Curt Zirzow wrote:
There is a pecl extension that you can register, custom
superglobals although it comes with some extra stuff as well:
http://php.net/runkit
I wish it would be a part of core distribution. Would be extremely useful.
--
PHP General Mailing List (http://www.php.net/)
To
Chris Shiflett wrote:
Ben Ramsey wrote:
$clean = array();
$sql = array();
Glad to see someone spreading this habit. :-) Thanks, Ben.
if (ctype_alnum($_POST['pass']))
{
$clean['pass'] = $_POST['pass'];
}
I think it's fine to cheat a bit with the password and trust the output
M wrote:
$clean['pass'] = md5((ini_get('magic_quotes_gpc') ?
stripslashes($_POST['pass']) : $_POST['pass']));
or users with quotes in their password won't be able to log in.
This is best handled in one place, so that it's easier to maintain and
less likely to be overlooked. In the examples
On Wed, November 9, 2005 7:15 pm, Chris Shiflett wrote:
Ben Ramsey wrote:
$clean = array();
$sql = array();
Here's an idea... Quite possibly half-baked.
Suppose PHP had a superglobal $_CLEAN which was an empty array.
Further suppose it was documented in the manual as *the* place to put
On 11/10/05 4:48 PM, Richard Lynch wrote:
Here's an idea... Quite possibly half-baked.
Suppose PHP had a superglobal $_CLEAN which was an empty array.
Further suppose it was documented in the manual as *the* place to put
your scrubbed data.
This rather small and hopefully inexpensive change
On Thu, November 10, 2005 4:21 pm, Ben Ramsey wrote:
On 11/10/05 4:48 PM, Richard Lynch wrote:
The only issue I see with building in a superglobal to the language
(or
this extension) is that it doesn't force the user to instantiate the
empty array at the top of the script. This could make for
On Thu, Nov 10, 2005 at 05:21:51PM -0500, Ben Ramsey wrote:
On 11/10/05 4:48 PM, Richard Lynch wrote:
Here's an idea... Quite possibly half-baked.
Suppose PHP had a superglobal $_CLEAN which was an empty array.
Further suppose it was documented in the manual as *the* place to put
your
On 11/9/05 6:21 PM, Ross wrote:
What is the correct syntax for
$query = SELECT * FROM login where username='$_POST['username']' AND pass
='$_POST['pass']';
Thought this would work.
R.
The correct syntax in this case is actually:
$query = SELECT * FROM login where
Ben Ramsey wrote:
$clean = array();
$sql = array();
Glad to see someone spreading this habit. :-) Thanks, Ben.
if (ctype_alnum($_POST['pass']))
{
$clean['pass'] = $_POST['pass'];
}
I think it's fine to cheat a bit with the password and trust the output
format of md5():
9 matches
Mail list logo
