--- [EMAIL PROTECTED] wrote:
> Recently I've been in the middle of trying to build defenses against
> SQL injection on a site I'm working on (proactively, we haven't had a
> problem). While this principle seems exactly right, I find it's not as
> easy to implement as it sounds, and I'd argue tha
On 21 Mar 2004 Chris Shiflett wrote:
> SQL injection vulnerabilities exist when you use data that the user gave
> you to create your SQL statement. So, anytime that this happens, simply
> make absolutely sure that the data you are using from the user fits a very
> specific format that you are expe
--- Michael Rasmussen <[EMAIL PROTECTED]> wrote:
> > To be clear: make sure the data that the user submitted only
> > contains the characters you think are valid (don't bother trying
> > to guess malicious characters - you're sure to miss one) and is a
> > valid length. Once you've done this, and y
On Mar 22, 2004, at 1:16 AM, Justin French wrote:
Hi all,
I'm close to releasing my first widely distributed (I hope) PHP
application, and I wish to protect the source with Zend Encoder.
Seems easy enough.
However, this is a low-cost app that was intended to work on basic
installs of PHP, ru
php-general Digest 22 Mar 2004 01:22:55 - Issue 2660
Topics (messages 181078 through 181108):
Re: Timing a MySQL response
181078 by: John W. Holmes
Re: Upload file field not working as a form element
181079 by: Lowell Allen
181080 by: Vernon
181081 by: Jason
On Sun, 21 Mar 2004 13:49:22 -0800, Chris Shiflett wrote:
>
> To be clear: make sure the data that the user submitted only contains the
> characters you think are valid (don't bother trying to guess malicious
> characters - you're sure to miss one) and is a valid length. Once you've
> done this,
>RD> I do wonder if either of the above methods would force the RD>
>browser to never cache the CSS file locally
>
>You know, I didn't think about that, as I've never personally used this
>method. I've never had a need. Thinking about it now, I would also
>think that you may need to send a conten
Justin,
> Is Zend Optimiser (required to run encoded PHP files) part of
> a base installation, or at the very least, is it widely spread
> in use (available on most hosts)?
>From looking around earlier my impression is that most good commercial
web hosting providers have the Zend Optimiser ins
Hi all,
I'm close to releasing my first widely distributed (I hope) PHP
application, and I wish to protect the source with Zend Encoder. Seems
easy enough.
However, this is a low-cost app that was intended to work on basic
installs of PHP, running on almost any server -- it uses no external
Kim Steinhaug wrote:
Visit sourceforge and look for winmerge, a really excellent software that
does just what you want.
Thrust me - install this software and never look for anything else, :)
Altleast if your on a windows environment.
having been introduced to CVS and the tortoiseCVS program (win32
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> I posted the HTTP header that my own browser is using to identify
> it's language as an example to prove that Accept-Language isn't the
> right source to identify the visitors language or even his home
> country.
It's definitely not the way to det
Im not completely sure, but have you gone throught the settings in the
IIS server aswell? I know altleast for the CGI IIS has its own
timeout which overrides the php.ini file. It could be something here
aswell, but you probably have done this.
Kim Steinhaug
"Schonrock III" <[EMAIL PROTECTED]> wro
Visit sourceforge and look for winmerge, a really excellent software that
does just what you want.
Thrust me - install this software and never look for anything else, :)
Altleast if your on a windows environment.
--
--
Kim Steinhaug
--
On Mar 21, 2004, at 10:38 PM, Chris Shiflett wrote:
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
Using HTTP headers to identify the country where a visitor comes from
is totally inaccurate.
That's not really very fair to HTTP. There is no header that identifies
the country, so it's not inaccurate
--- Ali Ashrafzadeh <[EMAIL PROTECTED]> wrote:
> I'm looking for a function To check SQL Injection in Mysql RDBMS
> please tell me if anyone know good function or solution
In my opinion, this is the wrong approach.
SQL injection vulnerabilities exist when you use data that the user gave
you to cr
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> Using HTTP headers to identify the country where a visitor comes from
> is totally inaccurate.
That's not really very fair to HTTP. There is no header that identifies
the country, so it's not inaccurate - it doesn't exist. :-)
Trying to accurately
--- Tom Reed <[EMAIL PROTECTED]> wrote:
> I would think using HTTP_ACCEPT_LANGUAGE to get the users browser
> language/country info would be quicker and easier to implement.
This is definitely the best way to get the language. You're right about
that. However, this is not the user's question:
> I
--- Enda Nagle <[EMAIL PROTECTED]> wrote:
> I had a quick look at http://www.iptocountry.com but was wondering if
> there was a way of doing this with PHP functions?
My favorite is GeoIP Country from Maxmind:
http://www.maxmind.com/
They have an open source PHP API that is easy to use, and it's
> remember: best way is how its above (using sessions or forms) , because
> will work in most php installations.
tnx will try sessions and see what they do... (havent quite played with them
before but will figure it out)...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, vi
Andy B wrote:
hi
was needing to know how to create a confirm page.
I have a form that needs to be submitted to a confirm page before it is dropped into a
mysql db. was not sure how to do this without losing the content of the form
variables...
Hi. Well, you have several solutions for that.
hi
was needing to know how to create a confirm page.
I have a form that needs to be submitted to a confirm page before it is dropped into a
mysql db. was not sure how to do this without losing the content of the form
variables...
I'm trying to set up a small academic web server with PHP and CGI.
Currently, I have CGI running under suexec, and PHP installed as a
module, configured to run in SAFE_MODE. However, some of the students
are running up against the limitations of SAFE_MODE (most notably, not
being able to create s
This has been confusing me a little for a few hours now.
Heres a snip of my code which is causing the problem:
$content = "\n";
$content .= "\n";
$content .= " \n";
$tasks = new dbconnect;
$tasks->connect();
$tasks->query("SELECT tid, tname FROM tasks");
while(list($tid, $
On Sun, 21 Mar 2004, Marek Kilimajer wrote:
> Jeff Oien wrote:
> > When I do this:
> > $lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
>
> this will not work most of the year, if current month is August or less,
> the month value will be negative.
mktime() can take negative valu
On 20 Mar 2004 Ben Ramsey wrote:
> I know how to run a PHP script as a cron job on a *nix machine. So,
> does anyone know how to use the Task Scheduler on Windows to do the
> same? Or is it even possible?
The fundamental idea is simple -- work out a command line from a
regular command prompt
JW> You can base64_encode() it.
Hadn't thought of that. Works perfect! Thanks!
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Monday 22 March 2004 00:03, Ben Ramsey wrote:
[snip]
> Is there a way to urldecode() $_GET["url"] and still retain its original
> encoded entities so that I can use it again as a valid URL?
You can base64_encode() it.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Soft
Marek Kilimajer wrote:
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
This code works just fine for
I've got a querystring that looks like this:
?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlinks%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7
As you can gather, I'm trying to pass a URL to another script for some
processing. Before I urlencode() the URL and pass it t
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
--
PHP General Mailing List (http://www.php.net/)
To u
Hi
I'm looking for a function To check SQL Injection in Mysql RDBMS
please tell me if anyone know good function or solution
thank's
>> The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] -- use
>> that rather than $_POST["filename"].
>
> I'm sorry I don't understand. What is the extra ["name"] for? When I use
> this in the insert into the value that is inserted into the database is
> Array, as opposed to the ac
On Sunday 21 March 2004 22:53, Vernon wrote:
> > The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] --
> > use that rather than $_POST["filename"].
>
> I'm sorry I don't understand. What is the extra ["name"] for? When I use
> this in the insert into the value that is inserted into
> The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] -- use
> that rather than $_POST["filename"].
I'm sorry I don't understand. What is the extra ["name"] for? When I use
this in the insert into the value that is inserted into the database is
Array, as opposed to the actual filen
> All I am trying to do is insert the file name, not the file. The file is
> being uploaded to the server in a specific location. All I need is the
> filename inserted into the database. I've gotten the upload part to work and
> everything I just can't get the file name inserted for God knows what
Richard Davey wrote:
Just a quick question - but does anyone know how to get the ms value
back from MySQL that tells you how long it took to run your query?
That value is not returned at all. Go with the wrapper...
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
ph
php-general Digest 21 Mar 2004 13:09:45 - Issue 2659
Topics (messages 181060 through 181077):
Re: Inconv in PHP5 compile
181060 by: PHPDiscuss - PHP Newsgroups and mailing lists
php and CSS level 2
181061 by: Andy B
181062 by: Aidan Lister
181068 by: Ben Rams
Hi all,
Just a quick question - but does anyone know how to get the ms value
back from MySQL that tells you how long it took to run your query?
It shows it when using the command-line version, or MySQL Front, but
I'm yet to figure out how to actually retrieve the value (if it is at
all possible?)
All I am trying to do is insert the file name, not the file. The file is
being uploaded to the server in a specific location. All I need is the
filename inserted into the database. I've gotten the upload part to work and
everything I just can't get the file name inserted for God knows what
reason.
Adam,
The current crop of browser based WYSIWYG editors are far from cross
browser and standards compliant, so steer clear.
You could consider looking into Macromedia Contribute, which is perfect
for little client touch-ups in a WYSIWYG, non-technical environment.
If you want your own CMS, and
40 matches
Mail list logo
