On Wed, Jun 23, 2010 at 11:09 AM, Ashley Sheridan
wrote:
> Out of interest, how does PHP calculate the IP number, as it was my
> understanding of IP numbers that they can't be negative.
>
> For example, my IP address is 89.243.156.135
> The four parts as binary:
> 01011001
> 0011
> 10011100
>
From: Ashley Sheridan
> Out of interest, how does PHP calculate the IP number, as it was my
> understanding of IP numbers that they can't be negative.
>
> For example, my IP address is 89.243.156.135
> The four parts as binary:
> 01011001
> 0011
> 10011100
> 1111
>
> >From there, I thoug
On Wed, 2010-06-23 at 10:58 -0400, Andrew Ballard wrote:
> On Wed, Jun 23, 2010 at 10:39 AM, Ashley Sheridan
> wrote:
> >
> > On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
> >
> > On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
> > wrote:
> > > That's what I'd use. You may also have
On Wed, Jun 23, 2010 at 10:39 AM, Ashley Sheridan
wrote:
>
> On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
>
> On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
> wrote:
> > That's what I'd use. You may also have to wrap it inside an abs() call
> > to ensure it's a positive number, as s
On Wed, 2010-06-23 at 10:35 -0400, Andrew Ballard wrote:
> On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
> wrote:
> > That's what I'd use. You may also have to wrap it inside an abs() call
> > to ensure it's a positive number, as some IP addresses equate to
> > negative with ip2long().
>
> NO
On Wed, Jun 23, 2010 at 6:01 AM, Ashley Sheridan
wrote:
> That's what I'd use. You may also have to wrap it inside an abs() call
> to ensure it's a positive number, as some IP addresses equate to
> negative with ip2long().
NO NO NO NO NO
Andrew
--
PHP General Mailing List (http://www.php
On Wed, 2010-06-23 at 12:21 +0300, Tanel Tammik wrote:
> "Michael Shadle" wrote in message
> news:aanlktildd_gdnlffpuwdx5acwwk45jbu4i6ybbmgj...@mail.gmail.com...
> > On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman wrote:
> >> unlikely. it's a apache delivered ip address.. very little chance of
>
"Michael Shadle" wrote in message
news:aanlktildd_gdnlffpuwdx5acwwk45jbu4i6ybbmgj...@mail.gmail.com...
> On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman wrote:
>> unlikely. it's a apache delivered ip address.. very little chance of
>> insert vulnerabilities, imho.
>
> still, the overhead for a db
> -Original Message-
> From: Michael Shadle [mailto:mike...@gmail.com]
> Sent: Wednesday, June 23, 2010 1:07 AM
> To: Tommy Pham
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
>
> On Wed, Jun 23, 20
> -Original Message-
> From: Michael Shadle [mailto:mike...@gmail.com]
> Sent: Wednesday, June 23, 2010 1:20 AM
> To: Tommy Pham
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
>
> On Wed, Jun 23, 20
On Wed, Jun 23, 2010 at 1:12 AM, Tommy Pham wrote:
> Then I presume that your firewall, servers, and application is test proven
> 'bulletproof'? :-P
a) no such thing
b) pretty damn solid, yes
and the reason? because i don't overcomplicate things.
"a simple stack is a happy stack"
:)
--
PHP
> -Original Message-
> From: Michael Shadle [mailto:mike...@gmail.com]
> Sent: Wednesday, June 23, 2010 1:07 AM
> To: Tommy Pham
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
>
> On Wed, Jun 23, 20
On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham wrote:
> If you're going to implement this, then it's better to implement the
> conversion in the backend DB (via SP or UDF). So you can always use MySQL
> query browser or the command line to run queries or other methods depending
> on your access
> -Original Message-
> From: Michael Shadle [mailto:mike...@gmail.com]
> Sent: Wednesday, June 23, 2010 12:17 AM
> To: Rene Veerman
> Cc: Tanel Tammik; php-general@lists.php.net
> Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
>
> On W
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman wrote:
> unlikely. it's a apache delivered ip address.. very little chance of
> insert vulnerabilities, imho.
still, the overhead for a db escape is better than your site being trashed.
also, you could look at converting the IP to an INT(10) (at lea
I was wondering, if there is a chance to manipulate the data this variable
holds?
Br
Tanel
"Rene Veerman" wrote in message
news:aanlktikwldeucxkru-4ni4pet5lq_5cc_vstnwrtx...@mail.gmail.com...
> unlikely. it's a apache delivered ip address.. very little chance of
> insert vulnerabilities, imho.
unlikely. it's a apache delivered ip address.. very little chance of
insert vulnerabilities, imho.
On Wed, Jun 23, 2010 at 8:53 AM, Tanel Tammik wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http:
On Wed, Jun 23, 2010 at 2:53 AM, Tanel Tammik wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
As long as you treat it w
There's a vulnerability in using anything from the user in SQL queries. Escape
it :)
On 23/06/2010, at 6:53 PM, Tanel Tammik wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net
On 23 June 2010 08:53, Tanel Tammik wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
With any and all input to sql queries: escape the input. Then you
don't have to ask the question.
Regards
Peter
--
WWW: http://plphp.dk / http://plind.dk
LinkedIn
20 matches
Mail list logo
