Web Development Discussion Boards

Member 1177761319-Jun-15 1:35

19-Jun-15 1:35

hi i havent been coding long, im learning on my own using the internet, youtube etc.
i am trying to us all the knowledge ive learn so far to code a basic website. i have having a couple of problems.
1/ first this error message is appearing on the console when i inspect the webpage i am creating??
Uncaught SyntaxError: Unexpected token <

2/ second i cant seem to do simple actions with css on my html using the bootstrap classes, i know its all correct in terms of the files being connected to sublime as i can copy and paste from bootstrap and the nav bars with drop downs work fine. (i assume that if they work that it all set up properly on my text editer?)
i am trying to centre the logo, heading and menu at the moment.

This is my html code.....

XML

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
    <title>Cupcake Fixation</title>

<!---google fonts-->
<link href='http://fonts.googleapis.com/css?family=Indie+Flower' rel='stylesheet' type='text/css'>
<!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
<!--css stylesheet-->
<link href="style.css" rel="stylesheet" type="text/css" />
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>

 <body>


<!--logo-->
 <div class="logo" "col-md-2">
  <img src="http://www.drawingnow.com/file/videos/image/1376476137.jpg"/>
</div>
<!--heading-->
<header class="container">
    <h1>Cupcake Fixation</h1>
    <p><strong>"We take your addiction seriously!"</strong></p>
</header>
<!--nav bar-->
<div class="container-fluid">

<ul class="nav navbar-nav" "navbar-default" >
    <li class="nav" class="active"><a  href="#">Home<span class="glyphicon glyphicon-heart"</span></li></a>
    <li class="nav"><a  href="#">About<span class="glyphicon glyphicon-heart"</span></li></a>
    <li class="nav"><a  href="#">Recipies<span class="glyphicon glyphicon-heart"</span></li></a>
    <li class="nav"><a  href="#">Frosting<span class="glyphicon glyphicon-heart"</span></li></a>
    <li class="nav"><a  href="#">Contact Us</li></a>

</ul>

</div>

<!--jumbotron-->





<!--html ends here-->
































<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->

    <script src="js/bootstrap.min.js"></script>

 <!--jquery for drop downs-->
 <script type="text/javascript" src="http://twitter.github.io/bootstrap/assets/js/bootstrap-dropdown.js"></script>

 </body>
</html>

Re: feeling frustrated please help me

Richard Deeming19-Jun-15 2:18

Richard Deeming

19-Jun-15 2:18

The first problem is most likely caused by the "drop downs" script at the bottom:
http://twitter.github.io/bootstrap/assets/js/bootstrap-dropdown.js[^]

That URL gets redirected to the Bootstrap 2.3.2 home-page[^], which isn't a javascript file.

It looks like that script was build for Bootstrap v2. Assuming you're using Bootstrap v3[^] - which you should be, since v2 is no longer supported - the old script wouldn't work anyway. Bootstrap v3 already includes support for drop-downs, so you can simply remove that script tag.

Your "logo" tag is incorrect - the "col-md-2" should be part of the class attribute:

HTML

<div class="logo col-md-2">

That class means that the logo will take up 1/6th of the page width. It doesn't have anything to do with centring the element.
Bootstrap : Grid system[^]

"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

Html not well formed

Ferd Really23-Jun-15 7:30

Ferd Really

23-Jun-15 7:30

You need to close the anchor tag before closing the listitem tag
li a /li /a <-- should be --> li a /a /li

There are strangers on the Plain, Croaker

Re: feeling frustrated please help me

Anil Vaghasiya14-Jul-15 21:43

Anil Vaghasiya

14-Jul-15 21:43

Just Wellformed your html and Close your span tag that is not closed inside UL and Li.

