On Thu, 2008-07-17 at 10:41 -0400, Daniel Brown wrote:
9.) NEVER store passwords in a PHP script. Instead, store them in
a file named `inc/config.inc` in the web directory, and include them.
Dude! You forgot the most important bit:
inc/config.inc:
$dbusername=root;
$dbpassword=r00t; //By
On Jul 16, 2008, at 5:28 PM, Stut wrote:
On 16 Jul 2008, at 19:18, Daniel Brown wrote:
On Tue, Jul 15, 2008 at 5:43 PM, Stut [EMAIL PROTECTED] wrote:
Code please, we're not mind readers!
I sensed you would say that, Stuart. ;-P
Can you sense what I'm thinking right now?
BTW, if
On 17 Jul 2008, at 11:31, Jason Pruim wrote:
On Jul 16, 2008, at 5:28 PM, Stut wrote:
On 16 Jul 2008, at 19:18, Daniel Brown wrote:
On Tue, Jul 15, 2008 at 5:43 PM, Stut [EMAIL PROTECTED] wrote:
Code please, we're not mind readers!
I sensed you would say that, Stuart. ;-P
Can you sense
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
Thanks for that tedd.
Seriously though, I'm wondering if my expectations are too high... I
expect
On Thu, Jul 17, 2008 at 9:10 AM, tedd [EMAIL PROTECTED] wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
I'm just surprised that Manuel Lemos hasn't been in here touting
his
On Jul 17, 2008, at 9:55 AM, Stut wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
Thanks for that tedd.
Seriously though, I'm wondering if
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
Thanks for that tedd.
Seriously though, I'm
On Thu, Jul 17, 2008 at 9:55 AM, Stut [EMAIL PROTECTED] wrote:
Seriously though, I'm wondering if my expectations are too high... I expect
them to know that addslashes is not adequate protection against SQL
injection. I even had one tell me SQL injection? I can't remember but I'm
sure I've
On Thu, Jul 17, 2008 at 10:41 AM, Daniel Brown [EMAIL PROTECTED] wrote:
On Thu, Jul 17, 2008 at 9:55 AM, Stut [EMAIL PROTECTED] wrote:
Seriously though, I'm wondering if my expectations are too high... I expect
them to know that addslashes is not adequate protection against SQL
injection. I
On Thu, Jul 17, 2008 at 10:56 AM, Andrew Ballard [EMAIL PROTECTED] wrote:
Bad day Dan? :-)
No, but I have faith. The day is still young. ;-P
--
/Daniel P. Brown
Better prices on dedicated servers:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Dedicated
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no wonder why you haven't found anyone. :-)
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL PROTECTED] wrote:
There's no way I would ever hire anyone who says security was somebody
else's responsibility. I don't care what their previous managers have said,
that's never a valid statement in my book. When you then add the fact that
no DB
On Thu, Jul 17, 2008 at 12:07 PM, Daniel Brown [EMAIL PROTECTED] wrote:
[snip]
Ignorance is bliss. It may not make you a good programmer, but
it'll make you a fantastic executive.
[/snip]
ROFL, that describes my VP to a T
--
Bastien
Cat, the other other white meat
On 17 Jul 2008, at 15:41, Daniel Brown wrote:
On Thu, Jul 17, 2008 at 9:55 AM, Stut [EMAIL PROTECTED] wrote:
Seriously though, I'm wondering if my expectations are too high...
I expect
them to know that addslashes is not adequate protection against SQL
injection. I even had one tell me SQL
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
It's no
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
On Thu, 2008-07-17 at 13:46 +0100, Stut wrote:
On 17 Jul 2008, at 11:31, Jason Pruim wrote:
On Jul 16, 2008, at 5:28 PM, Stut wrote:
On 16 Jul 2008, at 19:18, Daniel Brown wrote:
On Tue, Jul 15, 2008 at 5:43 PM, Stut [EMAIL PROTECTED] wrote:
Code please, we're not mind readers!
