Thank you Miles
Do you put the mail() function in a while{} loop for each mail address
or make a bactch of them?
-Original Message-
From: Miles Thompson [mailto:[EMAIL PROTECTED]
Sent: Monday, September 20, 2004 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Mass mail
Yes - we're
Up front it sounds like a good option. However, my
first thought is, entering another encrypted id just
puts me back to the same problem. How easy would it
be for someone to break the encryption algorithm ? My
guess is that it would be easy.
Stuart
--- Jasper Howard [EMAIL PROTECTED] wrote:
See my response interspersed:
--- M Saleh EG [EMAIL PROTECTED] wrote:
You should always avoid passing Record IDs through
URL parameters.
Use form Hidden fields instead!
I agree. Even as someone with limited experience.
That is why I'm trying to figure out the right way to
do it. The
Execuse me, i know i am not putting my question in right mail forum but i
trust that many of you can give me the right answer. also request you to
kindly give me email add. of mailing list where this type question should be
put up.
i am using
session_cache_limiter(public);
in one of my webpages,
Hi Guys
Just to jump in here. I really need to disagree with any method of hiding
the 'record id'
How is hiding the record ID in the hidden input any safer than in the
URL...simple answer: it isn't...it will prevent the unsophisticated user
from changing the value, but its not even challenge
See response interspersed:
--- Bastien Koert [EMAIL PROTECTED] wrote:
To be entirely honest, there is no real reason not
to use the url to pass data, IF the data is not
sensitive. For sensitive data, sessions are the
best thing to use. HIdden fields are good only to
keep the users from
I agree with John Holmes.
It's all the matter of obfuscating in this case.
The real deal structure is to have a set of permission checking!
This is where ACL comes into play. But I asume ur app is not that of a
big one for u to make a set of permissions based actions and gui's. So
staticaly
It's really hard to tell what you mean by, For whatever reason I can not
use session only here. It does not return the correct record from the table.
Maybe that doesn't make anysense. without looking at the code you have.
However, the session does not, itself, actually return any of your data.
ACL ?? Is that Account Control Language ?
Maybe that is something I should use.
Stuart
--- M Saleh EG [EMAIL PROTECTED] wrote:
I agree with John Holmes.
It's all the matter of obfuscating in this case.
The real deal structure is to have a set of
permission checking!
This is where ACL
From: Stuart Felenstein [EMAIL PROTECTED]
For whatever reason I can not use session only here.
It does not return the correct record from the table.
Don't say that you cannot use sessions, just say that you haven't figured
out how to correctly use them, yet.
Maybe that doesn't make anysense. In
Ok, so you can't store the record id in the session, no problem. Assuming
you store the userid in a session, you can pass the record id in the hidden
field.
Then when retreiving the data, after validating the record_num
How to validate:
If you know that the record_is id only numeric, then check
From: Bastien Koert [EMAIL PROTECTED]
You can also validate the IP of the user for the session. Since many
people are still on dialup, they do not have a static IP and therefore its
of little value to store...but it should remain the same for the session.
IP addresses are pretty much worthless
HELLO FRIENDS
I NEED KNOW HOW CAN CONNECT PHP WHIT A FREE TABLE IN FOXPRO
I HAVE ADODB FOR PHP, BUT I DON`T KNOW NOW PROGRAMER
PLEASE, HELP ME
I NEED CODE SAMPLE
AttE :-Eduardo Corts
C.Ingeniero
--- John Holmes [EMAIL PROTECTED] wrote:
From: Stuart Felenstein [EMAIL PROTECTED]
For whatever reason I can not use session only
here.
It does not return the correct record from the
table.
Don't say that you cannot use sessions, just say
that you haven't figured
out how to
When I
request update.php?recordID=2, you should be doing
something like SELECT
* FROM Record_Table WHERE recordID = 2 AND userID =
3, which will not
return any rows.
Okay that makes sense I will try that. Though I'd
imagine the SQL will need to be different since I
could be dealing with
Thats why I said CAN, since it is unreliable
Bastien
From: John Holmes [EMAIL PROTECTED]
To: Bastien Koert
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
CC: [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: Re: [PHP-DB] Passing URL parameters, how to hide
Date: Tue, 21 Sep 2004 10:22:32 -0400
From: Bastien Koert [EMAIL PROTECTED]
You can also validate the IP of the user for the session. Since many
people are still on dialup, they do not have a static IP and therefore
its of little value to store...but it should remain the same for the
session.
