|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 3 Aug 2006 15:48:50 -0000 Issue 4272
php-general-digest-help
lists.php.net
Date: Thu Aug 03 2006 - 10:48:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 3 Aug 2006 15:48:50 -0000 Issue 4272
Topics (messages 240035 through 240052):
Re: Documentation of PHP sourcecode
240035 by: Ligaya Turmelle
Re: SQL injection
240036 by: Ligaya Turmelle
240041 by: Peter Lauri
240044 by: Jochem Maas
240046 by: Robin Vickery
Re: PHP Frameworks - Opinion
240037 by: Manuel Lemos
240038 by: Robert Cummings
240039 by: Manuel Lemos
240040 by: Robert Cummings
240042 by: Paul Scott
240047 by: Jochem Maas
240048 by: Arno Kuhl
240049 by: Jochem Maas
240050 by: Paul Scott
Issue regarding flow in php
240043 by: weetat
PHP 4.4.3 released
240045 by: Derick Rethans
SQL injection - Again
240051 by: Peter Lauri
240052 by: Richard Lynch
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Chris Boget wrote:
>> I am looking in some possibilities for automatically documenting my
>> functions
>> and classes. Preferably with some markup in the sourcecode and easy to
>> implement. I am running Linux on my desktop so w* stuff won't do it
>> for me :)
>> Can anyone point me in the right direction?
>
>
> Check out PHPDocumentor.
>
> http://www.phpdoc.org/
>
> This is just one package of the many that are out there. A quick search on
> google will show others.
>
> thnx,
> Chris
And if you use vim - there is a plugin to automatically generate some
basic documentation.
http://www.vim.org/scripts/script.php?script_id=1355
--
life is a game... so have fun.
attached mail follows:
Peter Lauri wrote:
> Hi all,
>
>
>
> I saw some strange error messages from a site when I was surfing it, and it
> was in form of SQL. I did some testing of the security of the SQL injection
> protection of that site, and it showed it was not that protected against SQL
> injections. To show this to them, I deleted my own record in their database
> after finding out the table name of the "entity" in the database. I also
> found out a lot of other that I think is important table names.
>
>
>
> What I did to them was to report this to them, and inform them about the
> damage I created, and what could have been done. (I did DELETE FROM
> tablename WHERE id=1234, what if I did DELETE FROM tablename, destruction if
> no backup). This is a large "athletic site" in Sweden, with more then
> 100,000 daily visitors.
>
>
>
> What I am a little bit worried about is the legal part of this; can I be
> accused of breaking some laws? I was just doing it to check if they were
> protected, and I informed them about my process etc. I only deleted my
> record, no one else's. In Sweden it might have been called "computer
> break-in", but I am not sure.
>
>
>
> Anyone with experience of a similar thing?
>
>
>
> Best regards,
>
> Peter Lauri
>
read http://shiflett.org/archive/236
--
life is a game... so have fun.
attached mail follows:
Thank you all for your replies; it has been interesting to read. I am just
waiting for the webmaster to reply to me with his thoughts.
My intentions for this were to help, not to break, so I do indeed hope that
they will not take legal action for it. A friend of mine hoped that they
would use the law against me, it would just increase the publicity for me,
and that might increase the value of my services. And he was also sure that
they would never win the case.
I was for a while thinking about using my "private" yahoo email to not
disclose my name, however, that felt like "hiding for something you did not
do".
One at the forum sent me an message off the list and said: "You got bigger
balls than me. :-)", what did he mean with that? I did not know that the php
list also shows the web cam at the same time. "I better watch out"...
Best regards,
Peter Lauri
-----Original Message-----
From: Peter Lauri [mailto:listsdwsasia.com]
Sent: Wednesday, August 02, 2006 11:17 PM
To: php-generallists.php.net
Subject: [PHP] SQL injection
Hi all,
I saw some strange error messages from a site when I was surfing it, and it
was in form of SQL. I did some testing of the security of the SQL injection
protection of that site, and it showed it was not that protected against SQL
injections. To show this to them, I deleted my own record in their database
after finding out the table name of the "entity" in the database. I also
found out a lot of other that I think is important table names.
