Jump to content

vbmark

Members
  • Posts

    14
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

vbmark's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Does this look like the right way to do READ UNCOMMITTED in Laravel? $cars = Cars::raw('SET SESSION TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;')->Active()->get(); Thanks!
  2. It looks like this is called a replay attack. I think it can be addressed by something like this http://en.wikipedia.org/wiki/Cryptographic_nonce However, I'm going to need a lot more coffee to understand how to implement something like this on my site.
  3. Yeah, that's the thing, you request the first page then you have everything you need. It's an interesting problem that I know isn’t just restricted to PHP. I wonder if it’s just something that everyone lives with or if there is actually is a solution. I’m going to keep looking.
  4. I thought I was being clever by checking the referrer but that doesn't matter since the header includes that. I am assuming the user agent is already in the header too so when you copy the first transmission in Fiddler you’ve got that too.
  5. I have a game site where you press buttons and get back random words from database tables. One of the things I was working hard to prevent on my site was someone creating either a desktop application or a web app that simply calls my PHP code to pull my data. It is data that is freely available to users who are not logged in so they can play without an account, but I want them to use my site, of course, to play and access the data. I don’t want someone creating a copy and using my resources. However, someone just showed me how, by using fiddler, they can bypass all my protection schemes by simple getting the header and by resending that header they can pull the data from anywhere, desktop, or web app, as easily and quickly as they want. How do I prevent this? Thank you!
  6. Thank you, sir. I appreciate your answer.
  7. Using this framework: http://stefangabos.ro/php-libraries/zebra-database/ The author says: "It encourages developers to write maintainable code and provides a better default security layer by encouraging the use of prepared statements, where parameters are automatically escaped." The documentation shows an example of an Insert as: $db->insert( 'table', array( 'column1' => 'value1', 'column2' => 'value2', )); The framework code that gets run is: function insert($table, $columns, $ignore = false, $highlight = false) { // enclose the column names in grave accents $cols = '`' . implode('`,`', array_keys($columns)) . '`'; // parameter markers for escaping values later on $values = rtrim(str_repeat('?,', count($columns)), ','); // run the query $this->query(' INSERT' . ($ignore ? ' IGNORE' : '') . ' INTO ' . $table . ' (' . $cols . ') VALUES (' . $values . ')' , array_values($columns), false, $highlight); // return true if query was executed successfully if ($this->last_result) return true; return false; } The question is: Is the example secure against SQL injection or do I need to write it differently? Thank you! Mark
  8. I found Zebra Database. (Edited: Removed part indicating my impatience. Sorry.)
  9. Hello, I am looking for a PHP user management library that allows me to know if a user is logged in or not so that I can hide, display, or disable content based on this. I tried usercake only to find out that it only does page level authentication (unless I am missing something.) I cannot find a library that does this. Is there such a thing or must I write my own? Thank you.
  10. Joomla is too sluggish for me and I don't care about seo. Thanks though.
  11. Basically what I am looking for is something like this desktop software named Keynote http://www.tranglos.com/free/ except as a website. I have considered writing my own but 1) I am not as fast in PHP as I am in ASP.NET, and I would rather have this in PHP. 2) I really don't have a lot of free time right now. I have actually considered using WordPress and have not ruled it out yet. As for you sorting me a personal one out, if you could pump out the framework for something like the above Keynote software, that would be cool. Thanks, Mark
  12. Hello, I am looking for a CMS basically for my personal notes. I need something: Lite and fast. Good search feature. Good security. Hierarchical type structure. (Content with sub-content or sub-folder). That has not been abandoned a year ago but is still being improved. Joomla and Drupal seem kind of sluggish to me. Any recommendations? Thanks! Mark
  13. Hello, I've been using MySQL for my PHP projects, and am starting a new one. However, this time I would like to take advantage of using a cloud based database. It seems Google Apps does not allow you just to connect your app to their cloud for your data storage (correct me if I'm wrong.) You have to use their framework and Java or Python. So is there any solution out there to connect my PHP project to some data cloud managed, backed up, optimized, etc by some third party provider? Thanks! Mark
  14. Hello, Is there a way to somehow email text to a php page? I want to be able to get the body and subject of an email to a php page so that I can parse it and email it back. Thanks! Mark
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.