| GUI designer in html [message #182422] |
Sun, 04 August 2013 06:32  |
Lightee
Messages: 2
Registered: August 2012
Karma: 0
|
Junior Member |
|
|
Would the web application developers here recommend some Visual-basic like GUI designer for HTML? I find it rather tedious to design web forms in HTML code manually. Is there a good tool for this job?
Thank you.
|
|
|
|
| Re: GUI designer in html [message #182423 is a reply to message #182422] |
Sun, 04 August 2013 07:17  |
J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 04/08/13 08:32, Lightee wrote:
> Would the web application developers here recommend some Visual-basic like GUI designer for HTML?
> I find it rather tedious to design web forms in HTML code manually. Is there a good tool for this job?
I tend to see such tools make poor html which may only work in certain
browser. I would suggest you look at something like Bootstrap which will
make it a lot easier to make good looking sites and you need to fiddle
less with the html/css as much is already designed for you.
For forms I would most likely just build up functions generating the
right type of input, and then have a array which describes which
variables to use, which type of input and the text (label, description),
then generate the output based on the content of the array, if you need
to change something, add/remove from the array as you please and you
don't need to make any changes for html.
--
//Aho
|
|
|
|
|
|
| Re: GUI designer in html [message #182426 is a reply to message #182424] |
Sun, 04 August 2013 12:10 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 04/08/13 09:23, Tim Streater wrote:
> In article <5d478759-277d-41b1-bdab-f6e1b2076093(at)googlegroups(dot)com>,
> Lightee <lightaiyee(at)gmail(dot)com> wrote:
>
>> Would the web application developers here recommend some Visual-basic
>> like GUI designer for HTML?
>
> No.
>
>> I find it rather tedious to design web forms in HTML code manually.
>> Is there a good tool for this job?
>
> No.
>
I ended up writing my own libraries.
functions which, given a bunch of parameters set up an form element
onscreen.
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
| Re: GUI designer in html [message #182429 is a reply to message #182422] |
Sun, 04 August 2013 13:48 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 8/4/2013 2:32 AM, Lightee wrote:
> Would the web application developers here recommend some Visual-basic like GUI designer for HTML? I find it rather tedious to design web forms in HTML code manually. Is there a good tool for this job?
>
> Thank you.
>
Why are you asking about html designers in a PHP newsgroup?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: GUI designer in html [message #182434 is a reply to message #182429] |
Sun, 04 August 2013 16:22 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-04 9:48 AM, Jerry Stuckle wrote:
> On 8/4/2013 2:32 AM, Lightee wrote:
>> Would the web application developers here recommend some Visual-basic
>> like GUI designer for HTML? I find it rather tedious to design web
>> forms in HTML code manually. Is there a good tool for this job?
>>
>> Thank you.
>>
>
> Why are you asking about html designers in a PHP newsgroup?
>
Duhhh, probably because HTML has a large place within PHP?
|
|
|
|
| Re: GUI designer in html [message #182435 is a reply to message #182434] |
Sun, 04 August 2013 16:33 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <ktlv4s$isl$1(at)speranza(dot)aioe(dot)org>,
Twayne <nobody(at)spamcop(dot)net> wrote:
> On 2013-08-04 9:48 AM, Jerry Stuckle wrote:
>> On 8/4/2013 2:32 AM, Lightee wrote:
>>> Would the web application developers here recommend some Visual-basic
>>> like GUI designer for HTML? I find it rather tedious to design web
>>> forms in HTML code manually. Is there a good tool for this job?
>> Why are you asking about html designers in a PHP newsgroup?
> Duhhh, probably because HTML has a large place within PHP?
It's still not a PHP question, O soppy one.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
| Re: GUI designer in html [message #182436 is a reply to message #182422] |
Sun, 04 August 2013 16:40 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-04 2:32 AM, Lightee wrote:
> Would the web application developers here recommend some Visual-basic like GUI designer for HTML?
I find it rather tedious to design web forms in HTML code manually. Is
there a good tool for this job?
>
> Thank you.
>
Yes, there are a few decent WYSIWYG editors and some text editors too,
which display text in various colors to differentiat various things.
In the "old" days I used NVU to make websites; quite capable, free, and
functional.
http://net2.com/nvu/
Netobjects Fusion 12 or later is an excellent wysiwyg web site
generator. It include a LOT of features, is not free, and is fully
capable of handling fairly large web site (couple hundred pages).
Auto-menues, galleries, pretty much all you could want, and works with
many 3rd party apps.
Ive written a total of 4 sites, 8 over the years, with it.
As I mentioned, it's a "Generator" of code, allows for PHP et al,
and is database formatted, though you don't need to use that to enjoy
its uses.
See:
http://netobjects.com/
Then there are text editors like Notepad++ and NoteTAB Pro, both
excellent text editors.
NoteTab comes with libraries for a lot of apps, and lets you create
your own should you want to, with ease. NotePad++ is probably a little
better IMO at text coloring but NoteTab is more intuitive, predictive
and handy when all of its features are considered.
Either would make a good editor. And both allow you to send files to
your local server if you have one setup.
Is that anywhere near what you were asking?
I can't comment of vb code or vb.net but vb.net is VERY capable but I
couldn't afford the subscriptions and eventually opted for Fusion 12. I
have'nt looked at Fusion 13 yet but its main claim to fame seems to be
writing HTML 5 code. As I always do I'll wait for another rev to come
out so the initial bugs get fixed before I contemplate purchasing it.
HTH,
Twayne`
|
|
|
|
| PS Re: GUI designer in html [message #182437 is a reply to message #182422] |
Sun, 04 August 2013 16:47 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-04 2:32 AM, Lightee wrote:
I feel it's necessary to let you know that HTML forms are notoriously
famous for being hacked, cracked and used by miscreants for spamming
using your forms.
The best way to alleviate those exposures is to learn PHP coding, IMO.
You may write your first page in HTML, and then use a second PHP page to
do all the testing of input data on the server-side where no one can see
it working nor can they easily get past a rotund random code and
sanitization and validation codes.
php.net and w3schools both have excellent tutorials for learning PHP.
It's similar to but different from C++ language, but it provides a lot
of protection when used correctly.
Also IMO, avoid Captcha code at all costs! Duplicate it yourself, or
parts of it, like the protection, but don't use their idiotic, hard to
read code images; they keep out as many people as they do robots.
Captcha code however is a pretty decent learning code; just don't use
it<GRIN>.
Regards,
Twayne`
|
|
|
|
| Re: PS Re: GUI designer in html [message #182439 is a reply to message #182437] |
Sun, 04 August 2013 17:09 |
J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 04/08/13 18:47, Twayne wrote:
> On 2013-08-04 2:32 AM, Lightee wrote:
>
> I feel it's necessary to let you know that HTML forms are notoriously
> famous for being hacked, cracked and used by miscreants for spamming
> using your forms.
It's not the HTML forms, but the scripts which are to handle the input
which do not validate the content properly, no HTML WYSIWYG will make
the script to validate better, no matter how pretty the form looks like.
> The best way to alleviate those exposures is to learn PHP coding, IMO.
> You may write your first page in HTML, and then use a second PHP page to
> do all the testing of input data on the server-side where no one can see
> it working nor can they easily get past a rotund random code and
> sanitization and validation codes.
Rule one, always validate user input, no matter if it's always your
mother who does the input, one day she may just try to see what happens
if she enters "'; drop database youdatabase; #" as input and as you
never have a backup of the database, you lost everything.
> Also IMO, avoid Captcha code at all costs! Duplicate it yourself, or
> parts of it, like the protection, but don't use their idiotic, hard to
> read code images; they keep out as many people as they do robots.
> Captcha code however is a pretty decent learning code; just don't use
> it<GRIN>.
I would advice to never write your own captcha or copy those average
Aarav (kind of Indian Joe), as they usually do include a lot of issues
with security and validation, if using captcha use something like
reCaptcha from Google.
--
//Aho
|
|
|
|
| Re: PS Re: GUI designer in html [message #182448 is a reply to message #182439] |
Sun, 04 August 2013 21:01 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-04 1:09 PM, J.O. Aho wrote:
> On 04/08/13 18:47, Twayne wrote:
>> On 2013-08-04 2:32 AM, Lightee wrote:
>>
>> I feel it's necessary to let you know that HTML forms are notoriously
>> famous for being hacked, cracked and used by miscreants for spamming
>> using your forms.
>
> It's not the HTML forms, but the scripts which are to handle the input
> which do not validate the content properly, no HTML WYSIWYG will make
> the script to validate better, no matter how pretty the form looks like.
>
>
>> The best way to alleviate those exposures is to learn PHP coding, IMO.
>> You may write your first page in HTML, and then use a second PHP page to
>> do all the testing of input data on the server-side where no one can see
>> it working nor can they easily get past a rotund random code and
>> sanitization and validation codes.
>
> Rule one, always validate user input, no matter if it's always your
> mother who does the input, one day she may just try to see what happens
> if she enters "'; drop database youdatabase; #" as input and as you
> never have a backup of the database, you lost everything.
