Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 9:25 PM, Tommy Pham wrote: > There would be a difference in performance since the the expression has to > be reevaluated, including the function FROM_BASE, every time versus one time > evaluation of prepared statement. This is true, but it should be pointed out that for a l

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 6:10 PM, Stuart Dallas wrote: > > On 5 Oct 2011, at 02:02, Tommy Pham wrote: > > On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas wrote: > >> On 5 Oct 2011, at 01:13, Tommy Pham wrote: >> >> On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas wrote: >> >>> >>> On 5 Oct 2011, at 00

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 02:16, Jeremiah Dodds wrote: > On Tue, Oct 4, 2011 at 8:10 PM, Stuart Dallas wrote: >> Prepared statements incur an additional hit against the DB server to prepare >> the statement. > > But only once, right? This could, of course, still be a downside > depending the nature of

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 8:15 PM, Tommy Pham wrote: > On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds > wrote: >> >> On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas wrote: >> >  As for the overhead I very much doubt there's much difference between >> > that and the overhead of prepared statements. >>

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 02:07, Jeremiah Dodds wrote: > On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas wrote: >> As for the overhead I very much doubt there's much difference between that >> and the overhead of prepared statements. > > Probably not. As an aside, I'm really struggling to find a case whe

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 8:10 PM, Stuart Dallas wrote: > Prepared statements incur an additional hit against the DB server to prepare > the statement. But only once, right? This could, of course, still be a downside depending the nature of your app. -- PHP General Mailing List (http://www.php.ne

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds wrote: > On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas wrote: > > As for the overhead I very much doubt there's much difference between > that and the overhead of prepared statements. > > Probably not. As an aside, I'm really struggling to find a ca

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 02:02, Tommy Pham wrote: > On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas wrote: > On 5 Oct 2011, at 01:13, Tommy Pham wrote: > >> On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas wrote: >> >> On 5 Oct 2011, at 00:45, Tommy Pham wrote: >> >>> On Tue, Oct 4, 2011 at 4:11 PM, Stu

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas wrote: > As for the overhead I very much doubt there's much difference between that > and the overhead of prepared statements. Probably not. As an aside, I'm really struggling to find a case where it'd be worth base64-encoding the queries like that

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas wrote: > On 5 Oct 2011, at 01:13, Tommy Pham wrote: > > On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas wrote: > >> >> On 5 Oct 2011, at 00:45, Tommy Pham wrote: >> >> On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas wrote: >> >>> On 5 Oct 2011, at 00:04

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 01:13, Tommy Pham wrote: > On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas wrote: > > On 5 Oct 2011, at 00:45, Tommy Pham wrote: > >> On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas wrote: >> On 5 Oct 2011, at 00:04, Mark Kelly wrote: >> >> > Hi. >> > >> > On Tuesday 04 Oct 2011

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas wrote: > > On 5 Oct 2011, at 00:45, Tommy Pham wrote: > > On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas wrote: > >> On 5 Oct 2011, at 00:04, Mark Kelly wrote: >> >> > Hi. >> > >> > On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: >> > >> >> http:

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 00:45, Tommy Pham wrote: > On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas wrote: > On 5 Oct 2011, at 00:04, Mark Kelly wrote: > > > Hi. > > > > On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: > > > >> http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ > > >

Re: [PHP] Re: Secure data management

On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas wrote: > On 5 Oct 2011, at 00:04, Mark Kelly wrote: > > > Hi. > > > > On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: > > > >> http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ > > > > Thanks. I followed this link through and rea

Re: [PHP] Re: Secure data management

On 5 Oct 2011, at 00:04, Mark Kelly wrote: > Hi. > > On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: > >> http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ > > Thanks. I followed this link through and read the full message (having missed > it the first time round), and wh

Re: [PHP] Re: Secure data management

Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: > http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text inter