Use the Below Code

HTML

<ul class="nav navbar-nav" "navbar-default" >
    <li class="nav" class="active"><a  href="#">Home</li></a>
    <li class="nav"><a  href="#">About</li></a>
    <li class="nav"><a  href="#">Recipies</li></a>
    <li class="nav"><a  href="#">Frosting</li></a>
    <li class="nav"><a  href="#">Contact Us</li></a> 
</ul>

Wireframe / Mockup tools

C-P-User-317-Jun-15 7:10

C-P-User-3

17-Jun-15 7:10

I asked Google and Bing, "WEBSITE MOCKUP TOOL"

They found me...

THESE NINE[^] from Mashable (whatever that site is)
THESE TWENTY FOUR[^] from CodeCondo (another new to me)

Good and bad opinions on any of these are welcome.

The overriding goal for me is a short learning curve.

"Features" will be gladly sacrificed for simplicity in this case.

modified 17-Jun-15 14:03pm.

[CKEditor] How to search the contents in the string?

Member 110547239-Jun-15 15:43

Member 11054723

9-Jun-15 15:43

Hello, I have a page on a label applied CKEditor, HTML code as follows:

HTML

<textarea id="MyHtmlEditor" class="ckeditor" cols="80" rows="10" name="MyHtmlEditor"></textarea>

XML

When I upload and then insert a picture, you can see the pictures in normal CKEditor, the viewing source will appear <img alt = "" src = File Name /> tag code.

Because it will put more than one picture, if I want to do in a certain period of time to execute javascript, you can get all the content in the editing area where CKEditor <img alt = "" src = filename /> src attribute values

That is made all the pictures of connecting position.

I found a CKEditor stall, it seems that only the editorial content replace () method can be used.

Some people know how to reach this level?

HTML5: Local Data Base.

Member 117446415-Jun-15 4:18

Member 11744641

5-Jun-15 4:18

Hello.
I´m building a web page that have an administrator user, he can create new users with specific fields. All of this in html5, php and MySQL.
The question is.. Do you know a framework or process that show to the administrator the list of users that he created, with some fields with options to modify, in other tab of the web page.
I appreciate your help Rose | [Rose]

Re: HTML5: Local Data Base.

Simewu15-Jun-15 12:38

Simewu

15-Jun-15 12:38

You are thinking of a database file (.db), which you create in Microsoft Access (or any other database editing software), then you host that file on the internet along with all your other files. Then whenever you want to create a new user, you can add another row into the database table.

problem to check value array

Loei Maleki4-Jun-15 1:52

Loei Maleki

4-Jun-15 1:52

PHP

$latlayer = array(
			array('minW' => 0 , 'minH' => 0 , 'maxW' => 8.5 , 'maxH' => 4.8 , 'val' => 'lat1' ),
			array('minW' => 8.5 , 'minH' => 4.8 ,'maxW' => 17 , 'maxH' => 9.6 , 'val' => 'lat2' ),
			array('minW'=> 17 , 'minH' => 9.6, 'maxW' => 25.5 , 'maxH' => 14.4 , 'val' => 'lat3' ),
			array('minW' => 25.5 , 'minH' => 14.4, 'maxW' => 34 , 'maxH' => 19.2 , 'val' => 'lat4' ),
			array('minW' => 34 , 'minH' =>19.2, 'maxW' => 42.5 , 'maxH' => 24 , 'val' => 'lat5' ),
			array('minW' => 42.5 , 'minH' => 24, 'maxW' => 51 , 'maxH' => 28.8 , 'val' => 'lat6' ),
			array('minW' => 51 , 'minH' => 28.8, 'maxW' => 59.5 , 'maxH' => 33.6 , 'val' => 'lat7' ),
			array('minW' => 59.5 , 'minH' => 33.6, 'maxW' => 68 , 'maxH' => 34.8 , 'val' => 'lat8' ),
			array('minW' => 68 , 'minH' => 34.8, 'maxW' => 76.5 , 'maxH' => 43.2 , 'val' => 'lat9' ),
			array('minW' => 76.5 , 'minH' => 43.2, 'maxW' => 85 , 'maxH' => 48 , 'val' => 'lat10' ),
			array('minW' => 85 , 'minH' => 48, 'maxW' => 93.5 , 'maxH' => 52.8 , 'val' => 'lat11' ),
			array('minW' => 93.5 , 'minH' => 52.8, 'maxW' => 100 , 'maxH' => 50 , 'val' => 'lat12' ),
		);