Right on! ALL user input, even including things like Radio Buttons and
drop-down Lists should be sanitized and closely scrutinized for any type
of code injection, injected scriptings, all sorts of things.
Also keep in mind that there IS NO such thing as a perfectly 100%
secure website and/or webform in particular.
If one is determined enough and has the proper tools, they WILL
hack the site and its forms! All one can hope to accomplish is to make
it too slow, or too much trouble, to use any methods at all. And another
reason to not copy a captcha script is that tools to crack them are easy
for the bass turds of the world to find and use. All one can do is to
make it hopefully out of reach of their tools and methods to bother with
any particular site. It's a trade-off on how locked you want things to
be and how much interference your visitors are ready to put up with
because sometimes the users rebel at too many hoops. It's best of course
if they never see or suspect why things are, but will still not object
to what strategies that are not going to seriously make them feel like
idiots or bots themselves.
Another strategy is to allow only so many mistakes in submitting or
filling out a form and, depending on what you're monitoring, ban further
input from their IP or Proxy for an hour, 24 hours, whatever you wish.
Personally my forms will allow two error-prone attempts and on the 3rd,
remove their access permanently. .htaccess is one ticket to doing that.
>
>> Also IMO, avoid Captcha code at all costs! Duplicate it yourself, or
>> parts of it, like the protection, but don't use their idiotic, hard to
>> read code images; they keep out as many people as they do robots.
>> Captcha code however is a pretty decent learning code; just don't use
>> it<GRIN>.
>
> I would advice to never write your own captcha or copy those average
> Aarav (kind of Indian Joe), as they usually do include a lot of issues
> with security and validation, if using captcha use something like
> reCaptcha from Google.
Personally I'd avoid using Captcha of any sort although you're right,
reCaptcha is a gentler, kinder captcha for most users. But to get one
introduced to a lot of the possibilities of site security, it's a free,
common thing to study, including some articles about the scripts
available to hack Captcha et al. But that's another book. Better to try
and learn from those who have been there before you, and help you to
understand more and more about Security all the time.
I was in error by using the word "copy" there. I didn't mean to copy
pieces of the captcha code, but to copy and hopefully improve on the
methods used in the scripts. It makes for a good starting point, is
free, and introduces one to the myriad possibilities of PHP.
I do of course agree that HTML simply cannot be made XSS or
injection protected. PHP on the other hand offers many great ways to
achieve those goals.
>
>
Decent post, J; I'd have liked to include a LOT more about sanitizing,
validation techniques et al, but that would be like writing a book
which, strangely enough, has already been covered off on some reputable
websites for PHP and even some pretty decent tuts.
Valid, reliable links are always a good way to avoid re-writing
books or parts of them and there are a few great sites out there for
that purpose. I usually recommend php.net, w3schools, Tizag and NAS as
great starting points but there are others. Just be sure to research any
site you choose before going there: Some of them are pretty ignorant or
even malware-passing pieces of junk! Always check a site's reputation
before using them or even accessing them, if possible.
IMO W3schools is easier to understand, wastes less screen
real-estate, and in general is as knowledgeable as any about PHP and its
features and functions.
Regards,
Twayne`
|
|
|
|
| Re: PS Re: GUI designer in html [message #182449 is a reply to message #182439] |
Sun, 04 August 2013 21:23 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 04/08/13 18:09, J.O. Aho wrote:
> On 04/08/13 18:47, Twayne wrote:
>> On 2013-08-04 2:32 AM, Lightee wrote:
>>
>> I feel it's necessary to let you know that HTML forms are notoriously
>> famous for being hacked, cracked and used by miscreants for spamming
>> using your forms.
>
> It's not the HTML forms, but the scripts which are to handle the input
> which do not validate the content properly, no HTML WYSIWYG will make
> the script to validate better, no matter how pretty the form looks like.
>
>
>> The best way to alleviate those exposures is to learn PHP coding, IMO.
>> You may write your first page in HTML, and then use a second PHP page to
>> do all the testing of input data on the server-side where no one can see
>> it working nor can they easily get past a rotund random code and
>> sanitization and validation codes.
>
> Rule one, always validate user input, no matter if it's always your
> mother who does the input, one day she may just try to see what
> happens if she enters "'; drop database youdatabase; #" as input and
> as you never have a backup of the database, you lost everything.
>
>
well if you use addslashes or convert that string to a hexadecimal, it
will end up like that in the database.