Re: [PHP] Secure data management

On 4 Oct 2011, at 20:44, Jim Giner wrote: > "Stuart Dallas" wrote in message > news:da8b3499-4d11-4053-9834-68b34d030...@3ft9.com... > 1. Why are you using addslashes? > > 2. MySQL will strip one level of backslashes. > * > > > I thought you were supposed to do an addslashes to protec

Re: [PHP] Re: Secure data management

On 4 Oct 2011, at 20:30, Shawn McKenzie wrote: > On 10/04/2011 02:23 PM, Jim Giner wrote: >> I thought I knew how to do this. >> >> I have a form that collects some data fields. My script checks if magic >> quotes are off and (since they are) executes "addslashes" on each input >> field. Then

Re: [PHP] Secure data management

On Tue, Oct 4, 2011 at 2:44 PM, Jim Giner wrote: > > I thought you were supposed to do an addslashes to protect your appl from > malicious d/e. > To protect your app from malicious stuff going to SQL queries, you should be using prepared statements, see http://php.net/manual/en/pdo.prepared-stat

Re: [PHP] Secure data management

"Stuart Dallas" wrote in message news:da8b3499-4d11-4053-9834-68b34d030...@3ft9.com... 1. Why are you using addslashes? 2. MySQL will strip one level of backslashes. * I thought you were supposed to do an addslashes to protect your appl from malicious d/e. Did not know that mysql dr

[PHP] Re: Secure data management

On 10/04/2011 02:23 PM, Jim Giner wrote: > I thought I knew how to do this. > > I have a form that collects some data fields. My script checks if magic > quotes are off and (since they are) executes "addslashes" on each input > field. Then I run a query to INSERT these 'slashed' vars into the

Re: [PHP] Secure data management

On 4 Oct 2011, at 20:23, Jim Giner wrote: > I thought I knew how to do this. > > I have a form that collects some data fields. My script checks if magic > quotes are off and (since they are) executes "addslashes" on each input > field. Then I run a query to INSERT these 'slashed' vars into th

[PHP] Secure data management

I thought I knew how to do this. I have a form that collects some data fields. My script checks if magic quotes are off and (since they are) executes "addslashes" on each input field. Then I run a query to INSERT these 'slashed' vars into the database. But when I go to phpadmin on my site the

Re: [PHP] detect file upload time

On Tue 04 Oct 2011 09:05:30 PM IST, Kanishka wrote: > hi everybody, > is any method available for detect file upload time in a php script ? > or detect network connections upload speed. > i'm using php 5.3.5(xampp 1.7.4) and my os is windows 7. > thank you > regards > kanishka > It's not possible

[PHP] detect file upload time

hi everybody, is any method available for detect file upload time in a php script ? or detect network connections upload speed. i'm using php 5.3.5(xampp 1.7.4) and my os is windows 7. thank you regards kanishka

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

On 4 October 2011 14:47, Kirk Bailey wrote: > I installed it in a Windows XP PC with a cgi capable server in it. No dice, > nothing happens. I also installed python in the same computer. Works > perfect. NEITHER language modified the http server. > > So, what do I have to do to get php to play wel

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

On Tue, Oct 4, 2011 at 9:47 AM, Kirk Bailey wrote: > I installed it in a Windows XP PC with a cgi capable server in it. No dice, > nothing happens. I also installed python in the same computer. Works > perfect. NEITHER language modified the http server. > > So, what do I have to do to get php to p

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

On Tue, Oct 4, 2011 at 09:47, Kirk Bailey wrote: > I installed it in a Windows XP PC with a cgi capable server in it. No dice, > nothing happens. I also installed python in the same computer. Works > perfect. NEITHER language modified the http server. > > So, what do I have to do to get php to pla

[PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

I installed it in a Windows XP PC with a cgi capable server in it. No dice, nothing happens. I also installed python in the same computer. Works perfect. NEITHER language modified the http server. So, what do I have to do to get php to play well with others in a XP environment? Cute remarks ab