| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Comments:
<0> much better
<1> okey.. but i want the prices to be encrypted for another reason than you have given before..
<1> thats the real reason
<2> i think i'm going to write an app to generate graphs from database tables
<1> but cant i use SUM(...... some way ?
<0> why
<3> like MRTG?
<1> jkorbes, because i need it for the time..
<0> why
<2> so apparently an orange soda spilled in my fridge a while ago. it's turned into glue on the bottom of my fridge
<2> ****ing gross
<1> bacuse i have written a big php script and need it to work this way for the time..
<1> later i can change it ..
<1> and i have a dead line..
<0> makes no sense
<1> well.. just answer this first do you know how to use SUM with te it .. please
<1> <4> no, you're trying
<1> with AES_DECRYPT
<1> sorry .. got pasted wrong
<4> what's with all the paranoid people today
<1> well.. just answer this first do you know how to use SUM with AES_DECRYPT ?
<4> first we get a guy who runs a site with 500K users who refuses to give out the URL
<1> that was the question
<4> now we have this idiot encrypting prices with AES
<0> lol
<2> aww
<1> well .. if i could tell you the reason i would make much more sense .. but i cant ..
<1> please understand ..
<2> i missed that social network guy :(
<4> let's encrypt the table names and the column names too
<3> what's wrong with taht??!
<4> encrypt your function names in PHP too
<0> teah
<0> *yeah
<0> SELECT 2d1f22df240b0fa4 FROM ed811e622451814d
<3> i encrypt my encryptions' encryptions' encryptions' encryptions' encryptions' too
<0> pretty much the most secure way, ever
<3> definitely
<0> or there's always SELECT DES_DECRYPT(DES_ENCRYPT('field', 'secret_key'), 'secret_key') FROM table
<0> works great
<1> okey.. i guess no one here knows..
<1> but thanx for the help
<1> :)
<0> people know how to do it
<0> you're just being too obtuse
<4> his efforts foiled by the history in the mysql client
<0> yes :(
<4> I love it when they spill the query when the database fails
<1> well.. is it so hard to tell ?
<4> I think what you're doing is stupid, I want to hear this reason before I help you
<0> the main thing is that it's a bad idea to do what you're doing
<0> personally, i prefer to keep most/all logical operations out of the db
<2> http://religionandpolitics.ytmnd.com/
<2> heh
<1> me to .. but this time i did not have a choise..
<0> that way, it makes it harder to rely on the db, instead, you must rely on your own code, which is a good thing
<0> why can't it be changed? is it a large existing db with encrypted prices?
<0> you can convert it easily
<1> okey .. thanks for the help ..
<4> that's great evulish
<1> bye
<4> where has trollboy gone?
<5> can i paste 5 or so lines in here
<4> pastebin
<5> just seems like a waste
<5> ok
<4> http://dalphp.shoggoth.net/rules.php
<5> http://pastebin.ca/150349
<5> i just wanna know how come this thing is coming out backwards
<4> coming out backwards?
<5> like
<4> I'd suspect the !
<5> if (!file_exists($filename))
<4> before file_exists
<4> as it returns TRUE when the file exists
<5> no i put that there at it works
<4> no
<5> but when i take off the ! it comes out backwards
<4> #
<4> if (!file_exists($filename))
<4> #
<4> {
<4> #
<4> echo "The file $filename DOES exist";
<4> That is incorrect
<4> you're wrong
<5> oh damn i see another error
<5> now its tellin me something is there when it isnt
<5> its either sayin to me that everything exists or everything doesnt exist when i dont use the !
<5> the whole statement isnt working it seems
<4> it works fine
<4> it's likely your file doesn't exist there
<4> echo out the $filename after you create it
<4> then in a shell type
<4> test -f <what $filename is>; echo $?
<5> then in a shell type?
<5> i echoed the file name... the path is correct
<4> Ok, this is the bottom line: The file does NOT exist
<5> The file /images/Pants/NTLP-55105.jpg DOES exist
<5> from
<5> echo "The file $filename does not exist";
<4> echo out $filename
<4> oh
<5> $filename = /images/Pants/NTLP-55105.jpg
<4> I see the problem
<4> the leading /
<4> you ****ing toy
<4> relative links start with ./
<4> not /
<5> :)
<4> / is the root of your filesystem
<5> ok le me try
<5> brilliant
<5> thank you
<4> also the user shouldn't be able to specify the data going into $noticia['folder1'] or $noticia['filename']
<4> or else you're vulnerable to some exploits if you read the file later, or modify it
<5> its a pulldown menu
<5> they cant type
<4> if it's in a hidden var, they can modify it
<5> is that still a problem?
<4> yes
<5> what kinda exploits?
<4> well say it reads the var filename from a form, or drop down menu, they could modify the data to put ../../../../../bleh to read other files
<4> as $noticia['filename'] if it's a form element of any type
<4> I don't know what you plan on doing with the actual files, so I can't say for sure whatever script you're making would be vulnerable, if I saw the entire script I could
<5> u wanna?
<4> sure, pastebin and I'll tell you
<5> the entire .php file?
<4> yes
<4> otherwise I'm left guessing, I have no clue how $noticia['filename'] is filled in, nor how it's used ultimately, or anything else
<4> #
<4> <form name="input" action="php_paging.php" method="get">
<4> #
<4> <p>
<4> #
<4> <label>Product Type<br>
<4> #
<4> <select name="select1">
<4> #
<4> <option selected>ALL</option>
<4> #
<4> <option>T-Shirts</option>
<4> #
<4> <option>Underwear</option>
<4> #
<4> <option>Pants</option>
<4> You see that?
<4> they can modify Pants, Underwear, etc
<4> it's not guaranteed to be valid data
<4> plus you should use escaping functions for the external data going into your SQL queries
<4> opens you up to certain SQL injection problems in certain instances
Return to
#php
or
Go to some related
logs:
wiski chic
#chat-world
joblees
#allnitecafe
#kl
#india
#chat-world
#java
hi 5/chat
girl4hire
|
|