nadeemshafi9
-
Posts
1,245 -
Joined
-
Last visited
Posts posted by nadeemshafi9
-
-
Jeez, how many posts do you need to make at one time?
im a nervouse person nothings ever perfect for me
-
Quote from: thorpe on April 25, 2007, 06:04:16 AM
Its very hard to understand your question exactly (English not your first language?) but, prior to storing any users inputted data in the database run it through mysql_real_escape_string. This should fix your issue.
english is my first language but i had a bottle of vodka last night and have been doing my final year project for 6 days and 6 nights and i am a little bit woosy
-
reminds me of two projects i started on here 1 i completed when i was in uni, i done this project where you give the database name to the class and then run the index page and a single class creates all the CMS pages by reading teh table names and feild names, that was completd.
then i started tryign to stick blobs of sound together to get speach and it was a total flop i used soxmix concatinator lol.
-
hi
you know when you embed images you do all the hard stuff but basicaly imbed it in to the <img src => tag. hwat do you embed audio in to.
thanx for any sugestions i know its not well explained.
thanx
hi
i need to make a directory whith php is this possible i see no sighs of any apparent functions on php.net/create directory
thnx has gone a long way since last week i got it in a object know and am building it
-
Lavascript lol
on: August 15, 2006, 03:37:45 AM
hi guys
i just put some code anotation in to a page and my html template has a graphic in a div layer at the bottom right wen i scroll down the layer stays there how do i use lavascript to keep it at the bottom right wen the user scrolls down the page.
Thanks for any help guys.
-
lol, 4 in the morning
on: August 15, 2006, 03:28:04 AM
hi guys
I am a student and iv been using mysql to put data in to simple table feilds such as images and text i hav used dump files and phpmyadmin. the problem is i hav been given the task for my final project to recreate a huge hospital access relational database in mysql and add an intranet interface using php.
My problem is that i cant seem to see how relations are made in mysql and which datatype actualy is the equivalent of autonuber eg for id's ect, do i need to generate these, unique identifier dosent automaticaly enter a number.
can somone please help me, thanks alot for any help.
Nadeem
iv never kisssed this much ass since i started earnign a living
-
nevermind, googling reveals that setting the value of a file type input is not allowed for security reasons.
so much for that
thoght so lol
maybe you can do somthing with hidden feilds ??
function more(cur){ var values = new array(); for(var i=0;i<cur;i++){ id = i+1; if(document.getElementById('file'+id)){ values[i] = document.getElementById('file'+id).value; alert('file'+id+' Added to array.'); } else{ alert('file'+id+' Does not exist and was not added to the array.'); } } if(document.getElementById('file'+cur).value != ''){ cur++; document.getElementById('holder').innerHTML += '<div class="formcontainer"><div class="formlabel">File '+cur+': </div><div class="forminput"><input type=file name=file'+cur+' id=file'+cur+' onblur="more('+cur+');"></div></div>'; } var total = values.length; for(var i=0;i<cur;i++){ id = i+1; if(document.getElementById('file'+id)){ document.getElementById('file'+id).value = values[i]; alert('file'+id+' Updated.'); } else{ alert('file'+id+' Does not exist and was not updated.'); } } } <div id=holder> <div class="formcontainer"> <div class="formlabel">File 1:</div> <div class="forminput"> <input type=file name=file1 id=file1 value='' onblur="more('1');"> </div> </div> </div> -
so whats the issue isnt the onblur event firing have you tested it with an alert()?
-
crayon - and daniel0 do you guys rember a few years back when i was a budding developer - do you rember me asking any dum question i think i did once or twice
-
this is a good exp
Hi there,
I "socket" simply connects two systems together, an IP address is the
address of the machine over an IP based network. If you connect 2 systems
together using TCP, that is known as a TCP socket, a socket requires a port
and an IP address to attempt to make a connection.
A "protocol" is a strict set of rules for transmitting specific types of
data for set purposes. For example IP based games used bespoke protocols
for speed, AOL IM uses it's own bespoke protocol to create an instant
messaging service, SMTP is a protocol used for sending emails. It's kind of
like a "language" designed for a specific purpose.
A protocols should only interfer with a firewall if the firewall is
either
A) Blocking the port from being used.
B) Sniffing the packets and making assumptions and presumptions,
causing consequentions and making aspertions... and other shuns that
firewalls have a habbit of doing.
But if you tell your firewall to allow connects on a particular port for
a particular application it should *not* give 2 hoots about what is being
sent backwards and forwards because it would not even be able to understand
it! A firewall can analyze recognized protocols for malicious code, such as
HTTP, SMTP or POP3 but not your own bespoke protocol.
TCP and UDP are *low level* protocols used by the network adapter to
transmit data over IP based networks. And yes you are correct, UDP does not
contain fail safe measures; like TCP.
But using HTTP as a protocol in your application would be absurd unless
you are making a web server. It is by far easier to make your *own*
protocol, believe me this is *not* hard, I'm actually making a set of
classes for VB.NET at the moment which make designing your own protocol a
piece of cake. Get into Netlinx, AMX and Crestron then you will understand
all about protocols, including how to rip them off.
Nick.
the jist of it is that you can limit communication on your system to only that port
-
we have a system that we deploy and other ysstems use that system from client locations, now these systems contact the server using a socket connection .
i have been thinking about why and without any research this is why i reckon,
1, http requires web server wich is unstable, a socket server that you have created will be there only for one reason and thats to listen for your device, nothing else will use it, you can send each char of your message start message and end one by one with a checksum to make sure the data is solid. there is little chance of teh server falling and if it does it wont affect your web server.
you can monitor it in your script what comes throgh etc etc.
HTTP is a protocol that runs on a socket, and a socket is what is used to
transport data between systems. If you want to run your *own* protocol,
create a new socket (TCP or UDP) using an *unused* port (e.g. 1001), and
then send *your* protocol down it!
basicaly creating your own socket the application is more pure no web server stuff less to fail
http has its own protocol used in socket communication http is a protocol socket is a loop running on your server listening to a port.
you dont need teh http protocol, i think you get the idea
you can use a filename.php with a socket
so if you communicate to filename.php you can comunicate with it on multiple sockets
filename.php:1000
filename.php:2000
etc
but teh code inside the file will be listening for whatever port and teh data posted to it
read this
-
http://www.google.co.uk/search?hl=en&q=mobile+phone+browser+emulator&btnG=Search&meta=
when i was at uni i would just literly put my site up and go to it str8 from my mobile phone.
-
making a site that runs on mobile phones is a waste of time, any reasonable phone can diplay a full web page and no one would realy whant to view it on that anyways, the practicle solution is to use rss feeds which the mobile phone user can subscribe or view, or xml files with xslt which is a step back from rss. what you need is a system like joomla which allows you to install it in 5 mins and then everything can become an rss feed.
if your talking about those old mobile phones which are tiny and there entire screen gets fuilled by a tickbox then forget it your efforts will go to waste you will get it on there no one will use it, i say stick to a web app that allows users to create a question then add answers too it (multiple choice) or a question and mark it as open.
then you can have them log in to answer them and you can serve the results as a web page and xml rss feed dynamicaly generated, you can also email these results or even text message them or even bluetooth them.
-
it would be somthing like load the window and if they do anything else which would be unfocus from that window then load the exit page using element creation and insertion in js.
-
let me do some research and find a quote i like and il change it, cmon mate
dont lay an egg over it
lol!!!
-
i only play games on my xbox 360, pc gaming is for obsessed people
-
whats going on ?
-
ok we have stopped the db user from dropping anything anyways but yes.
so your saying that quoting into will fix the issue, i use quoteinto for update and delete queries but
$result = $tvCustomerData_table->fetchAll($tvCustomerData_table->select() ->from($tvCustomerData_table) ->where("{$search_filter} {$user_filter}") ->order(array("{$sort} {$dir}")) ->limit($limit, $start));is teh above code prone to injection ?
-
why not make your get variable into a object with your own syntax and then hash or encode it and then decode it and read it in on the other end.
to teh original post, i used to keep track of attacks on my sites and they used to be bots that attack you especialy in the url especialy if you include files using get vars
-
It's using prepared statements, so it will be safe, yes. Unless you have a row with the a PK like '; DROP TABLE users; -- it will just return 0 rows.
ok cool cos my supervisor wasent worried about sql injection and i was like oh but look you can just look in firebug and see all teh ajax calls and attack them all then i tried it and i manage to break one or two but didnt manage to delete anything.
im juts reading up on prepaired statements.
can you elaborate a tincey wincey bit more on that example you gave
PK like '; DROP TABLE users; -- it will just return 0 rows.
plz thanks
-
But do you have the feeling that you can do a lot more then on your own and that you really can do what you had in mind?
And do you still have to write some scripts on your own or is it all auto-created with some mouseclicks?
javascript frameworks are mindblowing, when you combine them with an mvc that is using mod rewrite such as zend framework, you get a super easy to manipulate interface with great widgets and a backend that is designed to work with ajax. trust me its just damn easy and you end up making much more powerfull frontends using the js framework and much more inteligent frontends and backend logic. The backend becomes much more managable and easy to call functionality.
the zend framework comes bootstrapped with a file registry app.ini for your db conns and many many more classes features and structure.
each module can be seperated having different views controllers and layouts.
layouts are amazing you can apply them to a content produced by a method in a controler when outputed to a virew or you can simply tell it that this controller will output json or xml or somthing.
http://extjs.com/ (this is a combo of all teh best frameowrks and much much more for js)
-
If you're using ZF's Zend_Db, you can just call the find() method on the Zend_Db_Table descendant to search by the PK you've set. That will be fine.
Or maybe like:
$something = $somethingTable->select()->where('id = ?', $id);and that will filter any attacks from being injected because if teh firts part fails it breaks ?
-
Delimit it in quotes. IDs should be integers though.
how good of a solution is that because i am having issues wit hthis too, prior to my new apps i used to have an array in the bootstrap of the apps and used to check against it for illagel chars for id's and text strings in teh url or post directly in teh model on any controler call. That caght everything.
now i am using the zend MVC and ajax its slightly more of a widespread issue zend seem to havre made it slightly better because they break up the query into functions eg select() from() etc.
how well can i protect myself by using quotes ? can it be broken still ? does quoting it fix any vulnrability ?
-
forgive me if im wrong off teh top of my head i think they cant exec remotley ? or am i wrng ?
i'm just trying to get into the other box using
in the command line directly I would type
ssh servername -l username
you can do that with exec
you got confused with you server to server comms, you wont be executing that command on server 2 you will be executing it on server 1
but there is a better way execute it directly on server 2 using server 1.
<?php // variable initialization $command = 'ls -al >files.txt'; // set up basic connection $ftp_server = "ftp.example.com"; $conn_id = ftp_connect($ftp_server); // login with username and password $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); // execute command if (ftp_exec($conn_id, $command)) { echo "$command executed successfully\n"; } else { echo "could not execute $command\n"; } // close the connection ftp_close($conn_id); ?>or you can execute the commands on server 1 just like you would do on a command line from server 1 to server 2
[SOLVED] nadeem
in Miscellaneous
Posted
heavey metal <(iron monger)
i dont even use my laptop mobility , i have it hooked up to my tv and just unplug my urb reciver for my pc mouse and keyboard and just switch it over and now i have internet windows and all on 32 inch HD HDMI
dont lagh, i go to work with an empty laptop case lol.