The Disguised Jedi wrote:
try users@httpd.apache.org list
On Tue, 25 Jan 2005 14:21:25 -0800, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
I have a new installation of php on an existing apache 2 server, and
something strange is happening. The file 'test.php' works and connects to
the database
Hi guys:
Thanks in advance for your help. I am newby in this
PHP stuff and I've got quite a problem here, and Ive
spent several days (and nights) trying to solve this
problem.
I am trying to manage a many to many relationship in a
web database application. I have three tables:
tbl_project
Hi All,
I am trying to create a page with 2 text boxes a name and a
password with a submit button.The user must enter his
username and password that is stored in mysql to access the
site.
With the following code i get a successfull connection with
a blank username and password but when i enter a
hi Guys,
I'm using Firebird 1.5 with PHP5.
I have a problem where by I am trying to do the equivelant of:
$a = 'A';
$b = 'AG';
if (stristr($b, $a)) {
// do something.
}
Inside a Stored procedure, where $a and $b are both input variables
to the stored
Jochem Maas wrote:
hi Guys,
hope somebody can give me a clue :-),
well about 5 mins after I posted I managed to find a solution thanks to
a man named Ivan Prenosil (who by all accounts knows where his firebird towel
is ;-)
http://www.volny.cz/iprenosil/interbase/ip_ib_code_string.htm
(the
On Wed, 2005-01-26 at 12:44 +0200, it clown wrote:
$db_user = $_POST[txt_name];
$db_password = $_POST[txt_password];
$db_name = data;
$connection = @mysql_connect ($db_host, $db_user,
$db_password) or die (error connecting);
echo connection successful!;
?
Replace this line
if(isset($_GET['id'])) {
$id=$_GET['id'];
$query = select bin_data, filetype from binary_data where id=$id;
This is a really bad example, anybody can inject your query with
malicious sql commands.
Never trust user supplied data.
--
PHP Database Mailing List (http://www.php.net/)
To
That is incrediably risky since you are exposing the entire db for those
users. What about setting [limited] permissions for those users?
I woul move to a table based authentication, where you have a users table
and one [or more] mysql accounts with the bare minimum privileges to allow
the
Yes, I totally agree. This was merely a sample code of how it could be done.
Not a definitive code samples of how to do it securely. There should be way
more validation, and better error handling too.
Bastien
From: Gareth Heyes [EMAIL PROTECTED]
To: php-db@lists.php.net
CC: [EMAIL PROTECTED]
It turns out that the real problem was problem 1) I am not personally in
control of our web server.
I forwarded some of the posted messages to our IT department and they
decided to change what they were telling me. They actually had register
globals turned off not on. I changed my code to use
Thanks for all the tips guys. I'll keep the last couple for future
reference.
--
Chip
Gareth Heyes [EMAIL PROTECTED] wrote on 01/26/2005 05:30:45 AM:
if(isset($_GET['id'])) {
$id=$_GET['id'];
$query = select bin_data, filetype from binary_data where id=$id;
This is a really bad
[EMAIL PROTECTED] wrote:
Thanks, I already had prefork installed. I solved the problem by
heaven help those that walk the threaded path heh :-)
changing to php 5 from php 4.
IC interesting to know.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
Hi all,
I got this sets(20) of defined constants which using them as keys to an
array
eg
define(FNAME, fname);
farray = array( FNAME = hello ,...);
my question is how do I insert that directly into a javascript(to do
some client validation)
I need this:
var fname =
tony wrote:
Hi all,
I got this sets(20) of defined constants which using them as keys to an
array
eg
define(FNAME, fname);
farray = array( FNAME = hello ,...);
my question is how do I insert that directly into a javascript(to do
some client validation)
I need this:
var
14 matches
Mail list logo
