Does anybody know if the security issues outlined in
http://www.securereality.com.au/archives/studyinscarlet.txt
are still salient or not? My boss wants a technical document outlining the
security risks of using PHP in an attempt to get it approved for general use
by Security. I just bought
From: Galbreath, Mark A [EMAIL PROTECTED]
Does anybody know if the security issues outlined in
http://www.securereality.com.au/archives/studyinscarlet.txt
are still salient or not? My boss wants a technical document outlining
the
security risks of using PHP in an attempt to get it approved
It doesn't. What you're seeing is an SQL injection attack. If you *trust*
the SQL code you allow from POST or GET requests, your SQL server will be
own3d in due course.
That URL actually translates to 456456456 OR 12
Which is always true. So If you use this verbatim, you'll get a true result
Send before any content, an MS-Word header :
header(Content-type: application/vnd-ms.word);
Then output your HTML.
Cheers - Neil.
At 07:41 10/05/2004 +, you wrote:
Message-ID: [EMAIL PROTECTED]
From: Ng Hwee Hwee [EMAIL PROTECTED]
To: DBList [EMAIL PROTECTED]
Date: Mon, 10 May 2004 15:40:27
Hi,
I am a new to php. I am using php ver 4.0.3 and MySQL.
I have wrote two files and I'd like to pass some varaibles from first file
to use them in the second file.
but the values did not displayed in the second file(nothing print out). and
also I want to pass them to anothr file ... here
It looks like register_globals is off. You'll have to access the
variables in the post array on your second page:
print INPUT TYPE='hidden' NAME='User_name'
VALUE='$_POST['UserName']';
and so on... Try that first.
Ryan
-Original Message-
From: Adam Farid [mailto:[EMAIL PROTECTED]
DING! That's the sound of a little lightbulb turning on...
Thanks so much for that tidbit...I could certainly see myself getting
screwed by not using such a thing.
Dan
- Original Message -
From: Neil Smith [MVP, Digital media] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL
unless you have Globals turned on, I think you and
$_POST['variable_name_here'] in the second page.
print INPUT TYPE='hidden' NAME='UserName' VALUE='$_POST['username']\n;
Hi,
I am a new to php. I am using php ver 4.0.3 and MySQL.
I have wrote two files and I'd like to pass some varaibles
Thanks pepole.
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'.
I typed in this way
print INPUT TYPE='hidden' NAME='User_name'
VALUE='$_POST[UserName]';
Is it User_name or UserName?
Also try this string with 'UserName' in single quotes.
print INPUT TYPE=\hidden\ NAME=\User_name\
VALUE=$_POST['UserName']\;
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse error: parse error,
Thanks pepole.
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'.
I typed in this way
print INPUT TYPE='hidden' NAME='User_name'
VALUE='$_POST[UserName]';
Thanks.
I tried your suggestion, but the values still did not displayed in second
page.
nothing printed out.
I put my files in db-list (Need some HELP).
regards
Adam
_
Stay in touch with absent friends - get MSN Messenger
- Original message -
From: Adam Farid [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Mon, 10 May 2004 19:54:51 +
Subject: [PHP-DB] Need some HELP (not works)
Thanks pepole.
I've tried but still does not work.
when I put the varaibles name between ' '
I found this error:
Parse
Hi there,
I (still :-) ) have the code of my php pages stored in a database. A main
page parses this code using the eval_html function postet at php.net. This
used to work fine, but then I tried to employ conditioned blocks, e.g.
? while (foo) { ?
pHello World/p
? }?
The function I use
Hi all,
Installed software/os:
Win NT 4.0
IIS 4.0
PHP 4.3.1
MySQL 4.1.1
phpMyAdmin 2.5.6
I'm wondering how I can hide phpMyAdmin access via a webpage to the
mysql.mysql tablespecifically the user table.
I don't want anyone using phpMyAdmin to have access to the user table. I
only want
I had something like this too.
I used something other for the start and ending blocks.
# #
Then had a replace() section.
Hi there,
I (still :-) ) have the code of my php pages stored in a database. A main
page parses this code using the eval_html function postet at php.net.
This
used to
hi,
header(Content-type: application/vnd-ms.word); is not what my customers
want. They may or may not want to save it in their harddisk.. but having the
header at the beginning of my page will force them to save it in their
harddisk. Some of the customers just want to view it on the web while
hi,
header(Content-type: application/vnd-ms.word); is not what my customers
want. They may or may not want to save it in their harddisk.. but having
the
header at the beginning of my page will force them to save it in their
harddisk. Some of the customers just want to view it on the web while
Hi
My customers would like to save my php outputs in a word document file and so I have
added a meta tag META NAME=ProgID CONTENT=word.document in my php files.
However, my File-Edit button in IE6 is greyed out. why? i see that other php files on
other websites allow Edit, why is it that my
Try to set session.cache_limiter to private
Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi
My customers would like to save my php outputs in a word document file and so I have
added a meta tag META NAME=ProgID
CONTENT=word.document in my php files. However, my
thanx for the suggestion... it did work for a while! that's very
interesting... but, what happened now is that my file is a form that post to
itself... i can do an edit when it is the form, but after the user submits
the form and the information is displayed again without any form fields, the
Edit
21 matches
Mail list logo