What I did to them was to report this to them, and inform them about the
damage I created, and what could have been done. (I did DELETE FROM
tablename WHERE id=1234, what if I did DELETE FROM tablename, destruction if
no backup). This is a large "athletic site" in Sweden, with more then
100,000 daily visitors.
What I am a little bit worried about is the legal part of this; can I be
accused of breaking some laws? I was just doing it to check if they were
protected, and I informed them about my process etc. I only deleted my
record, no one else's. In Sweden it might have been called "computer
break-in", but I am not sure.
Anyone with experience of a similar thing?
Best regards,
Peter Lauri
attached mail follows:
Peter Lauri wrote:
> Thank you all for your replies; it has been interesting to read. I am just
> waiting for the webmaster to reply to me with his thoughts.
>
> My intentions for this were to help, not to break, so I do indeed hope that
> they will not take legal action for it. A friend of mine hoped that they
> would use the law against me, it would just increase the publicity for me,
> and that might increase the value of my services. And he was also sure that
> they would never win the case.
>
> I was for a while thinking about using my "private" yahoo email to not
> disclose my name, however, that felt like "hiding for something you did not
> do".
>
> One at the forum sent me an message off the list and said: "You got bigger
> balls than me. :-)", what did he mean with that?
he meant you have guts (more than him) to do what you did given the current
sue-you-if-you-help attitude in IT land. (plenty of IT 'manager' types, the police,
the FBI, you-name-it can't smell the difference between a whitehat and a blackhat -
so they throw everyone on the blackhat pile)
I did not know that the php
> list also shows the web cam at the same time. "I better watch out"...
>
> Best regards,
> Peter Lauri
>
>
>
>
> -----Original Message-----
> From: Peter Lauri [mailto:listsdwsasia.com]
> Sent: Wednesday, August 02, 2006 11:17 PM
> To: php-generallists.php.net
> Subject: [PHP] SQL injection
>
> Hi all,
>
>
>
> I saw some strange error messages from a site when I was surfing it, and it
> was in form of SQL. I did some testing of the security of the SQL injection
> protection of that site, and it showed it was not that protected against SQL
> injections. To show this to them, I deleted my own record in their database
> after finding out the table name of the "entity" in the database. I also
> found out a lot of other that I think is important table names.
>
>
>
> What I did to them was to report this to them, and inform them about the
> damage I created, and what could have been done. (I did DELETE FROM
> tablename WHERE id=1234, what if I did DELETE FROM tablename, destruction if
> no backup). This is a large "athletic site" in Sweden, with more then
> 100,000 daily visitors.
>
>
>
> What I am a little bit worried about is the legal part of this; can I be
> accused of breaking some laws? I was just doing it to check if they were
> protected, and I informed them about my process etc. I only deleted my
> record, no one else's. In Sweden it might have been called "computer
> break-in", but I am not sure.
>
>
>
> Anyone with experience of a similar thing?
>
>
>
> Best regards,
>
> Peter Lauri
>
>
>
>
>
>
>
attached mail follows:
On 02/08/06, Jochem Maas <jochemiamjochem.com> wrote:
> Russell Jones wrote:
> >
> > In real life terms, if you walked into the store and saw that the cash
> > register was slightly broken and slightly opened, and reached in and pulled
> > out a dollar to show the cashier what was wrong, you would not get in
> > trouble. It may be bold, but it is not a crime.
>
> technically removing the dollar is a crime regardless of your intention.
>
Even that depends where you are - in England & Wales you wouldn't be
guilty of theft as defined by the 1968 Theft Act: "a person is guilty
of theft if: he dishonestly appropriates property belonging to another
with the intention of permanently depriving the other of it."
So in that case the intent is very relevant.
