Search Results

Search found 34355 results on 1375 pages for 'php extensions'.

Page 91/1375 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

• Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

  - by Austin Smith

  I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

  Read the article

• Ideal web application framework for newcomers and whether it is better to use Java or PHP based framework?

  - by Pawan

  My primary question is whether a Java based web application framework is better or a PHP based one and why? Moreover, if I were just starting web development then what would be some ideal frameworks to start with, considering I may want to make a full CMS out of it later? I am not looking for a 'best', rather some good recommendations as I understand that CodeIgnitor has not got a long way to go from here : http://heybigname.com/2012/05/06/why-codeigniter-is-dead/

  Read the article

• Is there any free host which supports php and mySQL in utf-8? [closed]

  - by Maria Konnou

  Possible Duplicate: How to find web hosting that meets my requirements? Is there any free host which supports php and mySQL queries in utf-8? I've already tried to use x10hosting and 000webhosting, but they don't support utf8 mysql queries (got mojibake). The default encoding of mysql in both sites is latin-1, and you're not able to change that. Is there any other free host that fully supports utf-8?

  Read the article

• Is there a Railstutorial-quality tutorial for a PHP framework?

  - by tnorthcutt

  Is there a tutorial along the lines of Michael Hartl's Rails Tutorial for a (widely used) PHP framework? Obviously there are tons of tutorials for e.g. Codeigniter, CakePHP, Symfony, etc., but I haven't been able to find one that is as extensive as Rails Tutorial is. Ideally, I'd like something that takes you from nothing to building a complete, functioning application with at least a decent amount of complexity.

  Read the article

• Should I close database connections after use in PHP?

  - by Sprottenwels

  I wonder if I should close any unnecessary database connection inside of my PHP scripts. I am aware of the fact that database connections are closed implicitly when the block stops executing and 'manually' closing the connections could kinda bloat the codebase with unnecessary code. But shouldn't I do so in order to make by code as readable and as easy understandable as possible, while also preventing several possible issues during run time? Also, if I would do, would it be enough to unset() my database object?

  Read the article

• can php read node of float number? [on hold]

  - by Suriani Salleh

  my node number is 1.2.3.4 $node= 1.2.3.4 when i run my code as shown below, it print error message but when i try assign $node = abc_def it execute the function code my question is can php read 1.2.3.4? if(!get_node_id($node) === false){ //function code .................................. ..............................} else { // error msg }

  Read the article

• Sending emails from PHP - email providers vs GAE

  - by nrph

  I need to send emails from my social service (this is continuation of Experiences in mailing to registered users). I got strong feeling that it's better to avoid problems with email server configuration and maintance and to choose email provider which will take care of all painful problems. So several offers were compared: http://imgur.com/JkK2X.jpg Three of them look very attractive: Postageapp / Sendgrid / CritSend As alternative i'm considering setup GAE app. Email provider is quite easy to start work with, but have no idea how much effort require GAE to integrate with PHP. So my question is: which option is better to choose: email provider GAE ? Two factors are important here: business background (therefore prices are mentioned), work required to setup and maintain desired solution. Preferably i would love to avoid all email-related problems (like black lists and so on).

  Read the article

• Upgrading PHP on MacOSX without config_vars.mk ?

  - by Ken

  Hi everyone, I want to upgrade my php version running on MAMP to 5.3. I've copied the ./configure statement from phpinfo() and downloaded the 5.3 branch source i wish to compile. However, when i try to compile it i get an error about a missing config_vars.mk file from apxs. How can i solve this issue if i do not have the config_vars.mk? can one be deprecated? can i copy the one from the stock apache that comes installed on OS X (SL)? What will happen if i remove --with-apxs from the configure line? Thanks in advance for any help. It is greatly appreciated. Ken.

  Read the article

• How do I enable JPEG Support for PHP?

  - by ngache

  My Configure Command doesn't say anything about jpg, nor gif/png, but I can see gif/png support in the output of phpinfo(). I built PHP with --with-gd, but only GIF Support and PNG Support are in the output of phpinfo(), how do I enable JPEG Support? UPDATE I got this problem when compiling : Sorry, I cannot run apxs. Possible reasons follow: 1. Perl is not installed 2. apxs was not found. Try to pass the path using --with-apxs2=/path/to/apxs 3. Apache was not built using --enable-so (the apxs usage page is displayed) The output of /usr/local/apache2/bin/apxs follows: cannot open /usr/local/apache2/build/config_vars.mk: No such file or directory at /usr/local/apache2/bin/apxs line 218. What should I do now?

  Read the article

• Compiling PHP 5.3.3 on Ubuntu 8.04: Could not find libevent

  - by Nick

  When attempting to ./configure PHP 5.3.3 on Ubuntu 8.04, I get the error: checking for libevent >= 1.4.11 install prefix... configure: error: Could not find libevent >= 1.4.11 in /usr/local/ I tried installing the libevent-dev and libevent1 packages, but same error. I then removed the packages, downloaded and compiled libevent from source. Same error. Locate shows that libevent was installed to /usr/local/lib/libevent.so with all its friends in /usr/local/lib/. I tried configuring with the option: --with-libevent-dir=/usr/local/lib/ Basically the same error: checking for libevent >= 1.4.11 install prefix... configure: error: Could not find libevent >= 1.4.11 in /usr/local/lib/ Any suggestions??