$wimg = 20;
$himg = 9.6;
foreach($latlayer as $current)
				{
					if( $wimg >= $current['minW'] and $wimg <= $current['maxW'])
					{
						echo  $current['val'];
						break;
					}


			}

result lat 2 OK no problem one value checked

The problem with checking the tow value of the array

minW-maxW and minH-maxH = lat?

Re: problem to check value array

Loei Maleki4-Jun-15 1:57

Loei Maleki

4-Jun-15 1:57

PHP

$wimg = 20;
$himg = 9.6;
foreach($latlayer as $current)
				{
					if( $wimg >= $current['minW'] and $wimg <= $current['maxW'] and himg >= $current['minH'] and $himg <= $current['maxH'])
					{
						echo  $current['val'];
						break;
					}
				}

Result : Error no parametrs

Can't find where is the error from

newbiejo2-Jun-15 22:50

newbiejo

2-Jun-15 22:50

I've 3 php files,
1.converter.php // controllers/converter.php

PHP

<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Converter extends CI_Controller{
	function __construct(){
		parent::__construct();
		$this->load->helper(array('url','form'));
	}
	
	function index(){
		$this->load->view('menu_converter');
	}
	
	function biner(){
		$this->load->library('form_validation');
		$this->form_validation->set_rules('n1', 'Number1', 'required|integer');
		if ($this->form_validation->run()){
			$data['n1']=(int)$this->input->post('n1', true);
			$data['hasil']=decbin((int)$data['n1']);
		}
		else{
			$n1=0;
		}
		$this->load->view('biner',$data);
	}
}
?>

2.menu_converter.php // view/menu_converter.php

PHP

<<pre lang="xml">html>
<head><title>Aplikasi Converter Bilangan</title>
</head>
<body>
    <h1>CodeIgniter 2.0 and Form!</h1>
<p>Silahkan pilih menu di bawah ini.</p>
<ul>
    <li><?php echo anchor('index.php/converter/biner/','Biner');?>
</ul>
<p><br/>Page rendered in {elapsed_time} seconds</p>
</body>
</html></pre>
3.biner.php // view/biner.php

HTML

<html>
<head><title></title>
</head>
<body>
	<h1>Converter</h1>
	<?php echo validation_errors();?>
	<p>Silahkan masukkan data berikut!</p>
	<?php echo form_open('index.php/converter/biner');?>
	<?php echo form_input('n1',$n1);?>
	<?php echo form_submit('submit','Hitung!!');?>
	<?php echo form_close();?><br>
	Hasil: <?php echo $hasil;?>
	<p><br/>Page rendered in {elapsed_time} seconds</p>
</body>
</html>

I'm using CodeIgniter. Everytime i run the "index.php/converter" on my browser, it keeps show error when trying to load "biner.php" view file. I hope someone can help me finding if there's something i've missed. Thank you.

Unable to stop SQL injection errors.

Stephen Holdorf29-May-15 2:10

Stephen Holdorf

29-May-15 2:10

I finally get it. It's not just the code I use to execute the ExecuteScalar method but it is mainly the code up stream that is executing the class. It is everything calling your code. That said, now can I get someone to look at the up stream code causing my SQL injection errors. First I will show you two examples of the code calling my code, then the calling code, and finally the executing code, which I formulated and displayed from a previous post.

