Code:
$sql="INSERT INTO user_details (uname,email,re_email,pass1,pass2,phone,ustate,cit y,street,pin) VALUES ('$name1','$email1','$re_email1','$npass1','$npass 2','$phone1','$state1','$city1','$street1','$pin1' )";
bakertaylor28
Last Activity: Feb 27 '23, 12:40 AM
Joined: Feb 21 '21
Location:
-
This is your problem:
The problem is that SQL doesn't know which record to file because you need a WHERE clause to identify the uname field so that SQL knows which record in the database... -
We prevent unauthorized users from accessing a session left open simply by causing an automatic logout within a short time. As an example, the SSA website automatically logs you out after 3 minutes from the last POST packet sent unless you input information back into the system. As for the security of php sessions, the problem is that it is always possible to steal a PHP session via MITM / Cookie theft. This problem is best dealt with in the server...Leave a comment:
-
The better way of dealing with XSRF is to deal with it outside of PHP. XSS/XSRF is better dealt with by sending the appropriate headers in the server config (e.g. apache's conf file using mod_headers). This is because if the server forces headers that prevent XSS/XSRF we then prevent PHP (or any other CGI) from invoking an XSS/XSRF attack. (e.g. we cause Apache, Nginx, etc. to shut down the attack before it even gets started). Therefore, if we are...Leave a comment:
-
As a matter of policy we want to be using the die() function to end the script when dealing with SQL applications and the situtation calls for an error or exception handling, therefore:
Should be:Code:else { echo 'Error! Failed to insert the file' . "<pre>{$dbLink->error}</pre>"; }
...Code:else {Leave a comment:
-
This is your problem - logins are better done by storing a session var:Code:header("Location:/wediscuss%20forum/index.php?signupsuccess=false&error= $showError ");
...Code:... // After checking against database We set session variable to 0 when logged out and 1 when logged in $_SESSION['login'] === foo; //We then evaluate for login: if ($_SESSION['login']
Leave a comment:
-
PHP is most similar in function to it's direct competitor, Microsoft ASP. That said, some common languages which are sometimes used as alternatives to PHP in the real-world context include, but are not limited to:
1. Java
2. JavaScript
3. Visual Basic Script (VBS)
4. Python
5. Ruby
6. Go
7. Elixir
8. C#
9. TypeScript
10. ErLang
11. ElmLeave a comment:
-
bakertaylor28 started a topic How do we call a function with parameters and use output returning true/false in php?in PHPHow do we call a function with parameters and use output returning true/false in php?
How do we use something like the following? I can't seem to find anything practical on how to use the true/false return or on how to supply parameters to a function.
...Code:<?php function validate_email($email){ $exp = "^[a-z\'0-9]+([._-][a-z\'0-9]+)*@([a-z0-9]+([._-][a-z0-9]+))+$"; if(eregi($exp,$email)){ if(checkdnsrr(array_pop(explode("@",$email)),"MX")){ -
I don't know about books, but there are excellent sources on the web to learn php. W3Schools is a good starting point: https://www.w3schools.com/php/ code academy is another good resource: https://www.codecademy.com/learn/learn-phpLeave a comment:
-
That is true, (and I agree it can make things much easier for the PHP initiated) but it also encourages bad code writing for the uninitiated- simply put, larvel was not written in such a way that is forgiving in terms of security, thus the uninitiated shouldn't be using it if they don't know how to write secure php code. Rather, I view frameworks as making learning PHP code a little more difficult because then you have to learn BOTH the framework...Leave a comment:
-
Larvel is simply a framework environment that has a lot of basic things which are a given that saves time in writing the php code, and makes it easier to scale up an application. However, if you don't understand pure php, Larvel isn't going to help you much. It's better to learn pure php first, and THEN look at frameworks.Leave a comment:
-
Sorry about changing while you was replying but rather, I tend to do that due to cognitive style. That said, I was responding in general as an overview in light of the entire thread, and explaining things in the sense of an overview of programming and hacking in particular- the thought processes via which hackers think in the real world and how things tend to happen more than not. One of the most secure ways of deploying applications is in a mainframe...Leave a comment:
-
The thing is that in a word- you don't- you don't need to. There's four basic strategies to hack a password with respect to an application. They are:
1. Brute force (sitting down at a terminal and trying random passwords until one works).
2. Dictionary Attack. ( Using a dictionary of common passwords or previously dumped passwords and trying them sequentially.)
3. MITM attack (get the password by capturing data from...Leave a comment:
-
bakertaylor28 replied to Need an Apache server that I can access anywhere, just to practice PHP, mySQL, etc.in ApacheWhat you could do is install a VM with Tor, SSH, and apache or whatever, and then use Tor to create an onion service that answers to an apache server or whatever. As long as you leave the VM running, you can use ssh to access it from outside the VM and outside your local network via an .onion domain. You can read more about that here: https://en.wikipedia.org/wiki/.onion you can get Tor here: http://www.torproject.orgLeave a comment:
-
This is most likely because you don't have python installed on the system, or there's some other dependency issue going on.Leave a comment:
-
Its possible, but its a security risk, because FTP is not encrypted can give the user a shell, if you're not careful with it. You'd want to use SFTP or SSH instead.Leave a comment:
-
bakertaylor28 replied to how to fetch data like enter name to show username . enter-----[name] hear show --in PHPYou can do an html form element and submit it to php to get variables, but you can't update variables in real time with php. That would require AJAX.Leave a comment:
-
The problem is that you can't pull from the SQL directly in FPDF, rather you need to store the blob in a global var and then use that, because FPDF can't interact with the SQL statement, because it is a class. A class can't interact with variables constructed outside the class UNLESS it is a global var. Thus you need something like:
...Code:global $image; $image = $row['image]'; ... this->Image(
Leave a comment:
-
Which, from my understanding, is what the return is for in the function:
So That, within the If statement the following become more or less equivalent:Code:function privcheck() { $priv = $_SESSION['priv']; [B] return $priv;[/B] }
Code:if ( $priv === foo) { }Also, using...Code:if ( privcheck() === foo) { }Leave a comment:
-
First of all, what you have to contend with is how "up to date" a tutorial, etc. is. For example, prepared statements didn't even exist before around 2004, and therefore you're not going to see them in php tutorials from before then, and not a lot for some time after- because after they put something in the code, it takes time for the news to get around and enough people to learn it before we start seeing it in tutorials and the like. ...Leave a comment:
-
This code has two big problems-
First you should always be using prepared statements to prevent SQL injection. The second, is that it is easier to avoid using
a session variable directly in SQL- it is better to set regular var to Session Var:
...Code:<?php session_start(); if ( !isset ($_POST['carid'] )) { exit('please input a carid'); } $username = $_SESSION['username'];Leave a comment:
No activity results to display
Leave a comment: