448191

A note about "sanitizing for database insertion". Forget all the noobs and "out of touch" veterans screaming mysql_real_escape_string() or addslashes() and whatnot. These are messy and shakey "solutions". The only real defense against SQL injection are prepared statements. Look into PDO or the MySQLi extension.

Ok, now that is simply not true. Yes, the results you posted indicate a risk of XSS attacks (cookie theft, session hijacking), but not PHP code injection and certainly not SQL injection (in your words: "insert any code they wish into the database"). mysql_real_escape_string() as such is not relevant to these results. trim() is NOT security related AT ALL! My personal conclusion: you have no idea what you are talking about.

Please refer to this thread: http://www.phpfreaks.com/forums/index.php/topic,232470.0.html

I think he's claiming a "mac" is a superior platform for Web development. In other words, talking gibberish.

Next thread I see started with more caps than necessary and/or more than one sequential exclamation or question mark, is going in the dust bin.

All caps titles iz soooo annoying.

Hi. I go to inquire you reason where to being found reply in yours. Front up appreciate much cooperation.

Conditions for Testing Requests In order to post in this forum, the following conditions must be met: You must have at least 10 posts, from posting in other forums on this site. Do not "spam" your way to 10 posts just to post here. You are only allowed to request testing of your own website or websites you are otherwise authorized to manage. In order to verify this you must: Create a regular .txt file containing a full URL link to your profile here on PHP Freaks (see details below), and place it on the same domain(s) as your script(s). The text file must be in the root directory of your site. Example: URL: http://www.yoursite.com/phpfreaks.txt Text in file: http://forums.phpfreaks.com/user/1-philip/ (but to your profile link) You must then notify us with the URL of the .txt file by placing a link to it in your post or report your post to moderator with the link in the report details. Profile Link In my experience, the one thing that people fail to do most of the time, is properly post a link to their profile in the text file. The following is not a valid profile link: That link only works for you, based off of the main menu link and your browser's session. Below is what a valid profile link looks like: You can easily get your profile link by: Clicking on your own name in one of your own posts Clicking on your own name at the top right of the screen Putting in a test post and hitting the preview button and getting the URL generated from the link. For example, @.josh will generate @.josh. Going to Members > Search For Members and searching for yourself and clicking on that link. Failure to follow these rules and instructions may result in actions from locking or deleting your topic or even having your account banned depending on the severity and at the discretion of the staff member handling the incident. There are no exceptions and this rule is in effect of immediately meaning that all topics created after this topic will have to abide by this rule. Waiting for Approval It generally takes 1-3 days for someone to approve your post. Normally we will not respond if you are not approved, because of failing to follow the instructions above (we will usually respond if it's for some other reason). If after 3 days your post has not been approved and you have not received a response, you can resubmit your site, however, more than likely you were not approved because you failed to follow the rules/instructions! So please re-read the rules and follow the instructions carefully. Someone posted my site! If someone posted your site here without your authorization then you may use the report to moderator link within the topic and verify your status as owner or representative of the website in the same way as outlined above. Note that we cannot be held responsible for any damage that may have occurred because of this! If someone had the ability to create the text file on your site to prove ownership/access, they hacked or otherwise gained access to your site independently and prior to whatever thread you are reporting!

Ah that makes more sense. @ corbin I agree that we shouldn't be the grammar police. I myself am one of those "non-English native" people you speak of. And while spell check goes a long way, my English grammar is often lacking (that's not to say my Dutch grammar isn't though). That doesn't mean we can't demand some minimal standard of readability. And that includes both language and formatting issues. I personally support taking more action to enforce this, but as I've said before that would have to be discussed internally (amongst the blue and red, as they will be the ones doing the work).

Angry about what? Who's angry? And who are these other people you talk about? In other words: I'm sorry?

If you want to have a long and productive stay at this forum, I would tone down. If you think calling someone a "loser" is fun, go play somewhere else. There are limits to our hospitality. And for the record, all caps sentences and titles are not allowed. Please use proper formatting. I fixed it for you this time, next time I'll just lock your thread. Thank you very much for your cooperation.

