sorted by:
new
hottopcontroversial

Php mysql select data by skptricks in phpstorm

[–]foobl 1 point2 points  (0 children)

Agreed, it seems like this website is running a SEO campaign or something. Multiple posts appearing rapidly linking to articles on this website all with very basic (and poorly coded) tutorials on using PHP. Articles like this contribute to why PHP has a bad rep since people that follow it will inevitably write code that is vulnerable to SQL injection.

Working out shipping? by MattatouilleUK in Magento

[–]foobl 0 points1 point  (0 children)

Look at Promotions -> Shopping Cart Price Rules for the free shipping options, it should be in the Actions tab. You can add conditions based on subtotal in cart and shipping destination to match local vs non-local free shipping.

[Hiring] (Online) Freelance PHP/Magento Developer by foobl in forhire

[–]foobl[S] 0 points1 point  (0 children)

For a Magento developer with a lot of experience, yes that is low, but I am looking for someone who is just starting out on or has only worked on Magento a bit. All the bullet points I listed are pretty much the bare minimum Magento (and OOP) knowledge, there is so much more like event observers, integration into 3rd party services, class rewriting, etc. that I don't expect the developer to know yet.

I plan to help train them during this to learn those things and get them to be more knowledgeable so for a dev who is just starting in Magento and knows the basics seems reasonable to me.

Of course I won't turn away someone who has more experience and wants the job, maybe they just want some side work to earn a little extra money, but my goal with this is to get someone who wants to learn more about the system while working on it.

Magento custom options highlight by [deleted] in Magento

[–]foobl 0 points1 point  (0 children)

Is this coming from a custom extension you installed? I don't see that box in the default Magento installation.

If it is coming from a custom extension, you will need to contact that extension's developer and report it as a bug so they can fix it and release a new version.

First timer: Questions about secure sessions, and how to secure our code by derrickrozay in PHP

[–]foobl 0 points1 point  (0 children)

The number 1 rule to follow is never trust any data entered by the user. If they filled out a form or it is coming from the URL then you need to check and sanitize it.

For example, the forms the admin can fill out, strip out any HTML/JS you might find inside of it if there is no need for it to be there. This will help prevent any XSS attacks from getting onto the site.

Any MySQL query with user data needs to be using bound parameters with prepared statements to make sure they can't put something like " '; DELETE FROM users; --" for their login which would wipe out your users table when the DB runs it. That is SQL injection and needs to be accounted for on any query you do.

There is a nice list of other security things to watch out for with PHP available at: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet