-Original Message-
From: James Colannino [mailto:ja...@colannino.org]
Sent: Tuesday, June 22, 2010 10:06 PM
To: PHP-General List
Subject: Re: [PHP] Question about logins and locking
Tommy Pham wrote:
1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to
Hi,
is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
Br
Tanel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
inheritance of this kind is useful if you have common descendants for
specific types of object
object mammal (
function eat (mixed $food)
function shit ()
function sleep()
)
object carnivore extends mammal (
function eat (meat $food)
)
object herbivore extends mammal (
function eat
On 23 June 2010 08:53, Tanel Tammik keevit...@gmail.com wrote:
Hi,
is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
With any and all input to sql queries: escape the input. Then you
don't have to ask the question.
Regards
Peter
--
hype
WWW: http://plphp.dk /
On Wed, Jun 23, 2010 at 2:53 AM, Tanel Tammik keevit...@gmail.com wrote:
Hi,
is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
Br
Tanel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
As long as you
unlikely. it's a apache delivered ip address.. very little chance of
insert vulnerabilities, imho.
On Wed, Jun 23, 2010 at 8:53 AM, Tanel Tammik keevit...@gmail.com wrote:
Hi,
is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
Br
Tanel
--
PHP General Mailing
This is somewhat related to the whole PCI/credit card discussion a
couple weeks back. The consensus was basically leave it to other
people - however, what if YOU are the other person?
I wonder if anyone has some BKMs to share about encrypting data in a
web application. A lot of people take the
I was wondering, if there is a chance to manipulate the data this variable
holds?
Br
Tanel
Rene Veerman rene7...@gmail.com wrote in message
news:aanlktikwldeucxkru-4ni4pet5lq_5cc_vstnwrtx...@mail.gmail.com...
unlikely. it's a apache delivered ip address.. very little chance of
insert
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman rene7...@gmail.com wrote:
unlikely. it's a apache delivered ip address.. very little chance of
insert vulnerabilities, imho.
still, the overhead for a db escape is better than your site being trashed.
also, you could look at converting the IP to
On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote:
This is somewhat related to the whole PCI/credit card discussion a
couple weeks back. The consensus was basically leave it to other
people - however, what if YOU are the other person?
I wonder if anyone has some BKMs to share
On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind peter.e.l...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm
working on we've been considering the same issues in order to keep
member data safe. I would say your best bet is to keep the decryption
key in memory
-Original Message-
From: Peter Lind [mailto:peter.e.l...@gmail.com]
Sent: Wednesday, June 23, 2010 12:22 AM
To: Michael Shadle
Cc: PHP-General
Subject: Re: [PHP] How to store encrypted data and how to store the key?
On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote:
-Original Message-
From: Michael Shadle [mailto:mike...@gmail.com]
Sent: Wednesday, June 23, 2010 12:17 AM
To: Rene Veerman
Cc: Tanel Tammik; php-general@lists.php.net
Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman
On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham tommy...@gmail.com wrote:
If you're going to implement this, then it's better to implement the
conversion in the backend DB (via SP or UDF). So you can always use MySQL
query browser or the command line to run queries or other methods depending
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've been considering the same issues in order to keep member data safe.
I would say your best bet is to keep the decryption key in memory while
-Original Message-
From: Michael Shadle [mailto:mike...@gmail.com]
Sent: Wednesday, June 23, 2010 1:07 AM
To: Tommy Pham
Cc: php-general@lists.php.net
Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham tommy...@gmail.com
On Wed, Jun 23, 2010 at 1:12 AM, Tommy Pham tommy...@gmail.com wrote:
Then I presume that your firewall, servers, and application is test proven
'bulletproof'? :-P
a) no such thing
b) pretty damn solid, yes
and the reason? because i don't overcomplicate things.
a simple stack is a happy
-Original Message-
From: Michael Shadle [mailto:mike...@gmail.com]
Sent: Wednesday, June 23, 2010 1:20 AM
To: Tommy Pham
Cc: php-general@lists.php.net
Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 1:12 AM, Tommy Pham tommy...@gmail.com
-Original Message-
From: Michael Shadle [mailto:mike...@gmail.com]
Sent: Wednesday, June 23, 2010 1:07 AM
To: Tommy Pham
Cc: php-general@lists.php.net
Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham tommy...@gmail.com
On Tue, 2010-06-22 at 10:41 -0400, Daniel P. Brown wrote:
On Tue, Jun 22, 2010 at 10:17, Mike Davies m...@integrawebdesign.co.uk
wrote:
[snip!]
