Jump to content

SteamingAlong

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About SteamingAlong

  • Rank
    Member
  1. Regarding the different problem. That is all ok because all that is required is to make it secure, viewable (even if it's just text images on each page) and printable. Ideally the text search is useful but not a requirement ahead of security which is very important in my case. I will look into how I can create a pdf to another cleaner pdf before I begin to convert it to images. Thanks a million. That is a nice option but some files can still go undetected as psycho did claim. I'd love to not have that worry as I could do without some sleepless nights thinking of solutions for somet
  2. Actually, correct me if i am wrong. But converting each pdf pages to each image (per page) and then converting it back to a pdf would be very secure in my eyes. Is it possible in php so the original file uploaded does not get stored on the server? Therefore, it is 100% secure.
  3. This was my biggest worry because I haven't found anything that is actually secure for these documents uploaded. Are you looking at this towards the likes of a tcpdf plugin? That is something I have for a pdf viewer. The upload renames and sends the file outside the root folder. Then to display it, it uses a tcpdi and includes the files via a file_get_contents. Thank you for the guidance, I needed that and will see if I can create something to read the pdf document and delete all the dodgy stuff if possible. That way, i'd feel happier that it is safer with some validation inside th
  4. That is interesting phpmillion, I never thought of that check but you are right ... it is useful just in case it was modified without me knowing. I will add that in, thanks for the heads up. dalecosp, I do have that addition check in place of the form like the token validation for both the id and value of the hidden input. Apart from those 2 answers, I was hoping there would be something before the file is uploaded. Maybe something similar like a virus scan of the file if possible before it is uploaded. This is to stop any vulnerability being added to the server. As with an ima
  5. Hi there, I have a form that allows the user to upload doc and pdf formatted files. I was hoping that I didn't have to go this route but it has to be done. What I have done for the upload is check it's extension is a doc or pdf check it's mime type via finfo_open check it's size renamed the file completely with proper extension added move file to outside of root folder Now, the file is displayed back to the user from a file_get_contents function and using the following code. <?php // $doc_1 is coming from the database $fullpath = '/home/myfolder/'; $doc_2 = filter_var($doc_1, FILTER_
  6. You need to change anything that's inside the alt tag if you are having problems with it. In your case it should be alt="<?=$rows->alt_tag?>", with alt_tag being the database row as you explained.
  7. I ended up adding a unique hidden input id for each of these contenteditable area's which can now be identified and validated properly via client side validation. If there's a better way, please let me know!
  8. Ok, guys. After lots of research, I have noticed that jQuery validator() does not use anything other than whats inside a FORM eg INPUT, SELECT, TEXTAREA ect, and requires a name value to be associated with them as an identifier. However, there's a need to get the data from the hidden field of the contenteditable="true" area of a div inside the summernote editor and not the textarea itself. So regarding this, I had to setup a seperate jQuery that will just be used for the contenteditable areas, all works great now for one contenteditable area. If I have two of them which is not yet tested t
  9. Assumptions is the mother of all fck ups. You are right! Never had the need to even get the number of rows after anything other than a SELECT which in turn has always made me stick to _num_rows. Anyways, you can see clearly where the error is as he has used the wrong code to get the number of rows. Since mysqli_num_rows requires a mysqli_result argument which you only get for SELECT queries. He should in turn be using mysqli_affected_rows in that case.
  10. I believe cyberRobot is correct. However, you also have and empty $stmt->fetch(); Read up on the manual for the correct parameter to use eg $stmt->fetch(PDO::FETCH_ASSOC); $stmt->fetch(PDO::FETCH_BOTH); $stmt->fetch(PDO::FETCH_BOUND); ... and so on PHP PDO MANUAL Update.....Ooops .... its an old post but i'll leave it here for those who couldn't find it.
  11. First of all, you are using an INSERT query. You can't get the number of rows from an INSERT query. You need to use a SELECT query after the INSERT one and then get the number of rows available in the database. As the other user said regarding the user data. You actually are inputting the data directly into it. This is a security flaw and would cause sql injections. The correct way for mysqli perpared statements is as follows: <?php $stment = $dbConnection->prepare('SELECT * FROM users WHERE name = ?'); $stment->bind_param('s', $name); $stment->execute(); $result = $stment-&g
  12. Hi Guys, I'm not great with jQuery. However, I have a form validated server side no problem ... but I need it to be validated client side too. This is where I use a jQuery validation for ... to validate the form and the summernote editor textarea. Html Form: <form role="form" id="myprofile" action="/edit/" autocomplete="off" method="post"> <input type="hidden" name="submitted" id="submitted" autocomplete="false" /> <div class="form-body"> <div class="row"> <div class="col-md-6"> <div class="form-group form-md-line-input form-md-floating-label"> <
  13. Actually, in line 2 you are showing $hash = '$2y$10$fFYyZWTdAcewqFByXX5Wvu/UuAk8dwYYjOV27SN/9RPea6TeU9Q0u'; I have highlighted in red to what is exactly causing the error "/". I came across this a while back with my tests but just ended moving to PASSWORD_DEFAULT and prepared it for it's changes in the future.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.