On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
> Robert Cummings wrote:
>
> >
> > To punt what is repeated over and over during runtime to a single
> > compilation phase when building the template target. To simplify the use
> > of parameters so that they can be used in arbitrary ord
PJ wrote:
> Shawn McKenzie wrote:
>> Robert Cummings wrote:
>>
>>> On Wed, 2009-03-04 at 15:48 -0600, Shawn McKenzie wrote:
>>>
Whatever you do, please, please, please, for the love of all that is
holy, please, do not vilify potatoes! ...or the Irish :-)
>>> Potatoes
Shawn McKenzie wrote:
> PJ wrote:
>> Shawn McKenzie wrote:
>>> Robert Cummings wrote:
>>>
On Wed, 2009-03-04 at 15:48 -0600, Shawn McKenzie wrote:
> Whatever you do, please, please, please, for the love of all that is
> holy, please, do not vilify potatoes! ...or the Iris
Eric Butera wrote:
So here's some examples of bad behavior.
= Database =
Bad:
$name = mysql_real_escape_string($_POST['name'], $link);
myql_query("INSERT INTO foo (`name`) VALUES ('". $name ."')");
$name now contains slashes which means it is corrupt and not able to
be echo'd without a strips
Robert Cummings wrote:
On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
Robert Cummings wrote:
To punt what is repeated over and over during runtime to a single
compilation phase when building the template target. To simplify the use
of parameters so that they can be used in arbitra
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
> You only need to escape data coming from a user going in to your database.
If you put user input into your database and pull it back out, it's
still raw user input. Never trust any piece of data ever, whether it
comes from a superglobal OR within yo
On Wed, Mar 4, 2009 at 8:54 PM, Michael A. Peters wrote:
> Eric Butera wrote:
>
>>
>> So here's some examples of bad behavior.
>>
>> = Database =
>> Bad:
>> $name = mysql_real_escape_string($_POST['name'], $link);
>> myql_query("INSERT INTO foo (`name`) VALUES ('". $name ."')");
>>
>> $name now co
On Wed, Mar 4, 2009 at 6:27 PM, Eric Butera wrote:
> On Wed, Mar 4, 2009 at 8:54 PM, Michael A. Peters wrote:
> > Eric Butera wrote:
> >
> >>
> >> So here's some examples of bad behavior.
> >>
> >> = Database =
> >> Bad:
> >> $name = mysql_real_escape_string($_POST['name'], $link);
> >> myql_que
Eric Butera wrote:
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
You only need to escape data coming from a user going in to your database.
If you put user input into your database and pull it back out, it's
still raw user input. Never trust any piece of data ever, whether it
comes from a sup
On Wed, Mar 4, 2009 at 6:55 PM, Chris wrote:
> Eric Butera wrote:
>
>> On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
>>
>>> You only need to escape data coming from a user going in to your
>>> database.
>>>
>>
>> If you put user input into your database and pull it back out, it's
>> still raw use
Kyle Terry wrote:
On Wed, Mar 4, 2009 at 6:55 PM, Chris wrote:
Eric Butera wrote:
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
You only need to escape data coming from a user going in to your
database.
If you put user input into your database and pull it back out, it's
still raw user in
On Wed, Mar 4, 2009 at 20:10, Al wrote:
>
> $obligatoryFieldNotPresent=null;
>
> foreach($_POST, as $value)
> {
> if(!empty($value)continue;
Parse error. ;-P
--
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
50% Off All Shared Hos
On Wed, Mar 4, 2009 at 20:28, Shawn McKenzie wrote:
>
> Well, the ground beef is actually tartar and it goes without saying that
> it would be topped with foie gras and grape chutney with caviar on the side.
with gold-plated platinum flakes and diamond-dust salt.
--
daniel.br...@paras
On Wed, Mar 4, 2009 at 7:35 PM, Daniel Brown wrote:
> On Wed, Mar 4, 2009 at 20:28, Shawn McKenzie wrote:
> >
> > Well, the ground beef is actually tartar and it goes without saying that
> > it would be topped with foie gras and grape chutney with caviar on the
> side.
>
> with gold-pla
On Wed, Mar 4, 2009 at 22:46, VamVan wrote:
>
> Hey Guys I have Question. I just noticed that once the whoami thread
> reached 100 posts it automatically created another thread. Is this intended?
>
> Can a discussion be only 100 post's long??
>
> Just out of curiosity :)
In Gmail, yes. That
On Wed, Mar 4, 2009 at 7:50 PM, Daniel Brown wrote:
> On Wed, Mar 4, 2009 at 22:46, VamVan wrote:
> >
> > Hey Guys I have Question. I just noticed that once the whoami thread
> > reached 100 posts it automatically created another thread. Is this
> intended?
> >
> > Can a discussion be only 100
Actually no; you said "You only need to escape data coming from a user
going in to your database."
Using a known variable in my app is not going to cause an sql injection
problem.
switch ($value) {
case 'x':
$my_field = 1;
break;
default:
$my_field = 0;
}
an insert here with
On Wed, Mar 4, 2009 at 7:01 PM, Michael A. Peters wrote:
> Robert Cummings wrote:
>
>> On Wed, 2009-03-04 at 15:21 -0800, Michael A. Peters wrote:
>>
>>> Robert Cummings wrote:
>>>
>>> To punt what is repeated over and over during runtime to a single
compilation phase when building the temp
On Wed, Mar 4, 2009 at 7:12 PM, Shawn McKenzie wrote:
> Jason Cipriani wrote:
>> On Wed, Mar 4, 2009 at 2:10 PM, Shawn McKenzie wrote:
>>> Jason Cipriani wrote:
Is there a way to force PECL to use multipart/form-data encoding for
all post fields added with addPostFields, even when you a
Hello,
on 03/05/2009 02:31 AM Jason Cipriani said the following:
> Thanks. I actually had a look at the HttpRequest source code, and I
> can see the logic where it switches to multipart encoding if files are
> present but it actually appears that it's not possible to force it to
> do that. It's so
On Thu, Mar 5, 2009 at 12:48 AM, Manuel Lemos wrote:
> Hello,
>
> on 03/05/2009 02:31 AM Jason Cipriani said the following:
>> Thanks. I actually had a look at the HttpRequest source code, and I
>> can see the logic where it switches to multipart encoding if files are
>> present but it actually ap
Hello Jason,
on 03/05/2009 03:17 AM Jason Cipriani said the following:
>>> Thanks. I actually had a look at the HttpRequest source code, and I
>>> can see the logic where it switches to multipart encoding if files are
>>> present but it actually appears that it's not possible to force it to
>>> do
On Thu, Mar 5, 2009 at 1:48 AM, Manuel Lemos wrote:
> Hello Jason,
>
> on 03/05/2009 03:17 AM Jason Cipriani said the following:
Thanks. I actually had a look at the HttpRequest source code, and I
can see the logic where it switches to multipart encoding if files are
present but it
101 - 123 of 123 matches
Mail list logo