Warning: reset() [function.reset]: Passed variable is not an array or
object in /home/b23aadf/public_html/news/details.php on line 72
[snip!]
Michael Shadle mike...@gmail.com wrote in message
news:aanlktildd_gdnlffpuwdx5acwwk45jbu4i6ybbmgj...@mail.gmail.com...
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman rene7...@gmail.com wrote:
unlikely. it's a apache delivered ip address.. very little chance of
insert vulnerabilities, imho.
On 23 June 2010 01:03, Rick Dwyer rpdw...@earthlink.net wrote:
$find = '/[^a-z0-9]/i';
Replace that with ...
$find = '/[^a-z0-9]++/i';
And now you only need ...
$new_string = trim(preg_replace($find, $replace, $old_string));
--
-
Richard Quadling
Standing on the shoulders of some very
On 23 June 2010 07:44, Tommy Pham tommy...@gmail.com wrote:
-Original Message-
From: James Colannino [mailto:ja...@colannino.org]
Sent: Tuesday, June 22, 2010 10:06 PM
To: PHP-General List
Subject: Re: [PHP] Question about logins and locking
Tommy Pham wrote:
1) Set an encrypted
On Wed, 2010-06-23 at 12:21 +0300, Tanel Tammik wrote:
Michael Shadle mike...@gmail.com wrote in message
news:aanlktildd_gdnlffpuwdx5acwwk45jbu4i6ybbmgj...@mail.gmail.com...
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman rene7...@gmail.com wrote:
unlikely. it's a apache delivered ip
On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote:
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've been considering the same issues in order to keep member data safe.
I would
Mike,
Little weird. I executed the same lines of code against my sample database
and did not got any warning. You might want to send the code for projects
and news to do any comparison?
*[I will silently wait for the PHP demi-gods (the Ashleys, the Pauls et al)
at hover their vigilant eyes on
On Wed, 2010-06-23 at 15:55 +0530, Shreyas Agasthya wrote:
Mike,
Little weird. I executed the same lines of code against my sample database
and did not got any warning. You might want to send the code for projects
and news to do any comparison?
*[I will silently wait for the PHP demi-gods
Hold everything, Mike!
On Wed, Jun 23, 2010 at 05:18, Mike Davies m...@integrawebdesign.co.uk wrote:
[snip!]
?php
mysql_select_db($database_general, $general);
$query_details = SELECT * FROM news WHERE news_id = '$_GET[id]';
/**
* Above line is placed here so that we can be
Hello,
I am trying connect to freebsd. I have php 5.3.2 installed. I have to connect
using public keys, but without succes. Function ssh2_connect throws me
following error (then I have invalid resource for function
ssh2_auth_pubkey_file)...
PHP Warning: ssh2_connect(): Error starting up SSH
Hello,
I am trying connect to freebsd. I have php 5.3.2 installed. I have to connect
using public keys, but without succes. Function ssh2_connect throws me
following error (then I have invalid resource for function
ssh2_auth_pubkey_file)...
PHP Warning: ssh2_connect(): Error starting up SSH
2010/6/23 Radek Krejča radek.kre...@starnet.cz:
PHP Warning: ssh2_connect(): Error starting up SSH connection(-5): Unable to
exchange encryption keys in /usr/home/radek/pokus.php on line 14
Make sure that
the key file exists by that name in the location you're
From: Radek Krejca
I am trying connect to freebsd. I have php 5.3.2 installed. I have to
connect
using public keys, but without succes. Function ssh2_connect throws me
following error (then I have invalid resource for function
ssh2_auth_pubkey_file)...
PHP Warning: ssh2_connect(): Error
Have you tried opening the connection from the command line with OpenSSL
or similar tools? Do you know those credentials will actually work?
