[ciapug] Re:Re: On or Off

Mike Parks parksmike at dwx.com
Mon Aug 8 22:01:24 CDT 2005 

For X-Cart 3.0.x magic_quotes_gpc On. But later versions have been coded to 
run either way. Magic quotes was intended to add escape characters to 
querystrings form posts and cookie data to add some protection from sql 
injection  attacks.

Register globals off by default, again to provide some protection from 
anyone adding their own querystring that could send an sql injection to you 
code.

display_errors off on live site to keep any db error from popping up that 
may have the db login info attached to it.

If I need to see the errors, I have a function built to turn on error 
reporting

function errorsOn() {
    ini_set("display_errors", 1);
   error_reporting(E_ALL&~E_NOTICE);
}

I also found a cool one recently that I have been adding to my code
 error_log("my error", 1, myemail at domain,
  "Subject: Foo\nFrom: myserver at domain\n");
In my error trapping, I add this instead of displaying the error, it pops me 
an email with the error.

Chris, this brings up an idea for the website. How about a forum like phpBB 
where we can pop little code bits like this up?

Mike

----- Original Message ----- 
From: <ciapug-request at cialug.org>
To: <ciapug at cialug.org>
Sent: Monday, August 08, 2005 12:00 PM
Subject: ciapug Digest, Vol 4, Issue 5


> Send ciapug mailing list submissions to
> ciapug at cialug.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://cialug.org/mailman/listinfo/ciapug
> or, via email, send a message with subject or body 'help' to
> ciapug-request at cialug.org
>
> You can reach the person managing the list at
> ciapug-owner at cialug.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ciapug digest..."
>
>
> Today's Topics:
>
>   1. Re: Zend certification (Chris Hettinger)
>   2. On or Off ... (Chris Hettinger)
>   3. Re: On or Off ... (Dave J. Hala Jr.)
>   4. Re: On or Off ... (Tony Bibbs)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 07 Aug 2005 17:22:49 -0500
> From: Chris Hettinger <cjh at raccoon.com>
> Subject: Re: [ciapug] Zend certification
> To: ciapug at cialug.org
> Message-ID: <42F689B9.2040209 at raccoon.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Myself and a few co-workers are going to pursue Zend Certified Engineer
> certification.
> (http://www.zend.com/store/education/certification/zend-php-certification.php)
>
> Begining Tuesday August 23rd at 1 PM we are going to meet for lunch and
> get started on our reading. We are planning to meet each week on tuesday
> to discuss the chapter reviewed that previous week. We'll take a little
> or as long as we need on each chapter, work on the practise tests, and
> discuss as needed.
>
> Zend has a study guide and a book of practice tests available for
> puchase. I've purchased both, so you may only your own study guide.
>
> All the information is there on Zend's site.
>
> We are planning to meet in a public place, likely the Pickerman's Deli
> on Westown (Near the large Wells Fargo complex)...
>
> Others are welcome to join us if this interests you and we can keep you
> updated.
>
> -ch
>
> David Champion wrote:
>> Chris,
>>
>> Can you post the info you mentioned the other day regarding the Zend PHP
>>  Certification?
>>
>> Thanks,
>>
>> -dc
>>
>> p.s. For those of you that missed the meeting on Wednesday, summary is:
>>
>> Mike, Barry, Chris and I met at the library, then went down to the Drake
>> Diner. We discussed some general PHP issues, Chris mentioned this Zend
>> PHP Certification class.
>>
>> I brought up the idea (started on the CIALUG list) about creating
>> something like drlunch.com - except make it actually useful. The basic
>> idea is a lunch meeting organizer, where you can form lunch groups, set
>> your preferences for location / time / day / food type, and also enter
>> restaurants and rate & categorize them.
>>
>> I said I'd put together some specs on this... could be a fun little
>> collaboration project.
>>
>> -dc
>>
>> _______________________________________________
>> ciapug mailing list
>> ciapug at cialug.org
>> http://cialug.org/mailman/listinfo/ciapug
>>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 08 Aug 2005 09:34:53 -0500
> From: Chris Hettinger <cjh at raccoon.com>
> Subject: [ciapug] On or Off ...
> To: ciapug at cialug.org
> Message-ID: <42F76D8D.80609 at raccoon.com>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> magic_quotes_gpc and register_globals .... On or Off ??
>
> I believe that, and correct me if I am wrong, most will say Magic Quotes
> = On and Registered Globals = Off.
>
> Arguements one way or the other?
>
> -ch
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 08 Aug 2005 09:49:57 -0500
> From: "Dave J. Hala Jr." <dave at 58ghz.net>
> Subject: Re: [ciapug] On or Off ...
> To: cjh at raccoon.com, PHP List <ciapug at cialug.org>
> Message-ID: <1123512597.1254.234.camel at dsl-69.marshallnet.com>
> Content-Type: text/plain
>
> Register globals off, is prefferred, unless you have some old php apps
> that didn't make use of $_POST  when posting variables.
>
> I believe globals off is now the default. You'll know right away if you
> got apps that require globals on. :)
>
> If you do, you may want to consider putting them on your list of apps
> that to be "phased out/rewrote" etc.
>
> :) Dave
>
>
> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
>> magic_quotes_gpc and register_globals .... On or Off ??
>>
>> I believe that, and correct me if I am wrong, most will say Magic Quotes
>> = On and Registered Globals = Off.
>>
>> Arguements one way or the other?
>>
>> -ch
>>
>>
>>
>> _______________________________________________
>> ciapug mailing list
>> ciapug at cialug.org
>> http://cialug.org/mailman/listinfo/ciapug
> -- 
>
> Open Source Information Systems (OSIS)
> Dave J. Hala Jr. <dave at osis.us>
> 641.485.1606
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 08 Aug 2005 10:55:10 -0500
> From: Tony Bibbs <tony at tonybibbs.com>
> Subject: Re: [ciapug] On or Off ...
> To: ciapug at cialug.org
> Cc: cjh at raccoon.com
> Message-ID: <42F7805E.1060100 at tonybibbs.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> For security reasons register_globals should be turned off, though as
> Dave mentioned, many older PHP apps require them.
>
> I prefer magic quotes to be turned off as well but that's simply because
> we use creole for database abstraction and it handles the quotes for us.
>  We've seen issues where PHP code gets ugly when you have a bunch of
> addslashes/stripslashes so it's best to leave that to something else
> (like you abstraction layer).
>
> Similarly PEAR::DB supports prepared statements which, if used, get you
> out of the business of worrying about quotes.
>
> --Tony
>
> Dave J. Hala Jr. wrote:
>> Register globals off, is prefferred, unless you have some old php apps
>> that didn't make use of $_POST  when posting variables.
>>
>> I believe globals off is now the default. You'll know right away if you
>> got apps that require globals on. :)
>>
>> If you do, you may want to consider putting them on your list of apps
>> that to be "phased out/rewrote" etc.
>>
>> :) Dave
>>
>>
>> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
>>
>>>magic_quotes_gpc and register_globals .... On or Off ??
>>>
>>>I believe that, and correct me if I am wrong, most will say Magic Quotes
>>>= On and Registered Globals = Off.
>>>
>>>Arguements one way or the other?
>>>
>>>-ch
>>>
>>>
>>>
>>>_______________________________________________
>>>ciapug mailing list
>>>ciapug at cialug.org
>>>http://cialug.org/mailman/listinfo/ciapug
>
>
> ------------------------------
>
> _______________________________________________
> ciapug mailing list
> ciapug at cialug.org
> http://cialug.org/mailman/listinfo/ciapug
>
>
> End of ciapug Digest, Vol 4, Issue 5
> ************************************

More information about the ciapug mailing list