Jump to content

Karaethon

Members
  • Content Count

    124
  • Joined

  • Last visited

Everything posted by Karaethon

  1. Karaethon

    Am I seeing windmills?!?!?

    I ws just reading the PHP Documentation and I accidently found something that scares me a little. There are two commands which (I believe) would allow a potential hacker scary power. Everything I've read always tells me to use/pass variables for the arguments when connecting to a database (i.e. mysqli_connect) instead of hard coding the arguments into the mysqli_connect directly. The reason that is given is security, the data can be stored somewhere secure where a malicious user cannot access it. Sounds great and I use it, as the values dont change during execution I use constants, and that's where I found the scary. There are two commands which would dump all that info straight to a user... PLEASE tell me this cant be done. the commands are: get_defined_constants() get_defined_vars() Couldn't a malicious user trick the server into running echo get_defined_vars(); echo get_defined_constants(); and then become omnipotent? I can see it, somehow a user uploads a file to a server, pretending it's innocuous, but really it's a .php (say myfile.txt.php) snd then said user requests that file from the server...
  2. Karaethon

    Am I seeing windmills?!?!?

    Ok, so it's not like they could get a file onto the server then goto http://www.site.com/badfile.txt.php and have everything go kablooey for you. the file must be specifically include or rewured for it to execute, right?
  3. Karaethon

    Am I seeing windmills?!?!?

    ok, so if the directory doesnt have execute permisions (chmod?) then it wouldnt proccess the file?
  4. Karaethon

    Echoing all $_GET values

    I am testing my app to server transport to verify everything is working, I need to write a loop that takes each value sent via GET and/or POST and then echo each key:value back, how do I step through the $_GET or $_POST and extract each to echo? Something like this, but what? <?php /*I know this is not valid, is psedocoded*/ foreach($key in $_GET as $value){ echo $key." = ".$value; } ?>
  5. Karaethon

    Echoing all $_GET values

    I wasn't debugging so much as trying to verify that the app code was sending valid $_GET parameters. The app does all the data valiation, and I verified that side, I just needed to double check that what I 'thought' was being transmitted was what was actually being recieved. I don't have access to the recieving server so I was submitting to localhost to verify before actually submitting to server.
  6. Karaethon

    Echoing all $_GET values

    Ok, I was almost right on. I got it right except my foreach order was wrong. <?php foreach($_GET as $key => $value){ echo $key." = ".$value; } ?> is the correct way. sorry for wasting space on the forum.
  7. I'm suddenly having trouble using my connection to my MySQL database... (yes it was working but now...) I have the Connection created in an include file and stored in variable $DB, in the main file that includes the file containing the$DB there are other includes for classes. These classes are SUPPOSED to use $DB to connect to and SELECT/UPDATE/INSERT, but for a reason I cant figure out they suddenly stopped seeing $DB. it keeps saying its an undefined variable. If you need to see code I can post...
  8. Karaethon

    Unable to use connection to MySQL

    I haven't made any system changes, only code changes, after undoing everything I still have no link. But like i said above, I'm giving eah class its own connection to the table it specifically uses. I would like the code reusability of a MySQL_Interface class but I can live with this a I can target specific table per class.
  9. Karaethon

    Selecting Oldest entries

    Is it (I'll bet the anwer is Yes) possible to SELECT the oldest entries in the table? "SELECT * FROM `vaults` WHERE `Status` = "Unsolved" ORDER BY `CREATED` LIMIT 75 Would this be correct?
  10. Karaethon

    Selecting Oldest entries

    It seems to, except it doesn't like the limit statement. If I have the limit it barfs...
  11. Karaethon

    Unable to use connection to MySQL

    Thats what I can't figure out. I undid and rolled back my changes and it still won't work.... I decided to give each class its own mysqli_connect and live with it.
  12. Karaethon

