Dormilich's Profile User Rating: *****

Reputation: 3489 Guru
Group:
Mentors
Active Posts:
10,054 (6.64 per day)
Joined:
08-June 10
Profile Views:
49,482
Last Active:
User is offline Today, 09:05 AM
Currently:
Offline

Previous Fields

Country:
DE
OS Preference:
Mac
Favorite Browser:
FireFox
Favorite Processor:
Who Cares
Favorite Gaming Platform:
Who Cares
Your Car:
Volkswagen
Dream Kudos:
1000
Expert In:
PHP
Icon   Dormilich DÜV core member

Posts I've Made

  1. In Topic: Odd little issue when submitting form to update page information.

    Posted 30 Jul 2014

    there you have it. you have an unchecked request to an URL parameter and if that’s not present, you get the observed warnings.


    Quote

    And out of curiosity. I've been able to find out how it's done, but how does this make it more secure? I couldn't find the answer to that. It looks like in the end it's just performing the query the same way?

    see also: http://en.wikipedia....pared_statement

    the trick lies in content-code-separation. SQL Injection draws its danger from having data interpreted as SQL. if you treat data only as data (by parsing the SQL before you retrieve the data) you cannot execute SQL code from inside the data.
  2. In Topic: Odd little issue when submitting form to update page information.

    Posted 30 Jul 2014

    the problem lies within the functions that re-insert the updated values, i.e. $Dox->PageContent() etc. somewhere in there you get the shown errors.
  3. In Topic: Odd little issue when submitting form to update page information.

    Posted 30 Jul 2014

    two issues
    1) you’re highly susceptible to SQL Injection. use prepared Statements!
    2) your data outputting methods emit those warnings, you should look inside their code to see what’s wrong.
  4. In Topic: datetime is not what I think it is, is it?

    Posted 30 Jul 2014

    View PostEdNolan, on 30 July 2014 - 03:42 AM, said:

    $query =INSERT INTO usersystem (`userid`, `username`, `password`, `email`, `lastlog`, `signup_date`) VALUES (NULL,$username,$password,$email, CURRENT_TIMESTAMP, NOW())";
    $insrt = $mypdo->prepare($query);
    $insrt->execute(array(NULL,$username,$password,$email->uid));
    

    that’s not a prepared statement, that’s a regular query (with some errors to weed out)
  5. In Topic: Codeigniter's $this->db works in a controller and not in

    Posted 30 Jul 2014

    View Postmurume, on 30 July 2014 - 01:54 AM, said:

    I've heard so much noise about Laravel but this whole Composer business just turned me off.

    what does the one have to do with the other? besides, without that composer stuff, Node wouldn’t be where it is without npm (which is the javascript equivalent of composer)

My Information

Member Title:
痛覚残留
Age:
Age Unknown
Birthday:
April 18
Gender:
Location:
Behind the Wall
Interests:
kicking Pardona’s a**(*)
Full Name:
Bertold von Dormilich
Years Programming:
10
Programming Languages:
JavaScript, PHP, XSLT, Turbo Pascal, BASIC

Contact Information

E-mail:
Private
AIM:
AIM  Dormilich
Skype:
Skype  Dormilich

Comments

  • (2 Pages)
  • +
  • 1
  • 2
  1. Photo

    EdNolan Icon

    30 Nov 2013 - 15:36
    Many thanks for all the many times you have helped me !!!
  2. Photo

    andrewsw Icon

    02 Aug 2013 - 14:40
    Congratulations on 3000+, a nice big number!
  3. Photo

    raghav.naganathan Icon

    28 Dec 2012 - 04:26
    Dude...you sure are the best in the web development forums!!! :)
  4. Photo

    htmlovin Icon

    16 Oct 2012 - 07:21
    Great help thanks! This guy knows his stuff helping me clear up somethings in html/css
  5. Photo

    AnalyticLunatic Icon

    25 Sep 2012 - 12:48
    Just wanted to stop by and say thanks for that bit about "clear:both" when using floats in HTML/CSS. That solved a long-standing issue I have been having in Firefox! ^^
  6. Photo

    vivian2012 Icon

    17 May 2012 - 12:24
    Hello dear friend,

    Great to communicate with you and to know each other for relationship if you don't mind and have desire to correspond with me,i will appreciate you communication through my email address so that we can get to know more of each other.

    my email is ( vivianwilliams40@yahoo.com )
    vivianwilliams40 at yahoo dot com
  7. Photo

    RudiVisser Icon

    05 Sep 2011 - 04:32
    Thank you! :D
  8. Photo

    RudiVisser Icon

    12 Aug 2011 - 02:35
    Thanks yeah, the session class I have is pretty much like that, but also acts as a singleton and fake session handler! Both get the exact same effect :D
  9. Photo

    aaron1178 Icon

    31 Jul 2011 - 16:50
    Isn't it about time you get a promotion to moderator it think :)
  10. Photo

    codeprada Icon

    26 Apr 2011 - 13:12
    congratz... i gave u ur 900th rep
  11. Photo

    bhoop_computers Icon

    25 Apr 2011 - 19:20
    hello
  12. Photo

    Vip3rousmango Icon

    13 Apr 2011 - 07:58
    Thanks for the rep! :) Appreciated.
  13. Photo

    EnvXOwner Icon

    19 Mar 2011 - 10:35
    Hey! I found you on, http://bytes.com/dormilich
  14. Photo

    skyhawk133 Icon

    05 Mar 2011 - 08:35
    Thanks for all you've done for DIC lately! Congrats on the forum leader of the month recognition!
  15. Photo

    Dogstopper Icon

    15 Feb 2011 - 16:13
    Thanks for handling the PHP Challenge!
  • (2 Pages)
  • +
  • 1
  • 2