On Friday 17 March 2006 15:10, Kevin Davies - Bonhurst Consulting wrote:
> I just picked up this thread, so excuse me if I'm repeating or have totally
> missed the point.
>
> Another concern I picked up from a PHP security book is using '--' - which
> simply comments out the remainder of the line (
http://www.virtuawebtech.co.uk
-Original Message-
From: tedd [mailto:[EMAIL PROTECTED]
Sent: 17 March 2006 14:30
To: php-general@lists.php.net; Rafael
Subject: Re: [PHP] Re: setcookie security concerns [medium]
Rafael:
>>>$thestyle= htmlentities($_POST['thestyle']);
>>set
(Comments inline)
tedd wrote:
[···]
From what I've read (PHP Cookbook by Sklar and other sources) the
reason why you don't want to use $_REQUEST is because it holds all the
variables from six global arrays, namely $_GET, $_POST, $_FILES,
$_COOKIE, $_SERVER, and $_ENV.
Actually, the
ass = '$pass'
Obviously restricting/validating form input entry would avoid this issue.
HTH,
Kevin
-Original Message-
From: tedd [mailto:[EMAIL PROTECTED]
Sent: 17 March 2006 14:49
To: php-general@lists.php.net; Rafael
Subject: Re: [PHP] Re: setcookie security concerns [medium]
Rafael wrote:
A tipical example would be a login script that uses the data
as it arrives, for example:
$login = $_POST['login'];
$passw = $_POST['passw'];
$sql = "SELECT * FROM user\n"
."WHERE( login = '$login' AND passw = '$passw' )";
In this case, what happens if I send so
Rafael wrote:
Actually, you receive $set via GET, so you should use $_GET
instead of $_POST. A lot of people use $_REQUEST (wich is a
combination of $_POST, $_GET and $_COOKIE -check the manual), but I
read somewhere that this isn't a good practice, though I don't
recall why :p
From what
Rafael:
Actually, you receive $set via GET, so you should use $_GET
instead of $_POST.
Yes, you are correct.
In my example --
http://www.sperling.com/examples/styleswitch/
-- the value doesn't look like it is being added to the url and thus
I mistakenly thought it was a POST. I wonder
(Comments inline)
tedd wrote:
[···]
One last question, considering the above code, would the following code
be a suitable replacement?
Actually, you receive $set via GET, so you should use $_GET instead of
$_POST. A lot of people use $_REQUEST (wich is a combination of $_POST,
$
You can't send use setcookie after headers have been sent to the browser,
you can have white space in a php block because this is not sent to the
browser. The exception is if you have output buffering enabled.
Jason
From: qartis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 5:14 P
He IS setting cookie before sending block. Note, that he is storing
the beginning of block in a HEREDOC, which he prints after setting
cookie.
Somewhere, he may be printing a blank line prior to setting cookie...that
problem has bitten me more than once, so now I'm on the look-out for it in
my
On Sun, 2002-01-06 at 16:01, Tyler Longren wrote:
> I have checked the manual. A few times actually.
>
> I have setcookie("usename", "$username");
> Will that cookie never expire? Or will it expire at the end of the browsing
> session? I couldn't find any details on that in the manual.
>
> Ty
I have checked the manual. A few times actually.
I have setcookie("usename", "$username");
Will that cookie never expire? Or will it expire at the end of the browsing
session? I couldn't find any details on that in the manual.
Tyler
- Original Message -
From: "George Nicolae" <[EMAIL
12 matches
Mail list logo
