Search found 60 matches
- Thu Mar 15, 2007 11:02 am
- Forum: Javascript
- Topic: ajax update problem
- Replies: 5
- Views: 824
- Wed Mar 14, 2007 12:31 pm
- Forum: Javascript
- Topic: ajax update problem
- Replies: 5
- Views: 824
- Wed Mar 14, 2007 12:18 pm
- Forum: Javascript
- Topic: ajax update problem
- Replies: 5
- Views: 824
- Wed Mar 14, 2007 12:07 pm
- Forum: Javascript
- Topic: ajax update problem
- Replies: 5
- Views: 824
ajax update problem
I am trying to retrieve temperature data from a txt file on the serve + update it every 3 seconds. I do get the updates, but the value is the same even when I go and change the temperature value manually from the txt file. What I mean is that, looks like ie chaches the temperature value or something...
- Thu Mar 01, 2007 3:40 pm
- Forum: PHP - Code
- Topic: check if a url exists.
- Replies: 5
- Views: 1004
- Thu Mar 01, 2007 3:35 pm
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
yes the id is selected from the database when the user provides the correct credentials... My concern was, that there would be a way to change a value of the session i.e. ID, after the user is logged in already. Suppose that the id is kept in a cookie. The user can easily modify the id of the cookie...
- Thu Mar 01, 2007 2:10 pm
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
I am sorry. By session id i meant the id of the user that is stored in the session.
Like:
Whenever there is a need to change some information about the user, the session["id"] is user for that purpose.
Like:
Code: Select all
$_session["id"]=23;- Thu Mar 01, 2007 1:55 pm
- Forum: PHP - Code
- Topic: check if a url exists.
- Replies: 5
- Views: 1004
- Thu Mar 01, 2007 10:18 am
- Forum: PHP - Code
- Topic: check if a url exists.
- Replies: 5
- Views: 1004
check if a url exists.
Is there a faster way of doing this? This method is really slow. function url_exists($url) { $a_url = parse_url($url); if (!isset($a_url['port'])) $a_url['port'] = 80; $errno = 0; $errstr = ''; $timeout = 30; if(isset($a_url['host']) && $a_url['host']!=gethostbyname($a_url['host'])){ $fid = ...
- Thu Mar 01, 2007 10:16 am
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
I have a security concern. Throughout my system i keep the user's id in the session, and every modification to the database is based on the session. Know the session id is not even encrypted. Is this a bad practice? I would suppose that a hacker could inject sombody esle's id in the session(say the ...
- Fri Feb 23, 2007 8:06 am
- Forum: PHP - Security
- Topic: hidden values vs sessions.
- Replies: 3
- Views: 1633
hidden values vs sessions.
Are sessions more secure then hidden values passed through post?
In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.
What do you think?
In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.
What do you think?
- Wed Feb 21, 2007 10:45 am
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
- Wed Feb 21, 2007 10:28 am
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
- Wed Feb 21, 2007 9:49 am
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
Thanks Mordred for your help. sms_email is validated + escaped when the user subscribes... There is one more concern I have. I use the confirmation for unsubscribe, subscription confirmation as well as when somebody forgets their password. This approach seems clumsy to me... Also can anybody illustr...
- Wed Feb 21, 2007 9:20 am
- Forum: PHP - Security
- Topic: unsubscribe/subscribe/forgotpassword security
- Replies: 19
- Views: 4465
Code: Select all
function quote_smart($value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}