Disallowing improper English would mean disallowing a group of people that simply do not know proper English. As it stands, I don't think that's our policy (although I personally wouldn't oppose it). Then there's the use of "lazy English" and improper formatting (such as all caps), which we don't allow. Although there aren't any official rules on this topic so not all staff enforce this. Perhaps we should be little more strict in this regard. And perhaps requiring English of some minimal standard is a good idea. But we would have to discuss that internally.

And supersoniclicious fast: http://www.johnkleijn.nl/soap-server-in-30-seconds

The only thing I did was shove 2 kilos of cocaine up my behind (moderated for the pre-teens around here). Could that be the reason I'm being asked to follow that Airport Security guy with the plastic gloves? Well, unless he wears a hairnet as well, I think it's safe to assume he's not the cafeteria lady. All joking aside, if what you say is true, there can be only one answer to the question could this be reason: yes. Very likely. Now I don't know Google's exact policy, but it might be easier to just get a new domain name. Google is supposedly famous for constantly battling link farms and other black hat SEO, and also for dropping your pagerank to 0 or even permanently banning domains. Neither of that has happened to your site so why exactly it is not showing up I the SERPS I don't know. Hell, who other than Google really knows how Google does things. Certainly not those so called SEO "experts". What I do know is that Google wants to give accurate search results, and these "directories" hinder that goal, as such, they will fight it. You yourself admitted these directories look like (SERP) spam. You submitted your site to 200 of them. What did you expect would happen?

Just use SOAP. Using a WSDL generator it is ridiculously simple to use.

I haven't used Dreamweaver in many years, but perhaps this is because you are using relative links while not having defined a "site" in Dreamweaver?

Both are examples of aggregation (multiplicity is not a factor in that). By the strict definition of composite aggregation, "the whole consists of its parts". Add to that the requirement of life cycle dependency (i.e. if the "whole" is destroyed, so will the "parts") and you can imagine composition is not a very common phenomenon. Although not everybody takes this definition as strict. Many people just use the life cycle dependency rule.

"om", here are some pointers about posting regarding formatting. I ask you kindly to take this advice. We can't have masses of people formatting their posts like you do. I expect the same from anybody. 1) NO more than two consecutive words in "all caps". 2) Use larger font sizes very, very sparingly. You've well exceeded your limit for quite some time, so for you that means DON'T. 3) Don't use more than one smiley consecutively. I don't want to be the bad guy here, but if you keep this up I might have to make future posts with improper formatting "disappear". Also, I suggest you get better informed. Tackle one problem at the time, use the Help forums (PHP/CSS/HTML Help). If you had better coding skills we would have not have so many pages of useless content right now. This thread even made it to no1 by replies in the statistics, which is ridiculous. You have avoided several instances of the question whether this thread is a joke, but assuming it isn't, that fact alone says enough. In summary: I'm locking this topic, because I feel it is not adding any value to the forums, and is not really helping yourself either. Thank you.

TS, please stop using "PLEASE HELP!!!!"/"URGENT!!!!"-type titles. Thank you.

On topic please. If you want to have a dog fight over who's the smartest, do it somewhere else.

alert('Welcome to the 21th century. Now go upgrade your browser.');

It's just basic string parsing. You can get help with that if you need it, but then this belongs in PHP Help, not App Design.

Always. And setup external root access to your database server and post the password here as well. But seriously, I would just let the client enter the number and control everytime they want to pay something (that's provided you use CC gateway and not PayPal). That safeguards you from any potential session hijacking and fixation issues as well. Well not completely, but you make it a lot less interesting for I-slime to try it.

1) Just lookup "uploading files" in the manual 2) Try Zend_Pdf 3) Makes no sense. Same solution as 2) perhaps?

There's no such thing as "build in" custom PHP tags. Either you confused with ASP, or this is a feature of this "GroupOffice" you speak of, in which case you should try to find somebody with knowledge of that software.