    Cant figure out PHP/MySQL Error

    Hmm, yeah I kinda knew that, never really thought of how it would affect execution... In this case I dont think I could use AND though because the rtrim after completion could remove more than the AND? or maybe not it is only trimming from end....
  13. I am getting Fatal error: Uncaught Error: Call to a member function real_query() on null with this code: public final function Retrieve($TABLE, $CRIT){ $_query = "SELECT * FROM `{$TABLE}` WHERE "; foreach($CRIT as $_field => $info){ $_query .= " `{$_field}` = `{$info}` &&"; } if($this->LINK->real_query(rtrim($_query, ' &'))){ return $this->LINK->store_result(); } else{ return json_encode(array("Error"=>$this->LINK->errno(), "Description"=>$this->LINK->error())); } } (LINK is my mysql_connect() result.) I have tried everything i can think of, ->query, going to mysqli_query, breaking it sown and using a $result variable, but nothing seems to work...
  14. Karaethon

    Cant figure out PHP/MySQL Error

    Habit. I am used to thinking && instead of AND when writing code.
  15. Karaethon

    Cant figure out PHP/MySQL Error

    Good catch! I want to copy and paste my __construct code to show what I had and I noticed it was $LINK = mysqli.... instead of $this->LINK = mysqli.... I looked at it 500 times but kept missing it because I saw what I expected, not what was.
  16. Karaethon

    How do I...

    I know that cron can run a script automatically at scheduled intervals but I have no knowledge of how to set this up. Both the cron AND the script. I can learn, obviously, but I have a question before diving in. Can I trigger an unsceduled run of the script from another script? Specifically, I have in mysql a database of number puzzles, the script will check the number of unsolved and generate new ones as needed to keep the number near the planned 1000 point. but if there is a surge of solves I want other script (user interacting script) to trigger the other script if the number drops to 100 or less. I don't want the user script hanging while puzzles are generated so i need to trigger the housekeeper script outside the userscript thread.
  17. Karaethon

    How do I...

    Hmm, ok.... Thanks I have never used cron before except what the host or premade site used, I don't know how to make my own. But NotionCommotion pointed out something I was too close to see... Everytime a puzzle is solved run the generator. facepalm.
  18. Karaethon

    Is this valid syntax?

    $ARR[$i] == $NEEDLE ? $Count++ : $Count I am using it in: private function _countIf($ARR, $NEEDLE){ $Count = 0; for($i = 0; $i < count($ARR); i++){ $ARR[$i] == $NEEDLE ? $Count++ : $Count } return $Count; }
  19. Karaethon

    Is this valid syntax?

    CARP! I wrote countIf because all my searching of php documentation I couldnt find anything that let me search specific value.... I must have missed array_count_values, because it doesnt look for specific I moved on. I remember seeing it. arghhhh! all i needed was array_count_values(ARRAY)[VALUE IM LOKING FOR] ONE FREAKIN LINE!!!!
  20. Karaethon

    Is this valid syntax?

    I followed your link (neat site, gonna bookmark it) and it did work when i tried it...
  21. Karaethon

    Is this valid syntax?

    oops, not that it makes much of a difference but i mis-typed when i wrote it here it's function countIf( $ARR, $NEEDLE){ $Count = 0; foreach( $ARR as $Entry){ $Entry === $NEEDLE ? $Count++ : $Count; } return $Count; }
  22. Karaethon

    Is this valid syntax?

    $ARR is any array and $NEEDLE is a value you are trying to count occurances of. Tho overall code works, the original version was if($ARR[$i] == $NEEDLE){ $Count++; } but I thought the newer version cleaner
  23. Karaethon

    Is this valid syntax?

    Havent yet tried it, its one method in a class im writing and it's callers are still under comstruction.
  24. Karaethon

    php to mysql, INSERT problem

    I'm being given an error by mysql, "Warning: mysqli_connect() expects parameter 1 to be string, object given in /storage/...", the relevant lines are $code = $this->GenerateCode($num); $enCoded = password_hash($code, PASSWORD_BCRYPT); $query = "INSERT INTO `vaults` " . "(`Alive`, `Contents`, `Code`, `digits`, `Winning_Player_ID`, `Won_Date`, `debug`)" . "VALUES " . "(CONV('1', 2, 10) + 0, '0', '{$enCoded}', '$num', NULL, NULL, '{$code}')"; Followed by the mysqli_connect($this->db, $query).
  25. Karaethon

    php to mysql, INSERT problem

    Face, Palm, Palm, Face. I didn't even catch that! ok, maybe I should take a mental health day for the rest of the day. mysqli_query, not mysqli_connect... write that 500 times on the blackboard Karæthon.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.