Jump to content

avenged

Members
  • Posts

    11
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

avenged's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Sometimes, (not all the time) when i try and view a page on my machine, I get a 'The Connection was reset' error (firefox). I've edited and tinkered with the config files to the best of my ability, but I still cant figure out why Apache keeps doing this. I'm not sure if it's a bug with my version, or if it's a mistake in my config. Either way, I figure someone here will know more about it than me, as I am not too familiar with Apache. And yes, i've already used Google and the search function located here, but still no luck. I've tried editing the KeepAlive option to allow persistent connections, thinking that's maybe a reason, but to no avail, it didn't help. I also noticed that Apache doesn't send out any headers either when this problem replicates itself. Thanks for any help given. Apache Version: 2.2.4 OS: Windoze PHP: 5.2.3
  2. hello, was just wondering how I would be able to use str_replace to skip an index in an array if something is found in str_replace. I have a str_replace that checks an array for values in an array. [code] str_replace($array1, "", $array2); [/code] it searches array2 with values from array1, and i was wondering, if it finds a match, instead of it replacing it with a space, how do i replace it with nothing, as in the array returned wont even have an index with anything in it with that?. say i am searching an array with values: array('1', '2', '3'); and i want to search it from the values contained in this array: array('1'); so, obviously, it would return a match with this array: array('', '2', '3'); How would I replace the match with nothing, so it would return an array like this: array('2', '3'); ?? Thanks!
  3. [!--quoteo(post=361846:date=Apr 4 2006, 11:16 PM:name=akitchin)--][div class=\'quotetop\']QUOTE(akitchin @ Apr 4 2006, 11:16 PM) [snapback]361846[/snapback][/div][div class=\'quotemain\'][!--quotec--] in my experience, the automatic escaping is sufficient to avoid injection attacks. however, some security nuts will attest that it isn't (likely due to some special unescaped characters?). i couldn't tell you why it isn't sufficient, you'd have to look that up yourself if you're interested. what i do know is that you cannot take this setting for granted - it will not always be on. in the interest of good development, i would make your own escaping function that either adds slashes if magic_quotes_gpc is not on, or leaves it as is if the setting is on. [/quote] i do have a function that does just that. but what I also find weird is the SQL injection detection function (uses regex) finds an SQL injection attack. heres the function: [code]       function checkInput($str)       {          $str = strtolower($str);          //pattern for SQL injection type 'OR 1=1          $pattern = "/^ *(\'|\")? *(or|and) *\'|\"? *[a-z0-9]* *\'|\"? *(=|<|>|<>) *\'|\"? *[a-z0-9]* *\'|\"? *-*/";          if(preg_match($pattern, $str))          {             //.......log it          }             } [/code] now, if im not mistaken, shouldnt the function not return the preg_match if the POST vars are already escaped??? whats weird is it IS returning a preg_match if I insert it correctly. This is how I use the function: [code] $text = checkInput($_POST['username']); [/code] Shouldn't this not even return a valid preg_match, if everything is already escaped?? my regex doesnt check for escaped characters, yet it still returns true....how?
  4. [!--quoteo(post=361833:date=Apr 4 2006, 11:02 PM:name=cunoodle2)--][div class=\'quotetop\']QUOTE(cunoodle2 @ Apr 4 2006, 11:02 PM) [snapback]361833[/snapback][/div][div class=\'quotemain\'][!--quotec--] Please post your code on here so we can take a look at it. [/quote] lol, i said it was just a basic echoing of POST vars straight from input, meaning echoing $_POST vars from a form....but if you need code for that, here... [code] <?php if(isset($_POST['login_test'])) {    echo $_POST['username'] ."<br>";    echo $_POST['password'] ."<br>"; } echo " <br> <form action=\"$self\" method=\"post\"> username <input type=\"text\" name=\"username\"> <br> password <input type=\"text\" name=\"password\"> <br> <input type=\"submit\" name=\"login_test\"> </form> "; ?> [/code] and to akitchin, then what is the point of validating input, in regards to SQL injection, if values in POST vars are already escaped? it would mean that, basicly, SQL injection isn't possible....right?
  5. ok, so I am trying to write a function that gets the string from POST vars and checks to see whether it is an SQL injection...anyways. So i'm testing it, and i'm using sample SQL injection queries, going as far as to hard code the SQL injection queries into my code. Then, and only then, is it actually working (the SQL injection). I could not figure out why my POST vars weren't giving the right comand...until I echoed them out, directly from input. It's strange (or not), that I found that they are automatically escaped? Meaning, if I wanted to input a query ' OR 1=1 -- ' It would echo out the POST variable (straight from input) all escaped and everything. Can anyone explain to me why this is happening? I checked my php.ini, and i'm not sure, but does this have anything to do with magic_quotes_gpc? I looked in there, changed almost every value of magic_quotes to Off, yet it still is automatically escaping POST vars. How is it doing this, as I thought SQL injection was a very important thing to catch, or is this just a feature of PHP 5?
  6. anyone..? anyone know how IPB or phpBB does it?
  7. Ok. What I would like to do is this. I have some forums that I custom coded, and each post/thread has a time() value placed in the database of when the post was submitted. Now, what I want to know how to do is how to check to see if a user has read that topic or not, showing the 'unread' topics. How would I go about doing this? Would I have to log every single user that has viewed the topic and do a check to see whether or not the user has read it? Or do I keep track of which topics the user has read....oranything i'm not thinking of...any help appreciated. I'm just wondering how forums like phpBB do it, they show topics that haven't been read by you, then when they have been read, they are set to a 'status' where it's not read....so confused. Thanks for any help. .deMoN. | www.AvengingSorrow.com
  8. ok. I have written a function for my private messaging system that I have written. It's supposed to return the total number of PM's a user has in his inbox. [code] function getTotalPM($id) {     $pm_query = "SELECT * FROM pm WHERE reciever='$id'";     echo mysql_num_rows(mysql_query($pm_query)); } [/code] What I want to know is if I can limit the results that this function returns to ones that only have the value of 1(in this case, PM's that have not been read) so I can then make a new function(getNewPM()) to return the number of unread PM's the user has. How would I modify this function to return the intended results?
  9. k, I would like to know how exactly I would go about selecting certain rows out of a mysql query. Example: the query: "SELECT * FROM pm WHERE reciever='$user_id'"; How would I sort through the results it returns to get only ones that contain the value of 1, and nothing else?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.