FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sanitizing user input
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sanitizing user input [message #169849 is a reply to message #169846] Tue, 28 September 2010 13:14 Go to previous messageGo to previous message
Web Dreamer is currently offline  Web Dreamer
Messages: 13
Registered: September 2010
Karma:
Junior Member
Jerry Stuckle a écrit ce mardi 28 septembre 2010 13:21 dans
<i7sjqg$jo5$1(at)news(dot)eternal-september(dot)org> :

> Or, better yet, don't use a hosting company which has magic_quotes_gpc()
> enabled, and you can forget all about this mess. The whole thing has
> been deprecated and will be removed in PHP 6.0.

Concerning the hosting company, you get the point.
But sometimes we are asked do "develop" a web app to resell to another
company, which uses an already-in-production server and for which they can't
change the server settings without breaking an already-in-production-other-
application on the same server.
By doing so, you ensure that your code is portable.
The following ought also to always be included (with an include_once()
directive):
<?php
ini_set('magic_quotes_runtime', 0);
ini_set('magic_quotes_sybase', 0);
?>

since 'magic_quotes_gpc' can't be changed at runtime, the previous I posted
is still required.

But I agree that for our own personnel server, It's indeed better to chose a
proper hosting company. and that all the previous I have mentioned would be
useless (and will be deprecated in PHP6)


Oh, most important, if you are asked to develop on a server having other PHP
apps, and that you use sessions, it is IMPORTANT tu use:

ini_set('session.name', "SomethingElseThan_PHPSESSID");

before using any "session_start()".
This is because 'PHPSESSID' which is the default is probably used by another
application on the same server, and there is a potential risk of mixing
sessions...
Once the user's browser has a session id for a session name, it will send
the same to the same server even if they are two different applications, and
you can have bad surprises.
Imagine that in the $_SESSION array you store the grant level of a user
(admin, user, etc). Imagine this user has a login for each of the web apps
on the server, with the _same_ session.name but different grant levels,
(user on app1, admin on app2), imagine the array key in $_SESSION has the
same name for storing the grant permissions, if he logs in app1 first then
in app2 after, he becomes admin on both... (depends on your code behind).
Of course, this occurs only if they are on the _same_ server
(https://myserver.org/app1/ and https://myserver.org/app2/ )

Setting "ini_set('session.name', 'SomethingElseThan_PHPSESSID');" for each
of your Web apps is a better guarantee to avoid any of such potential
issues.
But this is out of the current subject, just felt it ought to be mentioned.

--
Web Dreamer
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: how to write a wsdl for php webservice?
Next Topic: ANNOUNCE - NHI1 / PLMK / libmsgque - Work-Package-II
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 06:11:57 GMT 2024

Total time taken to generate the page: 0.04128 seconds