  Read the article

• Python server does not excecute PHP script: permission denied

  - by krisvandenbergh

  I am trying to execute a PHP file through a Python server. However, I get the following error: File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/CGIHTTPServer.py", line 255, in run_cgi os.execve(scriptfile, args, os.environ) OSError: [Errno 13] Permission denied The python server is running though. What have I done so far? Chmod'ed recursively all directories to (chmod -R a+x) (I know this is not secure but its just for testing purposes) for both Python installation directories and my scripts. Tried to find out if python server is running as root through ps aux grep py I am out of ideas. What could be going wrong else? Thanks for the feedback.

  Read the article

• Problem to connect to MySQL server (error #2002) in PHP

  - by Martin

  I installed ZWAMP 1.0.7 (on Windows 7), but I'm having a weird problem. I can't connect to my MySQL server from any PHP script. If I try to use MySQL command line everything works fine but PHPMyAdmin retruns error #2002. I'm not sure whether it's important or not but MySQL server is not able to create socket file. I don't know what's the problem but I think everything is configured in my.cnf properly. Do you have any ideas?

  Read the article

• PHP-APC is exceeding limit apc.shm_size often

  - by user142741

  I am implementing the apc on a shared server that currently has 1000 sites (using wordpress, moodle, etc.). I'm Looking for the admin page, and I see "Cache full count" is growing rapidly. I've tried increasing the value of "apc.shm_size" reduce value "apc.ttl" increase the value "apc.shm_segments" but I can not resolve this issue. What am I doing wrong? I'm putting down some information: apc.ini: extension=apc.so apc.shm_size = 256 apc.enabled = 1 apc.ttl = 300 apc.user_ttl = 300 Ubuntu: 12.04 PHP: 5.3.10 APC: 3.1.7 Server has 16GB memory Limit share memory: 256MB

  Read the article

• Problem to connect to MySQL server (error #2002) in PHP

  - by user41514

  Hello, I installed ZWAMP 1.0.7 (on Windows 7), but I'm having a weird problem. I can't connect to my MySQL server from any PHP script. If I try to use MySQL command line everything works fine but PHPMyAdmin retruns error #2002. I'm not sure whether it's important or not but MySQL server is not able to create socket file. I don't know what's the problem but I think everything is configured in my.cnf properly. Do you have any ideas?

  Read the article

• how to limit disk space per user in a PHP web application & CentOS

  - by solid

  we have a web application written in PHP and we want all our users to be able to upload images for e.g. 50MB. We will create a directory structure so that every user has its own folder like app/user1/images app/user2/images ... Now everytime a user uploads an image, we need to check if this is still allowed or not but we don't want 1000 users to continously scan our hard drive counting file sizes in their directory. So writing a script that counts all file sizes in a user directory is not an option I guess? Is there an easier way to calculate used up space per user and limit our app accordingly?

  Read the article

• php mail not arrives at gmail, not at local server

  - by thomas

  The php mail function I am using does not work completely. It will sent mails to gmail easy enough. However, emails routed directly to my internally hosted exchange server are not getting through. The servers/domains are setup is as follows. URLs are registered with Network solutions (www.independentsservice.com & www.isco.net) NS directs all traffic to our ISP (Socket.net). Socket directs as follows: Mail to our local server FTP to our local server HTTP to our website hosted on Chihost.com Traffic to our local server goes through a Watchguard firewall which routes mail traffic to our locally hosted Exchange server. Is there some reason why exchange won't accept these emails? Thanks!

  Read the article

• todo manager (gtd): subtasks, php

  - by kusoksna

  Currently I'm using todoist.com as GTD manager. I'm almost satisfied with it. Is there any foss software, that could provide next features? 1. unlimited (at least 5) subtask levels 2. easy way to complete tasks (like in todoist) 3. easy to edit tasks 4. php based (as i want to host it on my server) 5. due dates (including recurring) 6. labels, colors, etc will be good, but not critical PS: i already checked several similar questions, including Which GTD tool/webservice do you recommend? But haven't found suitable software yet.

  Read the article

• Installing PHP with iconv on Mac OSX 10.6 gives error: "Undefined symbols for architecture x86_64"

