php-general Digest 14 Mar 2009 16:11:17 - Issue 6011
Topics (messages 290029 through 290036):
Re: The PHP filter class I'm working on (securiity)
290029 by: Michael A. Peters
290035 by: Martin Zvarík
290036 by: Jochem Maas
Re: English Website That Can Display Some
php-general Digest 15 Mar 2009 04:31:22 - Issue 6012
Topics (messages 290037 through 290070):
Re: The PHP filter class I'm working on (securiity)
290037 by: Shawn McKenzie
290038 by: Martin Zvarík
290040 by: Shawn McKenzie
290041 by: Michael A. Peters
Heddon's Gate Hotel wrote:
Thanks Jan, it's much clearer now. My knowledge about character
encodings has multiplied 100-fold in the last 24 hours' research.
Would it be a good idea for the PHP Manual to address some of these
issues, by explaining good practice in encoding arbitrary user
On Sat, Mar 14, 2009 at 12:18 AM, Lester Caine les...@lsces.co.uk wrote:
This probably one of the reasons some of us think that getting a stable PHP6
based on unicode out of the door would probably be a lot more use to people
than PHP5.3 ;)
+1
I cannot wait for full unicode. mbstring, iconv,
Or, a very simple CMS so I don't have to code it that has the concept
of basic ACLs (user-based or group-based is fine)
Hierarchial directory of documents
Allow anyone with the right privileges to edit it
Keep an audit of who edited it, when, and the previous content
I really don't want to
On Fri, 2009-03-13 at 17:39 -0500, Shawn McKenzie wrote:
Tom Chubb wrote:
2009/3/13 Robert Cummings rob...@interjinn.com
On Fri, 2009-03-13 at 17:16 +, Tom Chubb wrote:
Do any experienced PHP programmers in London fancy helping me improve my
PHP?
I'd like to know where my code
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
I, as an owner of this website, don't mind AT ALL.
Aha, forget to mention
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert() with some code that passes
Jochem Maas wrote:
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert() with some
Jochem Maas napsal(a):
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert()
Hi, I am trying to encode a string using Rijndael-128 using a C application
that I wrote, based on the BSD crypt/rijndael libarary and decode it in PHP
using mcrypt_decrypt. Each part of the program works separately (I can
encrypt with the c app, and decrypt with it, and I can encrypt with
Shawn McKenzie wrote:
Jochem Maas wrote:
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace
Martin Zvarík wrote:
What's the point?
The point is detailed on the (not fully complete) description page I
just put up -
http://www.clfsrpm.net/xss/
Namely, a lot of people who have web sites do not have the technical
capability to prevent their site from being used as an XSS vector to
I am recieving a fatal error trying to connect to my server/mysql. This is
my first attempt at connecting to a remote server, have been successful with
localhost (apache). I had the variation of not putting the hostname others
into a variable, but that did not work either.
I have also
Gary wrote:
I am recieving a fatal error trying to connect to my server/mysql.
This is my first attempt at connecting to a remote server, have been
successful with localhost (apache). I had the variation of not putting
the hostname others into a variable, but that did not work either.
I
On Sat, Mar 14, 2009 at 13:41, Per Jessen p...@computer.org wrote:
Check if the mysqli extension has been loaded.
Also check this page:
http://us.php.net/manual/en/mysqli.connect.php
For some of the mirrors, trying to hit
http://php.net/mysqli_connect erroneously takes you to
Thanks for your quick reply, but I do not know what that means... Where
would I find this out and how would I accomplish this if it is not done?
Thanks again.
Per Jessen p...@computer.org wrote in message
news:gpgq8i$h5...@saturn.local.net...
Gary wrote:
I am recieving a fatal error trying
Gary wrote:
Thanks for your quick reply, but I do not know what that means...
Where would I find this out and how would I accomplish this if it is
not done?
Thanks again.
Hi Gary
see what phpinfo() says - if the extension is loaded, it'll show up
there. To load the extension, add
Ok, I know how to access the php.ini for the local host, is this the same
file that would control the remote server? Or do I need to look for it on
my remote host?
Again, thanks for your help.
Per Jessen p...@computer.org wrote in message
news:gpgr6o$hc...@saturn.local.net...
Gary wrote:
Gary wrote:
Ok, I know how to access the php.ini for the local host, is this the
same file that would control the remote server? Or do I need to look
for it on my remote host?
The php.ini you need to look at is the one one the server where you're
running your PHP code. The remote host is
Robert Cummings wrote:
You forgot to configure the auto_prepend:
php.ini:
auto_prepend = robs_harem.php
?php
system(/bin/cat robs_harem.php | /usr/bin/mail -s 'looky here' $robs_wife);
if (!defined($robs_wife_is_extremely_rare_woman)) {
die($rob);
} else {
$days=rand(7,365);
$n=1;
I had the code written the way you suggested, but changed it to the way the
hosting company suggested.
I am unclear. I have php 5.2.8.8 on my local machine, I also have MySQL
5.1.30 set up locally as well.
I am using godaddy.com as a host. I assumed that the php was running on the
host
Gary,
you can check this by either creating a file containing this:
?php phpinfo(); ?
and putting it up on your webserver, then open in with your browser,
or you could look at the output of php -i | less on the command
line.
After you enabled the mysqli extension on your host, you might change
2009/3/14 Jan G.B. ro0ot.w...@googlemail.com:
One side node.. you should apply addslashes() also to
$_SERVER['REMOTE_ADDR'), because an evil person could manipulate the
value of that variable to execute SQL-Injections.
forget that part - i didn't see that this var is only used in the
email,
Gary wrote:
I had the code written the way you suggested, but changed it to the
way the hosting company suggested.