-robin
attached mail follows:
Hello,
on 08/01/2006 01:35 PM Gabe said the following:
> What's the common consensus as to a solid PHP framework to use for
> application development? There seems to be a number of them out there,
> but I'm not sure which one's are the most robust, actively developed,
> secure, etc etc.
>
> Thoughts?
There is no common consense. PHP development is not very well organized,
like for instance in the Java world where several vendors can provide
their own implementations of the same specification. This makes possible
to use the same framework API from whatever vendor you prefer.
In the PHP world all frameworks are incompatible, even when they attempt
to implement similar feature sets.
Anyway, you may want to read this more in depth reflection of the state
of the PHP framework world and recommendations on how to pick what suits
best for you:
http://www.phpclasses.org/blog/post/52-Recommended-PHP-frameworks.html
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
attached mail follows:
On Thu, 2006-08-03 at 00:29 -0300, Manuel Lemos wrote:
> Hello,
>
> on 08/01/2006 01:35 PM Gabe said the following:
> > What's the common consensus as to a solid PHP framework to use for
> > application development? There seems to be a number of them out there,
> > but I'm not sure which one's are the most robust, actively developed,
> > secure, etc etc.
> >
> > Thoughts?
>
> There is no common consense. PHP development is not very well organized,
> like for instance in the Java world where several vendors can provide
> their own implementations of the same specification. This makes possible
> to use the same framework API from whatever vendor you prefer.
>
> In the PHP world all frameworks are incompatible, even when they attempt
> to implement similar feature sets.
>
> Anyway, you may want to read this more in depth reflection of the state
> of the PHP framework world and recommendations on how to pick what suits
> best for you:
>
> http://www.phpclasses.org/blog/post/52-Recommended-PHP-frameworks.html
I've read it before... it was crud. You provide no recommendation for
any framework but instead try to pimp phpclasses. From what I gathered
you haven't even actually tried anywhere in the vicinity of 10% of the
frameworks in existence and yet you feel obliged to write a commenatary
called "Recommended PHP Frameworks" in which you don't even recommend a
framework. Additionally somehow while pimping phpclasses you also feel
it necessary to indicate how you don't use any code other than what you
write yourself. Egads, if you won't use the code on your site why the
hell should anyone else?
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
Hello,
on 08/03/2006 01:24 AM Robert Cummings said the following:
>>> What's the common consensus as to a solid PHP framework to use for
>>> application development? There seems to be a number of them out there,
>>> but I'm not sure which one's are the most robust, actively developed,
>>> secure, etc etc.
>>>
>>> Thoughts?
>> There is no common consense. PHP development is not very well organized,
>> like for instance in the Java world where several vendors can provide
>> their own implementations of the same specification. This makes possible
>> to use the same framework API from whatever vendor you prefer.
>>
>> In the PHP world all frameworks are incompatible, even when they attempt
>> to implement similar feature sets.
>>
>> Anyway, you may want to read this more in depth reflection of the state
>> of the PHP framework world and recommendations on how to pick what suits
>> best for you:
>>
>> http://www.phpclasses.org/blog/post/52-Recommended-PHP-frameworks.html
>
> I've read it before... it was crud. You provide no recommendation for
> any framework but instead try to pimp phpclasses. From what I gathered
> you haven't even actually tried anywhere in the vicinity of 10% of the
> frameworks in existence and yet you feel obliged to write a commenatary
> called "Recommended PHP Frameworks" in which you don't even recommend a
> framework. Additionally somehow while pimping phpclasses you also feel
> it necessary to indicate how you don't use any code other than what you
> write yourself. Egads, if you won't use the code on your site why the
> hell should anyone else?
The answer to that question is in the post. I only use my own (PHP)
packages because I can. Not everybody can afford writing package for
their own needs from scratch.
Why would I lie when that post expresses exactly how I feel?
The point of the post is that there is no framework in particular to
recommend. I use my own packages for my needs. They suit me well. It
does not mean they will suit everybody.