Probably converting to hex is the simplest conceptually.
function sanitize_for_sql($user_garbage)
{
return ("0x".hex($user_garbage));
}
Then
mysqli_query($link, "update mytable set mystring =
".sanitize_for_sql($user_garbage)." where id = "int($id));
should be safe
>> Also IMO, avoid Captcha code at all costs! Duplicate it yourself, or
>> parts of it, like the protection, but don't use their idiotic, hard to
>> read code images; they keep out as many people as they do robots.
>> Captcha code however is a pretty decent learning code; just don't use
>> it<GRIN>.
>
> I would advice to never write your own captcha or copy those average
> Aarav (kind of Indian Joe), as they usually do include a lot of issues
> with security and validation, if using captcha use something like
> reCaptcha from Google.
>
>
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
| Re: PS Re: GUI designer in html [message #182453 is a reply to message #182439] |
Mon, 05 August 2013 00:59 |
Norman Peelman
Messages: 126
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 08/04/2013 01:09 PM, J.O. Aho wrote:
> On 04/08/13 18:47, Twayne wrote:
>> On 2013-08-04 2:32 AM, Lightee wrote:
>>
>> I feel it's necessary to let you know that HTML forms are notoriously
>> famous for being hacked, cracked and used by miscreants for spamming
>> using your forms.
>
> It's not the HTML forms, but the scripts which are to handle the input
> which do not validate the content properly, no HTML WYSIWYG will make
> the script to validate better, no matter how pretty the form looks like.
>
>
>> The best way to alleviate those exposures is to learn PHP coding, IMO.
>> You may write your first page in HTML, and then use a second PHP page to
>> do all the testing of input data on the server-side where no one can see
>> it working nor can they easily get past a rotund random code and
>> sanitization and validation codes.
>
> Rule one, always validate user input, no matter if it's always your
> mother who does the input, one day she may just try to see what happens
> if she enters "'; drop database youdatabase; #" as input and as you
> never have a backup of the database, you lost everything.
>
>
That's only if you go out of your way to enable multiple statements
by using 'mysqli_multi_query()', which doesn't support prepared
statements. By default mysqli_query() and mysqli_real_query() do not
allow multiple queries separated by semi-colons.
http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|
|
| Re: GUI designer in html [message #182457 is a reply to message #182434] |
Mon, 05 August 2013 02:11 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 8/4/2013 12:22 PM, Twayne wrote:
> On 2013-08-04 9:48 AM, Jerry Stuckle wrote:
>> On 8/4/2013 2:32 AM, Lightee wrote:
>>> Would the web application developers here recommend some Visual-basic
>>> like GUI designer for HTML? I find it rather tedious to design web
>>> forms in HTML code manually. Is there a good tool for this job?
>>>
>>> Thank you.
>>>
>>
>> Why are you asking about html designers in a PHP newsgroup?
>>
>
> Duhhh, probably because HTML has a large place within PHP?
>
>
Then why have HTML newsgroups? For that matter, PHP runs under Apache.
Why not ask Apache questions here then? And they both require Linux
or Windows - so I guess Linux and Windows questions are on topic, also.
But then we know you're trolling again. That's all you're good for.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: PS Re: GUI designer in html [message #182458 is a reply to message #182453] |
Mon, 05 August 2013 04:41 |
J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 05/08/13 02:59, Norman Peelman wrote:
> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>> Rule one, always validate user input, no matter if it's always your
>> mother who does the input, one day she may just try to see what happens
>> if she enters "'; drop database youdatabase; #" as input and as you
>> never have a backup of the database, you lost everything.
>>
>>
>
> That's only if you go out of your way to enable multiple statements
> by using 'mysqli_multi_query()', which doesn't support prepared
> statements. By default mysqli_query() and mysqli_real_query() do not
> allow multiple queries separated by semi-colons.
>
> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
Unless something changed, mysqli_query supports multiple statements, but
the return value do not support to give you the result from all the
queries, I think it returned the last one.
--
//Aho
|
|
|
|
| Re: GUI designer in html [message #182459 is a reply to message #182436] |
Mon, 05 August 2013 12:14 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 8/4/2013 12:40 PM, Twayne wrote:
> On 2013-08-04 2:32 AM, Lightee wrote:
>> Would the web application developers here recommend some Visual-basic
>> like GUI designer for HTML?
>
> I find it rather tedious to design web forms in HTML code manually. Is
> there a good tool for this job?
>>
>> Thank you.
>>
>
> Yes, there are a few decent WYSIWYG editors and some text editors too,
> which display text in various colors to differentiat various things.
