I'm using php addslashes to store data into MySQL and php stripslashes when
pulling it back out, but I'm running into trouble when people enter HTML
code. Do you have any recommendations?
Here's an example of what I'm talking about:
">
An error occurs if the entry has a value of:
this i
Thanks everyone. I ended up using a combination of the htmlspecialchars and
the stripslashes commands. The htmlspecialchars function has an example
about halfway down that I ended up using.
Thanks =)
> -Original Message-
> Take a look at the php website on the function addslashes.
> Y
> so I've been doing a little thinking about web server security..
>
> #1. Since all files on the web are 644, what is to stop someone on the
> same server from copying your files to their own directory?
> (specifically your database connection info)
> #2. if a folder if 777, what's to stop someon
Hold refers to the period of time when a student is waiting to be matched
with a host family.
- You have three groups: students, coordinators, and host families.
- Coordinators match students with host families.
- Students go through different stages of processing.
The goals are to:
- provide e
Check out the ini_set command in PHP. It'll let you set this option from
within your specific script.
> -Original Message-
> I am running a script (called through a browser) that checks entries in a
> table one at a time. As the table has grown, the script takes longer to
> run
> than is
You're asking a legal question and should contact an attorney.
> -Original Message-
> From: Vincent Jordan [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 09, 2004 4:03 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Intellectual property rights
>
> This is a bit off topic however it m
php.ini
; Maximum number of persistent links. -1 means no limit.
mysql.max_persistent = -1
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 11, 2004 8:33 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Limiting persistant connections wit
Is it just me or is this a very bad thing from a security standpoint? It
seems to me that user input should always be filtered before use. Otherwise
there's nothing stopping a hacker from embedding sql into the value of the
name variable.
> -Original Message-
> Insert into members (name)
> -Original Message-
> I don't have smtp server running on my computer. Any suggestions for smtp
> server, please.
Those settings will depend entirely on your Internet Service Provider.
You'll need to call them and ask what you'd use for your outgoing SMTP
server for sending email.
-Ed
-
> -Original Message-
> either output the data as a csv which you are doing (on windoze name
> the file with a .csv extension) or take a look at
> http://pear.php.net/package/Spreadsheet_Excel_Writer
I have another option that might work for you also. Go to MySQL's website
and grab their O
> -Original Message-
> From: Daniel Brunner [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 17, 2004 2:45 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] MySQL to EXCEL?
>
> I don't know how you have it setup.
>
> But you can create a XLS file on the fly using PHP
>
> By using h
> -Original Message-
>
> You can use
>
>
>
>
> and each tr becomes an excel row and each td becomes a cell. This may or
> may not work in/before excel97??
>
> If you're looking to create true excel files, then i highly suggest
> spreadsheetwrite_excel,
> It is an ex
> Shared hosting vulnerabilities have nothing to do with SQLite security.
> phpMyAdmin seems to be a popular choice for MySQL admin and I reckon
> there must be a few people who use it in shared hosting situations.
Most of the shared hosting options I've seen lately list phpMyAdmin as one
of the b
Has any performance testing been done between ADOdb and PEARdb?
> -Original Message-
> PEARdb does seem to have caught up, but lots of third party applications
> are already available that use ADOdb or have moved to it (or are moving)
> in later updates.
--
PHP Database Mailing List (htt
Quoting ioannes <[EMAIL PROTECTED]>:
> The answer seems to be DATE_ADD but I haven't got it to work yet...asking
> the MySQL people.
Check your version of MySQL... I think that's a newer function.
-Ed
This message was sent using
I keep looking at the following code and thinking there's gotta be a better
way. I've been in front of the computer all day tho and I'm drawing a
blank. Any ideas?
Thanks,
-Ed
$sql = "select ID from products where ";
if ($webpage->parameter_isset("CategoryID")) {
if (
> -Original Message-
> Seems to me we've just answered a very similar question to this (and I'd
> be
> surprised it there weren't several relevant threads in the list archives).
> Nonetheless:
I was so tired last night that I don't even remember if I checked the
archives first - my bad. T
PHP / MySQL
I'm using PHP to retrieve user input and store it in MySQL. PHP's
addslashes function is used on data going into the database and PHP's
stripslashes function is being used on data coming from the database. This
is allowing me to store and retrieve data with no problems, but it's c
> Use the more specific mysql_escape_string() (or friend) instead.
> You're not supposed to use stripslashes() on data coming from the database
Kk, thanks Jason =)
-Ed
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> -Original Message-
> This may be a more javascript related topic, but it's also php/mysql.
> Apologies in advance if this is too far off topic.
>
> I'm trying to pull data from MySQL using PHP to sort the results into a
> form with a pull down menu. That works fine; I can do that.
>
> B
select id, fname, lname, RAND() as temp from clients where featured=1 order
by temp
> -Original Message-
> I have the following query:
>
> Select id, fname, lname from clients where featured=1 order by RAND()
>
> At any time, there should only be three clients where featured =1.
> Prob
; a new value for temp each time but they are still in the same order as
> the first one always has a lower temp value
>
>
> On Thu, 7 Oct 2004 06:40:23 -0700, Ed Lazor <[EMAIL PROTECTED]> wrote:
> >
> >
> > select id, fname, lname, RAND() as t
eck out the strip_tags and mysql_escape_string commands. They allow you
to filter misc. code that might be imbedded in the data and also prepare the
data for insertion into the database (if you're going to store it).
Ed Lazor, President
http://RPGStore.com
Up to 50% off. Over 20,000 items in stock
--
23 matches
Mail list logo