[QUOTE=turb_;24233011][img]http://imgs.xkcd.com/comics/exploits_of_a_mom.png[/img][/QUOTE]
Now I know Bob is short for Rob. I could never make the connection.
[QUOTE=arienh4;24262269]Yeah. The 'you and your co-admin' is why you need to sanitise. There could always be a possibility where you break your code by entering the wrong data.[/QUOTE]
Oh well, I'll live on the edge.
[QUOTE=advil0;24262540]Oh well, I'll live on the edge.[/QUOTE]
Seriously. You are a [b]bad programmer[/b] if you refuse to sanitize user input.
You should also store your passwords in plain text.
[QUOTE=vpaan;24264044]Seriously. You are a [b]bad programmer[/b] if you refuse to sanitize user input.[/QUOTE]
I'm sorry you think that, I know I'm not good, but if me and one other person are only going to be using it, and the ?uid&pid inputs will be valid everytime, what's the harm?
Don't take shortcuts it only takes a few lines of code to do.
[QUOTE=advil0;24266856]I'm sorry you think that, I know I'm not good, but if me and one other person are only going to be using it, and the ?uid&pid inputs will be valid everytime, what's the harm?[/QUOTE]
You're a bad programmer (I don't think that, it's a fact) if you refuse to implement security when the solution is basically handed to you.
Have you thought about if your so-called "Administrator" was hacked, or someone guessed his password being "123", and THEN screwed up your input?
Arien is completely right, not doing it now, is like telling everyone else that you are right. Just fucking do it. It takes 1 function to use, so why the hell not?
[editline]10:50PM[/editline]
Sorry if I sound like I'm raging, but this is beyond stupid.
[QUOTE=arienh4;24262197]With modifying code and self-teaching you get code that's [b]horribly[/b] unsafe and generally bad, since after even a year of just doing that you still don't know the language, you only know a bunch of functions.[/QUOTE]
Modifying and re-coding stuff you see. It's all I've ever done for any language and I'd say I'm a decent standard in both PHP & Lua now, with some basic-intermediate javascript on top too.
But, you have to be very very wary of what's going on with the code of course, or you end up copying shit.
[QUOTE=Fizzadar;24273484]Modifying and re-coding stuff you see. It's all I've ever done for any language and I'd say I'm a decent standard in both PHP & Lua now, with some basic-intermediate javascript on top too.[/QUOTE]
No, you're not. You might have a vague idea of what your code does, but you don't know why you use a particular way of doing this instead of another way, or even what that other way is and what its pros and cons are. You should really just pick up a book and learn the language, not others' implementation.
[QUOTE=arienh4;24273575]No, you're not. You might have a vague idea of what your code does, but you don't know why you use a particular way of doing this instead of another way, or even what that other way is and what its pros and cons are. You should really just pick up a book and learn the language, not others' implementation.[/QUOTE]
Believe what you will, I know my own capabilities and that's all that matters.
[QUOTE=Fizzadar;24275590]Believe what you will, I know my own capabilities and that's all that matters.[/QUOTE]
You obviously don't. That's not meant as an insult, I'm just saying that if you don't have the bigger picture of a language there is no way you can know how much of it you know.
[QUOTE=Qombat;24256214]As usual, you're missing my point.
[editline]03:46PM[/editline]
I was responding to[/QUOTE]
Like turb said, sanitizing isn't a "feature" it isn't the bells and whistles, it is beyond necessary and frankly you're an idiot if you don't take .5 seconds to type it in to the var you plan to query. You don't have a point, because not sanitizing is pointless. I think PHP6 should make it so if you don't sanitize before you query it just returns die("dumb");.
or it just does an sql injection itself to teach you
You should use prepared statements. If you don't want to, nobody can force you to. End of story. Nick and Ariën stop arguing.
[QUOTE=__vladh;24279785]Use prepared statements, end of story. Nick and Ariën stop arguing.[/QUOTE]
w/e.
[QUOTE=__vladh;24279785]You should use prepared statements. If you don't want to, nobody can force you to. End of story. Nick and Ariën stop arguing.[/QUOTE]
Says he who is likely to never even having seen a PHP manual, much less read one.
[QUOTE=advil0;24262233]This php file will never be given out, no users [b]but me and my co-admin will have the URL to it and what parameters you need to make it work.[/b] Also I figured the apostrophe issue out :)[/QUOTE]
Look up Google Skipfish.
Then come back and continue making your argument if you still feel that it is valid.
[QUOTE=arienh4;24283225]Says he who is likely to never even having seen a PHP manual, much less read one.[/QUOTE]
That doesn't make him any less right.
[QUOTE=Qombat;24285261]That doesn't make him any less right.[/QUOTE]
Fair enough. Can't be less right than wrong I guess.
[QUOTE=arienh4;24283225]Says he who is likely to never even having seen a PHP manual, much less read one.[/QUOTE]
Your ignorance is overwhelming, and this isn't VladH cock suck, this is you making a blunt assumption.
[QUOTE=nivek;24290512]Your ignorance is overwhelming, and this isn't VladH cock suck, this is you making a blunt assumption.[/QUOTE]
I know exactly what Vlad knows about PHP. You're the one making assumptions here.
The moment he starts selling something that is more or less his own work, let me know.
I'd encourage everyone to ignore trolls with no life. Thanks.
[QUOTE=arienh4;24290858]I know exactly what Vlad knows about PHP.[/QUOTE]
Highly unlikely.
Kevin see my above post.
Sorry, you need to Log In to post a reply to this thread.