  - by Jason

  I am setting up PHP on my local web server with iconv, which should be there by default, but I am getting the following error: Undefined symbols for architecture x86_64: "_iconv", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_appendl in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_mime_encode in iconv.o _php_iconv_stream_filter_append_bucket in iconv.o ... (maybe you meant: _zif_iconv_strlen, _zif_iconv_strpos , _zif_iconv_mime_decode , _php_iconv_string , _zif_iconv_set_encoding , _zif_iconv_get_encoding , _zif_iconv_mime_decode_headers , _iconv_functions , _zif_iconv_mime_encode , _zif_iconv_strrpos , _iconv_module_entry , _iconv_globals , _zif_iconv_substr , _php_if_iconv , _zif_ob_iconv_handler ) ld: symbol(s) not found for architecture x86_64 Now, presumably this means that my iconv is not 64 bit. I tried to download libiconv and manually reinstall it with 64 bit, as such: CFLAGS='-arch i386 -arch ppc -arch ppc64 -arch x86_64' CCFLAGS='-arch i386 -arch ppc -arch ppc64 -arch x86_64' CXXFLAGS='-arch i386 -arch ppc -arch ppc64 -arch x86_64' ./configure But I get the following error: configure: error: in `/Users/jason/Downloads/libiconv-1.13.1': configure: error: C compiler cannot create executables See `config.log' for more details. In my config.lob file, it says at the bottom: configure: exit 77 Any suggestions?

  Read the article

• PHP fopen fails - does not have permission to open file in write mode

  - by George

  I have an Apache 2.17 server running on a Fedora 13. I want to be able to create a file in a directory. I cannot do that. Whenever I try to open a file with php for writing fopen(,'w'), it tells me that I don't have permission to do that. So i checked the httpd.conf file in /etc/httpd/conf/. It says user apache, group apache. So I changed ownership (chown -R apache:apache .*) of my whole /www directory to apache:apache. I also run chmod -R 777 * Apart from knowing how terribly dangerous this is, it actually still gives me the same error, even though I even allow public write!

  Read the article

• Install Previous Version of PHP Package from Debian Testing Using Apt

  - by Metric Scantlings

  Is there a way to install an older Debian testing repository version of a package using apt-get? Specifically, I am looking to install the latest version of PHP 5.2.x on Debian Lenny. The last time I set up an environment, 5.2.12 just happened to be the version in Debian testing. That was perfect, convenient. Now, testing is at 5.3.x which won't work for my purposes, and my attempts at sudo apt-get -t testing install php5=5.2.12* are answered with E: Version '5.2.12*' for 'php5' was not found.

  Read the article

• Not able to delete file from server with permissions of 644 via PHP script

  - by letseatfood

  I am trying to delete JPEG files that were uploaded to the server via FTP. The files are uploaded and written with permissions of 644. The owner and group of the upload directory are mike and mike. I have tried changing the owner and group to www-data, but that does not seem to work. I am trying to delete the files with a PHP script using unlink(). This works on the production server (which is a hosting service), but not my development server, which is a LAMP setup. This leads me to believe it has something to do with permissions on my development server.

  Read the article

• Unattended install of IIS 6 with PHP / FastCGI

  - by Ciaran

  I'm trying to figure out the best method of installing PHP on IIS 6 unattended. I've figured that to install IIS 6 unattended I need to use sysocmgr and modify a registry key before hand to point at the correct sources folder to prevent being asked for an installation disc. The bit I'm caught up on at the moment is the process of installing FastCGI. The info I've read about installing FastCGI so far is that the installer unpacks 3 files and "registers" them with IIS. Question is, does anyone know what happens with these three files so I can handle it without using the installer? Also, if anyone has experience with the steps I need to take following the FastCGI install, I'd appreciate help.

  Read the article

• PHP/mail : server sends email originating from wrong domain

  - by Niro

  I have a Mediatemple dv (Plesk) server with two domains, each has static IP. I had domain1 as main domain and domain2 as secondary. When A PHP script from domain2 sends email the headers show the IP address of domain1 as the origin. Received: from domain2.com (domain1.com [70.ipof domain1]). I want only domain2 to be mentioned so I did the following: Changed server name to domain2.com made domain2.com the primary domain (about 30 hours ago) made fixed IP address of domain2.com the default address for the server. Still when the script sends emails I see the same info as above in the header. What do I need to do to make the email origin domain2.com?

  Read the article

• Web Server for SVN+PHP+Django+Rails

  - by NetStudent

  Foreword: I am not asking for the differences between Nginx and Apache, nor do I want to start a "which one is better discussion. I would like to ask for help with choosing the most adequate solution for this particular situation. I need to setup one or more l SVN repositories accessible via HTTP, plus some PHP, Django and Ruby websites. However, and since I only have 512Mb of RAM at my disposal, I fear that Apache will be a too heavy choice... On the other hand, I have heard that Nginx does not fully support SVN (WebDAV) and Django without reverse proxying to Apache. Is this still true? Should I go for Apache/Nginx alone? Or should I set up both and have Nginx handling static content and proxying to Apacge for dynamic content?

  Read the article

• Restrict Overriding memory_limit in php.ini

  - by Rohit Batra

  We have a issue that just came to our notice, some of our developers used ini_set('memory_limit', -1) to over-ride the php.ini memory_limit settings in their code files. Due to which sometimes our Memory/CPU usage is way far more than usual and we even have experienced server hanging/crashing many times. Is there any way to restrict these changes for certain params like memory_limit, upload_max_filesize & post_max_size? Users should not be able to edit them after a certain limit set? Sorry if i asked a dumb question, tried searching but there was no reference to this only found answers asking for increasing these parameters.

  Read the article

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >