
leesiulung
Members-
Posts
83 -
Joined
-
Last visited
Never
Profile Information
-
Gender
Not Telling
leesiulung's Achievements

Member (2/5)
0
Reputation
-
Need book recommendation for programmer familiar with PHP
leesiulung posted a topic in Miscellaneous
I'm starting a project that I want to be highly thought out and scalable. PHP is not my first choice, but seems to be the one with the most resources available. Unfortunately, PHP is also one of the languages that has the most security vulnerabilities due to bad coding. As an effort to balance this, I would need a good book on: - PHP security (I anticipate enough users that I will get attempted hacks from script kiddies & etc.) - Enterprise type implementations - Good code design (design patterns) - Focuses on potential performance issues/bottlenecks I consider myself a good programmer with enough knowledge of PHP to create smaller web sites (meaning not enterprise or large scale alas facebook or youtube), and have a Computer Science degree. Anyone can suggest me a book or two? -
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Barand's clean() function for Access worked like a charm. Tested it on GoDaddy's servers. Thanks Barand!!! I very much appreciate your help. -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
To those trying with the same issue with GoDaddy hosting, my solution ended up being to use an ASP page and post the information to this page. On errors, I would send a GET message back to the original PHP script. As far as I know, PHP at GoDaddy is running on Safe Mode and is not officially supported on Windows platform. It also does not display errors in PHP scripts, even when you try to enable them in code. -
[SOLVED] ODBC and committing a transaction? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
This worked. Thanks! For those wondering this was with GoDaddy's Windows Deluxe hosting. I highy recommend AVOIDING GoDaddy if you need PHP on Windows hosting. They do not officially support PHP on Windows. While testing the code I found a bug and indeed the transaction was rolled back. Thanks! -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
That would work, but that means the client "can" know what I'm sending in the GET/POST since it would have the GET/POST data has to be sent to the client and then from the client back to the server. I might have to just use a different scripting language... It seems like this is an impossible challenge.... -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
I do not see fopen in the list of disabled functions. Do you mind posting a little code to save me a few hours of reading the help file and trying it out? I'm stuck with godaddy. I just did not realize that their Windows hosting was that limited.... Dedicated or even virtual dedicated server would be best. -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
curl do not seem to work with the server. Everytime I try to run curl_init() it always returns nothing (printed out on screen). I think this is equivalent of false. Since I do not see error messages (turned off and unable to turn on), I have no idea what is wrong. Any other suggestions? -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
Unfortunately, that does not work because it would redirect the browser to a different page too. I need it to silently make the GET or POST in the background. -
Challenge! Sending GET request in PHP code?
leesiulung replied to leesiulung's topic in PHP Coding Help
I'm not sure what socket function you are talking about? I do not see this socket function as part of the disabled list I provided. I grabbed this list of phpinfo();. Unfortunately, PHP hosting with Windows at GoDaddy leaves a lot to be desired. PHP on Linux does not support MS Access. MS Access support and PHP was a requirement.... -
Is there a way to send a GET request via PHP code? I need to send it to a url as follows: http://www.mydomain.com/index.asp?email=emailaddress The following is disabled: getmyinode, getopt, getrusage, extension_loaded, dl, mysql_pconnect, crack_check, crack_closedict, crack_getlastmessage, crack_opendict, fsockopen, pfsockopen, mysql_list_dbs, mysql_stat, ini_get, ini_get_all, ini_alter, ini_set, get_current_user, get_defined_constants, get_include_path, php_ini_scanned_files, php_uname, phpcredits, restore_include_path, set_include_path, set_time_limit, version_compare, zend_version, getmypid, getmyuid, getmygid, assert_options, assert, fopen, fwrite, fread, file, fpassthru, file, mail, opendir, readdir, closedir I'm on PHP4 on Windows. I cannot use curl with the following code: <?php $ch = curl_init('http://www.mysite.com/index.php?option=com_content&task=blogcategory&id=24&Itemid=55'); curl_exec ($ch); curl_close ($ch); ?> This suggest that I cannot use curl and is a limitation of my hosting company, GoDaddy.... Any programmers want to take me on the challenge and help me out?
-
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Thanks! -
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Barand, I'm not sure I understand. When pulling the date from the database, what should I do? Do I need to revert what was done when inserting the data into the database? Please elaborate. -
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Barand, I am assuming that there is no need to reverse the process? For Access it is indeed double quotes to escape a single quote. -
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Barand, Unfortunately, I'm not as familiar with stored procedures and could not get it to work. I read on a web page that Access do not support stored procedures, but who knows.... What things should I escape or disallow other than single quotes? -
[SOLVED] Prevent SQL injection in ODBC and MS Access? Help!
leesiulung replied to leesiulung's topic in PHP Coding Help
Barand, I'm getting pretty frustrated with PHP. It is the bane of my existence as I cannot stand the language. It is a love hate relationship. I love the fact that there is so much support for it, unfortunately the language in my personal opinion is terrible. Anyhow, I have been unsuccessful in figuring out how to use stored procedures in MS Access using PHP. Can you or anyone help me out on how to sanitize the input for Access? It should have been as easy as applying a function to the argument... here I am spending hours digging up information. I would really appreciate it if anyone could help me. #!@$!@$@#%#@Q%#@TW$%^%&^%*$^#$#@%%@$!@