| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
Comments:
<0> whoever: ah, injection <i>attack</i> gotcha
<1> my $insert=$dbh->prepare("insert into users(firstname,lastname) values(?,?)");
<1> $insert->execute($firstname,$lastname);
<1> this is the best ?
<2> yes.
<3> wazoeee: prepared statements in perl are used that way: $dbi->prepare("select * FROM TABLE WHERE name=? AND lname=?")->execute($a,$b);
<1> thats the most secure way to prevent SQL injection ?
<2> yes
<2> because the $a and $b never even _SEE_ the string
<1> because when using mysql_real_escape_string it also escapes a lot of other stuff such as \x00 \n ... ?
<3> thats the ONLY secure way
<1> what about placeholders then ?
<2> wazoeee: those '? *ARE* placeholders :)
<3> placeholders are sent apart from the query, mysql uses a different api for them
<1> heh.. and what if I have a select query .. ?
<0> same thing
<1> sql injection is possible then, no?
<2> no ..
<3> no
<1> can you tell me how to ? ;-)
<2> as long as you use placeholders
<3> wazoeee: read about placeholders/prepared statements (google)
<2> wazoeee: look at the query whoever posted
<1> with select
<2> wazoeee: and i've already gave you a url *TWICE*
<1> oh yeah ok ;)
<1> just always placing that ? and t hen with execute i give the arguments ?
<1> ok guys very nice .. :P
<4> Why doesnt this remove all blank lines from foo and bar? perl -i -e 'print unless (m/^\s*$/);' foo bar
<1> so i should not use DBD quote() function anymore coz the place holders do the trick right ?
<1> JohnQ: /g ?
<3> quote works but it's bad style
<2> wazoeee: yes. read the damn url.
<2> JohnQ: you need the -n flag
<2> perl -ni -e 'print if !/^\s*$/'
<1> http://www.answers.com/topic/sql-injection
<1> found it here
<1> "However, this is generally not the best way to approach the issue. DBI allows the use of placeholders, which let you bind data to a statement separately to defining the SQL statement. For databases that do not natively support placeholders, DBI emulates them by automatically applying the DBI::quote function to the values."
<4> Ah... I thought -i implied -n lemme try that
<1> damn nice :P
<2> perlbot placeholders
<5> You want placeholders: http://www.geekuprising.com/create_better_perl_and_sql_with_placeholders
<2> READ. THAT. URL.
<6> Botje wants placeholders.
<4> hmm -i seems to be troubled when going over a smb mount on a win XP machine.
<7> JohnQ: How so?
<4> "Can't remove foo: Text file busy, skipping file."
<8> heh
<7> So it's not really -i, but ANY deleting of the file.
<4> unlink works..
<9> GumbyBRAIN: my goat knows the bowling score
<10> The problem is i need is the score.
<11> GumbyBRAIN: placenta
<10> I like bagpipes and digeridoos, it's just buffered.
<12> Hi all.
<4> silly samba, NFS is for network filesystems.
<13> Samba is for wasting time on
<9> GumbyBRAIN: placental mammals are better than marsupials
<10> It's better than marsupials.
<9> thats it i'm specitist against marsupials
<4> better..... tasting?
<9> JohnQ: samba fills an important role, backwards compatability
<9> and i've got to sleep
<13> simcop2387: the problem is though, Samba itself has design issues
<4> but samba tastes very nasty compared to most placental mammals.
<14> how do form tokens prevent cross-site scripting and/or cross-site request forgeries?
<15> What are form tokens?
<14> b0at: when a user requests a form from a website, there's a hidden field containing a unique token. when the user submits the form, the token is also submitted. if the token the user submits doesn't match the form token in the user's session, the form submission is rejected
<15> oh
<15> Well, browsers prevent cross-site scripting on their own. And if you didn't ***ociate an address with the session, then a server grabbing the form with a token and letting its user submit a made-up form would work.
<15> But you would check whether a similar address submitted it with a valid token
<15> Of course, dynamic ips changing between page loads serve to expose the weekness behind believing ip addresses
<14> authorization based on ip address, on the internet, can't really work
<4> Ugh. I hate it when people with whom I have a professional relationship write me emails with "Dear.... " as the heading. Ick.
<15> litage: Obviously. The idea is that without address continuity, then anybody could be serving the form scraped from the original site.
