galleryImage1 with galleryImage"variable i" and imageId1 with imageId"variable i" so if you could help me with that syntax also, much help appreciated. I figured that part out. I forgot you concatenate in JS with the "+" sign, so the code would be: <script type="text/javascript"> $(document).ready(function() { for (var i = 1; i <= 6; i++) { var classInfoHidden = null; var stepsVisible = null; $('#galleryImage'+i+'').mouseout(function() { var classInfoHidden = setTimeout(function(){ $('#image_info').css("visibility" , "hidden"); },2000); var defaultVisible = setTimeout(function(){ $('#default').css("visibility" , "visible"); },2000); }); $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Ecommerce_Site_3/ajax/getimageinfo.php?imageId=' + i, // The URL of the data to fetch. data: null, // Don't add any data to the URL. dataType:"html"}) // Execute response as a script. .done (function(html) { clearTimeout(classInfoHidden); clearTimeout(stepsVisible); $('#default').css("visibility", "hidden"); $('#image_info').css("visibility", "visible"); $("#image_info").html(html); }); }); } })

Hey guys, loving Larry's books and will be using Larry's Yii Book to create my own portfolio site to see how much time using a PHP framework saves. Anyway, in doing my current web project, I decided to use Jquery instead of straight Javascript to handle the Ajax and I got to thinking: I love knowing Javascript and the awesome flexibility it gives me, but more and more, I'm seeing people just using Jquery instead to save time. In addition to the many things I hope to add to my developer toolbelt this year(which includes mobile development and even some flash(or it's equivalent)), I see alot of jobs asking for familiarity with both Jquery and ASP.net. Jquery I feel I could pick up rather quickly with my history with it, combined with my PHP and Javascript knowledge, but ASP I have zero experience with. Since Larry hasn't written a book on either subject(i.e. I won't be taking money away from him), can you guys please give me your recommendations on good Jquery and ASP.net books since there are so many out there(tip, Larry, please write a Jquery, ASP and Mobile Dev Book lol)? P.S. I am posting this here because if you post here, you obviously like Larry's teaching style and so your recommendations would be more likely to fit my own preferred book style. Thanks in advance.

First, thank you for the quick reply. Second, I think your second idea would be better, as to know what all the 'bad' may be harder to pin down than the benign ones. That said, apparently, there is a feature to strip_tags that I didn't know about. It takes a second argument. The first is the data to strip the tags from, and the second optional argument is maybe a string(or array) of allowable tags. That is exactly what i was looking for. Where did I find that? Where else, from Larry's Effortless Ecommerce Example 1, where he uses TinyMCE and runs the content through strip_tags but builds a string like so "$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';" and uses that string as the second argument. This filtered data is then sent to the database etc.

Hey Larry, I am building a site using this part of the book to allow users to upload their own articles, and use the $page->getContent() object to output the content, as shown on page 300. Is the only way to have this type system, where an admin did not have to approve every article, be to use TinyMCE(or a similar plugin that uses it's own tag filters)? I ask because the main text field has no tag filter(strip_tags, htmlspecialchars, etc) applied to it either on the input to the database or the output. Is there a way to filter out all tags except benign tags like <p> for long articles? I was about to ask also about SQL Injection Attacks but I then saw you used prepared statements, which solves that threat

Awesome, thanks Larry. That's what I wanted to know. Off to read your article about how to implement Stripe. Also, I still welcome any other comments by others that have used such software.