Could you recommend me a nice technology for my problem? I had a blog and now it as a classical dynamic page MySql + Php + Javascript. But i would rewrite it. If an user event happend, i.e. a user posted a comment, i wouldn't store it in database, but store the changes in an HTML file. So the logic is not in the php file but in html file. How can i do that, but in an easy way.
You could theoretically parse the static html file after a user event (i.e.: POST) and append the result to the html, write back to the file, however I wouldn't recommend it as the script would have to be fairly complex to handle the html correctly.
If you want to edit static HTML files when the user posts a comment than it is a bad approach IMHO. How would you implement searching, for example?
Don't try replicating what database is doing, because the guys that wrote database spend their whole lives doing just that.
You might want to search for existing blog solutions instead of writing one from scratch. There are many open-source projects written in many languages / platforms.
Related
I am new to developing a website and because of my familiarity with Python and considering the complexity of the website, I chose Django.
I want to know the best practice for developing a template through the Django framework. My question is two-fold.
Is it best to have a bunch of for loops / if statements in the template
using template tags and other features of Django?
Or is it passing the variables from Django to Javascript through JSON and then
loading the page asynchronously?
For the first, I found the following merits: its fairly easy. I know what I want, I code the loops and I get the result that I expect. Plus giving IDs / names to HTML tags is super simple. Inline scripting also becomes simple, but I personally dont like it. But as objects start to get high in number, page load speed suffers.
For the second, and I am very new to this, the ease is gone. There is, I feel, another hoop to jump through Javascript, with JSON parsing and then the actual modeling.
If not either first or second, may be there is a balance between the two?
All help is appreciated.
If i got your question correctly then i think the answer is AJAX i.e, using the same page to load different content.You don't have to go to another page but on the same page, setting some links, you can pull newer data without loading a new page.
Hope this helped you!
I want to get as many html files from Common Crawl database as possible. I'm quite lost on how to do it, and don't even know how to start. I've seen many people doing it in python, but I don't know how to adequate the code to javascript. I found this package: https://www.npmjs.com/package/commoncrawl
But this package can only search, and not parse through every single website of the database.
Also, I want the raw html data from the websites only, and a way to get the link of the website. Shouldn't be that hard.
The commoncrawl package looks like it is used for navigating their CDX indexes.
If you want the underlying HTML itself, you need to be inspecting the WARC files. Consider using something like node-warc.
I wrote a blog post that introduces the WARC format and provides examples on how to fetch and search HTML from the Common Crawl in Node, Java, Go and Python. You can find the Node code on Github here. Hope that helps!
I want to implement markdown to my forums.
I research many possible approaches how I would do that and this is what I thought:
A simple approach would involve pagedown on client side and php-markdown on the server.
My approach is to save pure markdown to database and when displaying convert to HTML (with pagedown). Since I already have security layer for my server side (HTML elements whitelist) and all the necessary staff I don't see anything to lose here.
What I win in this case? well I have to modify pagedown to use custom buttons and patterns. That would be hard for me to maintain both php and JavaScript.
My question is: is this good aproach?
To break this question:
Is there any serious overhead on client side loading about 30
posts and converting it to HTML (performance)
With the Idea that I check elements whitelist, is there any
security issue I need to know about? (Security)
I wouldn't use client side markdown engines. From a few quick googles its of the opinion it's very CPU intensive. Loading 30 posts would add quite a bit of overhead.
If you stored MD in the DB, rendered to HTML on the fly, then employed some caching (memcached or redis) that could work quite well.
In regards to security theres a good read here, it would require some extra sanitising removing scripts/links/redirects etc.
Further reading
http://functionn.in/resource/remarked-js
How to use Markdown & MySQL?
Converting markdown from client side is not recommended as #Lex has stated. Instead, you can use some online services to convert the markdown top html for you.
Have a look at http://daringfireball.net/projects/markdown/dingus. You can use curl or something to post markdown to the site and then scrap the website to take the html part.
You can also have a look at here http://parsedown.org/
You have two options to suggest:
Strapdown - allows to create markdown documents without server-side processing, as you can see on there page, even without code, just by using static files
markdown-js - allows to create markdown document with client-side processing (javascript)
Here is how I do it:
Save markdown code in db and at rendering I'm caching the result in a file (file, Memcached or any cache storage engine you want). This way I keep the original in database and I`m not wasting resources to compile markdown at each page visit, instead I serve the cache file until it has expired or deleted because of a change.
