But that client-side validation is useless if javascript is disabled or an attacker is using a self-crafted page without your javascript. Any data you're going to do anything with needs to be validated again on the server, period.
If you want to use it for UI niceness fine, but it's not to be relied on as the sole validation.
And just so it's on the record somewhere, I hate referring to this tool as 'AJAX'. I feel better now.
Now that's useful information, still just as condescending as the parent though.:P
I didn't mean to imply that I thought you should cram HTML down the pipe back to the XMLHttp object and just.innerHTML it. But I do think saying "responseText means you don't know how to do it" is a bit overboard. I don't think the DOM model is the best fit for all data coming back via XMLHttp and don't agree that it's necessarily wrong to do it that way.
I was honestly looking for an answer why the parent thought it had to be done via something other than responseText.
"If the FF developers had simply included the non standard stuff, then all sites would work in FireFox... wouldn't that be nice?"
What "non standard stuff" are you talking about specifically? If by that you mean Active-X, then hell no without question it absolutely should not have been implemented, it's a nightmare.
What I don't like about IE, as a web developer, is the fact that it renders improperly. Once again, I'm glad they left that out of FF.
"The amount of data being exchanged is far less (if you do it RIGHT, you people who are talking about using the XMLHttpRequest.responseText property, this does NOT include you)."
Are you implying that accessing the data being returned using req.responseText is incorrect? How else should it be done, using req.responseXML? Who has a client-side XML parser?
Also, no data from the client should EVER be trusted, not even a little. So pushing the validation code down to the client is a waste, you're just going to have to do it again on the server side. I'm really not trying to blast you or your comment, it just raised some questions with me.
will get you into PHP's interactive mode where you can type in commands and run them, really you can leave of '-q' it only suppresses the Zend headers. though you do still have to open a php tag (<?php) to get it to work. Ctrl+D sends a new line (or EOL, don't remember) to have it all processed.
while this isn't anywhere near as cool as python's interactive shell (which sounds like what you want) where each line (or block) is processed as it is finished, it's much better than the open, write, save, close, run method.
if you'll also notice (at least on Generation 13 that i saw) the Document Type Declaration at the top, it's declared as HTML 2.0. who's still coding for that?
way to make a point, unfortunately i believe you made the other guy's point.
What's so unreadable about that? Once you get used to the idiom of "shift in a sub gives you the next argument" you'll be set for life.
all of it, you just admitted you needed to know something about the code/language to understand what it was that you wrote. anybody should be able to understand what the block of Python code did without having ever seen Python before (but obviously _some_ programming experience is necessary) because it reads as psuedo-code.
man, i wish you were right, and i really think you will be in a couple of years.
right now the only language you can code an XUL application in is Javascript. now they say there are plans for Python and Perl and Ruby and who knows what but i think "they" are dragging their feet.
i really like it, and have done lots of "playing" with it, but development won't really ramp up until you can use some form of a real scripting language for the "glue". i'd be cranking out little apps right now if i could use Python, Ruby, PHP, hell even Perl.
Re:Cool FF trick - roll your own search engine
on
Firefox News Roundup
·
· Score: 1
and powertoys is super easy to find right, just like Firefox extensions? just Tools -> Extensions -> Get Power Toys......oh no, it's not, you're right. and Microsoft doesn't actively advertise the fact that IE can be extended with Powertoys? oh, that's probably because they suck.
shit, nothing personal, where i'm from you can't just serve one up like that without it getting swatted down. it's just a knee-jerk reaction.
on the subject at hand: after playing Halo 2 for a good while now i think that game is really pushing the XBox to what it can do. there's some places where you can see the hardware struggling to keep up, it's clearly not a bug/mistake in the code. i'm not sure it could pull off the kind of super-quick-spins you're talking about.
