IRC Logs

Network: freenode Channel: #php

	Enter your search terms Submit search form
	Web www.irclog.org

[00:00]<ajxgmjn>turning off magic quote can be done but isn't it best if u can autodetect magic quote at the first place?
[00:00]<rmvjrrvnm`>||cw thats what im not sure of, this "sanitizing" as you mention, ive never really done this kind of thing before, got any functions, i can then go look them up
[00:00]<mzmafyacnz>||cw, thank you for your input
[00:00]<||aw>Advocated`: read up on sql injection and cross site scripting
[00:01]<wgjz>Hi, is it possible to return a auto_increment value from from mysql_query() ?
[00:01]<wyff[wnzc]>xnor, mysql_insert_id()
[00:02]<||aw>Advocated`: the basic idea is that a user would put in data, or craft a URL, that would cause your sql statement or html output the close early and then his content would get injected
[00:03]<rmvjrrvnm`>||cw ahh, so even though im not insertingt the data into a table, i should treat it like that anyway to make sure no one can cause problems?
[00:04]<||aw>Advocated`: if you are echo'ing it to the browser you should treat it accordingly (slashes won't help much there)
[00:05]<rmvjrrvnm`>||cw i was going to get all the POST variables, construct a single variable, then echo that single variable
[00:06]<txgwzzmgg>I'm not very familiar with PEAR:HTTP_Header. Does anyone know if I can use it to handle HTTP Error Codes?
[00:07]<txgwzzmgg>Very little docs are available it appears...
[00:07]<rrppygrvnm>!tell TheWarden about g10
[00:07]<mzmafyacnz>||cw, the php pages have a bunch of "addslashes" "stripslashes" how can i find out which one does the "addslashes" before the " ' " character?
[00:08]<rmvjrrvnm`>||cw this kind of thing, ive used this ages ago: $theArticleId = mysql_real_escape_string($tempString, $link);
[00:08]<txgwzzmgg>Well okay... never mind then. where is there a place to talk about pre-written scripts?
[00:09]<2jscj>the internet
[00:10]<||aw>TheWarden: the poeple that wrote them
[00:10]<||aw>madclicker: by "the php pages" do you mean your code? debug it
[00:11]<||aw>Advocated`: XSS cleaning is more complex than escaping, just the basic idea is the same
[00:11]<mzmafyacnz>||cw, is there a debugger for linux?
[00:11]<||aw>madclicker: no idea
[00:11]<mzmafyacnz>k
[00:12]<||aw>madclicker: and debugging doens't usualy require a debugger, but it does require getting familar with the code
[00:12]<mzmafyacnz>||cw, :(
[00:13]<rrppygrvnm>madclicker: ZDE works in linux, and has debugging support
[00:13]<||aw>so disable magic quotes
[00:13]<svjzdzxzsnz>madclicker: echo, print_r or var_dump are usually ther best tools
[00:13]<svjzdzxzsnz>caffinated: xdebug \o/
[00:14]<rrppygrvnm>actually, the best tool is a proper test suite
[00:14]<rrppygrvnm>but nobody really does that when writing PHP code.
[00:14]<svjzdzxzsnz>I have to stop it... Someone might think, that I'm a programmer :)
[00:15]<||aw>hahah
[00:15]<||aw>yeah right
[00:15]<sxr2rw>Hello folks
[00:16]<sxr2rw>when I here read on a site that php needs to be compiled with some extension
[00:16]<sxr2rw>does that mean I need the actual source code and libs for php and the extension ad a C compiler?
[00:16]<drvvdaa>Not necessarily.
[00:17]<sxr2rw>how so mattmcc
[00:17]<||aw>Shaba1: depends on the extention
[00:17]<sxr2rw>To me it seems I just need the extension files and then to put ---with--whatever extention
[00:17]<drvvdaa>Shaba1: Well, it depends. Many common extensions are available as packages themselves.
[00:18]<sxr2rw>in php.ini
[00:18]<||aw>and how you installed php
[00:18]<drvvdaa>Even those that aren't can be compiled on their own using phpize.
[00:18]<sxr2rw>I mean everytime I read that( and I read a LOT of php tutorial) and it says compile
[00:19]<sxr2rw>I am thinking I need a C compiler.
[00:19]<sxr2rw>I have one and two different front ends for it.
[00:19]<drvvdaa>Yeah, apparently it's a widely held misconception.
[00:19]<sxr2rw>but I would rather not
[00:19]<drvvdaa>It depends a lot on the extension, the nature of a PHP installation, etc.
[00:19]<sxr2rw>It would be nice if the authors could come up with a better word
[00:19]<sxr2rw>like say "plugin"
[00:20]<drvvdaa>To replace extension? I don't see much of a semantic improvement there.
[00:21]<||aw>Shaba1: the basic idea is that once you install from packages you are no longer supported by the official install docs. tut's are going to stick witht he offical install docs and so they say compile. but you packages were compiiled, so you just have to see if the extention is available
[00:21]<||aw>Shaba1: and doing --with-foo for /everything/ leads to a large php binary and longer load times
[00:22]<affy2zn>extension plugin module include-file
[00:22]<qu2n>StormChaser ?
[00:22]<||aw>--with-foo=shared is better
[00:22]<qu2n>got held up with a phone call
[00:22]<affy2zn>"that thing you add into the main thingy"
[00:22]<qu2n>Stormchaser, ||cw : http://www.google.com/support/webmasters/bin/answer.py?answer=35770
[00:22]<qu2n>"Don't use "&id=" as a parameter in your URLs, as we don't include these pages in our index."
[00:23]<qu2n>part of the "webmaster guidelines" area
[00:23]<drvvdaa>Isn't that nice of google to encourage people to use better URL practices.
[00:23]<qu2n>they re-orged the site, but it has been that way for years (see internet archive for proof)
[00:24]<drvvdaa>Although what posesses them to think foo?id=N is any worse for their uses than foo/N is beyond me.
[00:24]<||aw>Qube: what about ?id= ?
[00:24]<qu2n>||cw, conversation from 30 mins ago
[00:24]<||aw>Qube: the guidelien says &id=, not ?id=, is there a difference to them
[00:25]<drvvdaa>I'd be pretty scared if google indexed one, but not the other.
[00:25]<drvvdaa>Since they're functionally identical.
[00:25]<qu2n>well, from the url perspective, there is a difference - underneith there isn't, but I would like to fight google on it
[00:26]<rrppygrvnm>Qube: um, that's not webmaster guidelines. that's good sitemap guidelines.
[00:26]<||aw>Qube: ?id=1 gives results, &id=100 doesn't
[00:27]<rrppygrvnm>Qube: it has absolutely nothing to do with crawling pages.
[00:27]<qu2n>guess it is just &id= then
[00:29]<qu2n>still, useful to know
[00:29]<drvvdaa>caffinated: I'm not convinced of that.
[00:29]<drvvdaa>caffinated: The only thing that suggests that to be the case is the contents of the left-hand nav.
[00:31]<svjzdzxzsnz>Qube: Well... that's ain't quite true, either: http://www.google.com/search?hs=xOr&hl=en&lr=&client=firefox&rls=org.mozilla%3Aen-US%3Aunofficial&q=%26id%3D10&btnG=Search and the last entry on first site
[00:31]<rrppygrvnm>mattmcc: which is the heading for it all
[00:32]<qu2n>Stormchaser, s/site/page ?
[00:32]<qu2n>still - it has a n/a page rank
[00:33]<svjzdzxzsnz>hm? Results 1 - 10 of about 16 for &id=10. (0.35 seconds) <-- that looks like reasonable number to me
[00:34]<qu2n>do any have a page rank?
[00:34]<rrppygrvnm>mattmcc: if google doesn't crawl those pages, why can i find so many on google?
[00:35]<svjzdzxzsnz>Qube: I cannot know that, since I don't use google bar.... But does that change anything?
[00:35]<qu2n>regardless - only 16 results for &id=10 kinda proves that google doesn't try to index them
[00:35]<rrppygrvnm>mattmcc: http://www.google.ca/search?hl=en&q=id%3D10&btnG=Google+Search&meta= note the URLs
[00:35]<qu2n>maybe the results it has are old
[00:35]<drvvdaa>caffinated: I didn't assert that they don't.. :)
[00:35]<svjzdzxzsnz>Qube: the point is: It *HAS* them.
[00:37]<rrppygrvnm>Qube: or perhaps they are speaking specificly about sitemap, the script used to generate a sitemap which is supposed to make googlebot's job easier.
[00:39]<xsffjyv>bah this is the last fucking network im on now
[00:39]<xsffjyv>fucking isp
[00:39]<xsffjyv>what you guys all up to ?
[00:39]<svjzdzxzsnz>Xsploit: switch to AOL, then
[00:41]<gudysv>so whats the best way to tell if an element in your array is an infinitely recursive reference

Back to #php
Or go to some related logs:
#suse
#gentoo
#gentoo
#ubuntu
#gentoo