FYI
php4 (4:4.3.10-10) unstable; urgency=low
* Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs
including a segfault in mysql_fetch_field() (closes: #299608)
* Remove 042-remove_windows_paths.patch, incorporated upstream.
* Add 048-x509_multiple_orgUnits.patch to bring the
hi,
pdo hat it's own query-parser, named variables are prefixed with a
colon... so far - so nice...
i have a function called insert which is called like this:
$db->insert('some_table', array('name' => $name, 'age' => $age));
it's implemented like this:
function insert($table, $values) {
$colu
Thies C. Arntzen wrote:
and this is 'cause pdo _expects_ the user to prefix the bound variables
with a colon. grr...
ppls, lets change it before it's too late. this "tiny bit" makes binding
harder than it should be, and we all know and understand that all user
of php should use bound variables
Hello Everyone,
It seams like ftp_nlist has a small problem when running under Linux. The
scripts gives this message 'Warning: ftp_nlist() [function.ftp-nlist]:
Unable to create temporary file. Check permissions in temporary files
directory.' one out of three times.
I've added putenv('TMPDIR=/tmp
subject says it -
testcase is also attached.
i have updated: sqlite and oci.
i have tested: sqlite and postgres (uses bind emulation).
i did not look at the firebird code as it seemed "complexish" to me;-)
all the other drivers seem to use the emulation (like postgres) so they
should work.
re, th
> $sql = "insert into $table ($col_list) values ($bind_list)";
Can I just point out that you've just negated the whole reason for having
parameters in the first place, imo.
$table is just as vulnerable to an SQL injection attack, as any of the
parameters where before we had parameter bind
Jared Williams wrote:
$sql = "insert into $table ($col_list) values ($bind_list)";
Can I just point out that you've just negated the whole reason for having parameters in the first place, imo.
uhm the point of prepared queries is not to eliminate sql injection.
thats just an added benefit
$tab
Am 25.03.2005 um 14:36 schrieb Jared Williams:
Can I just point out that you've just negated the whole reason for
having parameters in the first place, imo.
huh? just 'cuase you dislike my php-code you question the "value" of
bind alltogether?
$table is just as vulnerable to an SQL injection att
> Am 25.03.2005 um 14:36 schrieb Jared Williams:
> > Can I just point out that you've just negated the whole reason for
> > having parameters in the first place, imo.
>
> huh? just 'cuase you dislike my php-code you question the
> "value" of bind alltogether?
>
> >
> > $table is just as vulne
"Thies C. Arntzen" <[EMAIL PROTECTED]> writes:
> diff -u -w -r1.95 pdo_stmt.c
> --- ext/pdo/pdo_stmt.c24 Mar 2005 12:32:06 - 1.95
> +++ ext/pdo/pdo_stmt.c25 Mar 2005 13:13:18 -
> @@ -242,6 +242,13 @@
>
> hash = is_param ? stmt->bound_params : stmt->bound_column
Jared Williams wrote:
Am 25.03.2005 um 14:36 schrieb Jared Williams:
Can I just point out that you've just negated the whole reason for
having parameters in the first place, imo.
huh? just 'cuase you dislike my php-code you question the
"value" of bind alltogether?
$table is just as vulnerab
Am 25.03.2005 um 15:28 schrieb [EMAIL PROTECTED]:
"Thies C. Arntzen" <[EMAIL PROTECTED]> writes:
diff -u -w -r1.95 pdo_stmt.c
--- ext/pdo/pdo_stmt.c 24 Mar 2005 12:32:06 - 1.95
+++ ext/pdo/pdo_stmt.c 25 Mar 2005 13:13:18 -
@@ -242,6 +242,13 @@
hash = is_param ? stmt->bound_p
> jared, i fail to understand your "contribution" to the real
> subject ("do we need a colon in from of every bound variable or not").
I was pointing out your design was flawed. Which if was made more secure, like
the following, the colons become less of an issue.
$db->insert('some_table', arr
On Mar 25, 2005, at 2:51, Greg Beaver wrote:
The PEAR bundle for windows is still out of date.
A specific instructions were given on what needs to be done to fix
this. So far I didn't hear from anybody.
Edin
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www
Am 25.03.2005 um 17:40 schrieb Jared Williams:
jared, i fail to understand your "contribution" to the real
subject ("do we need a colon in from of every bound variable or not").
I was pointing out your design was flawed. Which if was made more
secure, like the following, the colons become less of
>
> my point is that on internals@ we usually discuss developing
> php and not developing *with* php -
>
Poor practices and insecure code should never go unchallenged anywhere, unless
its cleared marked as such.
Jared
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, vi
Jared Williams wrote:
>> my point is that on internals@ we usually discuss developing
>> php and not developing *with* php -
>>
>
> Poor practices and insecure code should never go unchallenged anywhere,
> unless its cleared marked as such.
As Thies wrote: This list is for discussing the devel
well said Johannes!
Johannes Schlueter wrote:
Jared Williams wrote:
my point is that on internals@ we usually discuss developing
php and not developing *with* php -
Poor practices and insecure code should never go unchallenged anywhere,
unless its cleared marked as such.
As Thies wrote: This list
On Mar 25, 2005, at 21:30, Greg Beaver wrote:
Edin Kadribasic wrote:
On Mar 25, 2005, at 2:51, Greg Beaver wrote:
The PEAR bundle for windows is still out of date.
A specific instructions were given on what needs to be done to fix
this. So far I didn't hear from anybody.
Edin
OK, we must have go
Does anybody intend to pick up the gauntlet..? (& when)?
Zeev
At 00:52 26/03/2005, Edin Kadribasic wrote:
"Specific instructions" were:
1. We need a PHP or shell script that will create the contents of the PEAR
directory that is bundled with PHP releases on windows. This script will
be put in a
Edin Kadribasic wrote:
> "Specific instructions" were:
>
> 1. We need a PHP or shell script that will create the contents of the
PEAR directory that is bundled with PHP releases on windows. This script
will be put in a crontab on the snaps box so we can update the content
of that folder daily so
Excuse me, but what BC? I don't think this stuff has been
released yet, so how could you break BC? :)
--Jani
On Fri, 25 Mar 2005, Thies C. Arntzen wrote:
subject says it -
testcase is also attached.
i have updated: sqlite and oci.
i have tested: sqlite and postgres (uses bind emulation).
i
There are releases on pecl.php.net, and there are (a few) people
running these in production. In addition, it's been advertised as
working this way for over a year.
So, it is important to preserve the current behaviour when this patch
is applied (will do so this weekend; need to catch up on a lot
On Mar 26, 2005, at 1:47, Wez Furlong wrote:
There are releases on pecl.php.net, and there are (a few) people
running these in production. In addition, it's been advertised as
working this way for over a year.
So, it is important to preserve the current behaviour when this patch
is applied (will do
It should work now, please test.
--Jani
On Mon, 21 Mar 2005, Croker, Grant wrote:
Modified patch applied. No need to patch php_ii.h.
--Jani
the config.w32 in cvs does not work - running 'cscript /nologo
configure.js --with-ingres' (after running buildconf) generates the
following:
C
On Sun, 20 Mar 2005, Kamesh Jayachandran wrote:
Hi Andi,
I could not see this change in CVS both in 5_0_4-dev tree and HEAD.
Can someone apply my patch?
Done.
--Jani
With regards
Kamesh Jayachandran
On Fri, 18 Mar 2005 13:56:25 -0800, "Andi Gutmans" <[EMAIL PROTECTED]> said:
Yeah it might make
If anyone objects, they'll morons. Just commit.
--Jani
On Thu, 24 Mar 2005, Joe Orton wrote:
Any objections to this patch? mysqli is defining a bunch of global
symbols which it looks like it doesn't need to. Not urgent for 5.0.4.
--- php-5.0.3/ext/mysqli/mysqli_prop.c.mysqliglobal
+++ php
On Sat, 26 Mar 2005 02:13:54 +0100, Edin Kadribasic <[EMAIL PROTECTED]> wrote:
>
> On Mar 26, 2005, at 1:47, Wez Furlong wrote:
>
> > There are releases on pecl.php.net, and there are (a few) people
> > running these in production. In addition, it's been advertised as
> > working this way for ove
(back on list)
Am 25.03.2005 um 22:17 schrieb Jared Williams:
As Thies wrote: This list is for discussing the development _of_ PHP.
Therefore it's important to have samples which are showing
the problem not the whole stuff around it - such a thing
won't be readable anymore and the readers would spe
Am 26.03.2005 um 01:47 schrieb Wez Furlong:
There are releases on pecl.php.net, and there are (a few) people
running these in production. In addition, it's been advertised as
working this way for over a year.
So, it is important to preserve the current behaviour when this patch
is applied (will do
Wez Furlong wrote:
There are releases on pecl.php.net, and there are (a few) people
running these in production. In addition, it's been advertised as
working this way for over a year.
So, it is important to preserve the current behaviour when this patch
is applied (will do so this weekend; need to
31 matches
Mail list logo