I
On Thu, 2008-07-17 at 17:02 +0100, Stut wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08, Stut wrote:
Oh, and you'd be working for me so bear that in mind ;)
-Stut
On Thu, 2008-07-17 at 12:07 -0400, Daniel Brown wrote:
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL PROTECTED] wrote:
There's no way I would ever hire anyone who says security was somebody
else's responsibility. I don't care what their previous managers have said,
that's never a valid
On Thu, Jul 17, 2008 at 2:27 PM, Robert Cummings [EMAIL PROTECTED] wrote:
Look at all those executives dragging companies down while they happily
deposit their millions in salary/bonuses every year.
Tell me about it. IndyMac threw a divide by zero exception as a result.
--
/Daniel P.
On Thu, 2008-07-17 at 17:32 +0100, Stut wrote:
On 17 Jul 2008, at 15:41, Daniel Brown wrote:
On Thu, Jul 17, 2008 at 9:55 AM, Stut [EMAIL PROTECTED] wrote:
Seriously though, I'm wondering if my expectations are too high...
I expect
them to know that addslashes is not adequate
-Original Message-
From: Andrew Ballard [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 17, 2008 11:33 AM
To: PHP General list
Subject: Re: [PHP] is there a problem with php script pulling HTML out
of database as it writes the page??
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL
On Thu, 2008-07-17 at 12:32 -0400, Andrew Ballard wrote:
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 14:10, tedd wrote:
At 10:28 PM +0100 7/16/08,
2008/7/17 Daniel Brown [EMAIL PROTECTED]:
11.) The most important rule EVER: if you ever have the slightest
problem, DO NOT bother to search the [EMAIL PROTECTED] web (STFW) or read the
[EMAIL PROTECTED]
manual (RTFM). There is a mailing list for that. Please ask any and
all questions
On Thu, Jul 17, 2008 at 2:48 PM, Robert Cummings [EMAIL PROTECTED] wrote:
On Thu, 2008-07-17 at 12:32 -0400, Andrew Ballard wrote:
On Thu, Jul 17, 2008 at 12:02 PM, Stut [EMAIL PROTECTED] wrote:
On 17 Jul 2008, at 15:31, David Giragosian wrote:
On 7/17/08, Stut [EMAIL PROTECTED] wrote:
On Thu, Jul 17, 2008 at 3:07 PM, Dotan Cohen [EMAIL PROTECTED] wrote:
2008/7/17 Daniel Brown [EMAIL PROTECTED]:
11.) The most important rule EVER: if you ever have the slightest
problem, DO NOT bother to search the [EMAIL PROTECTED] web (STFW) or read
the [EMAIL PROTECTED]
manual (RTFM).
2008/7/17 Stut [EMAIL PROTECTED]:
3.) SQL injection is just a buzzphrase. I already know where
baby databases come from.
The big Daddy database spends lots of CPU cycles on the big Momma database
and she eventually lets him put his SQL client into her console and their
SQL statements
On Jul 17, 2008, at 2:44 PM, Robert Cummings wrote:
On Thu, 2008-07-17 at 17:32 +0100, Stut wrote:
On 17 Jul 2008, at 15:41, Daniel Brown wrote:
On Thu, Jul 17, 2008 at 9:55 AM, Stut [EMAIL PROTECTED] wrote:
Seriously though, I'm wondering if my expectations are too high...
I expect
them
At 10:41 AM -0400 7/17/08, Daniel Brown wrote:
-snip-
You're point? :-)
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Thu, 2008-07-17 at 15:32 -0400, tedd wrote:
At 10:41 AM -0400 7/17/08, Daniel Brown wrote:
-snip-
You're point? :-)
I'm a circle... Tedd's a square?
*runs away cackling*
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing
At 3:47 PM -0400 7/17/08, Robert Cummings wrote:
On Thu, 2008-07-17 at 15:32 -0400, tedd wrote:
At 10:41 AM -0400 7/17/08, Daniel Brown wrote:
-snip-
You're point? :-)
I'm a circle... Tedd's a square?
I've been called worse.
I'm really more of a oblate spheroid.
Cheers,
tedd
--
On Thu, 2008-07-17 at 15:53 -0400, tedd wrote:
At 3:47 PM -0400 7/17/08, Robert Cummings wrote:
On Thu, 2008-07-17 at 15:32 -0400, tedd wrote:
At 10:41 AM -0400 7/17/08, Daniel Brown wrote:
-snip-
You're point? :-)
I'm a circle... Tedd's a square?
