David Krings wrote:
Gary Mort wrote:
David Krings wrote:
Exactly! All input is evil, even when it comes from your database
and your script. There is no good reason not to check input each and
every time, there are only bad excuses for not doing it.
Well, by that token you should maintain a
[EMAIL PROTECTED] wrote:
First how did that bad guy "execute" the query without hitting the
submit button or entering the captcha code and how did it bypass the
check function.
Your running queries before you do your captcha check in your code.
if (!isset($_POST['securityImageValue']) || !iss
For future reference, can you please snip quoted text to only the
relevant bits.
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participati
Elliotte Harold wrote:
Certainly SQL databases can be evolved, but it's really hard to do.
I've never had a problem with it 10 years ago when we changed and
evolved our business processes to constantly improve a part management
and ordering system.
It was always a simple matter - you either
Elliotte Harold wrote:
By contrast, if you don't lock in any schema at all (as is possible with
an XML DB) then you can adapt your data to meet changing and newly
discovered requirements as they become apparent. You can also design and
deploy your application in short iterations that progressiv
Tim Gales wrote:
But when it comes time to exchange data from one table in a
database to another database -- even within the the same DBMS --
all bets about the "not-needing-to-be-next-to-another-attribute-ness"
are off. (e.g. as in a comma separated file)
I've never run into this issue. I'v
Keep in mind, the primary purpose of Kannel is to allow a linux box to
send SMS messages either through a cell phone, or through another SMS
provider.
As such, your not going to find a lot directly on Kannel and PHP, it's
not relevant.
The codeword to search for is:
SMPP, MM1 and MM7 . I wi
Kenneth Downs wrote:
I'm wondering if somebody knows whats up here.
I'm writing does in OO.org.
As far as I know, you need bucks to write does.
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 P
I just received an email announcement that Paypal will be holding 2
developer day presentations(9AM to 5PM) in New York.
One in Brooklyn on November 8th, and one in Manhattan on November 9th.
It's a free all day presentation, plus you can take their
"certification" exam for free at the event(w
David Krings wrote:
Brian D. wrote:
Can you define why it's bad form? When is it considered acceptable to
use?
As mentioned above, I don't think it is "bad", but more dangerous in the
sense that you may not get anything when the server does not craft this
array. It is more that you need to k
Ben Sgro (ProjectSkyLine) wrote:
with ffmpeg when it becomes economically justifiable(ie you are
willing to put the hours in to troubleshooting again and again when
problems crop up).
Wish I knew what a problem it was before I fell into the trap of
deliverying
a working application.
I knew
Ben Sgro (ProjectSkyLine) wrote:
Good morning,
Super off topic, but since this list is one of my best resources for help,
I figured I'll try here.
I've spent a lot of time on google and can't seem to figure out the problem.
I have a PHP app that is converting .avi's to .flvs. I'm using ffm
Cliff Hirsch wrote:
So I have two “managed” dedicated hosting choices:
The first one claims to manage the entire application infrastructure
with “fanatical” support. Guess who. Very expensive, but it does appear
as though they take on the entire sysadmin role (which I define as
anything other
John Campbell wrote:
That makes sense to me, I have never considered using eleventy
thousand views. Is managing all of those views a problem? Do you
create the views on the fly, or are they "fixed" when you create the
new user account? How do you alter the views?
Dunno, I would assume it dep
John Campbell wrote:
On 9/28/07, Kenneth Downs <[EMAIL PROTECTED]> wrote:
I will claim that putting security
directly into the database is better than any other way because it does what
is needed in the end with the least possible work.
I must be missing something. Take a simple social net
Kenneth Downs wrote:
but of course we want to prevent session hijacking and forged urls no matter what the security mechanism, right?
I'd also like to prevent users entering something in an input field
because their "friend" tells them it's a good idea.
But since I can't control users..
Kenneth Downs wrote:
The focus is on "...does not let them do anything they can't do anyway"
If the hacker wants to test the SQL injection abilities, let them.
>Let them have fun. Let them learn. The real question is, can they
>do harm? And the answer is NO, not if they are connect
Kenneth Downs wrote:
1) SQL Injection does not let them do anything they can't do anyway, so
at most it is a waste of the hacker's time
Many things are a waste of the cracker's time, but they do them anyway.
So counting on the result not being worth the time of cracker is
wishful thinking. :
John Zabroski wrote:
We should always say what we mean, and always question what we mean. I
can guarantee you I learned this the hard way.
You got conned into sitting on a stupid egg too?
___
New York PHP Community Talk Mailing List
http://lists.nyph
Kenneth Downs wrote:
[EMAIL PROTECTED] wrote:
Why do you need to store the password?
Database access. Each trip to the server requires that you make a
connection to the server.
In the PHP+MySQL world it is taken as an article of faith that you
connect to the database as a super-user or
Kenneth Downs wrote:
That can only be done if the password is stored on the browser between
requests. No thanks!
At any rate, in principle I believe that sessions are a bad way to do
things, they just have that bag-on-the-side feel. The only permanent
use of a session in Andromeda is to store
tedd wrote:
My slant, which is of no importance, is that web application
developers have to be masters of several languages -- one won't do. At
present, a good grasp of php, javascript, mysql, css, and ajax makes
for good company in application development.
Hmm...has this ever not been t
Kenneth Downs wrote:
BZ's example is exactly what I've been coding the past week or so, and
it is far simpler keeping track
^
I'll take this as a hint that I need to create a sigfile with my name
and such in it.
___
New York PHP Community Tal
Hans Zaunere wrote:
Ajax solves this problem neatly by letting you move all state [1] into
the browser. This makes sense from an architectural viewpoint because
we are putting this context information close to where it is needed,
the UI.
I'm not sure what you mean, though, by keeping sta
PaulCheung wrote:
.
if ($number_of_records == 0)
{$link = "http://localhost/mainmenu.php";}
I have also tried
header('Location: http://localhost/mainmenu.php);
For the first, I generally find it best to place an "echo $link" first
to make sure it is being set to what I think it should be s
Kenneth Downs wrote:
FWIW, there was a principal stated in E.F. Codd's very first paper on
his proposed relational theory that a system should allow, by inquiry,
the ability to determine its complete state. I guess we don't get
that w/Javascript.
Small nit to pick.
Javascript isn't a sys
Kenneth Downs wrote:
I cannot seem to figure out which javascript function I would use to
determine the event listeners that have been added to an element. Can
anybody steer me on this? Thanks...
Apparently, none.
http://objectmix.com/javascript/116920-how-discover-if-attachevent-done-elem
Rolan Yang wrote:
I lost some hair over the same issue when trying to hack FsckEditor
with image upload into a clients website hosted at hosting4less.com
The details are kind of vague, but I remember it having something to
do a php SAFE MODE restriction on mkdir and the fact that the web
server
Kenneth Dombrowski wrote:
Hi Gary,
what does it complain about when you remove the error supression @s ?
It doesn't. I am finding more and more web providers setup Apache to
not give any error messages when something goes wrong.
This naturally makes it more difficult to troubleshoot th
csnyder wrote:
If you're looking for something free, the PHP IDE for Eclipse project
is roughly equivalent, plus you get all of the other Eclipse goodness
in the bargain. We had a presentation on it at the February NYPHP
meeting, but the slides never made it online...
Mainly I am looking for
Oh, as a follow up, approximately 1 year ago I did try the Komodo
editor, since it was available for Windows and Linux. I felt that if it
did what I needed in windows, I could then migrate to Linux.
At the time it did not have code folding built in. I'll review it again
and see if that has c
Since there are a lot of people here who probably code in PHP(ha) and
use Linux, I thought I'd ask here if anyone is familiar with GUI
programmer editors in Linux.
Yes, yes, I can and do use VI when on linux. But my work habits have
formed over the years based on using the best tool for my m
Urb LeJeune wrote:
I used to teach Computer Science at the college and graduate
level. When OOP first
started the programmers with a lot of experience had real difficulty
seeing the advantage and
adapting to the new methodology. However, students who were just
starting to program had
n
Anthony Wlodarski wrote:
So if that is passed to a different script in say a $_POST[‘str’]
variable would then the string look like “You\’re didn\’t dood it.”?
Now even if magic quotes are enabled and I use
mysql_real_escape_str($_POST[‘str’]) would the string then look like
“You\\\’re didn\
34 matches
Mail list logo
