Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,254
Total Threads: 80,792
Total Posts: 566,471
There are 1287 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Programming     PHP and MySQL :

Inserting Arabic in Mysql by php form problem

Thread title: Inserting Arabic in Mysql by php form problem
Reply  
Page 2 of 2 < 1 2
    Thread tools Search this thread Display Modes  
12-27-2009, 02:03 AM
 #11
free-designer is offline free-designer
Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:
 
Posts: 98
iTrader: 0 / 0%
 

free-designer is on a distinguished road

  Old

Originally Posted by 46Bit View Post
PHP Code:
mkdir('users/'.$_POST['user_login'], 0777); 
Guess why that's wrong? If you don't know and/or don't care, you really shouldn't be freelancing. It's certainly not the most critical vulnerability ever, but when file traversal prevention there would be so incredibly easy (just md5, sha1, base64_encode, etc the username) not even requiring any proper validation, it's really just silly and makes me wonder what else there might be elsewhere is in your code.

EDIT: Apologies if you do validation in users::add, I missed that key point when skimming the code but even so I suspect that you don't bearing in mind that you've already done some basic validation of fields in the form above.
u telling me that i been idiot , okay i am idiot if u were me and want the register add folder auto with the username how would u do that with the right way
Reply With Quote
12-27-2009, 02:17 AM
 #12
46Bit is offline 46Bit
Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:
 
Posts: 275
iTrader: 10 / 100%
 

46Bit is on a distinguished road

Send a message via MSN to 46Bit Send a message via Skype™ to 46Bit

  Old

Originally Posted by free-designer View Post
u telling me that i been idiot , okay i am idiot if u were me and want the register add folder auto with the username how would u do that with the right way
Originally Posted by 46Bit View Post
... file traversal prevention there would be so incredibly easy (just md5, sha1, base64_encode, etc the username) ...

Reply With Quote
12-27-2009, 02:22 AM
 #13
free-designer is offline free-designer
Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:
 
Posts: 98
iTrader: 0 / 0%
 

free-designer is on a distinguished road

  Old

Originally Posted by 46Bit View Post
... file traversal prevention there would be so incredibly easy (just md5, sha1, base64_encode, etc the username) ...
Allright u got it sorry
im just learning u know i need people to help me not to Insult me

Reply With Quote
12-27-2009, 11:14 AM
 #14
free-designer is offline free-designer
Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:
 
Posts: 98
iTrader: 0 / 0%
 

free-designer is on a distinguished road

  Old

god i made it
i fixed the problem

all i did that i asked the php to get me what kind of charset is my phpmyadmin

he print out latin1

so i used this function to set a new type of charset

mysql_set_charset('utf8', $database->connection);

$database->connection <- this is just to get my connection witch is localhost
that it

thanks for people who came and helped

Reply With Quote
Reply  
Page 2 of 2 < 1 2

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed  

Home   |     |   News   |   Rules   |   FAQ   |  


Powered by HandsOnWebHosting.com

The time is now 08:44 PM (GMT).


Powered by: vBulletin Version 3.8.4 Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.