[ciapug] Re: RE: On or Off

Mike Parks mparks at captainjack.com
Tue Aug 9 13:44:33 CDT 2005 

As I say this jokingly: "It's a .Net thing, I don't get it?"
Mike



At 12:00 PM 8/9/05, you wrote:
>Send ciapug mailing list submissions to
>         ciapug at cialug.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>         http://cialug.org/mailman/listinfo/ciapug
>or, via email, send a message with subject or body 'help' to
>         ciapug-request at cialug.org
>
>You can reach the person managing the list at
>         ciapug-owner at cialug.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of ciapug digest..."
>
>
>Today's Topics:
>
>    1. RE: On or Off ... (Dave J. Hala Jr.)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 09 Aug 2005 08:11:11 -0500
>From: "Dave J. Hala Jr." <dave at 58ghz.net>
>Subject: RE: [ciapug] On or Off ...
>To: carl-olsen at mchsi.com, PHP List <ciapug at cialug.org>
>Message-ID: <1123593071.1254.280.camel at dsl-69.marshallnet.com>
>Content-Type: text/plain
>
>Did you take a look at Mysql 5?  I believe (I'm fairly sure) that it has
>this ability.
>
>
>
>On Mon, 2005-08-08 at 21:05, Carl Olsen wrote:
> > Is a prepared statement the same thing as a stored procedure?  It's my
> > understanding that MySQL doesn't support them, which is why I've been using
> > PostgreSQL on my personal site (www.carl-olsen.com).  I know that the PEAR
> > DB functions support PostgreSQL.  I write stored procedures in PostgreSQL
> > using PL/pgsql and then make a class of functions that simply converts the
> > stored procedures to parameterized functions, with field names becoming the
> > properties and the add, update, and delete queries becoming the methods.
> > I'm not exactly sure if this protects me against SQL injection attacks, but
> > I'm thinking it does, since each parameter is fed into an input parameter
> > inside the stored procedure before anything happens.  I don't do any 
> kind of
> > checking for single or double quotes.  Have I got this right, or should 
> I be
> > laundering the user input as well?
> >
> > Carl
> >
> > -----Original Message-----
> > From: ciapug-bounces at cialug.org [mailto:ciapug-bounces at cialug.org] On 
> Behalf
> > Of Tony Bibbs
> > Sent: Monday, August 08, 2005 10:55 AM
> > To: ciapug at cialug.org
> > Cc: cjh at raccoon.com
> > Subject: Re: [ciapug] On or Off ...
> >
> > For security reasons register_globals should be turned off, though as
> > Dave mentioned, many older PHP apps require them.
> >
> > I prefer magic quotes to be turned off as well but that's simply because
> > we use creole for database abstraction and it handles the quotes for us.
> >   We've seen issues where PHP code gets ugly when you have a bunch of
> > addslashes/stripslashes so it's best to leave that to something else
> > (like you abstraction layer).
> >
> > Similarly PEAR::DB supports prepared statements which, if used, get you
> > out of the business of worrying about quotes.
> >
> > --Tony
> >
> > Dave J. Hala Jr. wrote:
> > > Register globals off, is prefferred, unless you have some old php apps
> > > that didn't make use of $_POST  when posting variables.
> > >
> > > I believe globals off is now the default. You'll know right away if you
> > > got apps that require globals on. :)
> > >
> > > If you do, you may want to consider putting them on your list of apps
> > > that to be "phased out/rewrote" etc.
> > >
> > > :) Dave
> > >
> > >
> > > On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
> > >
> > >>magic_quotes_gpc and register_globals .... On or Off ??
> > >>
> > >>I believe that, and correct me if I am wrong, most will say Magic Quotes
> > >>= On and Registered Globals = Off.
> > >>
> > >>Arguements one way or the other?
> > >>
> > >>-ch
> > >>
> > >>
> > >>
> > >>_______________________________________________
> > >>ciapug mailing list
> > >>ciapug at cialug.org
> > >>http://cialug.org/mailman/listinfo/ciapug
> > _______________________________________________
> > ciapug mailing list
> > ciapug at cialug.org
> > http://cialug.org/mailman/listinfo/ciapug
> >
> >
> > _______________________________________________
> > ciapug mailing list
> > ciapug at cialug.org
> > http://cialug.org/mailman/listinfo/ciapug
>--
>
>Open Source Information Systems (OSIS)
>Dave J. Hala Jr. <dave at osis.us>
>641.485.1606
>
>
>
>------------------------------
>
>_______________________________________________
>ciapug mailing list
>ciapug at cialug.org
>http://cialug.org/mailman/listinfo/ciapug
>
>
>End of ciapug Digest, Vol 4, Issue 7
>************************************

<><><><><><><><><><><><><><><>
Mike Parks
Captain Jack Communications
Email: techsupport at captainjack.com
Phone: 515-964-8500

More information about the ciapug mailing list