Also worth checking http://justinvincent.com/ezsql
Which is the class behind the WordPress' wpdb class.
This is a great read too ->
http://www.devarticles.com/c/a/MySQL/PHP-and-Databases-for-the-Lazy-Sod/
On Thu, Feb 14, 2013 at 10:30 AM, dealTek wrote:
>
>
> On Feb 14, 2013, at 9:49 AM, dealTek
I recommend a third option, that is PDO.
Start here please. http://net.tutsplus.com/?s=pdo
On Thu, Feb 14, 2013 at 9:49 AM, dealTek wrote:
> Hi everybody,
>
> Newbie is trying to set up OOP With PHP and MySQL or MySQLi database class
> (using CRUD)
>
> Simple story: creating this class database
I would first start out with checking the code where user input is
taken and then placed into SQL statements from a SQL Injection point
of view, I would also take a look if user input is echoed back without
any treatment to see if there are issues with XSS.
If these checks yield that the previous
With this question, I aim to understand the inner workings of PHP a
little better.
Assume that you got a 50K library. The library is loaded with a bunch
of handy functions that you use here and there. Also assume that these
functions are needed/used by say 10% of the pages of your site. But
your h
This is my code and the output is right after that...
$PDate = $row['PDate'];
//row is tapping into ms-sql date field.
//and the ms-sql data field has a value like this for the PDate;
//07/12/2001
$PDate = $PDate->date;
echo "[", $PDate , "]";
echo "[", var_dump($row['PDate']) , "]";
echo "[", ser
>>
>>
>>
>>
>>
>>
>> the wordpress page title we were trying toi change is already
>> here...
>> http://gmpg.org/xfn/11"; />
>>
>> But this question is a wp question. I accidentally dropped it in the PHP
>> group.
&g
g.org/xfn/11"; />
But this question is a wp question. I accidentally dropped it in the PHP group.
On Mon, Feb 13, 2012 at 2:24 PM, Daniel Brown wrote:
> On Mon, Feb 13, 2012 at 17:15, Haluk Karamete wrote:
>
> Please keep the replies on the list for all to benefit, in
you may find it weird, actually very weird, but is the following possible>
load up a post or page into the admin panel and place something like
this in to the editor;
click me";
if ( $_GET['var1']=='val1' )
{
//change the current post's html title to val1
without using javascript/jquery
}
?>
ze_string
4- and on top of that, also mysql_real_escape it
but from what i understand, you guys are saying just don't do this,
because it may be overcome and that's not because of the fact
filter_sanitize_string or mysql_real_escape_string is not effective,
but because of the fact that there
when we do b64e and then back b64d, you are saying. we get the org
input all as clear text but this time as a string. because it is now a
string, "(which by definition can not be executed)"
what's the difference between b64e+b64d vs (string) casting then? if
you were to cast the original input int
My reply is in >> delims.
> question 1
>
> If you use the PHP filters & sanitizations, and you plan on using PDO
> with binded params, are you absolutely safe? And if not, why? What are
> the other ways for them to still make it in - even with PD0 and bi
4 questions... which is basically all it comes to.. After all this
back and forth emails, I think we should nail down these questions
cause they are still not completely covered in my mind.
question 1
If you use the PHP filters & sanitizations, and you plan on using PDO
with binded params, are
I was simply asking expert opinion with the intention to learn.
There is so much docs out there (I mean not just out there but at top
security sites like owasp ) that recommends database specific escape
solution as one of the viable alternatives.
You make it seem like anyone who does not use PDO (
I marked those I already know as "can",
$_SERVER['REMOTE_ADDR'] CAN
$_SERVER['HTTP_REFERER'] CAN
$_SERVER['HTTP_USER_AGENT'] CAN
$_SERVER['REQUEST_URI'] CAN ( cause it contains the query string
part and user/hacker can easily change that )
Those I'm not too sure are as follows;
$_SERVER['SE
Thanks Alex. I re-read Ross's reply but I don't think you and him (
and even me ) is saying something different. It's all about validating
the input. In my dictionary of programming vocabulary, validation is
not just validating user input but also sanitizing it.
You summed it up nicely by saying p
S BROWSER?
I'm afraid session.cookie_lifetime = 0 keeps all session data ( that
is past and present ) in server memory until a server restart/stop
takes place. Correct me if I'm wrong.
On Mon, Jan 16, 2012 at 4:19 PM, Stuart Dallas wrote:
> On 16 Jan 2012, at 22:51, Haluk Kar
n
That's why I started this thread.