I've created a list using XML and have embedded an XSL stylesheet in it. Now I want to know, because this is a list of movies that constantly grows, is there a way to create a form that will add child and grandchild nodes to the list.
I'm thinking there might be some javascript involved, but I have no idea what I'm doing when it comes to scripting.
If the intension is to write new entries into this xml file you need to look at some form of serverside scripting. Javascript can not write to files.
PHP is probably the easiest to understand, start by buying a book that explains the basics with a few examples, it's not that hard to grasp, and a form and a simple function for writing to files shouldn't take you to long to figure out.
If you have no interest in that sort of thing, hire someone to do the job for you, it will probably only take a few hours for someone who knows what they are doing to get a complete system up and running for you, and unless you really would like to learn a serverside language that is probably the best option.
If you really want to do it all on the client side, you can try HTML5 client-side storage. This means the data will be persistent only for the user that enters the data (and only for the browser used to enter it, and only on the computer that was used).
If you want the movies to be accessible to multiple people, or from multiple computers, you need to use server-side storage.
FYI, HTML5 storage is not yet very well standardized across browsers.
First of all, I'm not much of a programmer if at all. This question may seem silly but I would honestly like some advice from real programmers.
I'd like to make a bit of an adventure game on a webpage.
Could I make it by having a MySQL database setup to store variables while JavaScript, HTML and CSS is used for the user interface and JavaScript for the game programming and PHP to communicate with MySQL.
I don't entirely understand it but I followed a tutorial and got it working. It also showed me how you can replace text on the screen by giving that text an elementid and then just setting its value to other text.
In this tutorial script, it has it so when the JavaScript file wants to communicate with php, it will open the php file with a ?=value at the end of the hyperlink where the value part turns into some kind of MySQL search value.
Something like this:
xmlhttp.onreadystatechange=function()
xmlhttp.open("GET","index.php?q="+str,true);
and then in the PHP file:
$q=$_GET["q"];
$sql="SELECT * FROM user WHERE id = '".$q."'";
This means you will always search by specific id number. The problem with this is that the php file is always set to look at the exact same table.
Sometimes you want to look at different tables, or multiple values from multiple tables, etc. Basically, you should be able to select each value like it's a record from one of those automatic DJs that radio stations used to have. Also, sometimes you'd want to write or append the database like when variables change and need to be updated and all of that has to happen securely.
The only thing I can think of is to have a ton of php files that work the same way and call the appropriate file when you want a certain kind of response. But then if I have a file on my website that has a php file that lets me write TO the database then someone can just read the javascript code, see that, and then basically hijack the mysql database.
So how can I securely do this?
I would recommend you to look into using jQuery and Ruby on Rails.
jQuery is a JavaScript library that will make easy your interaction with a server (MySQL) and will help you to get code that works in a lot of different web browsers.
Ruby on Rails is a web framework that will encapsulate everything you need to store state (game data) to a database (MySQL) and handle secure communication, as well as a host of other needs you may eventually face.
In addition to jQuery and Ruby on Rails, there are tons of other comparable frameworks you could use.
YUI3 (http://yuilibrary.com) and Django are two more examples. Express (for Node.js) is a JavaScript back end framework (like Ruby on Rails) that you could use with your existing JavaScript knowledge.
Anyway, good luck!
Theoretically, without moving towards different frameworks, here are a few things to think about...
I think you have the right idea with this what you are trying to do. The PHP file is used as server side logic. It should not be available to the user.
What the user can see is that there is a function available to make changes to something. This he will see from your AJAX call in JavaScript ( xmlhttp.onreadystatechange=function() xmlhttp.open("GET","index.php?q="+str,true); ).
Your responsibility, in the PHP (server side logic) is to make sure you scan the parameters to this function before you allow any changes to be made on the Database.
As with any requests to a database, you need to make sure you are escaping the parameters before any call is made to prevent SQL Injections.
As with previous answer, there are some libraries that exist that have some tools already built in. Some poeple prefer certain tools/languages/libraries over others, but they can all pretty much all do the same thing. What changes is a bit of how it's done. I think you are on the right path, just need to protect those PHP pages of injections and inputs/parameters you do not want.
If you are using multiple PHP pages for different actions, it is possible to have the same PHP script accessed from all other pages. Therefore your escaping (preventing SQL Injections) can be done in the same script and don't need to include it in every single PHP page that makes a database call.
Hope this helps a bit!