Does anybody know if the security issues outlined in
http://www.securereality.com.au/archives/studyinscarlet.txt
are still salient or not? My boss wants a technical document outlining the
security risks of using PHP in an attempt to get it approved for general use
by Security. I just bought Moh
From: "Galbreath, Mark A" <[EMAIL PROTECTED]>
> Does anybody know if the security issues outlined in
>
> http://www.securereality.com.au/archives/studyinscarlet.txt
>
> are still salient or not? My boss wants a technical document outlining
the
> security risks of using PHP in an attempt to get it
It doesn't. What you're seeing is an SQL injection attack. If you *trust*
the SQL code you allow from POST or GET requests, your SQL server will be
own3d in due course.
That URL actually translates to 456456456 OR 1<>2
Which is always true. So If you use this verbatim, you'll get a true result
Send before any content, an MS-Word header :
header("Content-type: application/vnd-ms.word");
Then output your HTML.
Cheers - Neil.
At 07:41 10/05/2004 +, you wrote:
Message-ID: <[EMAIL PROTECTED]>
From: "Ng Hwee Hwee" <[EMAIL PROTECTED]>
To: "DBList" <[EMAIL PROTECTED]>
Date: Mon, 10 May 20
Hi,
I am a new to php. I am using php ver 4.0.3 and MySQL.
I have wrote two files and I'd like to pass some varaibles from first file
to use them in the second file.
but the values did not displayed in the second file(nothing print out). and
also I want to pass them to anothr file ... here i
It looks like "register_globals" is off. You'll have to access the
variables in the post array on your second page:
print "";
and so on... Try that first.
<>< Ryan
-Original Message-
From: Adam Farid [mailto:[EMAIL PROTECTED]
Sent: Monday, May 10, 2004 12:37 PM
To: [EMAIL PROTECTED]
S
DING! That's the sound of a little lightbulb turning on...
Thanks so much for that tidbit...I could certainly see myself getting
screwed by not using such a thing.
Dan
- Original Message -
From: "Neil Smith [MVP, Digital media]" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PR
unless you have Globals turned on, I think you and
$_POST['variable_name_here'] in the second page.
print "\n";
> Hi,
>
> I am a new to php. I am using php ver 4.0.3 and MySQL.
>
> I have wrote two files and I'd like to pass some varaibles from first file
> to use them in the second file.
> bu
Thanks pepole.
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'.
I typed in this way
print "";
but nothing a new.
I have checked "register_globals" i
Is it User_name or UserName?
Also try this string with 'UserName' in single quotes.
print "";
> I've tried but still does not work.
> when I put the varaibles name between ' '
>
> I found this error:
> Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
> `T_NUM_STRING'.
>
> I
>Thanks pepole.
>I've tried but still does not work.
>when I put the varaibles name between ' '
>I found this error:
>Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
>`T_NUM_STRING'.
>I typed in this way
> print "VALUE='$_POST[UserName]'>";
This is pre register_g
Thanks.
I tried your suggestion, but the values still did not displayed in second
page.
nothing printed out.
I put my files in db-list (Need some HELP).
regards
Adam
_
Stay in touch with absent friends - get MSN Messenger
http://
- Original message -
From: "Adam Farid" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Mon, 10 May 2004 19:54:51 +
Subject: [PHP-DB] Need some HELP (not works)
Thanks pepole.
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse
Hi there,
I (still :-) ) have the code of my php pages stored in a database. A main
page parses this code using the "eval_html" function postet at php.net. This
used to work fine, but then I tried to employ conditioned blocks, e.g.
Hello World
The function I use seperates this code in three pa
Hi all,
Installed software/os:
Win NT 4.0
IIS 4.0
PHP 4.3.1
MySQL 4.1.1
phpMyAdmin 2.5.6
I'm wondering how I can hide phpMyAdmin access via a webpage to the
mysql.mysql tablespecifically the user table.
I don't want anyone using phpMyAdmin to have access to the user table. I
only want to
I had something like this too.
I used something other for the start and ending blocks.
<# #>
Then had a replace() section.
> Hi there,
> I (still :-) ) have the code of my php pages stored in a database. A main
> page parses this code using the "eval_html" function postet at php.net.
> This
>
hi,
header("Content-type: application/vnd-ms.word"); is not what my customers
want. They may or may not want to save it in their harddisk.. but having the
header at the beginning of my page will force them to save it in their
harddisk. Some of the customers just want to view it on the web while ot
hi,
>header("Content-type: application/vnd-ms.word"); is not what my customers
>want. They may or may not want to save it in their harddisk.. but having
the
>header at the beginning of my page will force them to save it in their
>harddisk. Some of the customers just want to view it on the web wh
Hi
My customers would like to save my php outputs in a word document file and so I have
added a meta tag in my php files.
However, my File->Edit button in IE6 is greyed out. why? i see that other php files on
other websites allow Edit, why is it that my programs don't allow it??
thanx for any
Try to set session.cache_limiter to "private"
"Ng Hwee Hwee" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Hi
My customers would like to save my php outputs in a word document file and so I have
added a meta tag in my php files. However, my File->Edit button in IE6 is
greyed out.
thanx for the suggestion... it did work for a while! that's very
interesting... but, what happened now is that my file is a form that post to
itself... i can do an edit when it is the form, but after the user submits
the form and the information is displayed again without any form fields, the
"Edit
21 matches
Mail list logo