IP addresses are pretty much worthless
So what I did was this statement: SELECT * FROM Table
WHERE RecordID = blue and UserID = red
blue is the variable for the recordID
red is the variable for the userID
So now when I change either of those variables in URL
no record is returned.
Did I finally get this right ?
Stuart
---
From: Stuart Felenstein [EMAIL PROTECTED]
So what I did was this statement: SELECT * FROM Table
WHERE RecordID = blue and UserID = red
blue is the variable for the recordID
red is the variable for the userID
So now when I change either of those variables in URL
no record is returned.
Did I
Sounds about right...I would use the session variable for the user name so
that is not even present...but that is the result that you want...
Bastien
From: Stuart Felenstein [EMAIL PROTECTED]
To: Bastien Koert [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
CC: [EMAIL PROTECTED],
Nope, can't get to any other record. One would have
to match both userid and recordID to get a hit.
Perhaps now I should put this into a form and send it
via hidden fields , for another layer of protection.
Stuart
--- John Holmes [EMAIL PROTECTED] wrote:
From: Stuart Felenstein [EMAIL
No, No, NO!
The user id should not be in the hidden elements in the form.
You need to store that in a session variable for the duration of that user's
session. Otherwise they can try to hack by changing the combination until
they hit another valid record.
Bastien
From: Stuart Felenstein [EMAIL
The following excerpt is a result found on the internet.
I am not the author of that text, but as it might help, here you go:
Here's the first part:
http://php.weblogs.com/com_php
Using COM from PHP to get to the ADO object model. ADO is an
abstraction of OLE DB funtionality.
The second part
Hi all,
Anyone know how to access the optional COMMENT you can add to columns
during table creation?
If you don't expect 20 diffrent answers for 20 different databases you
should be more specific. Nobody knows which database do you use.
/Georg
--
PHP Database Mailing List
the encryption is random, there is no algorithm to break it, I'm not going
to argue against any of the other problems with this system, but no one is
going to be able to break this algorithm, its 14 characters of lowercase and
upper case letters and numbers, in random order.
--- M Saleh EG [EMAIL PROTECTED] wrote:
Ur 2nd question.. Okay .. how would u use the hidden
inputs? with
hidden inputs.. I mean the form hidden elements
(input type=hidden
name=id value=recordID /) so instead of having
hyperlinks
pointing to the form page use a form with submit
btns
Okay, I can make that change.
Stuart
--- Bastien Koert [EMAIL PROTECTED] wrote:
No, No, NO!
The user id should not be in the hidden elements in
the form.
You need to store that in a session variable for the
duration of that user's
session. Otherwise they can try to hack by changing
are you using native encryption from the database ?
Stuart
--- [EMAIL PROTECTED] wrote:
the encryption is random, there is no algorithm to
break it, I'm not going
to argue against any of the other problems with this
system, but no one is
going to be able to break this algorithm, its 14
From: [EMAIL PROTECTED]
the encryption is random, there is no algorithm to break it, I'm not going
to argue against any of the other problems with this system, but no one is
going to be able to break this algorithm, its 14 characters of lowercase
and
upper case letters and numbers, in random
From: Stuart Felenstein [EMAIL PROTECTED]
I still want to pass the id's through hidden.
So the html in the first form looks like this:
input name=hiddenField type=hidden
value=recordID
input name=hiddenField type=hidden value=user
id/td
Form is set to post.
Why would you pass UserID in the form
Ok guys, I think you're beating a dead horse, the idea is understood,
and there are quite a few ways to do what is needed, there have been
like 30 posts on this...
On Tue, 21 Sep 2004 14:12:43 -0400, John Holmes
[EMAIL PROTECTED] wrote:
From: Stuart Felenstein [EMAIL PROTECTED]
I still want
Hi all, I run this instruction on Postgres psql tool:
grant all privileges on database test to newuser;
The goal is to give all privileges to newuser(user that is not a superuser)
on test, the owner is postgres but I need to give this other user
privileges.
The problem is, after run this
Hi,
I am trying to use the PHP in windows, IIS environment to access an Oracle database. I
need to have the php_oci8.dll and php_oracle.dll modules.
From where should download them ?
Please help!!!
Thanks,
they are in the extensions folder in the php folder.
From: Saeid Banaei [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Where can I download the php_oci8.dll and ph_oracle.dll ?
Date: Tue, 21 Sep 2004 14:30:10 -0400
Hi,
I am trying to use the PHP in windows, IIS environment to access an
34 matches
Mail list logo