The PHPClasses site content is made of packages contributed by
developers that wrote their own packages. Those other packages often
serve the same purposes as some of my packages.
I am pro-choice. That is the spirit of the PHPClasses site. Everybody
can publish their packages. Let the users be the judges of which are the
best for whatever purposes. That is pure fair play. Is that a bad thing?
I don't think so.
I also would like to emphasize what I said above regarding the total
lack of organization and cooperation of the PHP community.
If there were standard specifications for packages and frameworks like
there is in the Java world, maybe you would not have this discussion.
There could be a consense to use the same standard API with eventual
multiple implementations from different developers or vendors.
Imagine if there would be only one PDBC (JDBC for PHP). Instead of that
we have a never ending choice of PHP database abstraction layers that
does not help newcoming developers that are lost and don't know what to use.
This is admitidly a criticism to the lack of organization of the whole
PHP community including myself. We are all guilty for this mess and I am
afraid there is not much hope to fix it.
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
attached mail follows:
On Thu, 2006-08-03 at 01:47 -0300, Manuel Lemos wrote:
> Hello,
>
> on 08/03/2006 01:24 AM Robert Cummings said the following:
> >>> What's the common consensus as to a solid PHP framework to use for
> >>> application development? There seems to be a number of them out there,
> >>> but I'm not sure which one's are the most robust, actively developed,
> >>> secure, etc etc.
> >>>
> >>> Thoughts?
> >> There is no common consense. PHP development is not very well organized,
> >> like for instance in the Java world where several vendors can provide
> >> their own implementations of the same specification. This makes possible
> >> to use the same framework API from whatever vendor you prefer.
> >>
> >> In the PHP world all frameworks are incompatible, even when they attempt
> >> to implement similar feature sets.
> >>
> >> Anyway, you may want to read this more in depth reflection of the state
> >> of the PHP framework world and recommendations on how to pick what suits
> >> best for you:
> >>
> >> http://www.phpclasses.org/blog/post/52-Recommended-PHP-frameworks.html
> >
> > I've read it before... it was crud. You provide no recommendation for
> > any framework but instead try to pimp phpclasses. From what I gathered
> > you haven't even actually tried anywhere in the vicinity of 10% of the
> > frameworks in existence and yet you feel obliged to write a commenatary
> > called "Recommended PHP Frameworks" in which you don't even recommend a
> > framework. Additionally somehow while pimping phpclasses you also feel
> > it necessary to indicate how you don't use any code other than what you
> > write yourself. Egads, if you won't use the code on your site why the
> > hell should anyone else?
>
> The answer to that question is in the post. I only use my own (PHP)
> packages because I can. Not everybody can afford writing package for
> their own needs from scratch.
>
> Why would I lie when that post expresses exactly how I feel?
>
> The point of the post is that there is no framework in particular to
> recommend. I use my own packages for my needs. They suit me well. It
> does not mean they will suit everybody.
How would you know that there is no framework to recommend if you neve
ruse anyone's code but your own. How could you have possibly given any
framework sufficient attention to have any idea of its pros and cons?
> The PHPClasses site content is made of packages contributed by
> developers that wrote their own packages. Those other packages often
> serve the same purposes as some of my packages.
>
> I am pro-choice. That is the spirit of the PHPClasses site. Everybody
> can publish their packages. Let the users be the judges of which are the
> best for whatever purposes. That is pure fair play. Is that a bad thing?
> I don't think so.
>
> I also would like to emphasize what I said above regarding the total
> lack of organization and cooperation of the PHP community.
You can't have your cake and eat it too. You're either pro-choice with a
myriad of choices to choose from, or you're anti-choice and want only
one framework style. Get of the fence!
>
> If there were standard specifications for packages and frameworks like
> there is in the Java world, maybe you would not have this discussion.
> There could be a consense to use the same standard API with eventual
> multiple implementations from different developers or vendors.