<4> does perl have any modules to do things like get durations of audio tracks from a cdrom? (of course it does.... what is it called?) :-)
<15> And if you inform the user, then that may be an acceptable compromise (since it's short term). Of course, you could just ignore that problem and let it work as it may, denying access to anybody who rapes the content.
<3> JohnQ: search cpan
<4> quit
<4> err.. wrong window.
<3> JohnQ: http://search.cpan.org/~dougm/Audio-CD-0.04/CD.pm maybe thats something for you
<4> Actually I just found Linux::CDROM which might be the thing I need.
<16> .bs files are just .so libraries that perl can use right?
<17> mmm, bs files.
<17> got lots of those
<16> Ok, I solved my problem from last night.
<16> I installed too many uneccessary .deb packages. Not sure which ones caused the problem, but now I jsut have the bare minimum.
<12> http://use.perl.org/comments.pl?sid=31862&cid=48283 # A Cl***ic "use qmail instead!"
<12> Hi AI_coder
<12> AI_coder: I never understood what .bs files are.
<12> AI_coder: but I the .so's are the shared libraries themselves.
<4> I cant believe it... Audio::CD does not let you specify a cdrom device!
<3> version 0.04 afair
<3> change the code and submit it :p
<4> or ... just not use it :-)
<3> nah, better improve it
<4> no time!
<3> the next one who needs it will love you for that :p
<4> actually CDDB_get is better looking anyway
<18> my $now_string = strftime "%y%m%d", localtime;
<18> produces : 060623
<18> how do make it produce 60623
<18> ?
<12> lyy: hi.
<12> lyy: can't you use sprintf()?
<12> lyy: possibly in conjunction with some strftime calls?
<18> it's just that i don't know what strftime calls are
<18> i did a perldoc -f localtime
<12> lyy: there may also be a date module on CPAN (one of many) which is more powerful than strftime.
<19> localtime. To access this perldoc please type, at a command line, 'perldoc -f localtime'. You may also find it at http://perldoc.perl.org/functions/localtime.html
<18> and i saw a piece of code that did it
<18> and i kinda copied and changed it
<12> lyy: man strftime.
<18> ok
<12> lyy: it's in POSIX, I think.
<12> perldoc POSIX
<19> POSIX. To access this perldoc please type, at a command line, 'perldoc POSIX'. You may also find it at http://perldoc.perl.org/POSIX.html
<18> how to remove the first 0 out of a string?
<18> hehe
<15> map{s/^0//;$_}localtime
<20> Which are the good perl script for analyzing snort alerts and logs?
<21> what's the easiest way to find out of one integer cleanly divides another one?
<22> remaninder
<22> x % y
<0> perl_contractor: thats modulo
<22> yup
<21> thanks perl_contractor, dunno why i didn't think of it
<22> because I'm smarter but forgetful :)
<23> |^o_o^|: how/what do you want to analyse ?
<23> POE::Filter::Snort produces a hashref from snort output
<12> imMute: I think "remainder" is the result of the "modulo" operation.
<20> BinGos, the main alert file, i want to generate a good report from it
<24> Is buubot opensource ?
<23> buubot: source
<19> BinGOs: svn co svn://erxz.com/eb
<23> Not sure about the licence per se. You have to pester buu about that.
<20> Compilation failed in require at /usr/local/lib/perl/5.8.4/Filter.pm
<20> where do i need to put Filter.pm
<23> POE::Filter::Snort needs POE which needs Filter I think.
<23> but you don't necessarily need to use POE to use POE::Filter::Snort once it is all installed.
<25> I have a hash with names as keys and categories as values -- I want to print sorted by values then names - How can I?
<26> with sort
<23> perldoc -f sort # discusses this
<19> sort. To access this perldoc please type, at a command line, 'perldoc -f sort'. You may also find it at http://perldoc.perl.org/functions/sort.html
<23> |^o_o^|: the cpan module is your friend. perl -MCPAN -e shell then 'install POE::Filter::Snort'
<23> perlbot: life with cpan
<5> Information pertaining to the Comprehensive Perl Archive Network (CPAN) can be found at http://sial.org/howto/perl/life-with-cpan/
Return to
#perl
or
Go to some related
logs:
no password configured for vnc auth sarge
abe xnor
#lisp
#sdl
ubuntu fluxbox rotating screen -nvidia
ErenTurkay
gentoo emerge incomplete merge
umount device is busy nfs gentoo
startx Couldnt get a file descriptor referring to the console
perl chomp onliner
|
|