Darren's Outpost - Weblog Archives

Page 2 of 2 ( 13 entries , showing 11 - 13 )
Previous 1 2

Friday September 30, 2005

PHP register_globals - 6:26 pm
Coding , PHP , Security - DaRen

There are numerous ways and possibility which makes your code unsecure when PHP register_globals directive is set to ON.

Below are few examples:

Unsecure Example 1 [ Hide ]

[ Highlight ] [ Text ]

<?php
session_start();
$_SESSION['test'] = "original";
$test = "modified";
echo $_SESSION['test'];
 
// this will output "modified" instead of "original"
?>

Unsecure Example 2 [ Hide ]

[ Highlight ] [ Text ]

<?php
$_SESSION['test'] = $something;
echo $_SESSION['test'];
 
// Point to the file in browser, with query append to the back:
// test.php?something=modified
// The string "modified" will be output
?>

Permalink:Short |

( 0 comment ) | # 5 |

Thursday September 29, 2005

SQL Joining - 6:42 pm
Coding , SQL - DaRen

Permalink:Short |

( 0 comment ) | # 4 |

Thursday September 29, 2005

SQL displaying brief info - 3:49 pm
Coding , SQL - DaRen

This is how you display the first 100 characters of a string in your DB and add '...' at the back.

Display excerpt from a long string [ Hide ]

[ Highlight ] [ Text ]

SELECT CONCAT(SUBSTRING(acol, 1, 100), IF(LENGTH(acol) > 100, '...', '')) AS brief
FROM atable

Permalink:Short |

( 0 comment ) | # 3 |

Page 2 of 2 ( 13 entries , showing 11 - 13 )
Previous 1 2

February 2012