SitePoint Sponsor |
|
User Tag List
Results 51 to 75 of 219
Thread: PHP Quiz
-
Apr 5, 2003, 07:21 #51
- Join Date
- Feb 2003
- Location
- United States
- Posts
- 4
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Is it my turn to ask now?
-
Apr 5, 2003, 10:11 #52
- Join Date
- Jan 2002
- Location
- Canada
- Posts
- 6,364
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You sure you didn't test it..?
[ Edit: Missed third page; sure ask one now]
- Nathan
-
Apr 6, 2003, 08:57 #53
- Join Date
- Nov 2000
- Location
- Switzerland
- Posts
- 2,479
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Just barging in with a question;
Code:%27+AND+1%3D1
What is it trying to exploit?
How might it be used?
-
Apr 6, 2003, 10:53 #54
- Join Date
- Jul 2002
- Location
- Dallas, TX
- Posts
- 349
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by HarryF
' AND 1=1
And it would be added to a URL of a GET form, or typed into a text box in a form that does something (Like a login page or a delete page). It is trying to do an SQL Injection. So if the programmer used code like
PHP Code:$SQLStatement = 'SELECT * FROM Users '
. 'WHERE UserName=\'' . $_GET['UserName'] . '\' '
. 'AND Password=\'' . $_GET['Password'] . '\'';
mysql_query($SQLStatement);
SELECT * FROM Users WHERE UserName='Sojomy' AND Password='' AND 1=1
But I'm confused HarryF, shouldn't it be ' OR 1=1 so that it will find a user even if the Username and Password don't match, and still give you access? Or in a delete table, delete everything even if the query paramaters don't match?
Also, this will only work if magic_quotes_gpc is turned off, and the programmer does not use AddSlashes() on his data before puts it into the database. Was I close enough?
-
Apr 6, 2003, 11:49 #55
- Join Date
- Jan 2003
- Location
- Calgary, Canada
- Posts
- 2,063
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Pretty close, I think Harry was just trying to show how it could be done, and not an actual thing, but the 'OR 1=1 does make more sense.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
-
Apr 6, 2003, 13:00 #56
- Join Date
- Nov 2000
- Location
- Switzerland
- Posts
- 2,479
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Whoops - yep 'OR 1=1' ( *cough* ) - anyway - spot on!
-
Apr 6, 2003, 13:33 #57
Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Apr 6, 2003, 14:15 #58
- Join Date
- Nov 2000
- Location
- Switzerland
- Posts
- 2,479
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
-
Apr 6, 2003, 15:16 #59
- Join Date
- Jul 2002
- Location
- Dallas, TX
- Posts
- 349
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by seanf
But since I'm still new (I think) and Cyborg did answer the base64_decode, questionI'll let him ask a question for me.
-
Apr 7, 2003, 12:18 #60
That's the question I'm on about. If he doesn't post one soon feel free
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Apr 7, 2003, 18:07 #61
- Join Date
- Jan 2003
- Location
- Calgary, Canada
- Posts
- 2,063
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Go ahead, I am at a loss, been thinking for over 25 hours now... can't come up with anything.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
-
Apr 7, 2003, 21:04 #62
- Join Date
- Jul 2002
- Location
- Dallas, TX
- Posts
- 349
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by cyborg from dh
What is the point of using OOP to create classes that you will never instantiate more than one instance of at a time? I understand it makes stuff "cleaner" (as everyone here seems to put it), but so does putting the relative functions in a file together. So why is OOP a better method?
-
Apr 7, 2003, 21:36 #63
- Join Date
- Jan 2003
- Location
- Calgary, Canada
- Posts
- 2,063
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
In my opinion, in most cases, it isn't... Until PHP5 that is, which will bring more functionality in general to the entire OOP interface.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
-
Apr 10, 2003, 06:20 #64
Let's have a question ...
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Apr 10, 2003, 06:59 #65
- Join Date
- Sep 2001
- Location
- Singapore
- Posts
- 5,269
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by seanf
-
Apr 10, 2003, 07:08 #66
It's hard to think up questions, but hopefully we're all learning something
Question:
Which PHP extension allows you to process credit cards without a third-party (such as Authorize.Net)?
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Apr 10, 2003, 07:10 #67
- Join Date
- Nov 2002
- Location
- B'klyn, NY
- Posts
- 138
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
That would be cURL with SSL support
Nasir
nasir.us
-
Apr 10, 2003, 07:13 #68
That's right in that it can be used for that, but there's a specific extension I'm looking for. You're welcome to post a question though
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Apr 10, 2003, 07:17 #69
- Join Date
- Nov 2002
- Location
- B'klyn, NY
- Posts
- 138
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
ah, think I got it. But I'll give some one else a chance to guess first.
Will post my question in a few hours. leaving for college right now [img]images/smilies/biggrin.gif[/img]Nasir
nasir.us
-
Apr 10, 2003, 14:44 #70
- Join Date
- Nov 2002
- Location
- B'klyn, NY
- Posts
- 138
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Answer to sean's question is: CCVS & MCVE
don't have anything usefull to ask, how about what does LAMP stand for, in context of opensource development.Nasir
nasir.us
-
Apr 10, 2003, 20:54 #71
- Join Date
- Jul 2002
- Location
- Dallas, TX
- Posts
- 349
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Easy
Linux, Apache, MySQL & PHP
But I'm more of a WAMP kinda guy
-
Apr 10, 2003, 21:16 #72
- Join Date
- Nov 2002
- Location
- B'klyn, NY
- Posts
- 138
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
same here
Nasir
nasir.us
-
Apr 10, 2003, 22:29 #73
- Join Date
- Mar 2001
- Location
- Philadelphia, US
- Posts
- 2,205
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I thought the P in LAMP was PHP/Python/Perl.
TuitionFree — a free library for the self-taught
Anode Says... — Blogging For Your Pleasure
-
Apr 10, 2003, 22:40 #74
- Join Date
- Apr 2003
- Location
- everywhere and nowhere
- Posts
- 114
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Leave
All
Microsoft
Products
-
Apr 11, 2003, 11:53 #75
Question sojomy?
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
Bookmarks