Calling code with Three parameters:

        public bool isTamAsp(int aspKey, int fy, string accountCode)
        {
            MyParam myParam;

            string sqlQuery = "select isTamMacom = count(macom_key) FROM hier_fy " +
                "WHERE hier_key = @aspKey AND fy = <a href="http://www.codeproject.com/Members/fy">@fy</a>  AND @accountCode NOT IN (3,4,7,8) AND macom_key IN (select hier_key from lkup_e581_MacomThatRequireTAM) AND is_visible = 1 AND is_active = 1";

            QueryContainer Instance = new QueryContainer(sqlQuery);

            myParam = new MyParam();

            myParam.SqlParam = new SqlParameter("@aspKey", Instance.AddParameterType(_DbTypes.Int));

            myParam.SqlParam.Value = aspKey;

            Instance.parameterList.Add(myParam);

            myParam = new MyParam();

            myParam.SqlParam = new SqlParameter("@fy", Instance.AddParameterType(_DbTypes.Int));

            myParam.SqlParam.Value = fy;

            Instance.parameterList.Add(myParam);

            myParam = new MyParam();

            myParam.SqlParam = new SqlParameter("@accountCode", Instance.AddParameterType(_DbTypes._string));

            myParam.SqlParam.Value = accountCode;

            Instance.parameterList.Add(myParam);

            if (Convert.ToInt32(ExecuteScaler(Instance)) < 1)
                return false;

            return true;
        }
<pre>

Calling code with no parameters:


<pre>

Calling code with no parameters:

<pre>

        public long GetMarinesUploadNextUploadKey()
        {
            string query = "SELECT MAX(upload_key) FROM temp_auth_usmc_upload";

            QueryContainer Instance = new QueryContainer(query);

            string result = Convert.ToString(ExecuteScaler(Instance));
            if (string.IsNullOrEmpty(result))
                return 1;
            else
                return Convert.ToInt64(result) + 1;
        } 

<pre>

Code calling my previous code with three parameters:

<pre>

        public bool isTamAsp(int aspKey, int fy, string accountCode)
        {
            return e581provider.isTamAsp(aspKey, fy, accountCode);
        }
<pre>

Method calling the SQL executing my code:


<pre>

                DbCommand command = _provider.CreateCommand();

                command.Connection = _connection;
                {
                    command.CommandText = Instance.Query;
                    command.CommandType = CommandType.Text;

                    if (Instance.parameterList.Count > 0)
                    {
                        foreach (var p in Instance.parameterList)
                        {
                            command.Parameters.Add(p.SqlParam);
                        }
                    }

                    if (_useTransaction) { command.Transaction = _transaction; }

                    try
                    {
                        returnValue = command.ExecuteScalar();
                    }

<pre>

My Class containing the SQL string and the cmd parameter List

<pre>

    public enum _DbTypes
    {
        Int = 1, _string = 2, _long = 3, _bool = 4, _DateTime = 5,
        _decimal = 6, _float = 7, _short = 8, _bite = 9
    } 

    public class MyParam
    {
        public SqlParameter SqlParam { get; set; }
    }
    /// <summary>
    /// Summary description for QueryContainer SGH
    /// </summary>
    public class QueryContainer
    {

        string _query;

        public List<myparam> parameterList = new List<myparam>();

        public QueryContainer(string query) { _query = query; }

        public SqlDbType AddParameterType(_DbTypes id)
        {
            switch (id)
            {
                case _DbTypes.Int:
                    return (SqlDbType)Enum.Parse(typeof(SqlDbType), "int", true);
                case _DbTypes._string:
                    return (SqlDbType)Enum.Parse(typeof(SqlDbType), "NVarChar", true);
                case _DbTypes._long:
                    return (SqlDbType)Enum.Parse(typeof(SqlDbType), "SqlDbType.BigInt", true);
                case _DbTypes._bool:
                    return (SqlDbType)Enum.Parse(typeof(SqlDbType), "SqlDbType.Bit", true);
            }

            return SqlDbType.VarChar;

        }

        public string Query
        {
            get
            {
                return _query;
            }

            set { _query = value; }
        }
    }
<pre>

Re: Unable to stop SQL injection errors.

Sascha Lefèvre29-May-15 2:55

Sascha Lefèvre

29-May-15 2:55

I don't see a concatenated query there. What would be your question here?

