Jenk
-
Posts
778 -
Joined
-
Last visited
Never
Posts posted by Jenk
-
-
I've no need to. The information is readily available because others have posted it ;)
-
actually, sha1 is the one truly breakable hashing algorithm and use of it is discouraged, even md5 has preference.
but with vulnerabilities like you have in your SQL statements, no hashing algoritm is worth bothering with.
I go to your site and enter the following credentials, what happens?
[code]Username: ' OR '' = '' --
Password: whatever[/code] -
[quote author=Crayon Violent link=topic=105876.msg424127#msg424127 date=1156871329]
jenk- just so you know, mysql_field_type() returns what php thinks the column type is, based on the data retrieved from the column. This does not necessarily make it the same data type as what you actually have in your database. Your column type could be something else and php could get it wrong. therefore you should do it my way, as you are getting the datatype directly from sql, not php.
[/quote]Actually, no it doesn't. It is a direct shortcut to the C function which is used within MySQL. It returns whatever value is in the TYPE column when you run a DESC `table` statement. -
Why remove the submit variable?!
Why remove anything from $_POST in fact?
Also, extracting variables frmo user input is not a wise idea. This is why regsiter_globals is frowned upon.
It is best practice to explicitly use the data you require, $_POST can contain as many fields as the user wishes. You will also have problems if the user submits an array within $_POST if you use that snippet. -
echo is language construct, not a function, thus you shouldn't use parenthesis.
[code]<?php
echo nl2br($row['location']);
?>[/code] -
AJAX won't help you anymore than PHP. Why? AJAX does not execute anything on the server.
-
Use a 301 redirect in .htaccess.
-
[quote author=Barand link=topic=106321.msg425076#msg425076 date=1156982640]
User enters number
submit form
get random number
compare with user input
[/quote]Don't forget to unset the random number once approved. -
Read my post again. If you need to stripslashes() your data from the database, you are using addslashes() or mysql_real_escape_string() one too many times [i]upon input[/i]
-
realpath() will be of use for cross compatability.
[code=php:0]<?php define('PEAR_DIR', realpath('libs/Pear')); ?>[/code] -
Is up to you, but for your last comment - if you are needing to run stripslashes on your [i]database[/i] data, you are running addslashes or mysql_real_escape_string() one too many times on input.
-
no need for preg_split, just follow the below example:
[code]<?php
$output = explode("\n", shell_exec($command));
foreach ($output as $line) {
echo '<p>' . $line . '</p>';
}
?>[/code]
-
[quote author=ToonMariner link=topic=106246.msg424675#msg424675 date=1156946138]
from the manual
Note: Prior to PHP 4.0.2, the following applies: require() will always attempt to read the target file, even if the line it's on never executes. The conditional statement won't affect require(). However, if the line on which the require() occurs is not executed, neither will any of the code in the target file be executed. Similarly, looping structures do not affect the behaviour of require(). Although the code contained in the target file is still subject to the loop, the require() itself happens only once.
apology accepted ;)
[/quote]No apology given. Take note of "prior to 4.0.2"
Any host still running < 4.0.2 is a poor host ;) Your apology accepted.
Also note that the code will not be executed even in < 4.0.2. require() just tries to read the file. Another apology accepted. -
[quote author=ToonMariner link=topic=106246.msg424672#msg424672 date=1156945987]
include will include your file whenever the flow of code calls it.
require will include your file regardless...
eg.
if ($string == 'yep')
{
include('file.php);
}
will only include your file if $string is 'yep'.
if ($string == 'yep')
{
require('file.php);
}
will include it no matter what $string is.
[/quote]Incorrect. -
Ignore the namespace part for now - but the reason why I suggest keeping a separate resource for session data from application data is because if you use a different DB for sessions from Application you may have issues with incorrect table names etc.
-
You are missing a closing bracket on the preceeding block of code.
-
dude.. remove your username and password before someone connects to your db and ruins your day..
-
eregi is deprecated, use preg_* functions instead.
Otherwise use stri* functions for direct matches:
[code]<?php
$string = 'FoO';
if (stripos($string, 'foo') !== false) {
//case insentivie match for foo found
}
if (preg_match('/foo/i', $string)) {
//case insensitive match for foo found
}
?>[/code][/code] -
Use shell_exec() instead of system(), shell_exec() returns all output as a string instead of directly outputting.
-
Turn all error reporting on [code=php:0]<?php error_reporting(E_ALL); ini_set('display_errors', 'On'); ?>[/code] and see what you get.
-
right.. to make it easier, please post the code from the entire class :)
-
mysql_real_escape_string() is all you need to make a variable safe for inserting to mysql. strip_tags() is not necessary (and is not favored over htmlentities(),) trim is just not necessary.
Escaping characters only turns them to literal values. You will not see the escaping character ("\") in your MySQL database. Inserting a value of: O'Reilly (when escaped will appear as O\'Reilly) will appear in your database as O'Reilly.
If you do not escape, the query will fail. -
$states is an array of arrays.
-
Just a note.. it doesn't get rid, it escapes them so that MySQL uses them as literals, rather than special characters.
GD Percentage Bar
in PHP Coding Help
Posted
PNG's render from top to bottom, so that is your restriction.