SitePoint Sponsor

User Tag List

Page 3 of 9 FirstFirst 1234567 ... LastLast
Results 51 to 75 of 219

Thread: PHP Quiz

  1. #51
    SitePoint Member
    Join Date
    Feb 2003
    Location
    United States
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is it my turn to ask now?

  2. #52
    SitePoint Wizard silver trophy someonewhois's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    6,364
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You sure you didn't test it..?


    [ Edit: Missed third page; sure ask one now ]

  3. #53
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just barging in with a question;

    Code:
    %27+AND+1%3D1
    What is this?
    What is it trying to exploit?
    How might it be used?

  4. #54
    SitePoint Addict sojomy's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by HarryF
    Just barging in with a question;
    Code:
    %27+AND+1%3D1
    What is this?
    What is it trying to exploit?
    How might it be used?
    Ok, I'm just guessing. But I think that it is
    ' AND 1=1
    And it would be added to a URL of a GET form, or typed into a text box in a form that does something (Like a login page or a delete page). It is trying to do an SQL Injection. So if the programmer used code like
    PHP Code:
    $SQLStatement 'SELECT * FROM Users '
                  
    'WHERE UserName=\'' $_GET['UserName'] . '\' '
                  
    'AND Password=\'' $_GET['Password'] . '\'';
    mysql_query($SQLStatement); 
    And the user typed in Sojomy for the username, and ' AND 1=1 for the password, the actual SQL Query would look like this

    SELECT * FROM Users WHERE UserName='Sojomy' AND Password='' AND 1=1

    But I'm confused HarryF, shouldn't it be ' OR 1=1 so that it will find a user even if the Username and Password don't match, and still give you access? Or in a delete table, delete everything even if the query paramaters don't match?

    Also, this will only work if magic_quotes_gpc is turned off, and the programmer does not use AddSlashes() on his data before puts it into the database. Was I close enough?

  5. #55
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Pretty close, I think Harry was just trying to show how it could be done, and not an actual thing, but the 'OR 1=1 does make more sense.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  6. #56
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Whoops - yep 'OR 1=1' ( *cough* ) - anyway - spot on!

  7. #57
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  8. #58
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
    Sorry - couldn't help myself

  9. #59
    SitePoint Addict sojomy's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by seanf
    Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
    Technically, I am the one who answered HarryF's question, Cyborg just validated it
    But since I'm still new (I think) and Cyborg did answer the base64_decode, questionI'll let him ask a question for me.

  10. #60
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's the question I'm on about. If he doesn't post one soon feel free

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  11. #61
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Go ahead, I am at a loss, been thinking for over 25 hours now... can't come up with anything.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  12. #62
    SitePoint Addict sojomy's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cyborg from dh
    Go ahead, I am at a loss, been thinking for over 25 hours now... can't come up with anything.
    Well I can't think of anything trivial, so I'll ask a question that I want to know the answer to, and I'm sure HarryF will jump right on it...but others feel free to if he doesn't.

    What is the point of using OOP to create classes that you will never instantiate more than one instance of at a time? I understand it makes stuff "cleaner" (as everyone here seems to put it), but so does putting the relative functions in a file together. So why is OOP a better method?

  13. #63
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In my opinion, in most cases, it isn't... Until PHP5 that is, which will bring more functionality in general to the entire OOP interface.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  14. #64
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let's have a question ...

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  15. #65
    SitePoint Wizard silver trophy redemption's Avatar
    Join Date
    Sep 2001
    Location
    Singapore
    Posts
    5,269
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by seanf
    Let's have a question ...

    Sean
    Why don't you post one, sean? Otherwise everyone will just be looking to each other for the question.

  16. #66
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's hard to think up questions, but hopefully we're all learning something

    Question:

    Which PHP extension allows you to process credit cards without a third-party (such as Authorize.Net)?

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  17. #67
    SitePoint Zealot nsr81's Avatar
    Join Date
    Nov 2002
    Location
    B'klyn, NY
    Posts
    138
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That would be cURL with SSL support
    Nasir
    nasir.us

  18. #68
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's right in that it can be used for that, but there's a specific extension I'm looking for. You're welcome to post a question though

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  19. #69
    SitePoint Zealot nsr81's Avatar
    Join Date
    Nov 2002
    Location
    B'klyn, NY
    Posts
    138
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ah, think I got it. But I'll give some one else a chance to guess first.

    Will post my question in a few hours. leaving for college right now [img]images/smilies/biggrin.gif[/img]
    Nasir
    nasir.us

  20. #70
    SitePoint Zealot nsr81's Avatar
    Join Date
    Nov 2002
    Location
    B'klyn, NY
    Posts
    138
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Answer to sean's question is: CCVS & MCVE

    don't have anything usefull to ask, how about what does LAMP stand for, in context of opensource development.
    Nasir
    nasir.us

  21. #71
    SitePoint Addict sojomy's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Easy
    Linux, Apache, MySQL & PHP
    But I'm more of a WAMP kinda guy

  22. #72
    SitePoint Zealot nsr81's Avatar
    Join Date
    Nov 2002
    Location
    B'klyn, NY
    Posts
    138
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    same here
    Nasir
    nasir.us

  23. #73
    Sidewalking anode's Avatar
    Join Date
    Mar 2001
    Location
    Philadelphia, US
    Posts
    2,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I thought the P in LAMP was PHP/Python/Perl.
    TuitionFree a free library for the self-taught
    Anode Says... Blogging For Your Pleasure

  24. #74
    SitePoint Zealot jgreen's Avatar
    Join Date
    Apr 2003
    Location
    everywhere and nowhere
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Leave
    All
    Microsoft
    Products

  25. #75
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Question sojomy?

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •