| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Comments:
<0> greg606: pastebin it
<0> evilx: its best to have no timeout, and fast code ;)
<1> you think that
<1> but there always a reason for a timeout
<2> i mean, the list from db, i want to put it in a table, beacose each row has 3 hidden fields with different values on each row. but next page its reading it. so i making something wrong. I have table, befor is some hidden field, sure in form tag but not closed beacouse submit button is only one o this page. so repeating my situation, <form, after that hiddens, submit button, and table, (each row ha
<2> s different additional hiddens values), and after table i closing the form...
<2> Evilx: itts for
<2> Evilx: you
<3> hey, i have strings that start and end with ", may contain ANY char and i need to regexp them if they contain "<" or ">", how can i do this?
<4> _hannes: preg_replace
<0> scopy: if you want to do it with only one form, you need to use arrays in the input names, like <input type="hidden" name="hidden1[<?=$line?>]"><input type="hidden" name="hidden2[<?=$line?>]">
<0> scopy: then when you receive the POST data on the next page, you can just access $_POST[hidden1][...] using line numbers for the ...
<1> so you want to add more forum, without clicking the main submit?
<1> form*
<3> yes stestagg but i cant create a valid pattern for this
<1> or hidden things
<4> _hannes: why not? what are you tring to do?
<0> evilx: he wants many rows, each with hidden data, and only one submit button for all of them
<1> ok
<2> Evilx: reformuling
<5> can anyone help me ?
<1> bobnormal, wouldnt it just be better to like <input type="hidden" name ="hidden[]" value="whatever?"> ?
<2> exactly my friends
<5> I need to write a CMS
<3> trying to do it with /"[\S(<,>)+]*"/i
<0> _hannes: if(preg_match("/[<>]/",$string) { ... }
<5> but I'd like to do it using templates
<4> p0windah: Good luck
<1> so you end up with just an array and not a ton of variables?
<3> but it matches too much - also for empty strings and strings without "<" and ">"
<5> what is the best database to use ?
<0> p0windah: everyone writes CMSs, and almost all of them ****, even the popular ones
<0> p0windah: it depends what you want
<6> p0windah: MySQL for speed, PostgreSQL for power.
<4> _hannes: join the regex room
<3> bobnormal i am parsing XML data, < > are generally allowed but not within " "
<0> woah someone's solved XML already
<0> trust me on that
<0> get a library from PEAR or something
<7> What is better: to p*** patterns and replacements as arrays to preg_replace() or to have multiple calls of preg_replace() ?
<5> well, I think I need Oracle - thats what we use at Uni
<8> kuja: power? elaborate on that please :P
<6> Rhizome: Triggers, views, stored procedures
<6> Oh, and transactions.
<8> mysql 5 :D
<5> and I know from my lecturers that its powerful enough, what is the PHP and Oracle integration like ?
<6> I doubt he'll be using MySQL 5.
<0> _hannes: or try /".*?[<>].*?"/
<8> I've been using 5 since beta, fun having to rewrite every beta release, but now it's quite stable :P
<6> If I was going to stick to one database, I'd write stored procedures.
<0> p0windah: haha you crack me up
<3> bobnormal this matches too much, matches ""1.0"?><match id="" isTeamGame="false" ", too
<5> what about Smarty - it looks like a powerful framework - but can I use it with ASP ?
<7> p0windah, what are you trying to do?
<7> Smarty is for Php and is really cool
<9> p0windah, what about php? looks like a powerful framework
<0> _hannes: i'm not clear what you want to match, if you don't want the .'s to match quotes just do the same but [^"] instead of .'s
<7> took me one day to figure out how it works
<0> _hannes: /"[^"]*?[<>][^"]*?"/
<6> Smarty... heh... cool... whatever.
<5> HowardTheCoward: but we need to integrate with other servers that run ASP, so all the PHP we use will need to cooperate with ASP also
<8> kuja: I found that stored procedures wasn't very effective, when I had 5000records using views and stored procedures, it was so slow I had to rewrite in php instead.
<0> i found smarty is not a good solution if the condition you need to cache the data upon is complex
<2> bobnormal: can you please writeme an example? of that thing with arrays?
<6> str_replace() is usually enough that you don't need caching.
<0> scopy: no
<7> p0windah, you need to connect to remote databases or only locally?
<2> why :( or point me some on web?
<5> bobnormal: well ours will be very complex, I estimate that there will be over 2000 lines of code!
<0> scopy: its ultra-basic php, just go and read http://www.devshed.com/ tutorials or something, that's where i started learning php years back, it's good(tm)
<5> bobnormal: and thats not even including all the database codes I need to do
<0> p0windah: oh great! thats mega-complex alright
<5> HowardTheCoward: will that make a difference ?