>
> In the "old" days I used NVU to make websites; quite capable, free, and
> functional.
> http://net2.com/nvu/
>
> Netobjects Fusion 12 or later is an excellent wysiwyg web site
> generator. It include a LOT of features, is not free, and is fully
> capable of handling fairly large web site (couple hundred pages).
> Auto-menues, galleries, pretty much all you could want, and works with
> many 3rd party apps.
> Ive written a total of 4 sites, 8 over the years, with it.
> As I mentioned, it's a "Generator" of code, allows for PHP et al,
> and is database formatted, though you don't need to use that to enjoy
> its uses.
> See:
> http://netobjects.com/
>
> Then there are text editors like Notepad++ and NoteTAB Pro, both
> excellent text editors.
> NoteTab comes with libraries for a lot of apps, and lets you create
> your own should you want to, with ease. NotePad++ is probably a little
> better IMO at text coloring but NoteTab is more intuitive, predictive
> and handy when all of its features are considered.
> Either would make a good editor. And both allow you to send files to
> your local server if you have one setup.
>
> Is that anywhere near what you were asking?
>
> I can't comment of vb code or vb.net but vb.net is VERY capable but I
> couldn't afford the subscriptions and eventually opted for Fusion 12. I
> have'nt looked at Fusion 13 yet but its main claim to fame seems to be
> writing HTML 5 code. As I always do I'll wait for another rev to come
> out so the initial bugs get fixed before I contemplate purchasing it.
>
> HTH,
>
> Twayne`
>
This reply is exactly why I recommended asking in an HTML newsgroup -
where he'll get answers from people who KNOW what they're talking about.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: PS Re: GUI designer in html [message #182462 is a reply to message #182453] |
Mon, 05 August 2013 14:51 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-04 8:59 PM, Norman Peelman wrote:
> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>> On 04/08/13 18:47, Twayne wrote:
>>> On 2013-08-04 2:32 AM, Lightee wrote:
>>>
\...
>
> That's only if you go out of your way to enable multiple statements
> by using 'mysqli_multi_query()', which doesn't support prepared
> statements. By default mysqli_query() and mysqli_real_query() do not
> allow multiple queries separated by semi-colons.
>
> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>
>
I have to wonder just how much you really know about PHP. Rather than
point out a solution your only posts seem more like a criticism of any
information; in fact, that's ALL you point out.
Why not try to help posters by sharing information rather than be
picky about something that hasn't even been mentioned yet.
|
|
|
|
| Re: PS Re: GUI designer in html [message #182463 is a reply to message #182458] |
Mon, 05 August 2013 14:57 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-05 12:41 AM, J.O. Aho wrote:
> On 05/08/13 02:59, Norman Peelman wrote:
>> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>
....
>>
>> That's only if you go out of your way to enable multiple statements
>> by using 'mysqli_multi_query()', which doesn't support prepared
>> statements. By default mysqli_query() and mysqli_real_query() do not
>> allow multiple queries separated by semi-colons.
>>
>> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>
> Unless something changed, mysqli_query supports multiple statements, but
> the return value do not support to give you the result from all the
> queries, I think it returned the last one.
>
Quite correct and as the manual states;
"
MySQL optionally allows having multiple statements in one statement
string. Sending multiple statements at once reduces client-server round
trips but requires special handling.
Multiple statements or multi queries must be executed with
mysqli_multi_query(). The individual statements of the statement string
are separated by semicolon. Then, all result sets returned by the
executed statements must be fetched.
The MySQL server allows having statements that do return result sets and
statements that do not return result sets in one multiple statement.
"
|
|
|
|
| Re: PS Re: GUI designer in html [message #182466 is a reply to message #182463] |
Mon, 05 August 2013 22:55 |
Norman Peelman
Messages: 126
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 08/05/2013 10:57 AM, Twayne wrote:
> On 2013-08-05 12:41 AM, J.O. Aho wrote:
>> On 05/08/13 02:59, Norman Peelman wrote:
>>> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>>
>
> ....
>
>>>
>>> That's only if you go out of your way to enable multiple statements
>>> by using 'mysqli_multi_query()', which doesn't support prepared
>>> statements. By default mysqli_query() and mysqli_real_query() do not
>>> allow multiple queries separated by semi-colons.
>>>
>>> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>>
>> Unless something changed, mysqli_query supports multiple statements, but
>> the return value do not support to give you the result from all the
>> queries, I think it returned the last one.
>>
>
> Quite correct and as the manual states;
No.
> "
> MySQL optionally allows having multiple statements in one statement
> string. Sending multiple statements at once reduces client-server round
> trips but requires special handling.
>
> Multiple statements or multi queries must be executed with
> mysqli_multi_query(). The individual statements of the statement string
> are separated by semicolon. Then, all result sets returned by the
> executed statements must be fetched.
>
> The MySQL server allows having statements that do return result sets and
> statements that do not return result sets in one multiple statement.
> "
>
You need to scroll down to the middle of the page and read
*Security considerations* and *Example #2*.
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|
|
| Re: PS Re: GUI designer in html [message #182467 is a reply to message #182466] |
Mon, 05 August 2013 23:32 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 05/08/13 23:55, Norman Peelman wrote:
> On 08/05/2013 10:57 AM, Twayne wrote:
>> On 2013-08-05 12:41 AM, J.O. Aho wrote:
>>> On 05/08/13 02:59, Norman Peelman wrote:
>>>> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>>>
>>
>> ....
>>
>>>>
>>>> That's only if you go out of your way to enable multiple statements
>>>> by using 'mysqli_multi_query()', which doesn't support prepared
>>>> statements. By default mysqli_query() and mysqli_real_query() do not
>>>> allow multiple queries separated by semi-colons.
>>>>
>>>> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>>>
>>> Unless something changed, mysqli_query supports multiple statements,
>>> but
>>> the return value do not support to give you the result from all the
>>> queries, I think it returned the last one.
>>>
>>
>> Quite correct and as the manual states;
>
> No.
>
>> "
>> MySQL optionally allows having multiple statements in one statement
>> string. Sending multiple statements at once reduces client-server round
>> trips but requires special handling.
>>
>> Multiple statements or multi queries must be executed with
>> mysqli_multi_query(). The individual statements of the statement string
>> are separated by semicolon. Then, all result sets returned by the
>> executed statements must be fetched.
>>
>> The MySQL server allows having statements that do return result sets and
>> statements that do not return result sets in one multiple statement.
>> "
>>
>
> You need to scroll down to the middle of the page and read
> *Security considerations* and *Example #2*.
>
>
Furthermore the manual for mysql_query (as opposed to mysqli_query)
actually states:
"*mysql_query()* sends a unique query *(multiple queries are not
supported)* to the currently active database on the server that's
associated with the specified /|link_identifier|/. "
so it would seem that this actual sql injection method is an urban myth.
From PHP anyway.
ISTR I actually tried it once to see if my code was robust. I failed to
destroy the database or indeed any data, at all.
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
| Re: PS Re: GUI designer in html [message #182468 is a reply to message #182467] |
Mon, 05 August 2013 23:59 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 8/5/2013 7:32 PM, The Natural Philosopher wrote:
> On 05/08/13 23:55, Norman Peelman wrote:
>> On 08/05/2013 10:57 AM, Twayne wrote:
>>> On 2013-08-05 12:41 AM, J.O. Aho wrote:
>>>> On 05/08/13 02:59, Norman Peelman wrote:
>>>> > On 08/04/2013 01:09 PM, J.O. Aho wrote:
>>>>
>>>
>>> ....
>>>
>>>> >
>>>> > That's only if you go out of your way to enable multiple statements
>>>> > by using 'mysqli_multi_query()', which doesn't support prepared
>>>> > statements. By default mysqli_query() and mysqli_real_query() do not
>>>> > allow multiple queries separated by semi-colons.
>>>> >
>>>> > http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>>>>
>>>> Unless something changed, mysqli_query supports multiple statements,
>>>> but
>>>> the return value do not support to give you the result from all the
>>>> queries, I think it returned the last one.
>>>>
>>>
>>> Quite correct and as the manual states;
>>
>> No.
>>
>>> "
>>> MySQL optionally allows having multiple statements in one statement
>>> string. Sending multiple statements at once reduces client-server round
>>> trips but requires special handling.
>>>
>>> Multiple statements or multi queries must be executed with
>>> mysqli_multi_query(). The individual statements of the statement string
>>> are separated by semicolon. Then, all result sets returned by the
>>> executed statements must be fetched.
>>>
>>> The MySQL server allows having statements that do return result sets and
>>> statements that do not return result sets in one multiple statement.
>>> "
>>>
>>
>> You need to scroll down to the middle of the page and read
>> *Security considerations* and *Example #2*.
>>
>>
> Furthermore the manual for mysql_query (as opposed to mysqli_query)
> actually states:
>
> "*mysql_query()* sends a unique query *(multiple queries are not
> supported)* to the currently active database on the server that's
> associated with the specified /|link_identifier|/. "
>
> so it would seem that this actual sql injection method is an urban myth.
>
> From PHP anyway.
>
> ISTR I actually tried it once to see if my code was robust. I failed to
> destroy the database or indeed any data, at all.
>
Incorrect (as usual).
It only means you can't run multiple SQL statements. But that is only
ONE method of SQL injection; it is quite possible to screw up a database
in a single SQL statement.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: PS Re: GUI designer in html [message #182469 is a reply to message #182462] |
Tue, 06 August 2013 00:00 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 8/5/2013 10:51 AM, Twayne wrote:
> On 2013-08-04 8:59 PM, Norman Peelman wrote:
>> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>>> On 04/08/13 18:47, Twayne wrote:
>>>> On 2013-08-04 2:32 AM, Lightee wrote:
>>>>
> \...
>
>>
>> That's only if you go out of your way to enable multiple statements
>> by using 'mysqli_multi_query()', which doesn't support prepared
>> statements. By default mysqli_query() and mysqli_real_query() do not
>> allow multiple queries separated by semi-colons.
>>
>> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>>
>>
>
> I have to wonder just how much you really know about PHP. Rather than
> point out a solution your only posts seem more like a criticism of any
> information; in fact, that's ALL you point out.
>
> Why not try to help posters by sharing information rather than be
> picky about something that hasn't even been mentioned yet.
>
>
He knows a lot more about PHP than you do. That is very obvious.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: PS Re: GUI designer in html [message #182470 is a reply to message #182462] |
Tue, 06 August 2013 01:35 |
Norman Peelman
Messages: 126
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 08/05/2013 10:51 AM, Twayne wrote:
> On 2013-08-04 8:59 PM, Norman Peelman wrote:
>> On 08/04/2013 01:09 PM, J.O. Aho wrote:
>>> On 04/08/13 18:47, Twayne wrote:
>>>> On 2013-08-04 2:32 AM, Lightee wrote:
>>>>
> \...
>
>>
>> That's only if you go out of your way to enable multiple statements
>> by using 'mysqli_multi_query()', which doesn't support prepared
>> statements. By default mysqli_query() and mysqli_real_query() do not
>> allow multiple queries separated by semi-colons.
>>
>> http://us2.php.net/manual/en/mysqli.quickstart.multiple-statement.php
>>
>>
>
> I have to wonder just how much you really know about PHP. Rather than
> point out a solution your only posts seem more like a criticism of any
> information; in fact, that's ALL you point out.
>
> Why not try to help posters by sharing information rather than be
> picky about something that hasn't even been mentioned yet.
>
>
I simply make note that *mysqli_multi_query()* is used to make
multiple queries in one call, *mysqli_query* and *mysqli_real_query()*
are not. I also note that *mysqli_multi_query()* with *prepared
statements* is not supported. In other words, you can't have them both.
I mentioned this because J.O. Aho brought up SQL injection...
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|
|
| Re: GUI designer in html [message #182471 is a reply to message #182424] |
Tue, 06 August 2013 13:33 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 8/4/2013 4:23 AM, Tim Streater wrote:
>
>> Would the web application developers here recommend some
>> Visual-basic like GUI designer for HTML?
>
> No.
>
>> I find it rather tedious to design web forms in HTML code
>> manually. Is there a good tool for this job?
>
> No.
>
> --
> Tim
Hey Tim,
Could you be a little less verbose ? :-)
bill
|
|
|
|
| Re: GUI designer in html [message #182472 is a reply to message #182471] |
Tue, 06 August 2013 14:56 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <ktqtvf$vme$1(at)speranza(dot)aioe(dot)org>,
bill <william(at)TechServSys(dot)com> wrote:
> On 8/4/2013 4:23 AM, Tim Streater wrote:
>>
>>> Would the web application developers here recommend some
>>> Visual-basic like GUI designer for HTML?
>>
>> No.
>>
>>> I find it rather tedious to design web forms in HTML code
>>> manually. Is there a good tool for this job?
>>
>> No.
>>
>> --
>> Tim
>
> Hey Tim,
> Could you be a little less verbose ? :-)
I'll try and keep my VD in order in future, sorry.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
| Re: PS Re: GUI designer in html [message #182481 is a reply to message #182467] |
Wed, 07 August 2013 16:51 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-05 7:32 PM, The Natural Philosopher wrote:
....
>>>
>>> The MySQL server allows having statements that do return result sets and
>>> statements that do not return result sets in one multiple statement.
>>> "
>>>
>>
>> You need to scroll down to the middle of the page and read
>> *Security considerations* and *Example #2*.
