frik

OK, that helps. Thanks.

Hello, In my personal PHP application, I like to identify visitors to my website by checking the IP range that their IP address falls into. This is easy enough for IPv4 when I have the CIDR. For IPv6 however it is another matter entirely, because at present I don't know how to match an IPv6 address. As a result I am using the cumbersome substr matching approach, which does not work for many addresses. For example, consider 2620:149:f01:2b0:99ad:f010:61c1:63c5. The CIDR is 2620:149::/36. The 0 nybble in the 3rd 32-bit word is implied most of the time and this breaks the substr approach. Surely there is by now a simple way to do this. Can someone tell me the best solution that exists at present? Thanks.

Is there a simple JS script that will do this conversion, or would I need to import a bunch of code? Also what about services that identify time zone based on IP?

Hello, my website is free of Javascript at the moment. I personally use NoScript most of the time. Isn't there a way to get the timezone from perhaps some data that the browser sends in the header?

Hi folks, My web server is (I think) in Europe. My scripts that run on it don't currently know automatically what the locality is of the user who visits the website. How can I make sure that my PHP code displays the right time for the user? Also, I store time/date in my database using GMT unix time. How can I always convert that to a string that is localized to my visitors? Thanks.

I was under the impression that any functions in PHP for escaping inputs were meant for purposes like building URLs, not for protecting against SQL injection. Can you point me to the correct function for doing that?

| But it'd help to know the nature of the code so we wouldn't have to rattle off everything we can think of. Common things I'm doing are: Parsing GET and POST variables to make sure no simple exploits are attempted. Doing SQL accesses that sometimes incorporate these variables. Removing HTML tags from user text-- without using regex. Storing text in my database in base64 format to prevent users from doing SQL injection. It's the 2nd item that I feel is the riskiest. I've heard I should not be constructing SQL commands but using stored procedues.

Hello, I've noticed that there are services that I can pay to have my code checked for possibly unsafe / insecure code. But I'd rather audit the code myself, as my code is not meant to make money. Is there a list of safe ways to use PHP? Also is there any automatic way to do this that is free? For instance is there a code checker? I've noticed there are a number of ways to do PHP wrongly that can be easy to overlook. Is there a list of common PHP pitfalls? Thanks.