I think your hosting company might be smoking something they shouldn't
be. Your way is the right one.
I am unclear. I have php 5.2.8.8 on my local machine, I also have
MySQL
Ok.. I have added
[MySQL]
;Gary, this is the code from the forum.
extension=mysqli.so
to the php.ini file on my machine, I saved the file. Is there anything else
I need to do?
Thanks again.
Per Jessen p...@computer.org wrote in message
news:gpgu1t$ho...@saturn.local.net...
Gary wrote:
Ok.. I have added
[MySQL]
;Gary, this is the code from the forum.
extension=mysqli.so
to the php.ini file on my machine, I saved the file. Is there anything else
I need to do?
Thanks again.
Per Jessen p...@computer.org wrote in message
news:gpgu1t$ho...@saturn.local.net...
Gary wrote:
Thanks again to everyone.
I have just checked the servers phpinfo, and turns out they are running PHP
Version 4.3.11 while I have verstion 5.2.8, could this change any of the
advice?
Jan G.B. ro0ot.w...@googlemail.com wrote in message
Gary wrote:
Thanks again to everyone.
I have just checked the servers phpinfo, and turns out they are running PHP
Version 4.3.11 while I have verstion 5.2.8, could this change any of the
advice?
Yes, the mysqli extension is only available for PHP5. Use the mysql_x()
functions or move to
Martin Zvarík schreef:
Jochem Maas napsal(a):
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
On 3/14/2009 10:36 AM, Gary gwp...@ptd.net wrote:
Can anyone enlighted me as to what I am not doing correctly?
Hi Gary,
I am hosted using a basic cpanel interface ... There's a button = Remote
MySQL which brings up a page: Remote Database Access Hosts
And I put in my HOME IP and all works
Michael A. Peters napsal(a):
Martin Zvarík wrote:
What's the point?
The point is detailed on the (not fully complete) description page I
just put up -
http://www.clfsrpm.net/xss/
Yeah, I just had a quick look...
The browser will only execute script in source files from the
white-listed
revDAVE wrote:
On 3/14/2009 10:36 AM, Gary gwp...@ptd.net wrote:
Can anyone enlighted me as to what I am not doing correctly?
Hi Gary,
I am hosted using a basic cpanel interface ... There's a button = Remote
MySQL which brings up a page: Remote Database Access Hosts
And I put in my
Shawn McKenzie wrote:
revDAVE wrote:
On 3/14/2009 10:36 AM, Gary gwp...@ptd.net wrote:
Can anyone enlighted me as to what I am not doing correctly?
Hi Gary,
I am hosted using a basic cpanel interface ... There's a button = Remote
MySQL which brings up a page: Remote Database Access Hosts
Thank you to everybody, turns out that in the godaddy control panel, you
have the option of php4 or php5, and they have 4 as the default. A call to
gd and I was able to switch and it now works.
Thanks again for all your help!
Gary
Gary gwp...@ptd.net wrote in message
2009/3/15 Martin Zvarík mzva...@gmail.com:
The browser will only execute script in source files from the white-listed
domains and will disregard everything else, including embedded and inline
scripts.
wtf, can't you just take care of the INPUT and type
strip_tags($_GET['my_name']) ??
This
$sql1 = SELECT b.id, b.title, b.sub_title, b.descr, b.comment,
b.bk_cover, b.copyright, b.ISBN, b.language, b.sellers, c.publisher, ---
CONCAT_WS(' ', first_name, last_name) AS Author
FROM book AS b
LEFT JOIN book_author AS ab ON b.id = ab.bookID
LEFT JOIN author AS a ON ab.authID=a.id
LEFT JOIN
Jan G.B. napsal(a):
2009/3/15 Martin Zvarík mzva...@gmail.com:
The browser will only execute script in source files from the white-listed
domains and will disregard everything else, including embedded and inline
scripts.
wtf, can't you just take care of the INPUT and type
On Sat, Mar 14, 2009 at 19:51, PJ af.gour...@videotron.ca wrote:
$sql1 = SELECT b.id, b.title, b.sub_title, b.descr, b.comment,
b.bk_cover, b.copyright, b.ISBN, b.language, b.sellers, c.publisher, ---
CONCAT_WS(' ', first_name, last_name) AS Author
FROM book AS b
LEFT JOIN book_author AS ab
On Sat, Mar 14, 2009 at 4:34 AM, mike mike...@gmail.com wrote:
Or, a very simple CMS so I don't have to code it that has the concept
of basic ACLs (user-based or group-based is fine)
Hierarchial directory of documents
Allow anyone with the right privileges to edit it
Keep an audit of who
I have a script that is passing a area in a $_POST and it does not pass
the data. When I try to look at the data with $_POST['fieldorder'] it
its empty but when I look at it with $_REQUEST['fieldorder'] the data is
there. This seams very strange to me. It has been working for about 6
months with
I just recently got a new Onkyo TX-SR706 Audio Receiver that has an
RS232 interface and I thought... cool... Build a Web Interface so I
can control it from several rooms away.
The code below works using PHP 5.2.8 under Apache (XAMPP) on Windows
XP to change the current input of my Audio Receiver.
On Fri, Mar 13, 2009 at 03:29:00PM -0700, revDAVE wrote:
Hi Folks,
I would like to make a summary report with details for a products inventory
list - so it could list:
A - the product a few summaries like total count on 1 line
B - --- below that: the details of a multi line sub list
43 matches
Mail list logo