>
> Imagine if there would be only one PDBC (JDBC for PHP). Instead of that
> we have a never ending choice of PHP database abstraction layers that
> does not help newcoming developers that are lost and don't know what to use.
You presume that any chosen standard methodology or whatever you want to
call it would be correct. Because if it wasn't correct, no matter how
organized you think a community might be, something different WILL
emerge. Right now there may be 100 frameworks, probably still growing,
but not all will be accepted into mainstream use, and that ultimately
will determine which one's have staying power or at the very least --
which ones have reach. The fact that there are so many is a testament to
how easy it is to manipulate the power placed in the hands of the PHP
developer. It is not indicative of disorganization within the community.
> This is admitidly a criticism to the lack of organization of the whole
> PHP community including myself. We are all guilty for this mess and I am
> afraid there is not much hope to fix it.
You mean we should all be happy that so much choice is available!
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
> You mean we should all be happy that so much choice is available!
>
I agree with Rob! I am a botanist. I have never been trained in Computer
Science, as far as "industry" is concerned, I am not qualified to turn
on a PC. Fortunately for me, I am also a geek. My PHP experiences
started when running experiments in my wet labs, monitoring seaweed
growth. If PHP did not allow me to get away with writing "newbie" (read
bad) code, I would have given up and just done it the old way that
botanists have been doing it for centuries.
PHP gave me that freedom to start, and as a result, I now am a
reasonably decent PHP developer, and run a collaborative network in 16
(and growing) African countries working on a PHP framework that I
designed and wrote. Go figure.
Choice is that important. If I had started with JDBC or a Java based way
of doing things, this stuff would have never happened. Frameworks are
not only pieces of software, but create communities of like minded
people. They also build skills (and business opportunities) as ours
does. If there were no choice, we would all be VB style drones with no
creativity and no forward movement.
Please direct flames to file 13.
--Paul
All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
attached mail follows:
PHPClasses 0 - Botanist 1
:-)
Paul Scott wrote:
>
>> You mean we should all be happy that so much choice is available!
>>
>
> I agree with Rob! I am a botanist. I have never been trained in Computer
> Science, as far as "industry" is concerned, I am not qualified to turn
> on a PC. Fortunately for me, I am also a geek. My PHP experiences
> started when running experiments in my wet labs, monitoring seaweed
> growth. If PHP did not allow me to get away with writing "newbie" (read
> bad) code, I would have given up and just done it the old way that
> botanists have been doing it for centuries.
>
> PHP gave me that freedom to start, and as a result, I now am a
> reasonably decent PHP developer, and run a collaborative network in 16
> (and growing) African countries working on a PHP framework that I
> designed and wrote. Go figure.
>
> Choice is that important. If I had started with JDBC or a Java based way
> of doing things, this stuff would have never happened. Frameworks are
> not only pieces of software, but create communities of like minded
> people. They also build skills (and business opportunities) as ours
> does. If there were no choice, we would all be VB style drones with no
> creativity and no forward movement.
>
> Please direct flames to file 13.
>
> --Paul
>
>
>
> ------------------------------------------------------------------------
>
> All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>
>
attached mail follows:
I'm not so sure if the botanist wasn't saying in a rather confused way that
he was playing on the same side as PHPClasses, even if he did profess to be
in the other team. Did he say he was rolling his own (in a way only
botanists can do) or not?
-----Original Message-----
From: Jochem Maas [mailto:jochemiamjochem.com]
Sent: 03 August 2006 12:37
To: Paul Scott
Cc: Robert Cummings; Manuel Lemos; php-generallists.php.net
Subject: Re: [PHP] Re: PHP Frameworks - Opinion
PHPClasses 0 - Botanist 1
:-)
Paul Scott wrote:
>
>> You mean we should all be happy that so much choice is available!
>>
>
> I agree with Rob! I am a botanist. I have never been trained in Computer
> Science, as far as "industry" is concerned, I am not qualified to turn
> on a PC. Fortunately for me, I am also a geek. My PHP experiences
> started when running experiments in my wet labs, monitoring seaweed
> growth. If PHP did not allow me to get away with writing "newbie" (read
> bad) code, I would have given up and just done it the old way that
> botanists have been doing it for centuries.
>
> PHP gave me that freedom to start, and as a result, I now am a
> reasonably decent PHP developer, and run a collaborative network in 16
> (and growing) African countries working on a PHP framework that I
> designed and wrote. Go figure.
>
> Choice is that important. If I had started with JDBC or a Java based way
> of doing things, this stuff would have never happened. Frameworks are
> not only pieces of software, but create communities of like minded
> people. They also build skills (and business opportunities) as ours
> does. If there were no choice, we would all be VB style drones with no
> creativity and no forward movement.
>
> Please direct flames to file 13.
>
> --Paul
>
attached mail follows:
Arno Kuhl wrote:
> I'm not so sure if the botanist wasn't saying in a rather confused way that
> he was playing on the same side as PHPClasses, even if he did profess to be
> in the other team. Did he say he was rolling his own (in a way only
> botanists can do) or not?
that's beside the point - manuel tried to have his cake and eat when he
a, stated writing everying yourself was preferable and b, Java was better
because they have standardized APIs for framework development allowing people
to switch between frameworks.
besides which manuel's 'article' is crap, rob's assessment of it was pretty
spot on (and it's not the first time manuel has plugged the 'article').
in the end evilMe(tm) was just fanning the flames. ;->
>
>
> -----Original Message-----
> From: Jochem Maas [mailto:jochemiamjochem.com]
> Sent: 03 August 2006 12:37
> To: Paul Scott
> Cc: Robert Cummings; Manuel Lemos; php-generallists.php.net
> Subject: Re: [PHP] Re: PHP Frameworks - Opinion
>
>
> PHPClasses 0 - Botanist 1
>
> :-)
>
> Paul Scott wrote:
>>> You mean we should all be happy that so much choice is available!
>>>
>> I agree with Rob! I am a botanist. I have never been trained in Computer
>> Science, as far as "industry" is concerned, I am not qualified to turn
>> on a PC. Fortunately for me, I am also a geek. My PHP experiences
>> started when running experiments in my wet labs, monitoring seaweed
>> growth. If PHP did not allow me to get away with writing "newbie" (read
>> bad) code, I would have given up and just done it the old way that
>> botanists have been doing it for centuries.
>>
>> PHP gave me that freedom to start, and as a result, I now am a
>> reasonably decent PHP developer, and run a collaborative network in 16
>> (and growing) African countries working on a PHP framework that I
>> designed and wrote. Go figure.
>>
>> Choice is that important. If I had started with JDBC or a Java based way
>> of doing things, this stuff would have never happened. Frameworks are
>> not only pieces of software, but create communities of like minded
>> people. They also build skills (and business opportunities) as ours
>> does. If there were no choice, we would all be VB style drones with no
>> creativity and no forward movement.
>>
>> Please direct flames to file 13.
>>
>> --Paul
>>
>
attached mail follows:
On Thu, 2006-08-03 at 13:43 +0200, Arno Kuhl wrote:
> I'm not so sure if the botanist wasn't saying in a rather confused way that
> he was playing on the same side as PHPClasses, even if he did profess to be
> in the other team. Did he say he was rolling his own (in a way only
> botanists can do) or not?
>
What I am saying is that PHPClasses is a cool site, hell, I have even
contributed a bunch of classes to it; but, what Manuel is saying, I do
not agree with. I am all for choice, I am all for my project, and I am
all for working collaboratively.
I _choose_ to code strictly OOP, I don't have to.
I choose to abstract almost everything in my code, nobody forcing me to
do that.
I choose to use many different authors GPL/BSD/PHP licenced code in my
projects, not because of any other reason that I am lazy, and choose not
to re-invent the wheel.
I choose to do these things because I have the option to choose.