On Tue, Jan 17, 2012 at 4:39 AM, Andy McKenzie wrote:
> On Mon, Jan 16, 2012 at 10:34 PM, Haluk Karamete
> wrote:
>> I understand some ways are better than others in this one, and it
>> looks like the PDO based implementations shine th
Let' say we have a form mailer script, which takes any form ( whose
action is directed to it ) and goes thru the submitting form's fields
list ( programmatically) , to build a nice email on the fly and email
the build up string to the email address that's coming in the hidden
field. Let's say that'
I understand some ways are better than others in this one, and it
looks like the PDO based implementations shine the most as far as SQL
Injection.
But would not the following be good enough - without implementing a
PDO solution?
1- get the user input
2- for each input, deliberately enforce a data
great exp. now I'm heading towards the
http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path.
you definitely deserved a good chocolate cookie!
On Mon, Jan 16, 2012 at 6:38 PM, Stuart Dallas wrote:
> On 17 Jan 2012, at 02:21, Haluk Karamete wrote:
>
>
lity is available or not with PHP.
I should be able to go the APP_1 and do a _SESSION dump and I should
see 10 session variables in there and then I should be able to go
APP_2 and there I should se only 8. That's the case with classic ASP.
On Mon, Jan 16, 2012 at 4:19 PM, Stuart Dallas wrot
Hi, in ASP, sessions expire when the client does not request an asp
page for more than 20 min. (The 20 min thing is a server level setting
- which can be changed by IIS settings ) And sessions work out of the
box.
I use sessions a lot. So, most likely, I would keep that style in my
PHP apps too.
I wrote a function "sql_update" which takes a $db_name, a $table_name,
a $where and finally a $data array where data is authored by using an
associative array which allows easy the pairing of field names and
field values.
This is how I build the data array;
$data = array(
'FirstName' => 'Joh
$result = mysql_query($sql,$link) or die(mysql_error());
how do you find out if $sql returned any recordsets?
is there a fast/super efficient way of finding this out... something
along the lines of is_empty($result) type thing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
ect($db_server, $db_username, $db_pass) or
die(mysql_error());
mysql_select_db($db_name, $link) or die(mysql_error());
$result = mysql_query($sql,$link) or die(mysql_error());
mysql_close($link);
}
On Fri, Jan 13, 2012 at 11:18 AM, Haluk Karamete
wrote:
> Why discover
Why discover the wheel, where there are so many qualified pros are
here that pick up their brains...
I'm building a php library of functions, I mean day to day functions
that eases my RAD.
Since I am new to PHP, I'm trying to wrap php's built-in-functions and
funtionalities into new function name
I agree... that was just a wild idea! :)
Let's forget about it!
What's a good PHP programming editor you'd recommend on a mac for starters?
On Thu, Jan 12, 2012 at 6:39 PM, tamouse mailing lists
wrote:
> On Thu, Jan 12, 2012 at 7:16 PM, Haluk Karamete
> wrote:
>
Again, coming from ASP background, I'm trying to minimize the typing
for most needed functionalities..
in asp, to set a session var, you go <%session("age")=90%> and to
output it, you just go <%=session("age")%>
in php, you've got to _SESSION['age']=90. that's a lot of keyboarding,
lots of double
Because I got this
echo $_SERVER['HTTP_REFERER'];
I end up with this
Notice: Undefined index: HTTP_REFERER in
D:\Hosting\5291100\html\blueprint\bp_library.php on line 16
die;
Now, this is of course after the change.
One solution is to dodge it by
echo @$_SERVER['HTTP_REFERER'];
But I'm sti
' in
D:\Hosting\5291100\html\blueprint\bp_library.php on line 40my_age
On Wed, Jan 11, 2012 at 9:12 PM, Tommy Pham wrote:
> On Wed, Jan 11, 2012 at 8:43 PM, Haluk Karamete
> wrote:
>>
>> Hi, I'm coming from ASP background.
>> There, there is a life saver opt
Hi, I'm coming from ASP background.
There, there is a life saver option called "option explicit". It
forces you to declare your variables using the "dim" statement. The
good thing about that is that if you were to mis-spell one of your
variables, asp.dll throws an error stating that on line so and
I've grouped these env variables, each group returns the same values
is there a difference? which ones do you use? which ones should I not
use for the purposes listed below
group1
SCRIPT_FILENAME vs PATH_TRANSLATED
where both return D:\Hosting\5291100\html\directory\file.php
purpose: get the full
32 matches
Mail list logo