i've been a gamer since the Atari 2600 but didn't get into computers until much later and have always used them for work(-ish) purposes, i've never gamed on a PC. well, aside from having my ass handed to me a couple of times when i stopped in on LAN parties on campus. but i've been using an analog controller of some kind for a looooong time now, Game Cube, XBox, PS2, Dreamcast, whatever, only takes me a couple of minutes to get comfortable with it. i look like a monkey screwing a football trying to game with a mouse + keyboard.
you are limited in that respect on the XBox, but everyone is limited equally so it all works out. but i do really enjoy playing on the XBox with someone who is used to PC gaming, watching them flounder for a while trying to cope, especially when your chosen platform has a really cool new game that the others won't have for a year or two:)
tables should be used for tabular data _only_. all layout should, and can, be done with CSS. there are a few hacks (box model, etc.) that you'll need to get it looking right cross-browser but it's really pretty easy. if you can't do it then YOU can't do it, there are TONS of sites out there doing it with only a handful of hacks (and they're almost ALL for IE...no surprise).
Slashdot Mirror
Don't worry, I've got points I'll mod him up....Doh!
Make sure you don't tell this guy, he'll sink like a rock....
http://www.ebaumsworld.com/videos/flipper.html
You spelled phish wrong...
Now that was funny. Thanks, you made my Sunday. :)
But that client-side validation is useless if javascript is disabled or an attacker is using a self-crafted page without your javascript. Any data you're going to do anything with needs to be validated again on the server, period.
If you want to use it for UI niceness fine, but it's not to be relied on as the sole validation.
And just so it's on the record somewhere, I hate referring to this tool as 'AJAX'. I feel better now.
Now that's useful information, still just as condescending as the parent though. :P
I didn't mean to imply that I thought you should cram HTML down the pipe back to the XMLHttp object and just .innerHTML it. But I do think saying "responseText means you don't know how to do it" is a bit overboard. I don't think the DOM model is the best fit for all data coming back via XMLHttp and don't agree that it's necessarily wrong to do it that way.
I was honestly looking for an answer why the parent thought it had to be done via something other than responseText.
to quote you:
"If the FF developers had simply included the non standard stuff, then all sites would work in FireFox... wouldn't that be nice?"
What "non standard stuff" are you talking about specifically? If by that you mean Active-X, then hell no without question it absolutely should not have been implemented, it's a nightmare.
What I don't like about IE, as a web developer, is the fact that it renders improperly. Once again, I'm glad they left that out of FF.
to quote you:
"The amount of data being exchanged is far less (if you do it RIGHT, you people who are talking about using the XMLHttpRequest.responseText property, this does NOT include you)."
Are you implying that accessing the data being returned using req.responseText is incorrect? How else should it be done, using req.responseXML? Who has a client-side XML parser?
Also, no data from the client should EVER be trusted, not even a little. So pushing the validation code down to the client is a waste, you're just going to have to do it again on the server side. I'm really not trying to blast you or your comment, it just raised some questions with me.
Save some time:
http://www.myzaurus.com/
Battery lasts as long as the Mac Mini, w/screen and keyboard.
Just curious, why tinyurl a URL that is already pretty small?
will get you into PHP's interactive mode where you can type in commands and run them, really you can leave of '-q' it only suppresses the Zend headers. though you do still have to open a php tag (<?php) to get it to work. Ctrl+D sends a new line (or EOL, don't remember) to have it all processed.
while this isn't anywhere near as cool as python's interactive shell (which sounds like what you want) where each line (or block) is processed as it is finished, it's much better than the open, write, save, close, run method.
[your quote]
or use a #!/usr/bin/php -r shebang and you dont need the php tags round code.
