AdaHacker's Profile User Rating: -----

Reputation: 452 Architect
Group:
Active Members
Active Posts:
811 (0.34 per day)
Joined:
17-June 08
Profile Views:
13,624
Last Active:
User is offline Today, 02:00 PM
Currently:
Offline

Previous Fields

Country:
US
OS Preference:
Linux
Favorite Browser:
Opera
Favorite Processor:
Who Cares
Favorite Gaming Platform:
Who Cares
Your Car:
Who Cares
Dream Kudos:
0

Latest Visitors

Icon   AdaHacker has not set their status

Posts I've Made

  1. In Topic: PDO insert record issues

    Posted 24 Sep 2013

    View Postmutago234, on 24 September 2013 - 12:56 PM, said:

    it seems that NOW() belongs in sql statements not in the array.

    Yeah, that's basically it. The execute() call is used to bind values to the query - you can't pass it fragments of SQL. So you'd either need to change your query to INSERT INTO tb (session_id,timing) values (:session_id,NOW()) or just calculate the value in PHP. Or, as modi123_1 suggested, you could just set a default on the "timing" column and not specify a value at all.
  2. In Topic: Sessions mysql deprecated to PDO conversion queries issues

    Posted 24 Sep 2013

    Well, the error pretty much says it all - $db is not defined. You created it you "database handler" but you never bring it into scope in your class methods. You would need to reference it with a global $db declaration in each method to make that code work.

    Of course, using global variables isn't such a great practice in the first place (maybe use a singleton or something instead), but that's a different issue.
  3. In Topic: Can't find the file on server glitch

    Posted 21 Aug 2013

    Just look at like 35 of your view_files.php:
    <td align=\"left\"><a href=\"download_file.php?uid=<?php{$row['upload_id']};?>\">{$row['file_name']}</a></td>
    

    Your uid parameter in the URL is messed up - you're including php tags when doing string interpolation. That means $_GET['uid'] is going to come through as <?php12345;?>, which will always get converted to zero when you cast it to an integer.
  4. In Topic: Select ID twice from a table in SQL

    Posted 21 Aug 2013

    View Postsquibby, on 20 August 2013 - 09:50 PM, said:

    I want the following output.

    SENT BY / MESSAGE / SENT TO / SENT DATE

    A UNION is not going to get you that format. Using a UNION will just lump together the results of two queries with the same result format into a single table. Something like your sample query would just give you a 3-column table with conflicting entries rather than the 4-column format you want.

    The easiest method would be to just join on your users table twice using two different aliases. That will allow you to independently match different user rows against different columns. For example, something like this should work:
    SELECT u1.user_real_name AS sentby, email_staff_log_message, u2.user_real_name AS sentto, email_staff_log_date_sent
    FROM email_staff_log, users AS u1, users AS u2
    WHERE email_staff_log.userid = u1.user_id AND email_staff_log.email_staff_log_sent_to = u2.user_id
    
    
  5. In Topic: Will Using A Form Key Stop Brute Force Attacks?

    Posted 9 Aug 2013

    View Postadn258, on 09 August 2013 - 04:31 AM, said:

    That said I'm assuming using just that wouldn't be foolproof since a hacker can keep the form keys in session, but I would assume this would slow things way down right?

    It might slow things down a little and stop the really stupid bots, but you're correct - it is by no means fool-proof. In fact, if you're concerned about brute-force attacks on your login page, this is basically no protection at all. Just look at the top of the linked article - this meant as a defense against XSS and CSRF attacks. It's most relevant after the user has already logged in.

    View PostCTphpnwb, on 09 August 2013 - 06:34 AM, said:

    This is why captchas are used.

    The problem with captchas is that, even at their best, they offer a bad user experience and so should be used sparingly. Putting one on a login page is like a big thumb in the eye to users. They would be more appropriate for things like sign-up forms that are harder to protect in other ways. A better solution for brute-force login attempts is to simply block logins to the affected account for X minutes after Y failed login attempts. Simply put, you can't effectively brute-force an account if you only get, say, 10 tries per hour.

My Information

Member Title:
Resident Curmudgeon
Age:
37 years old
Birthday:
August 16, 1977
Gender:
Location:
Brockport, NY
Interests:
On the technical front, I'm interested in software design methods, formal modeling, database theory, etc.. In more general terms, I like to play the piano, study philosophy, and work in my garden.
Years Programming:
14
Programming Languages:
PHP, Python, VB.NET/6, C#, SQL, ActionScript (mostly FLEX), and whatever other stuff I've worked with that I feel like including today.

Contact Information

E-mail:
Private
Website URL:
Website URL  http://linlog.skepticats.com

Friends

Comments

Page 1 of 1
  1. Photo

    AdaHacker Icon

    09 Feb 2011 - 15:18
    <shrug> Never really had anything to ask. I prefer to just take a quick browse through my favorite forums once in a while and provide a few quick answers. Less of a time commitment.
  2. Photo

    modi123_1 Icon

    09 Feb 2011 - 13:39
    Odd.. you are a member since Jun 2008, have 572 active topics, but have zero posts originated by you. Quirky.
Page 1 of 1