Hi there im trying to code a website for a school project which is similiar to a social media platform the log in and stuff i will figure out myself but i need help with making a personalised profile page. How can i make a page for someone with an account that can upload his pictures and text he wants to “post” on the platform.
I hope someone has the time to explain this to me :)))
What I would do is create 1 static file that holds the contents of whatever template or layout you’re trying to implement. Then I’d use some kind of server side language to generate the necessary texts or elements in that page.
Your most difficult part will be if you want to have some kind of friendly username URL, then you’ll have to have that dictate what you need to get from the database. If not, another way is using the ID of the account to dictate what to get.
This all depends on what server side language you’re going to be using.
litterly just beginning we got the website template
Yes i was thinking about have a static template for every webpage but with adjustable profile pictures and the different post. more over im still very basic with html and css and php like i know how it works and stuff but i can learn real quick im just interested can i connect the upload the picture to the data base or the server?
Both. You’ll need to store the actual image files on the server. In your database, you’ll just reference the file name. In your code, you’ll need to use the absolute path along with the file name that you’ll get from the database to get to the image so that it’ll actually display.
When uploading an image however, you should do the proper security checks to make sure the image actually is an image. Allowing users to upload arbitrary files is a no-no and a huge security risk. Don’t rely on the file extension because anyone with a cheap $100 computer can change the file extension from something malicious like .PHP to .jpg by right clicking and renaming the file before uploading it to your server.
So i need to make an if statement so it only includes .jpg .png. jpeg .gif
No no no. I was telling you to do the opposite. Relying on file extensions is a no-no. Depending on the server side language you’re going to be using, I recommend checking the mime content type of that file to make sure the bytes are actually returning a legitimate image type. Legitimate image files will return legitimate mime content types. Checking for the file extension is a big no-no.
That’s why a lot of websites get hacked a lot, because the developers of those sites allow arbitrary files to be uploaded only with the exception that the files end in a .jpg, .png, .gif, etc file extensions.
https://www.opswat.com/blog/file-upload-protection-best-practices
- Verify file types – In addition to restricting the file types, it is important to ensure that no files are ‘masking’ as allowed file types. For instance, if an attacker were to rename an .exe to .docx, and your solution relies entirely on the file extension, it would bypass your check as a Word document which in fact it is not. Therefore, it is important to verify file typesbefore allowing them to be uploaded.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.