I asked something similar to this on the ph-db ml yesterday, but that
list seems to be almost dead.
The situation I have is that I am trying to get the postgres error
code (as opposed to some error message - see my other posts to this
list over the last day or so for the background to that). I
Hm? Didn't see this one yesterday on the list?
Let's try again :)
-afan
Chris Shiflett wrote:
You forgot to filter your input. Shame! :-)
Escaping alone can save you in many cases, but always filter input and
escape output.
I confess: I didn't forget. I did it just wrong :( Even I thought
I was reading PHP Security Briefing from brainbulb.com (Chris Shiflett)
and didn't get one thing:
in example:
?php
$clean = array();
if (ctype_alnum($_POST['username']))
{
$clean['username'] = $_POST['username'];
}
?
why to set the $clean as array? what's wrong if I use:
Hello afan,
Monday, June 6, 2005, 6:39:09 PM, you wrote:
aan I was reading PHP Security Briefing from brainbulb.com (Chris Shiflett)
aan and didn't get one thing:
aan in example:
aan ?php
aan $clean = array();
aan if (ctype_alnum($_POST['username']))
aan {
aan
Thanks Richard.
I got the point Chris was making: never believe _GET/_POST and use
ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I
already started :) (Thanks Chris that was great for us beginners,
already posted on few Bosnian php forums :))
My question though was is the
[EMAIL PROTECTED] wrote:
I was reading PHP Security Briefing from brainbulb.com (Chris
Shiflett) and didn't get one thing:
in example:
?php
$clean = array();
if (ctype_alnum($_POST['username']))
{
$clean['username'] = $_POST['username'];
}
?
why to set the $clean as array?
Hello afan,
Wednesday, June 8, 2005, 4:33:24 PM, you wrote:
aan My question though was is the difference in code I mentioned just
aan a habit of writing code or there is some more? Some security
aan issues too?
It was most likely just a coding habit - there was no discernable
difference between
* [EMAIL PROTECTED] [EMAIL PROTECTED] :
Thanks Richard.
I got the point Chris was making: never believe _GET/_POST and use
ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I
already started :) (Thanks Chris that was great for us beginners,
already posted on few Bosnian php
[EMAIL PROTECTED] wrote:
I got the point Chris was making: never believe _GET/_POST and use
ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I
already started :) (Thanks Chris that was great for us beginners,
already posted on few Bosnian php forums :))
You're welcome. :-)
I
First, thanks guys for such a fast response :)
Matthew Weier O'Phinney wrote:
While the above would prevent most SQL injections, it could still wreak
havoc with your database. For instance, what if your 'phone' or 'zip'
fields in your database are integer fields, and text gets passed from
Hi,
I looked everywhere for a nice explanation of this darn simple thing,
but had no luck. I am working with some code made by a different person thats
why i am running into these sorts of things. (yes, i am kinda newbie)
I have a file named blah.php with this line:
On Wed, 09 Feb 2005 18:15:28 -0800 (PST), Pagongski
[EMAIL PROTECTED] wrote:
Hi,
I looked everywhere for a nice explanation of this darn simple thing,
but had no luck. I am working with some code made by a different person thats
why i am running into these sorts of
David A. Stevens wrote:
Please remove my address from any future correspondence about PHP.
Allrighty then. I warned ya Davey...you're on yer way to /dev/null. If
you're lucky, I won't post your email to any porn lists or USENET.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 16 Apr 2004 18:18, John Nichel wrote:
David A. Stevens wrote:
Please remove my address from any future correspondence about PHP.
Allrighty then. I warned ya Davey...you're on yer way to /dev/null. If
you're lucky, I won't post your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 16 Apr 2004 18:18, John Nichel wrote:
David A. Stevens wrote:
Please remove my address from any future correspondence about PHP.
Allrighty then. I warned ya Davey...you're on yer way to /dev/null. If
you're lucky, I won't post your
Gurus,
I'm running a login script where the user enters login/password and if it
matches what I have in my db and their account is active, I set a login
cookie (login_ck) and an authentication cookie (authenticate_ck). If the
login and authentication cookies are set when the user goes back to
Ryan Schefke wrote:
setcookie (login_ck, $lo, time()+ 60*60*24*30, , , 0); //set
cookie for login, for 30days
Expire is supposed to be an integer. Try...
setcookie (login_ck, $lo, time()+ 2592000, , , 0);
--
***
* _ __
John - It works now! That was it. Thanks!