Sidenote: You nested 10 (!) code-blocks into each other in your message. Which makes it hard to read. Please use a single code block or, if multiple, not nested into each other.

If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

Re: Unable to stop SQL injection errors.

Stephen Holdorf29-May-15 4:03

Stephen Holdorf

29-May-15 4:03

This is one of the concatenate queries:

string sqlQuery = "select isTamMacom = count(macom_key) FROM hier_fy " +
                "WHERE hier_key = @aspKey AND fy = <a href="http://www.codeproject.com/Members/fy">@fy</a>  AND @accountCode NOT IN (3,4,7,8) AND macom_key IN (select hier_key from lkup_e581_MacomThatRequireTAM) AND is_visible = 1 AND is_active = 1";
<pre>

Re: Unable to stop SQL injection errors.

Sascha Lefèvre29-May-15 4:10

Sascha Lefèvre

29-May-15 4:10

It's concatenated with a + but it's not concatenating values as literals. All required values are either hard-coded (like "3,4,7,8") or provided via Sql-parameters.

If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

Re: Unable to stop SQL injection errors.

Richard Deeming29-May-15 4:11

Richard Deeming

29-May-15 4:11

You're only concatenating constant strings, not user input or other variables, so there's no vulnerability in that example. You could easily remove the concatenation and declare the query in a single string:

const string sqlQuery = "select isTamMacom = count(macom_key) FROM hier_fy WHERE hier_key = @aspKey AND fy = @fy  AND @accountCode NOT IN (3,4,7,8) AND macom_key IN (select hier_key from lkup_e581_MacomThatRequireTAM) AND is_visible = 1 AND is_active = 1";

If you want to split the string onto multiple lines for readability, use a verbatim string literal:

const string sqlQuery = @"select 
    isTamMacom = count(macom_key) 
FROM 
    hier_fy 
WHERE 
    hier_key = @aspKey 
AND 
    fy = @fy  
AND 
    @accountCode NOT IN (3,4,7,8) 
AND 
    macom_key IN 
    (
        select hier_key 
        from lkup_e581_MacomThatRequireTAM
    ) 
AND 
    is_visible = 1 
AND 
    is_active = 1";

"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

Re: Unable to stop SQL injection errors.

Stephen Holdorf29-May-15 8:55

Stephen Holdorf

29-May-15 8:55

One of the concerns that I have is that if the query string has no parameters could that show up as a finding?

Re: Unable to stop SQL injection errors.

Richard Deeming29-May-15 9:14

Richard Deeming

29-May-15 9:14

Presumably, the tool has detected that you've used string concatenation on your query, without actually checking whether the strings are variables or constants.

If you mark all of your query strings as const, that should get rid of the warnings, as well as making sure you don't have any SQLi vulnerabilities left.

"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

Re: Unable to stop SQL injection errors.

Sascha Lefèvre29-May-15 12:55

Sascha Lefèvre

29-May-15 12:55

As I've never worked with the tool you're using for SQL-injection-checking I can't tell for sure; but the "error"-report that you posted recently read like it bases its checks not on statically analyzing your code (the sql-statements) but on attempted (harmless) injections (and then identifying the injected values when they reappear in the finally executed sql). Which, if I'm right here, would mean that the tool would not stumble upon your harmless constant string concatenation here. It would mean that there's other code somewhere which actually still is susceptible to SQL-injection.

Richard's suggestion to mark all your query strings as const will definitely help.

If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

How to get my "wp_nav_menu()" function working

Truck5328-May-15 16:34

Truck53

28-May-15 16:34

I am trying to create my own theme and I am using the "wp_nav_menu()" function but, it is not working. The documentation on wordpress.org says that the function should return true if it finds the location and false if it doesn't. My function returns no value which leads me to believe that the PHP is not recognizing the function call. Could someone help me out? I am new to WordPress and out of ideas.

Thanks,
Kevin Haynes

modified 29-May-15 2:49am.