<2> thank you, but now i much apreciate some cooperation , i am not programmer realy. i wish to hire for a job..
<2> bobnormal: thank you, but now i much apreciate some cooperation , i am not programmer realy. i wish to hire for a job..
<10> hey all
<7> p0windah, if I wouldn't have to connect to remote databases, I wouldn't choose MySQL
<10> where can i learn about sql injection?
<0> p0windah: i have 10,000 lines in just ONE of my CMS include files
<1> scopy, it very simple
<5> bobnormal: wow, you must work for a big company or the government, right ?
<1> you wont even believe how simple it is, until you check it out
<0> p0windah: yes, i live in the golden triangle, and run a m***ive global database of heroin shipments
<1> just test it, make a form with 3 text boxes, and a submit, make the name of each textbox "tbox[]"
<7> bobnormal, I have to ***ume you like to write very long comments in your code :)
<5> bobnormal: fascinating, can I be your code pal ?
<6> bobnormal: That actually sounds like a government position, except you wouldn't tell us you were really trafficking drug. Now the government has you, die.
<1> then do a subprint and do print_r ( $_POST OR $_GET [ tbox] )
<0> howardthecoward: nope, but i have 200+ tables, a custom GIS mapping system, all data is multilingual, and a fully-fledged CMS
<0> kuja: yeah :)
<2> Evilx: i'll tryin..
<5> it's hard to troll
<2> Evilx: thanks for now
<0> p0windah: damn right
<5> I dont think I was even moderately successful either..
<7> bobnormal, do you use preg_replace() in your code ?
<0> p0windah: no, spotted you around about the database question
<0> howardthecoward: yes, occasionally
<0> howardthecoward: it's not too fast, but sometimes it's useful, especially if you also code perl and so think in regex ;)
<10> guys, how can i test sql injection?
<10> i put the code to fix it
<7> bobnormal, I humbly ask you to pay attention to my question (which I've posted already twice) and save my poor brain cells :)
<10> but how can i test it? what do i write in the text box?
<1> lol
<0> mbzle: depends on a lot of factors, basicaly you want to escape any external data you put in to your statements, then you're set
<10> bobnormal, can you give me a statement that may attack?
<10> i have a table name called: user and a field called username
<5> MBzle: if you understand what an sql injection is, do it yourself..
<6> ' OR '' <-- maybe
<0> mbzle: if you do something like "select $_POST[field] from $_POST[table]" then you lose
<11> what's the most efficient way to count the number of lines in a file? just count(file()) ?
<11> (I'm a bit worried about using file() if the file in question is rather large)
<10> kuja, ' OR '' or ' OR ' ?
<0> mbzle: if you do something like "select x from y where id=" . mysql_escape_string($_POST[id]) then you're better off
<0> mbzle: but there's an even better function that does character-set-specific escapes, i forget what it is
<10> bobnormal, http://pastebin.com/578207
<0> choongii: then get the output from the command "wc -l" using one of those system() or exec() or whichever one it is that gives you the last line of output
<10> kuja, can i PM you?
<11> hmm alright, thanks
<6> No
<12> told.
<1> lol, where the mysql injections, that nothing more, then mysql execute a query string bah
<1> mysql injection remote, not local
<10> guys, is this enough: http://pastebin.com/578209
<1> lol
<10> ?
<5> silly code
<1> heh
<10> p0windah, why?
<0> mbzle: i dunno why you used printf, looks confusing to me, check out my altered code
<1> MBzle, do you know what a mysql injection is?
<5> you understand that the code you posted would generate the following sql: LIKE '%".$item."
<5> you understand that the code you posted would generate the following sql: LIKE '%'sample'%' .. ?
<10> Evilx, isn't it where the user can write sql statement in the text box?
<5> and force me to type like a retard too ?
<1> i guess that could be a type of injections
<0> mbzle: http://pastebin.com/578214
<0> retards get free money
<13> Is $item an integer?
<1> bobnormal, i havent won the lotto yet, so i wont believe that statement
<13> wait, obviously not, ok
<5> :P
<0> evilx: no, you get it from the gov, but you have to register
<0> evilx: i'll help you for a percentage ;)
<1> goverment wont even give me finacial aid
<2> Evilx: well, i get an array, its nic, but how can i search trought array? when i clich checkbox it may set the index nomber, and on next page to triger it...
<2> Evilx: wow
<5> bobnormal: whats it called again.. Social Security ?
<0> dunno
Return to
#php
or
Go to some related
logs:
fedora ssod
#xorg
xtables compiled into kernel module not found
#lisp
toFixed is not a function
ubuntu cannot boot selected partition
netfilter state module
Can't locate object method issuer_name
SSL tester
#suse
|
|