RE: Re: [PHP-DB] Re: sessions
-Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] You are wrong. :) Having register_globals OFF helps to prevent poorly written programs from being vulnerable to users setting variables in the URL/header/cookie data. You can still write horribly insecure programs with register_globals OFF. You can easily write very secure programs that function with register_globals ON or OFF, too. http://us2.php.net/manual/en/security.globals.php Exactly. It's merely there so that beginning developers don't blindly stumble forward making bad decisions - give them a sense that there's this thing called input checking and initialization. That said, it's a shame that there are still commercial programs that rely on it - solely because it defaults to off since 4.2 and many people may not have the access to change it*. One would want to avoid as much technical support as necessary, in such instances :) Personally I prefer explicitly pulling data into my scripts, so I like it being OFF regardless of defaults, but others may have other opinions. * I know it can be changed in .htaccess, I just don't know what options the server needs to be running under for this - AllowOverride ALL certainly - but I would hope something more lax would allow it. Still, it seems being able to change that would give the user the ability to change the max_memory/max_execution_time of php scripts - which I can't imagine any reselling host wanting a shell/etc. account doing. Cheers, - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP-HTML-select deny
Hi, sorry this is a bit late - just got back from holiday :) Don't forget css can be disabled very easily in Firefox Opera. So to disable printing too, if you're using the Flash method, then put an empty frame in the movie and make it the only printable frame (label #p). Then what the site visitor sees is the text but the player will only give the blank frame for printing. Of course there's still the Print Screen button... ;) Sorry this is getting OT, extreme requirements lead to odd solutions... anna this bit of .css @media print { body { display: none; } } Then viewer can't print the page. We do this because only certain subscribers have printing privileges. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL error...
-Original Message- From: NIPP, SCOTT V (SBCSI) [mailto:[EMAIL PROTECTED] No... That is just some strange error generated by the cut and paste. The IS NOT NU LL that is... The other issue with 'tablename'... I simply typed 'tablename' in the e-mail because I didn't remember the exact tablename when I was typing the e-mail. It does actually provide the name of the table that the script is working with. It's very hard to diagnose a problem - unless it's blindingly obvious - without the exact error, as well as any code which could be contributing to it. It's best to cut and paste wherever possible - and if anything must be 'hidden' to obviously hide it and make note of the replacement. Just like Johan K# would do. * K# name has been changed to protect the guilty - in my 'code' it is typed normally. Cheers, - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php