benanamen
-
Posts
2,134 -
Joined
-
Last visited
-
Days Won
42
Posts posted by benanamen
-
-
On 10/23/2019 at 10:14 AM, Barand said:
I see no problem with this (eg if date comes from a date picker)
What guarantee do you have that it was actually submitted by the users form and the users date picker? There are several ways to make a Post Request without using the users form. Bottom line, it is user supplied data and you well understand to NEVER trust user supplied data.
The one case where you can safely get away with a variable in the query is if the date (or whatever) comes directly from the code, but then then that isn't user supplied data is it? But why do it? Consistency is always a good thing.
QuoteI changed the code so that it is using prepared statements
No you didn't. Read the manual and see what you did wrong.
-
The OP created the column as datetime and is trying to insert a text string.
$date_col = "test";// -
If you just leave a closing php tag hanging around of course it will break. Why would you remove proper code?
-
What is the code from blog-approval.php?
The tester is not displaying the error you posted. It is displaying a 1 as it should. If you echo'ed the line in your tester you would see a hash.
Also, phpinfo() does not require echo.
-
@gw1500se, there are numerous issues with the tutorial you linked to. It is a very bad example to learn from or use as a reference.
-
BEWARE
This user @haymanpl will threaten you with physical violence if he doesn't like your post. The exact response on the cross post that prompted this user was "Didnt you like the help you were getting on the other forum" (This one).
QuoteDickhead Kevin. Stop behaving like another useless troll from the most hated country on the planet. No wonder America has 450 mass shootings every year and the highest incaceration rate in the world. Within the next 5 - 7 years your country will have over 1000 mass shootings. It’s because of weak cowards like you there’s so much hatred in your shitty little country which fuels the mass murder of hundreds of thousands of Mexicans your country uses to supply drugs to Americans. 20% of your entire country is on drugs. You would never behave like that to me face to face because i would bash your brains in. Something, you can avoid for the time being while you will need to hide for the rest of your life. I won’t forget you Kevin!
-
You have a parenthesis floating outside of Php just above the closing body tag.
-
It doesn't make sense to override a method with the same exact method.
How about telling us what the real problem is you are trying to solve instead of asking about your attempted solution to solving it.
Quotethe additional code is not printing.
How do you expect it to print anything when there is no code to output anything? No echo, no return, no nothing.
-
3 hours ago, SkyRanger said:
select within a select
It is called a Subquery. Now you know the proper term so you can look it up and learn about it.
-
45 minutes ago, Barand said:
Agreed, you should let the user keep trying to register until eventually, in desperation, they try a different user name. At that point, when it works, they realize that the problem was a duplicate username. But at least, you didn't tell them.
Assuming Sarcasm....
So are you saying you are OK with explicitly verifying 50% of a valid system login to an attacker? So instead of just saying "Username Invalid " you want to say "Congratulations, that exact username is in the database. Now you just need to guess the password that goes with it"?
-
Just how many different errors do you expect? The registration (insert query) is either successful (true) or it fails (false).
duplicate error = false
other error = false
no error = true
You do not want to output system error messages to the user. In the case of a duplicate username, you do not want to specify that the username is already used. That would open you up to a User Enumeration Attack. -
Mysql is case insensitive by default. Doesnt matter how Fabian is cased.
-
In addition to what @Barand said, your Method should return a Boolean. You have hard coded a redirect and have done nothing in case of failure which could be something other than a duplicate user.
As is, if you want to redirect somewhere other than what you hard coded you have to edit the Class. Classes should be closed for modification. That is known as the "Open-closed Principle" and the the "O" in the SOLID Principal of Object-Oriented Programming.
Do the redirect outside the class in the program flow.
PSEUDO Code
if ( $var->regUser($x,$y,$z) ) { // Success }
OR
$status = $var->regUser($x,$y,$z) ? 'Success' : 'Failed';
I would not put the password hashing in the method or class. Hashing a password is not really related to doing a DB insert query which when you get down to it, is really what you are doing. It would also mean you have to duplicate the hashing code such as the case of a password change. Pass the hashed password to the Class.
-
What is the real problem you are trying to solve by doing this?
-
Get rid of all the space in your method calls.
-
Op, could you tell us why you want to do this?
-
That error could not have happened from a windows update. Post the code.
-
Instead of spinning your wheels trying to configure your own dev just do what I told you and you will be up and running in seconds
-
The easiest way to get a correct LAMP stack working for older php is to run Laragon Portable with Php 5.4
-
Torn on error reporting and look at the error log.
-
Not sure what you are doing with this, but you can easily generate a CSPRNG (Cryptographically secure pseudorandom number generator) in Php7 with minimal code.
<?php $bytes = random_bytes(5); var_dump(bin2hex($bytes));
-
This reminds me of the Bike Shed Problem.
-
1 hour ago, SaranacLake said:
If you were me would you stick with using MySQL for my business or switch to MariaDB?
It just doesn't matter. MariaDB is a drop-in replacement for MySQL. If you really want to head down this path you might as well throw in the "What about Percona?" which is another drop-in replacement fork of MySQL.
-
I ran the code and it works. The only problem is you need to change the error variable like so: echo mysqli_error($con);
Add this to the top of your page: mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
If your still having problems it is likely with the path to $con. You need to check that ABSPATH ."resources/ points to where con.php is.
apache just stopped working; host can see, others not
in Apache HTTP Server
Posted
Exposing your PC to the entire world is a really bad idea. The various wamps are intended for Development, not Production.