Here’s the general rule of thumb. Escape variables at the last possible moment. You want your variables to be clean representations of the data. That is, if you are trying to store the last name of someone named “O’Brien”, then you definitely don’t want these: O'Brien O\’Brien .. because, well, that’s not his name: there’s … Read more
I recently did this. My solution was to set the session value when a user logs in. Then I had a small class checking if the session ID stored is the same as the current user who is logged in. If the user logs in from somewhere else the session ID in the DB will … Read more
I’d say never. If I wanted something to be set via the various methods, I’d code for each of them to remind myself that I’d done it that way – otherwise you might end up with things being overwritten without realising. Shouldn’t it work like this: $_GET = non destructive actions (sorting, recording actions, queries) … Read more
You’re confused as to how PHP and AJAX interact. When you request the PHP page via AJAX, you force the PHP script to begin execution. Although you might be using flush() to clear any internal PHP buffers, the AJAX call won’t terminate (i.e., the response handlers won’t be called) until the connection is closed, which … Read more
Your configuration is awesome. You definitely read up on how to lock down php sessions. However this line of code negates a lot of the protection provided by your php configuration: session_id(sha1(uniqid(microtime())); This is a particularly awful method of generating a session id. Based on your configurations you are generating the session id from /dev/urandom … Read more
Set the cookie’s expiration date to a time in the past (like one second after epoch, for example). setcookie(“yourCookie”, “yourValue”, 1); This will cause the cookie to expire. 1 is used instead of 0, because 0 sets the cookie to expire at the end of the session.
I personally feel like $array[] is cleaner to look at, and honestly splitting hairs over milliseconds is pretty irrelevant unless you plan on appending hundreds of thousands of strings to your array. I ran this code: $t = microtime(true); $array = array(); for($i = 0; $i < 10000; $i++) { $array[] = $i; } print … Read more
I can’t say I can rely on mb_detect_encoding(). I had some freaky false positives a while back. The most universal way I found to work well in every case was: if (preg_match(‘!!u’, $string)) { // This is UTF-8 } else { // Definitely not UTF-8 }
Your question is too unspecific to give a precise answer. If you’re trying to let users log in to your website using Google accounts, it’s documented here. On the other hand, if you’re trying to let your users sign in to several websites you control with one account, here’s how you can do it: Make … Read more
You should look at the documentation. But If you dont find anything, you can add another catch : <?php try { $stmt = $db->prepare(“INSERT INTO tbl_user (id, name, password, question, answer) VALUES (NULL, :name, :password, :question, :answer)”); $stmt->bindValue(“:name”, $_POST[‘name’]); $stmt->bindValue(“:password”, $_POST[‘password’]); $stmt->bindValue(“:question”, $_POST[‘question’]); $stmt->bindValue(“:answer”, $_POST[‘answer’]); $stmt->execute(); echo “Successfully added the new user ” . $_POST[‘name’]; … Read more