[/your quote]
except for the fact that there's no '-r' flag for php, and as far as i know, yes you do need to put php tags around your code....
feel free to correct.
i believe that someone has a patent on an implementation of AOP, not on AOP in general. isn't that how it works?
if you'll also notice (at least on Generation 13 that i saw) the Document Type Declaration at the top, it's declared as HTML 2.0. who's still coding for that?
don't know if you were fishing for some input or not but here's my take on the vulns. i pay the bills writing PHP and not doing security work so...
http://www.hardened-php.net/advisories/012004.txt
#1 - pack() - make sure any user input to this function is thoroughly validated (duh, like all user input)
#2 - unpack() - same for pack() check for unvalidated input being passed to this function
#3 - safe_mode_exed_dir bypass - this one can only be exploited by a local user
#4 - safe_mode_bypass - file path gets truncated so that it could point to a file not allowed by safe_mode
#5 - path trunc in realpath() - similar to #4
#6 - serialize() - unvalidated input could cause bad things (duh, back to user input validation)
#7 - unserialize() - same root cause as #6, though potentially more harmful (i think, again, check user input)
so with enough user input validation, all of these are No Big Deal. without user validation the apps were vulnerable before these were discovered.
[genie voice]
your wish is my command...
[/genie voice]
http://www.goneme.org/
which seems to be down at the moment?
way to make a point, unfortunately i believe you made the other guy's point.
What's so unreadable about that? Once you get used to the idiom of "shift in a sub gives you the next argument" you'll be set for life.
all of it, you just admitted you needed to know something about the code/language to understand what it was that you wrote. anybody should be able to understand what the block of Python code did without having ever seen Python before (but obviously _some_ programming experience is necessary) because it reads as psuedo-code.
ok, i've seen it twice now today, and even downloaded and gave a listen to it so.....what's the story on the .mp3 in your sig?
couldn't have said it better myself. if i hadn't used up all my mod points this weekend you'd be getting some.
man, i wish you were right, and i really think you will be in a couple of years.
right now the only language you can code an XUL application in is Javascript. now they say there are plans for Python and Perl and Ruby and who knows what but i think "they" are dragging their feet.
i really like it, and have done lots of "playing" with it, but development won't really ramp up until you can use some form of a real scripting language for the "glue". i'd be cranking out little apps right now if i could use Python, Ruby, PHP, hell even Perl.
and powertoys is super easy to find right, just like Firefox extensions? just Tools -> Extensions -> Get Power Toys......oh no, it's not, you're right. and Microsoft doesn't actively advertise the fact that IE can be extended with Powertoys? oh, that's probably because they suck.
shit, nothing personal, where i'm from you can't just serve one up like that without it getting swatted down. it's just a knee-jerk reaction.
:)
on the subject at hand: after playing Halo 2 for a good while now i think that game is really pushing the XBox to what it can do. there's some places where you can see the hardware struggling to keep up, it's clearly not a bug/mistake in the code. i'm not sure it could pull off the kind of super-quick-spins you're talking about.
i've been a gamer since the Atari 2600 but didn't get into computers until much later and have always used them for work(-ish) purposes, i've never gamed on a PC. well, aside from having my ass handed to me a couple of times when i stopped in on LAN parties on campus. but i've been using an analog controller of some kind for a looooong time now, Game Cube, XBox, PS2, Dreamcast, whatever, only takes me a couple of minutes to get comfortable with it. i look like a monkey screwing a football trying to game with a mouse + keyboard.
you are limited in that respect on the XBox, but everyone is limited equally so it all works out. but i do really enjoy playing on the XBox with someone who is used to PC gaming, watching them flounder for a while trying to cope, especially when your chosen platform has a really cool new game that the others won't have for a year or two
** quote **
#2 being i can't jump, spin, and shoot behind me like i can with a mouse
** quote **
please quit blaming someone else for your inability to use the equipment. i jump, spin, and shoot behind me just fine with the analog controller.
no i would not mind one bit, because i would still hand you your ass.
bah
tables should be used for tabular data _only_. all layout should, and can, be done with CSS. there are a few hacks (box model, etc.) that you'll need to get it looking right cross-browser but it's really pretty easy. if you can't do it then YOU can't do it, there are TONS of sites out there doing it with only a handful of hacks (and they're almost ALL for IE...no surprise).