Yes, It is my key (now I am testing), but I got this message before I run
ssh2_auth_public...
Radek
--
PHP General Mailing List (http://www.php.net/)
On Wed, Jun 23, 2010 at 6:09 AM, Peter Lind peter.e.l...@gmail.com wrote:
On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote:
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've
Now that I'm finally landing some freelance PHP work, I am in need of some
software that I can add clients, enter estimates, keep track of hours, and
create invoices with. I'd like it to be Web-based. I could write my own, of
course, but why do it if it's already done?! Does anyone know of
Make sure that
the key file exists by that name in the location you're
specifying (hint: use a full path).
it is the right key for that server.
the permissions on the file are very strict (chmod 0400 ssh-rsa).
I got error message immediately after
2010/6/23 Radek Krejča radek.kre...@starnet.cz:
Make sure that
the key file exists by that name in the location you're
specifying (hint: use a full path).
it is the right key for that server.
the permissions on the file are very strict (chmod 0400
On Wed, Jun 23, 2010 at 09:52, Floyd Resler fres...@adex-intl.com wrote:
Now that I'm finally landing some freelance PHP work, I am in need of some
software that I can add clients, enter estimates, keep track of hours, and
create invoices with. I'd like it to be Web-based. I could write my
Make sure that
the key file exists by that name in the location you're
specifying (hint: use a full path).
Its in ssh2_auth_public..., yes, I am using full path there.
it is the right key for that server.
Yes, I use it with ssh command from line on the same
On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
That's what I'd use. You may also have to wrap it inside an abs() call
to ensure it's a positive number, as some IP addresses equate to
negative with ip2long().
NO NO NO NO NO
?php
$x =
On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
That's what I'd use. You may also have to wrap it inside an abs() call
to ensure it's a positive number, as some IP addresses equate to
negative with
On Wed, Jun 23, 2010 at 09:52:21AM -0400, Floyd Resler wrote:
Now that I'm finally landing some freelance PHP work, I am in need of some
software that I can add clients, enter estimates, keep track of hours, and
create invoices with. I'd like it to be Web-based. I could write my own, of
freshbooks.com
On 2010-06-23, at 11:44 AM, Paul M Foster wrote:
On Wed, Jun 23, 2010 at 09:52:21AM -0400, Floyd Resler wrote:
Now that I'm finally landing some freelance PHP work, I am in need of some
software that I can add clients, enter estimates, keep track of hours, and
create
On Wed, Jun 23, 2010 at 10:39 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
That's what I'd use. You may also have to wrap it inside an abs()
On Wed, 2010-06-23 at 10:58 -0400, Andrew Ballard wrote:
On Wed, Jun 23, 2010 at 10:39 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Wed, 2010-06-23 at 09:09 -0400, Daniel Brown wrote:
Hold everything, Mike!
On Wed, Jun 23, 2010 at 05:18, Mike Davies m...@integrawebdesign.co.uk
wrote:
[snip!]
?php
mysql_select_db($database_general, $general);
$query_details = SELECT * FROM news WHERE news_id = '$_GET[id]';
On Wed, 2010-06-23 at 16:14 +0100, Mike Davies wrote:
On Wed, 2010-06-23 at 09:09 -0400, Daniel Brown wrote:
Hold everything, Mike!
On Wed, Jun 23, 2010 at 05:18, Mike Davies m...@integrawebdesign.co.uk
wrote:
[snip!]
?php
mysql_select_db($database_general, $general);
On Wed, Jun 23, 2010 at 10:01 AM, Daniel P. Brown
daniel.br...@parasane.net wrote:
On Wed, Jun 23, 2010 at 09:52, Floyd Resler fres...@adex-intl.com wrote:
Now that I'm finally landing some freelance PHP work, I am in need of some
software that I can add clients, enter estimates, keep track of
On Wed, Jun 23, 2010 at 11:14, Mike Davies m...@integrawebdesign.co.uk wrote:
Nothing is returned for SELECT query as there is nothing in the table as
yet. Perhaps this is the problem. Typically all projects would have an
associated thumb image but all news items may not. Perhaps a thumb image
From: Ashley Sheridan
Out of interest, how does PHP calculate the IP number, as it was my
understanding of IP numbers that they can't be negative.
