32 Topics

Member Avatar for
Member Avatar for Pelle_3

Hi, all. I am using Entity Framework and decided to do some dependency injection in order to make my functions more testable. This seemed to bring up a few questions that I found difficult to solve. I guess the difficult part is figuring out the best practice of doing this, …

0
195
Member Avatar for mattyd

I am beginning what appears to be the daunting task of securing all of my code from injections, XSS, etc. I have been reading about some of it and it is a bit overwhelming. I just wanted to come here and ask for experts' advice on the main things I …

Member Avatar for mattyd
0
439
Member Avatar for mgold

I love the idea of dependency injection. I started doing psuedo dependency injection on my own before I knew about DI because I was frustrated programming without it. I then discovered Guice. From a program design point of view, I like it a lot. Everything is much more decoupled and …

Member Avatar for JeffGrigg
1
279
Member Avatar for Silas_1

I have 1 or actually 2 problems. I have 2 sites, the first one generates a table with avatar, coins, and name (which links to a more detailed view like this `/stats/user/?name=<dynamic name>`. It looks like this: <table> <thead> <tr> <th>#</th> <th>Points</th> <th>Name</th> </tr> </thead> <tbody> <?php error_reporting(E_ALL); define ( …

Member Avatar for diafol
0
328
Member Avatar for begueradj

Hello How do we call the attack that consists in inserting PHP/JavaScript codes within a remote website's pages ? Thank you

Member Avatar for veedeoo
0
248
Member Avatar for flynismo

Good morning all I'm having a problem with injecting a class into the constructor of another class. I am creating an MVC framework, for learning purposes. In bootstrap.php, it loads the various classes needed, and also instantiates a few classes Code snippet for bootstrap.php below. <?php /** * file: /system/core/Bootstrap.php …

Member Avatar for flynismo
0
190
Member Avatar for castajiz_2

If someone can provide a link with the use of Parameters instead of concatenation

Member Avatar for JorgeM
0
141
Member Avatar for Sabyre

Greetings, I have a site that was created back when the dinosaours were around and of course there is a feedback form that wasn't secure and was generating spam via injections. I have implemented my typical measures; CAPTCHA, preg_match, trim, stripslashes, strip_tags, and even preg_replace. Still the spam continues. I …

Member Avatar for diafol
0
373
Member Avatar for Junior_1

hello! i want to add 3rd party EXE into form. but problem is i think it almost impossible to change without using dll injection . before i was try several method but all failed. actually i was try with vb or vb.net because i almost don't know c++ but vb …

Member Avatar for meta.quota
0
313
Member Avatar for tony75

Hi Anyone can explain whats means with this vulnerability(Blind SQL Injection) and explain Attack details 1 and 2? 1. This vulnerability affects /xxxx/. Discovered by: Scripting (Blind_Sql_Injection.script). Attack details Path Fragment (suffix .html) input - was set to -1' or 61 = '59 2. This vulnerability affects /xxxx/. Discovered by: …

Member Avatar for tony75
0
695
Member Avatar for minitauros

Just curious about your thoughts on this subject. **Example:** www.site.com/?id=1 or www.site.com/?id=8adyfa8df614812yasdf (which is also "1", but encrypted) What would you recommend? What do you use? Anyone with pros and/or cons on if you should encrypt your URL data? **My thoughts:** Pros (to encrypting URL data): - Makes it harder …

Member Avatar for pritaeas
1
213
Member Avatar for diafol

Having just found 'traits' - see http://www.daniweb.com/web-development/php/threads/468928/php-trait-method-conflicts-trait-inheritance#post2043565 I was wondering whether they could be used to share a DB connection object across disparate classes, or would the old singleton or dependency injection methods still be the way to go? I'd value any views on this.

Member Avatar for diafol
2
713
Member Avatar for pwolf

I am working towards the goal of a social site, however, being a beginner, I have many questions I need to answer before getting anywhere! One of these is in regards to embedable scripts/ web apps/ widgets. I would like to allow the users of the site to upload web …

Member Avatar for pwolf
0
533
Member Avatar for genieuk

Hi, Me again... Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db. I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB $query = "INSERT INTO …

Member Avatar for pritaeas
0
273
Member Avatar for fheppell

I have a snippet of mysql which is filled in with two variables: SELECT `download` FROM `images` WHERE `owner_un`='$owner' AND `url`='$url' The `$url` variable comes directly from a URL variable. This input should only ever contain alphanumeric characters, if this helps. Thanks for any help

Member Avatar for fheppell
0
208
Member Avatar for Reverend Jim

A lot of questions in the VB.NET forum are database related. Most of the code that gets posted result in one or more comments like "use parameterized queries to avoid SQL injection attacks". I won't describe the nature of a SQL injection because it is easily looked up via google. …

Member Avatar for Reverend Jim
6
5K
Member Avatar for devianleong

Hi, I'm new to PHP and I want to know how to prevent SQL injection? Any php features can prevent the SQL injection?

Member Avatar for veedeoo
0
229
Member Avatar for mhaselip

Hi. i was wondering if somebody could help me. Im looking for a php function to check a get and post methods for any type of hack or injection i.e. xss php java html mysql injection. the function needs to check the get or post methods prior to using it …

Member Avatar for dany12
0
195
Member Avatar for gotboots

Hi there, I have recently been looking into encryption, for MySQL and php, to figure out someway to encrypt the information in the database, or more to the point before it goes in, or decrypted when it comes out. What I'd like to happen is for the info submitted from …

Member Avatar for gotboots
0
203
Member Avatar for patrick1981

I want to manually test my sites to check if they are secure against SQL injections. Whats a good way to attempt it. How do I get started? thank you

Member Avatar for patrick1981
0
182
Member Avatar for RazorRamon

I've been looking to secure a site that has many queries involved. I've always known about mysql real escape string for a while but recently i ran across prepared statements. I had a few questions about them. Is it a good idea to use both? is this over kill? When …

Member Avatar for diafol
0
154
Member Avatar for Octet

I have the following PHP: [CODE]<?php define('DB_NAME', 'database'); define('DB_USER', 'root'); define('DB_PASSWORD', 'password'); define('DB_HOST', 'localhost'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if (!link){ die('Could not connect to database'); } $db_selected = mysql_select_db(DB_NAME, $link); if (!$db_selected) { die('Could not connect to the database'); } $value = htmlspecialchars($_POST['Name']); $value2 = htmlspecialchars($_POST['Email']); $value3 = htmlspecialchars($_POST['Subject']); …

Member Avatar for Octet
0
157
Member Avatar for Octet

I am currently using MySQL so people can send my a message that shall be stored in the database. The only issue is I have no idea how to protect against SQL Injection, below is my HTML: [CODE]<form action="Action.php" method="POST" /> <p>Name: <input type="text" name="Name" /> </p> <p>Comment: <input type="text" …

Member Avatar for diafol
0
145
Member Avatar for ShadyTyrant

I have a theory about the design of a new site I am working on. If a user accounts table is in one database, and the site content tables in another database, then it would be impossible for a hacker to use SQL injections in a form unrelated to the …

Member Avatar for joehms22
0
137
Member Avatar for rv1990

What is mysql injection and how is it done? Please help me with an example

Member Avatar for rv1990
-1
158
Member Avatar for Tehim

I find for just numbers type_digit() works great combined with addslashes() but what about for a mixture, to prevent SQL injection?

Member Avatar for digital-ether
0
780
Member Avatar for Tehim

I was just wondering if it can or not. Otherwise wouldn't this code work great for stopping SQL injection? [code=php] $some_post = addslashes($_POST['some_post']); if (!ctype_alnum($some_post)) { //error } else { //all good } [/code]

Member Avatar for diafol
0
340
Member Avatar for ctrl-alt-del

Good evening all, First of all, I've been curious about supposedly wrong things in the past. So let me clarify this first: I am in no way trying to hack some program, have malicious intent, or anything of that nature!! That being out of the way, the scenario is as …

Member Avatar for pseudorandom21
0
157
Member Avatar for prem2

Dear all, I have using db operations such as insert,update,select,delete in my program .I have perform this operation using the prepared statement. How to avoid the sql injection in my java program.? *)I want to know functions to avoid the escape characters in java ? *)Did any one know what …

Member Avatar for Taywin
0
1K
Member Avatar for waveydaveywaves

right now my php script is vulnerable to anyone putting in a random member_id into the url and having it excute sucessfully how can I encrypt the id="id#" in the url, so a guest is unable to type in there own id in the posted id retrieved through the url? …

Member Avatar for waveydaveywaves
0
215

The End.