php-general Digest 24 Jan 2012 15:45:52 -0000 Issue 7663

2012-01-24 Thread php-general-digest-help
php-general Digest 24 Jan 2012 15:45:52 - Issue 7663 Topics (messages 316375 through 316387): Re: Update mailing list docs - How to unsubscribe? 316375 by: Geoff Shang Re: php.net problems? 316376 by: Donovan Brooke 316377 by: Daniel Brown 316378 by: Donovan

Re: [PHP] Re: sql injection protection

2012-01-24 Thread Haluk Karamete
4 questions... which is basically all it comes to.. After all this back and forth emails, I think we should nail down these questions cause they are still not completely covered in my mind. question 1 If you use the PHP filters sanitizations, and you plan on using PDO with binded params, are

[PHP] Re: Continued Problems Accessing *.php.net?

2012-01-24 Thread Al
On 1/23/2012 6:22 PM, Daniel Brown wrote: ALL: As you may have noticed, early this morning we got bored and decided to delete php.net from the Internet. After getting an estimated sixteen-point-four trillion complaints, we became overwhelmed and aggravated by your incessant need to

Re: [PHP] Re: sql injection protection

2012-01-24 Thread Alex Nikitin
question 1 If you use the PHP filters sanitizations, and you plan on using PDO with binded params, are you absolutely safe? And if not, why? What are the other ways for them to still make it in - even with PD0 and binded params properly in place? Just curious. There are no known exploits

Re: [PHP] Re: Continued Problems Accessing *.php.net?

2012-01-24 Thread Daniel Brown
On Tue, Jan 24, 2012 at 11:53, Al n...@ridersite.org wrote: Now, how about having the some very talented folks fix the severely restricted access to the NNTP server. Rarely can I download more than about 10 topics without a time out. Per your request several times over at least 2 years, I've

Re: [PHP] Re: Continued Problems Accessing *.php.net?

2012-01-24 Thread Stuart Dallas
On 24 Jan 2012, at 16:53, Al wrote: Now, how about having the some very talented folks fix the severely restricted access to the NNTP server. Rarely can I download more than about 10 topics without a time out. Per your request several times over at least 2 years, I've filed bug reports.

Re: [PHP] Re: sql injection protection

2012-01-24 Thread Haluk Karamete
My reply is in delims. question 1 If you use the PHP filters sanitizations, and you plan on using PDO with binded params, are you absolutely safe? And if not, why? What are the other ways for them to still make it in - even with PD0 and binded params properly in place? Just curious.

Re: [PHP] Re: sql injection protection

2012-01-24 Thread Alex Nikitin
You don't need to store it in the database as b64, just undo the encoding into your inputs for the purpose of the explanation, this is language independent b64e - encoding function b64d - decoding function pseudo code given: bad_num = ') union select * from foo --' bad_str = good_num =