For example, my IP address is 89.243.156.135
The four parts as binary:
01011001
0011
10011100
1111
From there, I thought that the
Please DO NOT click on the following link. It should have been sent in
a previous email. Seems like someone has hijacked my email and is
sending this to all my contacts.
Thanks,
Navid
On Wed, Jun 23, 2010 at 7:38 AM, Navid Yar navid...@yahoo.com wrote:
http://saq9.grkhworld.com/
--
PHP
On Wed, 2010-06-23 at 16:22 +0100, Ashley Sheridan wrote:
On Wed, 2010-06-23 at 16:14 +0100, Mike Davies wrote:
If you haven't in your code, then make sure you define $thumbsarray as
an array before you attempt to use it in the loop. This will have no
effect where rows are returned, but it
On Wed, Jun 23, 2010 at 11:09 AM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
Out of interest, how does PHP calculate the IP number, as it was my
understanding of IP numbers that they can't be negative.
For example, my IP address is 89.243.156.135
The four parts as binary:
01011001
On Jun 23, 2010, at 11:24 AM, Bastien Koert wrote:
On Wed, Jun 23, 2010 at 10:01 AM, Daniel P. Brown
daniel.br...@parasane.net wrote:
On Wed, Jun 23, 2010 at 09:52, Floyd Resler fres...@adex-intl.com wrote:
Now that I'm finally landing some freelance PHP work, I am in need of some
software
Do you have lexneter installed. I think that could be the problem.
2010/6/23 Radek Krejča radek.kre...@starnet.cz
Make sure that
the key file exists by that name in the location you're
specifying (hint: use a full path).
Its in ssh2_auth_public..., yes, I am using
Priceless. Could also be extended applied to babies too. ;-p
object babies extends mammal (
function eat (milk $food)
)
ROFL.
-Original Message-
From: Rene Veerman [mailto:rene7...@gmail.com]
Sent: Tuesday, June 22, 2010 11:58 PM
object mammal (
function eat (mixed $food)
I talked with a friend who actually had this implemented before and
banks had signed off on it after reviewing it.
load balancer (irrelevant to the security piece)
web server(s) - only accepts traffic to port 80/443. can only forward
requests on to the app server, one direction.
app server(s) -
On 23 June 2010 20:55, Michael Shadle mike...@gmail.com wrote:
I talked with a friend who actually had this implemented before and
banks had signed off on it after reviewing it.
load balancer (irrelevant to the security piece)
web server(s) - only accepts traffic to port 80/443. can only
On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind peter.e.l...@gmail.com wrote:
I'm just wondering if this is a correct understanding:
1. plaintext data arrives on the web frontend.
or over SSL
2. It's sent to the app server
SSL or non-SSL - your choice
3. It's encrypted and sent to the DB
Do you have lexneter installed. I think that could be the problem.
2010/6/23 Radek Krejča radek.kre...@starnet.cz
Make sure that
What is lexneter please?
Radek
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Greetings All,
I am at a new Gig.
So this is the existing setup so changing it at least in the short term is
not an option.
We are in an IIS shop.
We have a bunch of files that are html, and in need of php functionality.
And that would be a BUNCH of files.
I am interested in setting if I can
On Wed, 2010-06-23 at 16:26 -0600, Phillip Baker wrote:
Greetings All,
I am at a new Gig.
So this is the existing setup so changing it at least in the short term is
not an option.
We are in an IIS shop.
We have a bunch of files that are html, and in need of php functionality.
And that
-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Wednesday, June 23, 2010 4:47 PM
To: Phillip Baker
Cc: PHP General List
Subject: Re: [PHP] IIS, PHP and HTML
On Wed, 2010-06-23 at 16:26 -0600, Phillip Baker wrote:
Greetings All,
I am at a
On Wed, 2010-06-23 at 17:34 -0700, Tommy Pham wrote:
-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Wednesday, June 23, 2010 4:47 PM
To: Phillip Baker
Cc: PHP General List
Subject: Re: [PHP] IIS, PHP and HTML
On Wed, 2010-06-23 at 16:26
64 matches
Mail list logo