>>
>>
> Furthermore the manual for mysql_query (as opposed to mysqli_query)
> actually states:
>
> "*mysql_query()* sends a unique query *(multiple queries are not
> supported)* to the currently active database on the server that's
> associated with the specified /|link_identifier|/. "
Yes, that's true. As a relative newcomer to PHP and the fact that MYSQL
is being deprecated, as long as mysqli is available on my servers;
wouldn't it be wise to go in the mysqlI direction?
I've no intention of making multiple queries currently but ... I
haven't used "i" yet either so I'm far from guru; I can only go by what
I read and the MYSQL reference to mysqli for multiple queries, should
the occasion arise. In fact, I've only ever experimented with MYSQL
itself; though I am using it on one of my own sites.
To me, it simply seems like the right way to go. Do you disagree
with that?
> so it would seem that this actual sql injection method is an urban myth.
Well, I've seen a few exploits and how they're done, and I've used one
of them, and I did successfully trash my database. So, not so sure
that's 100% the case; perhaps it's just you're good at writing
sanitize/validate code?
>
> From PHP anyway.
>
> ISTR I actually tried it once to see if my code was robust. I failed to
> destroy the database or indeed any data, at all.
>
Interesting observations/experiment; thanks for the info. Don't you
think it's actually due to your own code? Just curious, mostly.
Good post,
Twayne`
|
|
|
|
| Re: PS Re: GUI designer in html [message #182482 is a reply to message #182470] |
Wed, 07 August 2013 16:55 |
bill
Messages: 310
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2013-08-05 9:35 PM, Norman Peelman wrote:
> On 08/05/2013 10:51 AM, Twayne wrote:
>> On 2013-08-04 8:59 PM, Norman Peelman wrote:
....
>
> I simply make note that *mysqli_multi_query()* is used to make
> multiple queries in one call, *mysqli_query* and *mysqli_real_query()*
> are not. I also note that *mysqli_multi_query()* with *prepared
> statements* is not supported. In other words, you can't have them both.
> I mentioned this because J.O. Aho brought up SQL injection...
>
Good points, Norman.
Thanks for the clarification,
Twayne`
|
|
|
|
| Re: PS Re: GUI designer in html [message #182483 is a reply to message #182481] |
Wed, 07 August 2013 17:52 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 07/08/13 17:51, Twayne wrote:
> On 2013-08-05 7:32 PM, The Natural Philosopher wrote:
> ...
>
>>>>
>>>> The MySQL server allows having statements that do return result
>>>> sets and
>>>> statements that do not return result sets in one multiple statement.
>>>> "
>>>>
>>>
>>> You need to scroll down to the middle of the page and read
>>> *Security considerations* and *Example #2*.
>>>
>>>
>> Furthermore the manual for mysql_query (as opposed to mysqli_query)
>> actually states:
>>
>> "*mysql_query()* sends a unique query *(multiple queries are not
>> supported)* to the currently active database on the server that's
>> associated with the specified /|link_identifier|/. "
>
> Yes, that's true. As a relative newcomer to PHP and the fact that
> MYSQL is being deprecated, as long as mysqli is available on my servers;
> wouldn't it be wise to go in the mysqlI direction?
>
> I've no intention of making multiple queries currently but ... I
> haven't used "i" yet either so I'm far from guru; I can only go by
> what I read and the MYSQL reference to mysqli for multiple queries,
> should the occasion arise. In fact, I've only ever experimented with
> MYSQL itself; though I am using it on one of my own sites.
>
> To me, it simply seems like the right way to go. Do you disagree
> with that?
>
>
>> so it would seem that this actual sql injection method is an urban myth.
>
> Well, I've seen a few exploits and how they're done, and I've used
> one of them, and I did successfully trash my database. So, not so sure
> that's 100% the case; perhaps it's just you're good at writing
> sanitize/validate code?
>
>>
>> From PHP anyway.
>>
>> ISTR I actually tried it once to see if my code was robust. I failed to
>> destroy the database or indeed any data, at all.
>>
>
> Interesting observations/experiment; thanks for the info. Don't you
> think it's actually due to your own code? Just curious, mostly.
>
I really don't know. I tried everything I could think of.
I suppose defensive coding is a habit you get into when writing code, as
are copious comments and the use of 'highest common factor' language
constructs, in case the poor sod who has to maintain it after you are
gone doesn't actually understand regexp or WHY. I know I never have :[-)
Its always taken less time to do it another way, than really learn the
syntax.
> Good post,
>
> Twayne`
>
>
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]