LLLLLLL
Members-
Posts
306 -
Joined
-
Last visited
Everything posted by LLLLLLL
-
I'm having a conflict between jQuery versions or something, I get Property '$' of object [object Window] is not a function I've read about using $.noConflict() or other potential fixes but I cannot get any solution to work. The working page is http://americangene.com/checkout/ -- the problem is between the cart's jQuery and the jQuery in use by the WordPress template. Any suggestions are welcome.
-
This seems like the most appropriate forum on here for posting. I'm curious what people use for LAMP website vulnerability testing. I know of TrustWave and maybe one or two others. I'm not sure I want or need a subscription service where they scan on a recurring basis. Maybe just a one-time thing. I'm looking for the typical scans: cross-site scripting, SQL injection, and then patch suggestions for OS vulnerabilities, etc. Any advice is helpful.
-
- security
- vulnerability
-
(and 2 more)
Tagged with:
-
You clearly have never written an application that uses abstraction and base classes. This is basic stuff. The base class doesn't know about every field for every column. It knows "I have these POST values" and "here's my table". That's all it knows. The base class generates a query from that. It's unaware of every column type. So the answer is .... quoted columns in the query string. A standard feature in DB engines. I'm got the answer to my specific question a while ago. Our conversation, while enjoyable, didn't help anyone. I'm no longer following this thread.
-
Who's on first?? But how does the app KNOW WHAT THE CORRECT DATA TYPE IS? Come on, how many times can you not answer the question? You either write lots of extra code or do lots of extra DB reads. Or you use quotes like all DB engines allow.
-
You have yet to answer my question. How does the app know the data type? You either write a bunch of extra code or you do extra DB reads. Or you use quotes, like all DB engines allow, and everything works as expected.
-
I see you're trying to chest-thump here, so go for it... how do you know which columns to NOT throw in quotes, then?
-
I'm saying, how can the code dynamically generate the query without quotes? (Without doing extra reads or writing lots of extra code.) You can't. You get data from a form, and you don't know anything except that you have data. The code doesn't know that some textbox is numeric only, or that some select box values are ints.
-
Um, yes it does. How do I know what the type is?
-
MS-SQL allows this, too. I think it depends on the language; PHP is weakly-typed so its database pretty much needs to allow this type of syntax. If you're in C# with an MS-SQL back-end, then you'll know the data type and quoting isn't necessary. Again, without writing all sorts of code and/or performing extra reads, quoted values is the only way to go. There's no easy solution without it.
-
It is quite common to do this, and not wrong at all. If the application is building queries and doesn't know the column types, this is how to do it.
-
Because this is how the application works. It's quite common to build queries out this way, even in MS-SQL.
-
Right... but my question is how to disable it? Something in php.ini? (This is a customer's server and a Windows box.)
-
It is as you would expect... insert into some_table ( col_a, col_b, col_c ) values ( '1', 'this might be a string column', '123.00' ) And the error is clear: Incorrect decimal value: '' for column col_a
-
On one customer website, the customer cannot insert any rows if a field is left blank and the column is a number. In short... '' ... is not being accepted for numeric or decimal columns. I've never had this on any other customer site, and it's pretty standard to use '' for column values in by MySQL (and even MS-SQL). What would be preventing this? I assume it's a MySQL setting somehow? For what it's worth, this customer is on a Windows server, much to my chagrin.
-
Cross-Domain Ajax, Multiple Site Syntax Issues
LLLLLLL replied to LLLLLLL's topic in Javascript Help
As mentioned above, not all servers have HTTP_ORIGIN enabled. -
Is There A Way To Parameterize The Parameters?
LLLLLLL replied to LLLLLLL's topic in Javascript Help
One response had the syntax as an example. One did not. -
Is There A Way To Parameterize The Parameters?
LLLLLLL replied to LLLLLLL's topic in Javascript Help
That's what I needed! Thanks. I didn't realize there was a second parameter option. -
Is There A Way To Parameterize The Parameters?
LLLLLLL replied to LLLLLLL's topic in Javascript Help
The function I've shown is on the client side. This is a sample generic function with param1 and param2 as the keys and specific values. I want to create a generic JS function to handle all my AJAX calls, and I want to pass that function a list of key/values in an array. But how does that make the $.get syntax look? -
Is There A Way To Parameterize The Parameters?
LLLLLLL replied to LLLLLLL's topic in Javascript Help
Sorry, that's not really an answer that helps me. What does a function look like that creates this $.get call without hard-coded "param1" and "param2" key names? $.get( "someurl.php", { param1: someVariableValue, param2: 'someHardCodedString' }, function( data ) { -
This is a fairly typical piece of AJAX code... $.get( "someurl.php", { param1: someVariableValue, param2: 'someHardCodedString' }, function( data ) { On the back-end, PHP will receive $_GET with "param1" and "param2" keys, and the values as displayed above. My question is if it's possible to set the name of the keys param1 and param2 dynamically. I'm looking for a way to have a single function make the ajax calls, and to do that I won't have hard-coded "param1" keys, but the keys will be generated from whatever code I'm using to make the call. (Does that make sense?) Anyway, I am just looking for a way to set the keys of the GET (or POST) without hard-coding them on the page. Is this possible?
-
Cross-Domain Ajax, Multiple Site Syntax Issues
LLLLLLL replied to LLLLLLL's topic in Javascript Help
Not a CGI server, and it's hard to know what all customers may have. I guess * is the only way to go. -
Cross-Domain Ajax, Multiple Site Syntax Issues
LLLLLLL replied to LLLLLLL's topic in Javascript Help
I don't have HTTP_ORIGIN in the requests. I've tested on my server and a couple customers. This won't work as a solution. So two questions: 1) What is the expected format to list domains? Comma-separated? Space-separated? Some server setting that determines the separation? It should work. 2) Can I put multiple headers like this? Is it expected and/or good practice? <?php header("Access-Control-Allow-Origin: http://website.com"); header("Access-Control-Allow-Origin: http://www.website.com"); -
Cross-Domain Ajax, Multiple Site Syntax Issues
LLLLLLL replied to LLLLLLL's topic in Javascript Help
But how do I know the HTTP Origin? From what I undestand, $_SERVER[ 'HTTP_ORIGIN' ] isn't documented. -
What is the correct syntax for listing multiple domains to be allowed for cross-domain AJAX calls? My code does this: <?php header("Access-Control-Allow-Origin: http://website.com"); This works when website.com is the caller, but not when www.website.com is the caller. So I tried: <?php header("Access-Control-Allow-Origin: http://website.com http://www.website.com"); ... and... <?php header("Access-Control-Allow-Origin: http://website.com, http://www.website.com"); But these things don't work. When I say they don't work, I mean that neither website.com nor www.website.com will be able to make the call with those configurations. So right now the only option is to put * and allow everything. I don't want to do that. Is there another header directive or something that I need? I saw something about Access-Control-Allow-Headers: X-Requested-With but that didn't work either.