I also choose to release every piece of code that I have ever written
under a Free licence, not a freedom from price licence only. I choose to
release all of my publications under a CC-BY-SA licence too. I am free,
I think freely, and I have the freedom to do what needs to be done. I
sleep well at night on the rare occasions that I am not coding Free
Software. :)
The main thing in Manual's post that got me writing this in the first
place was :
"Imagine if there would be only one PDBC (JDBC for PHP). Instead of that
we have a never ending choice of PHP database abstraction layers that
does not help newcoming developers that are lost and don't know what to
use."
Now in summation I say "That is just asinine". That is what makes PHP
cool, especially in Africa. period.
--Paul
All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
attached mail follows:
Hi all ,
I have a php page .
The php page is display when i have completed upload xml file to server.
In the php page , there is a function name insertxmldataToTempTbl(),
which insert xml data to MYSQL database as shown below after i have
uploaded xml file to server ,
After insert xml data to MYSQL , i have function name
compareTable()which do comparisation between the table A(XML data
inserted) and table B(User data table)and store comparisation array data
to the $_SESSION .
However , sometimes when completed uploaded to xml file to server, the
data is not display on the php page . I need to logout and login again
then i can see the data on the same php page.
PHP developer who have any ideas or suggestion , please email to me?
Thanks.
$data = $xml_util->getUnserializedData();
insertxmldataToTempTbl($data);
$compareTable();
$comparearr = $_SESSION['LIST_SESSION'];
$listchassis = $comparearr['listchassis'];
$pagerOptions = array(
'itemData' => $listchassis,
'perPage' => 10,
'delta' => 8,
'useSessions' => true,
'closeSession' => false,
'mode' => 'Sliding'
);
$pager = & Pager::factory($pagerOptions);
$chassisdata = $pager->getPageData();
$links = $pager->getLinks();
while (list($name, $value) = each($chassisdata)) {
blah blah blah -> List data in HTML table tag
}
attached mail follows:
Hello!
The PHP Development Team would like to announce the immediate release of
PHP 4.4.3. This release combines small number of bug fixes and resolves
a number of security issues. All PHP users are encouraged to upgrade to
this release as soon as possible.
A separate release announcement is also available. For changes in PHP
4.4.3 since PHP 4.4.2, please consult the PHP 4 ChangeLog.
Release Announcement: http://www.php.net/release_4_4_3.php
Downloads: http://www.php.net/downloads.php#v4
Changelog: http://www.php.net/ChangeLog-4.php#4.4.3
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
attached mail follows:
Hi,
Is there anyone in this group that has a simple script to check for SQL
injection attacks?
In the theory I was thinking about to check $_POST and $_GET if they contain
specific "substrings" that could be used in an attempt. Maybe to loop thru
all set values and see if they contain "DELETE FROM" or "TRUNCATE" or
similar.
I am aware of that I can create different db-users to restrict this, but in
some hosting cases I only have access to one db-user. I also always use
sprintf() so make sure integers etc are used where I expect integers.
/Peter
attached mail follows:
On Thu, August 3, 2006 2:32 am, Peter Lauri wrote:
> Is there anyone in this group that has a simple script to check for
> SQL
> injection attacks?
http://php.net/mysql_real_escape_string
should cover this, no?
Another option is to use a query mechanism based on prepared
statements rather than raw queries, because then MySQL *knows* what is
data and what is not data.
> In the theory I was thinking about to check $_POST and $_GET if they
> contain
> specific "substrings" that could be used in an attempt. Maybe to loop
> thru
> all set values and see if they contain "DELETE FROM" or "TRUNCATE" or
> similar.
This is a Bad Idea because you could never possibly compose a complete
list of all such substrings.
> I am aware of that I can create different db-users to restrict this,
> but in
> some hosting cases I only have access to one db-user. I also always
> use
> sprintf() so make sure integers etc are used where I expect integers.
sprintf() to force an int is wasteful...
$foo = (int) $_REQUEST['foo'];
--
Like Music?
http://l-i-e.com/artists.htm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]