Host Windows Class Library in PHP

Jassim Rahma27-May-15 0:49

Jassim Rahma

27-May-15 0:49

Hi,

I saw this article:

[^]

and I would like to ask if it's possible to host the DLL in PHP nstead of WPF? and how?

Thanks
Jassim[^]

Technology News @ www.JassimRahma.com

Message Removed

22-May-15 4:28

Antonio Guedes

22-May-15 4:28

Message Removed

modified 22-May-15 14:38pm.

Opening an existing project in WordPress

indian14321-May-15 21:21

indian143

21-May-15 21:21

Hi All,

I have been given an existing WordPress project for a website, I am trying to open it, and I am not able to find which software should I have to open a WordPress project for adding new code to the Project.

Any link, code snippet or even a suggestion helps me great.

Thanks in advance.

Thanks,

Abdul Aleem

"There is already enough hatred in the world lets spread love, compassion and affection."

Re: Opening an existing project in WordPress

User 171649221-May-15 22:11

User 1716492

21-May-15 22:11

Familiarize yourself with the codex. http://codex.wordpress.org/Main_Page[^]

Some cheatsheets for you via here http://speckyboy.com/2009/06/17/14-essential-wordpress-development-and-design-cheat-sheets/[^]

A reference guide for you via here https://www.dbswebsite.com/design/wordpress-reference/v3/[^]

There are plenty video tutorials out there as well as books you can either purchase or download. Just Google for them.

modified 1-Aug-19 21:02pm.

Improper Neutralization of special elements used in an sql command

Stephen Holdorf12-May-15 10:09

Stephen Holdorf

12-May-15 10:09

This is very similar to a previous post but with different code.

I have to eliminate a SQL injection error from within a method. Now, with only minor modifications this error must be eliminated. Here is the description from the scan:

Attack vector: system_data.system.data.IDbCommand.ExecuteReader
Description: The database query contains a sql injection flaw. The call to system_data_dll.System.Data.IDbCommand.ExecuteReader constructs a dynamic sql query using a variable derived from user-supplied input. An attacker could exploit this flaw to execute arbitrary sql queries against the database. ExecuteReader was called on the command object, which contains tainted data. The tainted data originated from earlier calls to system_data_dll.data.common.dbcommand.executereader, System_web_dll.system.web.httprequest.get_params, system_web_dll.data.common.dbadapter_fill, system_data_dll.system.data.common.dbwommand.executescarar and system_web_dll.system.web.httprequest.get_form

Code:

protected DataTable ExecuteDataTable(DbCommand command, ParamData[] pDataArr)
{
    DataTable returnValue = null;
    try
    {

        if (_connection == null)
            OpenConnection();
        else
        {
            if (_connection.State == ConnectionState.Closed)
                OpenConnection();
        }

        command.Connection = _connection;
        command.CommandType = CommandType.Text;
        command.CommandTimeout = 12000;

        //add Parameter
        for (int i = 0; i < pDataArr.Length; i++)
        {
            DbParameter parameter = command.CreateParameter();
            parameter.ParameterName = pDataArr[i].pName;
            parameter.DbType = pDataArr[i].pDataType;
            parameter.Value = pDataArr[i].pValue;
            command.Parameters.Add(parameter);
        }

        // Create a DataTable
        returnValue = new DataTable();

        DbDataReader reader;
        reader = command.ExecuteReader();

        using (reader)
        {
            // Fill DataTable
            returnValue.Load(reader, LoadOption.OverwriteChanges);
        }

        reader.Close();

        if (!KeepAlive && _connection.State == ConnectionState.Open)
        {
            CloseConnection();
        }
    }
    catch (Exception e)
    {
        if (e is EntryPointNotFoundException)
            throw e;
        _iserror = true;
        LogBLL bll = new LogBLL();
        bll.WriteErrorLog(e);
    }

    pDataArr = null;

    return returnValue;
}

Thanks in advance!

modified 12-May-15 17:16pm.

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.