RE: [PHP] Form security

2001-05-24 Thread James Stevens 

Another way to do this is to have a form element with an odd name and value
that you can check for before processing the post. This is not too secure if
someone knows the name and value though. In that case you can use the
referer _and_ a unique element name and value that is related to the
referer. Checking for these items before processing the form should be
pretty good.

James

-Original Message-
From: phpman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 10:04 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Form security


Since nobody answered my last question (or any of them for that matter). Let
me rephrase it a little
different.

Other then checking the referer (to make sure the posted data came from the
right page)
 and user agent (to see if it exists), is there any other way to secure a
form from having other
forms submitting to it?

-dave



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] General Coding Question

2001-06-20 Thread James Stevens 

Does it have any effect on performance in either case if a file is
completely done in PHP(1) or interspersed with PHP(2).

(1)
";
...
?>

(2)

...

...

Also, and this is personal preference, which is easier to read/debug?

James


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Database Stored Procedure Result

2001-08-07 Thread James Stevens 

I use ODBC on a Win2K system to connect to a MS-SQL database. I use a stored
procedure in the database to add a record to a table. The stored procedure
returns a result code that is either the records ID or a -1 indication that
the record was not added. How do I check the return result in PHP using
ODBC?

Thanks in advance

James


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]