FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » GUI designer in html
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PS Re: GUI designer in html [message #182483 is a reply to message #182481] Wed, 07 August 2013 17:52 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
On 07/08/13 17:51, Twayne wrote:
> On 2013-08-05 7:32 PM, The Natural Philosopher wrote:
> ...
>
>>>>
>>>> The MySQL server allows having statements that do return result
>>>> sets and
>>>> statements that do not return result sets in one multiple statement.
>>>> "
>>>>
>>>
>>> You need to scroll down to the middle of the page and read
>>> *Security considerations* and *Example #2*.
>>>
>>>
>> Furthermore the manual for mysql_query (as opposed to mysqli_query)
>> actually states:
>>
>> "*mysql_query()* sends a unique query *(multiple queries are not
>> supported)* to the currently active database on the server that's
>> associated with the specified /|link_identifier|/. "
>
> Yes, that's true. As a relative newcomer to PHP and the fact that
> MYSQL is being deprecated, as long as mysqli is available on my servers;
> wouldn't it be wise to go in the mysqlI direction?
>
> I've no intention of making multiple queries currently but ... I
> haven't used "i" yet either so I'm far from guru; I can only go by
> what I read and the MYSQL reference to mysqli for multiple queries,
> should the occasion arise. In fact, I've only ever experimented with
> MYSQL itself; though I am using it on one of my own sites.
>
> To me, it simply seems like the right way to go. Do you disagree
> with that?
>
>
>> so it would seem that this actual sql injection method is an urban myth.
>
> Well, I've seen a few exploits and how they're done, and I've used
> one of them, and I did successfully trash my database. So, not so sure
> that's 100% the case; perhaps it's just you're good at writing
> sanitize/validate code?
>
>>
>> From PHP anyway.
>>
>> ISTR I actually tried it once to see if my code was robust. I failed to
>> destroy the database or indeed any data, at all.
>>
>
> Interesting observations/experiment; thanks for the info. Don't you
> think it's actually due to your own code? Just curious, mostly.
>

I really don't know. I tried everything I could think of.

I suppose defensive coding is a habit you get into when writing code, as
are copious comments and the use of 'highest common factor' language
constructs, in case the poor sod who has to maintain it after you are
gone doesn't actually understand regexp or WHY. I know I never have :[-)

Its always taken less time to do it another way, than really learn the
syntax.


> Good post,
>
> Twayne`
>
>


--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: GD Function help
Next Topic: Help with PHP BD imaging functionality
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 15:37:34 GMT 2024

Total time taken to generate the page: 0.04883 seconds