LeadingWebDev
-
Posts
79 -
Joined
-
Last visited
Never
Posts posted by LeadingWebDev
-
-
The run is spent may be cause of big result sets are returned.
as bigger arrays u store -> more ram u need to store them.
or you may have an infinite loop, but i didn't really checked the script as i am on the work
i suggest using 1 or 2 queries for all those stuff you retrieve and retrieve only needed information with limit, joins, etc.
-
wrong identification information supported or database server refusing connection for supported user.
-
that all depends on usage of field in ur case.
if u are planing to use later 'IN' inside ur query on a field u want to store implode(',',$var) perhaps this will be more relevant for you, otherwise if u gonna preform searches/filters on this data it is better to separate to few fields.
-
few short is better, than one long that will perform full text search in a bad case of using.
-
get_browser can support you with major version as minor as well.
-
if it is remote server, use fgetc() then eval() on code u received, if it is located on same server u are working on, user require_once if the files is critical for you, otherwise include_once
hth
-
no, Regular Expressions loads server hard.
If u are building statistics that shouldn't catch crawlers (web search spiders) probably get_browser will help you, as every search bot have his own user agent.
-
<?php echo $_SERVER['HTTP_USER_AGENT'] . "\n\n"; $browser = get_browser(null, true); print_r($browser); ?>
should help you, but remember you should configure it on server and support him browser list.
Reference: http://php.net/manual/en/function.get-browser.php
-
This does not following redirect, htaccess should redirect u to index.php in this directory.
However htaccess maybe returns u the http 302 or 301, you should setopt follow location.
try putting
curl_setopt($clean_url_check, CURLOPT_FOLLOWLOCATION, TRUE);
to debug the response u receive from server, send him POST request and echo result, rather than sending GET.
HTH
-
use mktime() or gmmktime() for a GMT
-
$s=''; foreach(explode("\n",trim(chunk_split($string,2))) as $h) $s.=chr(hexdec($h)); -
First of all, i already see a vulnerability there.
Filter visitors email with filter_var, as you create a header with and it is vulnerable to external attacks.
for vulnerability explanation read : http://www.php-security.org/MOPB/MOPB-34-2007.html
$headers .= "\nSubject: Resume from the 'Careers' page"; $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 8bit\n\n" . $skills . "\n\n" . $name . "\n\n" . $phone . "\n\n" . $email . "\n\n"; -
Andy, you can try using timestamp
-
SELECT date_format(dataFIELD, %e/%m/%Y) as datefield FROM `table` WHERE 1=1
-
SELECT *, date_format(datetime, %m/%e/%Y) as datetime FROM `forum_replys` WHERE `sub_cat_id`='".$subsF['id']."' ORDER BY `datetime` DESC
not sure, but this should help you
-
be careful.
its probably <IFRAME> 1x1 pixel.
location: between <body> and </body> at most at the bottom.
I will say its not just change FTP log info, the server may hacked from even another site hosted at the same server, and then with shell they just uploaded php script that looping throught all server files, and inserts IFRAME in every page.
if you will get same infection again, you will probably need to contact server administration ASAP.
-
$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
-
you may create additional table for ad types, then you fetch it to the form where user selects his ad category, and so you put it in ads with appropriate type ID
-
What really you need to give as Server?
$row[server] means you get this variable from database table CES row Server, if u dont have this row in your table its being blank var and return notices of not existed index.
please quick, g2g sleep, my time almost 5AM
-
ok so i got md5($var); to work but what is the other guy talking about
LeadingWebDev is rambling. He was describing a possible sql injection. The data is however being escaped properly and is not subject to this vulnerability.
Right
-
strtoupper();
-
Are you storing your passwords as md5 hashes?
no im not i dont know how to do that so i just took that part out
as for
its a big mistake to get user AND pass and check only mysql_num_rowsas we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.
i may explained it not soo well, but sorry for bad english
i dont get what you mean.
if a user were to type in just a username they could get in?
do that md5($var);
hacker can specify information to pass login and get inside.
expample: i know your username, i type your username and as password i specify 1=1, etc... and then password will be true)
script will receive information and you logging in.
-
its a big mistake to get user AND pass and check only mysql_num_rows
as we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.
i may explained it not soo well, but sorry for bad english
$sql=mysql_query("SELECT * FROM users WHERE username='$username'"); if(mysql_num_row($sql) > 0) { $row=mysql_fetch_array($sql); if($password === $row['password']) { // Set session // redirect him } else { //error } } else { //wrong username or password (we know that user unexist, but won't show it) }in this example i also mean you info already protected and you not using register_globals=on as it is vulnerable too=)
-
and what if user will enter just numbers? ^^
use <select> </select> <input value="value">
and so on... easier to handle and to escape exactly what you need.
to get only numbers you can use few ways.
check out strings from php.net -> http://php.net/manual/en/ref.strings.php
PHP class - passing options as an array
in PHP Coding Help
Posted
class picOutline { function picOutline($opts=array()) { $this->imageUrl=$opts['imageUrl']; $this->borderColor=$opts['$borderColor']; $this->link=$opts['$link']; $this->altText=$opts['$altText']; $this->width=$opts['$width']; $this->height=$opts['$height']; $this->align=$opts['$align']; } Function Set($varname,$value) { $this->$varname=$value; } Function displayImage() { if ($this->link) { echo "<a href='".$this->link."'>"; } echo "<img src='".$this->imageUrl."' "; if ($this->borderColor) { echo "style='border: 1px solid ".$this->borderColor.";' "; } if ($this->width) { echo "width='".$this->width."' "; } if ($this->height) { echo "height='".$this->height."' "; } if ($this->altText) { echo "alt='".$this->altText."' "; } echo "align='".$this->align."' />"; if ($this->link) { echo "</a>"; } } }HTH