I've been called worse.
I'm
On Thu, 2008-07-17 at 15:46 -0500, Micah Gersten wrote:
What can help is if one app only has access to it's own DB. Also, for
mysql, there is the mysql_real_escape_string function for a reason.
Well I agree with that of course... but the post by Stut indicated the
interviewee thought he could
What can help is if one app only has access to it's own DB. Also, for
mysql, there is the mysql_real_escape_string function for a reason.
Also, for the web app, you can usually disable Administrative functions
and grant a minimal set of permissions.
Thank you,
Micah Gersten
onShore Networks
On 17 Jul 2008, at 21:56, Robert Cummings wrote:
On Thu, 2008-07-17 at 15:46 -0500, Micah Gersten wrote:
What can help is if one app only has access to it's own DB. Also,
for
mysql, there is the mysql_real_escape_string function for a reason.
Well I agree with that of course... but the
For anyone interested, here's a nice book to get anyone started on PHP
Security:
http://oreilly.com/catalog/9780596006563/index.html
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Stut wrote:
On 17 Jul 2008, at 21:56, Robert Cummings wrote:
On Thu,
On Tue, Jul 15, 2008 at 5:43 PM, Stut [EMAIL PROTECTED] wrote:
Code please, we're not mind readers!
I sensed you would say that, Stuart. ;-P
--
/Daniel P. Brown
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and
On 16 Jul 2008, at 19:18, Daniel Brown wrote:
On Tue, Jul 15, 2008 at 5:43 PM, Stut [EMAIL PROTECTED] wrote:
Code please, we're not mind readers!
I sensed you would say that, Stuart. ;-P
Can you sense what I'm thinking right now?
BTW, if anyone is looking for a PHP5/MySQL dev job in
On Wed, Jul 16, 2008 at 5:28 PM, Stut [EMAIL PROTECTED] wrote:
Oh, and you'd be working for me so bear that in mind ;)
*crickets*
(And not the games.)
--
/Daniel P. Brown
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated
On 15 Jul 2008, at 22:36, Rod Clay wrote:
Hello. Again, I'm fairly new to php so please forgive me if my
question is a very simple or obvious one.
I've just tried testing for the first time some php code that is
pulling text out of a database to print it on the webpage. Some of
this
Yes, here's the code that is retrieving news items from the database
and printing them on the page (I do some other stuff with the text
before, and after, I print it, for example, find the sentences, so I can
print complete sentences, and not just pieces of sentences). As I say,
occasionally
On Jul 15, 2008, at 3:06 PM, Rod Clay wrote:
All of the text is being correctly retrieved from the database and
written to the page, including the img src=xxx statement,
because I see it all in the page source of the page in my browser.
However, the img src= statement is NOT
It's (was) not printing anything. Here's the doctype statement:
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
HOWEVER, thanks for all of the responses so far, but please accept my
apologies because evidently this is NOT
-Original Message-
From: Rod Clay [mailto:[EMAIL PROTECTED]
Sent: 15 July 2008 22:36
To: php-general@lists.php.net
Subject: [PHP] is there a problem with php script pulling HTML out of
database as it writes the page??
Hello. Again, I'm fairly new to php so please forgive me if
It would be helpful if you could clarify the error you are getting,
but could be something involving quotes, stripslashes() and
addslashes();
On Jul 15, 2008, at 2:36 PM, Rod Clay wrote:
Hello. Again, I'm fairly new to php so please forgive me if my
question is a very simple or obvious
Sorry, I'm back again with this same problem! Apparently the only
reason it looked like it was solved an hour ago was because the img
src=xx statement I tried reading out of the database was pointing
to an image already on the page!
When the img src=xxx statement points to an image
OK. Once again, a problem I thought was abstruse and formidable turns
out to be ridiculously simple and embarrassingly obvious (once you
realize what it is - image not in web server directory!!!) But I
didn't know until this happened that the browser sends a follow-up
request to the web
48 matches
Mail list logo