I ran a test (just added a SQL command, harmless one in a text field) to see
what happens on SQL injection, without proper slashing or escaping
(addslashes/mysql_real_escape_string). I like mysql_real... cause it takes
the guess work out of making the data safe. Thanks everyone for the brief
less
>From what I understand, it's all queries that need this protection, not just
INSERT/UPDATE.
One example that Brian Dailey gave was with your original query
$query = "SELECT * FROM `jobsdb` WHERE `id` =".$_POST['id']."";
Someone could supply in $_POST['id']:
1; DROP `jobsdb`;
This could easily
That would be horrendous if someone did that. Alright all my queries get
updated then. I didn't know that a SQL query string in PHP could contain
more than one command (I am so new to PHP/MySQL) but I guess as long as
there is a delimiter (";") any number of commands could be run, malicious or
no
So I was doing some reading on magic quotes and wrote a simple check to see
if it is on or not. On our box magic quotes are disabled (which is the way
I would prefer it, I would rather manually add my own slashes to sequences
that need it) but my shared hosting has magic quotes enabled. Now I kno
All -
Thanks for your suggestions. We ran out of time on addressing this
issue (technically), so we decided to "Romanize" (b!) the
input.I know, I do feel like a defeatist, but it's not my
budget! I did not use mb_detect_encoding, but that sounds like
something that would help.
csnyder wrote:
On 8/15/07, Anthony Wlodarski <[EMAIL PROTECTED]> wrote:
So I was doing some reading on magic quotes and wrote a simple check to see
if it is on or not. On our box magic quotes are disabled (which is the way
I would prefer it, I would rather manually add my own slashes to sequ
On 8/14/07, Stephen Musgrave <[EMAIL PROTECTED]> wrote:
>
> I am not on Windows, so Office documents don't open in my browser.
> Any other suggestions?
I know this issue is no longer moot, but you can of course open a csv
file in any browser, because it is just text. The excel file, not so
much...
On 8/15/07, Anthony Wlodarski <[EMAIL PROTECTED]> wrote:
>
> So I was doing some reading on magic quotes and wrote a simple check to see
> if it is on or not. On our box magic quotes are disabled (which is the way
> I would prefer it, I would rather manually add my own slashes to sequences
> that
Anthony Wlodarski wrote:
So if that is passed to a different script in say a $_POST[‘str’]
variable would then the string look like “You\’re didn\’t dood it.”?
Now even if magic quotes are enabled and I use
mysql_real_escape_str($_POST[‘str’]) would the string then look like
“You\\\’re didn\
At 09:31 AM 8/15/2007, you wrote:
The standard mysql_x() functions do not allow multiple queries, so
you're not so worried about someone injecting drop table statements.
Nevertheless, plenty of damage and/or disclosure can be performed with
just a single query.
Just to emphasize and elaborate
Anthony Wlodarski wrote:
> So I was doing some reading on magic quotes and wrote a simple check to see
> if it is on or not. On our box magic quotes are disabled (which is the way
> I would prefer it, I would rather manually add my own slashes to sequences
> that need it) but my shared hosting has
I think the function arrray_walk_recursive, and array_map are very
useful for dealing with escaping. For instance:
if(get_magic_quotes_gpc()) {
array_walk_recursive($_POST,"stripslashes");
array_walk_recursive($_GET,"stripslashes");
array_walk_recursive($_COOKIE,"stripslashes");
}
You also proba
I installed Subversion and now Xampp Apache no longer starts. Even after
uninstalling Subversion. Any ideas other tha reinstalling xampp?
Cliff
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Prese
please pardon the off-topic post, but if anyone's looking for a pretty
decent space:
Shared Office Space Available in Great Location - Flatiron District
Share office space with a technology firm in an 1100 square foot
loft-like space starting SEPTEMBER 1st. Office is located in an elevator
bu
On 8/15/07, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> I installed Subversion and now Xampp Apache no longer starts. Even after
> uninstalling Subversion. Any ideas other tha reinstalling xampp?
>
> Cliff
What does the Apache error log have to say about it?
--
Chris Snyder
http://chxo.com/
Sean Pangia wrote:
> please pardon the off-topic post, but if anyone's looking for a pretty
> decent space:
1. Please refrain from posting OT topics to this (or any) list. There
are any number of venues you can use for this.
2. When starting a new topic please don't do so by replying to an
unrel
On Aug 15, 2007, at 1:43 PM, Dan Cech wrote:
2. When starting a new topic please don't do so by replying to an
unrelated email, and especially not one 8 months old. Is it so much
effort to type an email address in the To: field?
It seems to me that this is a new topic... at least it shows up
s
On Wed, 15 Aug 2007, Rob Marscher wrote:
> On Aug 15, 2007, at 1:43 PM, Dan Cech wrote:
> > 2. When starting a new topic please don't do so by replying to an
> > unrelated email, and especially not one 8 months old. Is it so much
> > effort to type an email address in the To: field?
> It seems to
Dan Cech wrote:
Sean Pangia wrote:
please pardon the off-topic post, but if anyone's looking for a pretty
decent space:
1. Please refrain from posting OT topics to this (or any) list. There
are any number of venues you can use for this.
2. When starting a new topic please don't do so
Sean Pangia wrote:
> Dan Cech wrote:
>> Sean Pangia wrote:
>>> please pardon the off-topic post, but if anyone's looking for a pretty
>>> decent space:
>>
>> 1. Please refrain from posting OT topics to this (or any) list. There
>> are any number of venues you can use for this.
>>
>> 2. When sta
Hi Everyone,
I am very new to the concept of SOAP. Yesterday I bought a book of Amazon
on PHP Web Services and today my ATG/JSP savvy project manger asked me to
write a SOAP request using PHP :) The PHP program needs to grab an XML file
(generated by a JAR file on an APP servlet ) via a POST me
Outlook 2007 doesn't thread at all, but while we are on it the most useless
view in the history of man, Microsoft Timeline:
http://www.anthonyw.net/images/useless.gif
Not for the easily disoriented (100% safe for work).
Anthony Wlodarski
Senior Technical Recruiter
Shulman Fleming & Partners
646-
Rob Marscher wrote:
> On Aug 15, 2007, at 1:43 PM, Dan Cech wrote:
>> 2. When starting a new topic please don't do so by replying to an
>> unrelated email, and especially not one 8 months old. Is it so much
>> effort to type an email address in the To: field?
> It seems to me that this is a new to
On Wed, 15 Aug 2007, Dan Cech wrote:
> The simple fix is to create a new message when you are creating a new
> thread, rather than trying to 'recycle' an old one.
Of course, Im not disagreeing with you.
Also, quoting just enough to make context clear (like here) helps - most
people are too lazy
Can someone explain bottom posting vs top posting to this younger programmer
(who did not work on Gmail)
On 8/15/07, Ajai Khattri <[EMAIL PROTECTED]> wrote:
> Oh, and bottom posting too (yes, I know Gmail top posts by default - I can
> only assume it was written by younger programmers that dont k
On 8/15/07 1:32 PM, "csnyder" <[EMAIL PROTECTED]> wrote:
> On 8/15/07, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
>> I installed Subversion and now Xampp Apache no longer starts. Even after
>> uninstalling Subversion. Any ideas other tha reinstalling xampp?
>>
>> Cliff
>
> What does the Apache erro
On Wed, 15 Aug 2007, Tom Sartain wrote:
> Can someone explain bottom posting vs top posting to this younger programmer
http://en.wikipedia.org/wiki/Posting_style
--
Aj.
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/list
Tom,
When you top post like this, you ruin the flow of the text, as the
thread of conversation begins somewhere in the middle,goes down, jumps
back up to somewhere else, goes down again, jumps to the top of the text
and back down again.
Dan
Tom Sartain wrote:
> Can someone explain bottom posting
Your ISP should already be setup to use logrotate (a cron job for the
purpose) ...
http://www.debian-administration.org/articles/117
BTW, on the topic, Im about to upgrade a box and have been looking if
its possible to "merge" those logs across machines so they will show
up in stat reports
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
;-)
--
Aj.
___
New York PHP Community Talk Mailing List
http://lists.nyphp.or
On Wed, 15 Aug 2007, Jon Baer wrote:
> Your ISP should already be setup to use logrotate (a cron job for the
> purpose) ...
>
> http://www.debian-administration.org/articles/117
I use cronolog and configure Apache to pipe into it.
http://cronolog.org/
This gives me log files with datestamp in
Elliotte,
It seems your review of XML databases has picked up a lot of comments.
It's doing well on the social bookmarking circuit too.
http://cafe.elharo.com/xml/the-state-of-native-xml-databases/
The topic in general seems to be garnering a lot of interest lately. Would
you be willing to do a
Elliotte Harold wrote on Wednesday, August 15, 2007 5:54 PM:
> Daniel Krook wrote:
> > Elliotte,
> >
> > It seems your review of XML databases has picked up a lot of
> > comments. It's doing well on the social bookmarking circuit too.
> > http://cafe.elharo.com/xml/the-state-of-native-xml-databa
Daniel Krook wrote:
Elliotte,
It seems your review of XML databases has picked up a lot of comments.
It's doing well on the social bookmarking circuit too.
http://cafe.elharo.com/xml/the-state-of-native-xml-databases/
The topic in general seems to be garnering a lot of interest lately. Would
Hey everyone
I am about to move, and considering dumping Speakeasy DSL for the sake of
economy, and because the installation (involving Verizon, Covad) is a total
[EMAIL PROTECTED] nightmare.
Does anyone care to share an opinion about Comcast? How's the speed and
reliability? Have you been able t
I didn't know OT was a crime, if you prepend your subject with [OT]. If it
is, I am guilty but I still would like to know what anybody thinks of
Comcast's internet service (-:
I thought top-posting was preferred because there's a presumption that you
start by reading post 1. Post 2 replies to pos
36 matches
Mail list logo
