[PHP-DOC] Re: cvs: phpdoc /en/chapters security.xml

Wed, 27 Feb 2002 00:04:34 -0800 

Hi all,

after a long break I'm back again, and it wouldn't be me,
if I didn't want to turn around everything :)

What I've recognized is that the page-width of
http://www.php.net/manual/en/security.database.php causes difficulties
to read this chapter for people with a smaller screen-resolution.

So I'd like to do the following changes to ease this situation a little bit:

change line 787
$query  = "SELECT * FROM products WHERE id LIKE '%a%' exec master..xp_cmdshell 'net
user test testpass /ADD'--";
to
$query  = "SELECT * FROM products
                    WHERE id LIKE '%a%'
                    exec master..xp_cmdshell 'net user test testpass /ADD'--";

and line 859
$query  = sprintf("SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET %d;",
$offset);
to
$query = sprintf("SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET %d;",
                 $offset);

This change might make reading these 2 code-lines more difficult, but eases
the reading of the whole chapter.

If everybody aggrees, I'll commit it.

Cu,
Thomas

Thomas Schoefbeck wrote:

> tom             Wed Feb 27 02:35:52 2002 EDT
>
>   Modified files:
>     /phpdoc/en/chapters security.xml
>   Log:
>   typo, example-corr.
>
> Index: phpdoc/en/chapters/security.xml
> diff -u phpdoc/en/chapters/security.xml:1.43 phpdoc/en/chapters/security.xml:1.44
> --- phpdoc/en/chapters/security.xml:1.43        Mon Feb  4 06:51:22 2002
> +++ phpdoc/en/chapters/security.xml     Wed Feb 27 02:35:51 2002
> @@ -1,5 +1,5 @@
>  <?xml version="1.0" encoding="iso-8859-1"?>
> -<!-- $Revision: 1.43 $ -->
> +<!-- $Revision: 1.44 $ -->
>   <chapter id="security">
>    <title>Security</title>
>
> @@ -508,7 +508,7 @@
>      access and manipulate databases within PHP scripts.
>     </simpara>
>     <simpara>
> -    Keep in my mind this simple rule: defence in depth. In the more place you
> +    Keep in mind this simple rule: defence in depth. In the more place you
>      take the more action to increase the protection of your database, the less
>      probability of that an attacker succeeds, and exposes or abuse any stored
>      secret information. Good design of the database schema and the application
> @@ -852,7 +852,7 @@
>           <title>A more secure way to compose a query for paging</title>
>           <programlisting role="php">
>  <![CDATA[
> -settype($order, 'integer');
> +settype($offset, 'integer');
>  $query  = "SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET $offset;";
>
>  // please note %d in the format string, using %s would be meaningless

Reply via email to