Ryan
-Original Message-
From: John Nichel [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 10:53 AM
To: PHP Mailing List
Subject: Re: [PHP] Explanation of cookie behavior
Ryan Schefke wrote:
setcookie (login_ck, $lo, time()+ 60*60*24
On 15 April 2004 15:43, Ryan Schefke wrote:
I'm running a login script where the user enters
login/password and if it
matches what I have in my db and their account is active, I set a
login cookie (login_ck) and an authentication cookie
(authenticate_ck). If the
login and authentication
On Friday 14 November 2003 01:27, Scott Fletcher wrote:
Thanks... Yep, using the Outlook QuoteFix and it work like a charm. I
noticed by default is by bottom-posting, so I checked the option to make it
be a top-posting option.
Chris, I think you can scratch him off your list of converts :-)
Chris, et al --
...and then Chris W. Parker said...
%
...
% --
% Don't like reformatting your Outlook replies? Now there's relief!
There sure is. Uninstall Outhouse and use mutt, now available for win :-)
HAND
:-D
--
David T-G * There is too much animal courage in
On 12 Nov 2003 17:37:58 -0500
Robert Cummings [EMAIL PROTECTED] wrote:
It's not active on the main page. It's on the search page.
Go there instead.
http://www.php.net/search.php
And it doesn't seem to work with Opera 6 :)
Try the latest version. It works for me ;)
opera:about
- Edwin - wrote:
On 12 Nov 2003 17:37:58 -0500
Robert Cummings [EMAIL PROTECTED] wrote:
It's not active on the main page. It's on the search page.
Go there instead.
http://www.php.net/search.php
And it doesn't seem to work with Opera 6 :)
Try the latest version. It works for me ;)
Scott Fletcher wrote:
Hi!
Would anyone care to explain to me about the article on the frontpage of
the php.net website about the IDE or PHP function name code completion?
Never mind about the bug report and browser stuffs...
This feature (called intellisense by Microsoft) is where if you
Robert Cumming - OIC, now I understand. Far out! Way Cool! Neat!!!
Chris Parker - Yea, it sux about the IE's auto-completion too. Saw that
pressing escape just once turned off the IE drop down feature but it's only
temporary until pressing another key into the drop down... Um, all the mroe
Scott Fletcher mailto:[EMAIL PROTECTED]
on Thursday, November 13, 2003 6:29 AM said:
Thanks for
the attachment at the bottom of the email about 'reformatting the
outlook replies'. That is great, I'm going to use it.
hahahahahahaha! This is sooo funny (to me) because just last week we
Thanks... Yep, using the Outlook QuoteFix and it work like a charm. I
noticed by default is by bottom-posting, so I checked the option to make it
be a top-posting option. Kind of suck that it would have to be plain text
email only though (instead of the html email) but nothing I can't handle
Hi!
Would anyone care to explain to me about the article on the frontpage of
the php.net website about the IDE or PHP function name code completion?
Never mind about the bug report and browser stuffs...
--snip--
New function list auto completion
[04-Nov-2003] You can probably name at least
It's not active on the main page. It's on the search page. Go there
instead.
http://www.php.net/search.php
And it doesn't seem to work with Opera 6 :)
Cheers,
Rob.
On Wed, 2003-11-12 at 17:33, Scott Fletcher wrote:
Hi!
Would anyone care to explain to me about the article on the
Robert Cummings mailto:[EMAIL PROTECTED]
on Wednesday, November 12, 2003 2:38 PM said:
It's not active on the main page. It's on the search page. Go there
instead.
http://www.php.net/search.php
Wow that's cool. Sux though that IE's auto-complete gets in the way of
the way list.
Hi. Im looking over someone else's code and I come across something I
dont understand and dont know where in the manual to look for it.
Here is an example ==
$string1 = (isset($string2)) ? $HTTP_GET_VARS['pid'] : ;
I have no idea what the '?' in the line and the ':' at the end, so I
have no
To: PHP
Subject: [PHP] Explanation
Hi. Im looking over someone else's code and I come across something I
dont understand and dont know where in the manual to look for it.
Here is an example ==
$string1 = (isset($string2)) ? $HTTP_GET_VARS['pid'] : ;
I have no idea what the '?' in the line
ternary operator ... if/else shorthand; here's the long way to to do it:
if(isset($string2)) {
$string1 = $HTTP_GET_VARS['pid'];
} else {
$string1 = ;
}
-or-
$string1 = ;
if(isset($string2)) {
$string1 = $HTTP_GET_VARS['pid'];
}
Hank
On Wed,
33 matches
Mail list logo