Search found 12 matches

by dinoroger
Fri Feb 24, 2017 7:13 am
Forum: mySQL & php coding
Topic: php switch only using the default code block
Replies: 2
Views: 1216

Re: php switch only using the default code block

Try changing
switch ($cname)
to
switch (trim(strtoupper($cname)))

You never know when your value can comes in with a hanging space or wrong case. Then as you are already doing always case for the upper case value.
by dinoroger
Thu Feb 23, 2017 10:24 am
Forum: PHP General
Topic: Secure dynamic query (PDO)
Replies: 7
Views: 2326

Re: Secure dynamic query (PDO)

I am getting close to having a prototype finished of a complete interface system and was wondering if any would volunteer to take a look at it when ready. It would be a little too large just to paste the code on the forum but I have a website where I can place the documentation, videos, and download...
by dinoroger
Thu Feb 23, 2017 10:21 am
Forum: PHP & MySQL Security
Topic: PHP Password Login
Replies: 4
Views: 2733

Re: PHP Password Login

The constant makes allot of sense. Yes I will try to use cleaner code but I just quickly put together this example with no real though other that the functionality. I guess I am glad that no one has spoken of a huge design flaw as of yet. Other than the method of coding any thoughts about the overal...
by dinoroger
Thu Feb 23, 2017 5:56 am
Forum: PHP & MySQL Security
Topic: PHP Password Login
Replies: 4
Views: 2733

Re: PHP Password Login

Thanks yeah I got lazy and was used to using my function openWindowWithPost for a quick form for mainly POSTing to a new window browser. In this example yeah the function is not needed. Getting back to the question on hand. Is the security method sound? I know the strength relies on a good password....
by dinoroger
Wed Feb 22, 2017 7:39 pm
Forum: PHP & MySQL Security
Topic: PHP Password Login
Replies: 4
Views: 2733

PHP Password Login

So I am attempting to create a very simple password only login page to navigate to secure PHP file (admin.php). When I mean simple it does not require a username and does not use a database in any way. It is of course as secure as the password you create. Currently my main protection is PHP itself a...
by dinoroger
Tue Feb 21, 2017 1:26 pm
Forum: PHP General
Topic: Secure dynamic query (PDO)
Replies: 7
Views: 2326

Re: Secure dynamic query (PDO)

You can still use UNION in the query you just can't make a dynamic word with the word UNION or the value you are replacing it with contain the word UNION. Most of the times the query will be 99% intact as a normal query with only a few places being dynamic. I just did not want to limit on what parts...
by dinoroger
Tue Feb 21, 2017 12:12 pm
Forum: PHP General
Topic: Secure dynamic query (PDO)
Replies: 7
Views: 2326

Re: Secure dynamic query (PDO)

Thanks but the example I gave is not the problem as it was just an example. It could be the database name, table name, select column name, order, group, and any number of things that could be dynamic. So the management system does not care what you want to be dynamic as long as it follows some rules...
by dinoroger
Tue Feb 21, 2017 8:51 am
Forum: PHP General
Topic: Secure dynamic query (PDO)
Replies: 7
Views: 2326

Re: Secure dynamic query (PDO)

So let me give you more details on why I want such as system and maybe it will make more sense: Between all our servers other then when developing we want to keep all code on all servers the exact same. We even have pages that detect if a server file is different via modified date or size between th...
by dinoroger
Tue Feb 21, 2017 7:47 am
Forum: PHP General
Topic: Secure dynamic query (PDO)
Replies: 7
Views: 2326

Secure dynamic query (PDO)

Yes I know the title for many is an oxymoron. ;) I am attempting to create a database connection and query management system that auto switches the connections and dynamics of the query based on the web server that the code is running from. The function will ask for a connection id, query id and arr...
by dinoroger
Mon Feb 20, 2017 3:55 pm
Forum: PHP General
Topic: PDO Prepared Param - Different Results
Replies: 5
Views: 1637

Re: PDO Prepared Param - Different Results

This may explain it http://php.net/manual/en/language.types.type-juggling.php Thanks that is interesting. When I type '3' into the query I was expecting it to behave the same and only return 3 of the 4 rows since you are asking if age > '3' as a string but apparently MySQL can pretend that '3' is r...
by dinoroger
Mon Feb 20, 2017 2:50 pm
Forum: PHP General
Topic: PDO Prepared Param - Different Results
Replies: 5
Views: 1637

Re: PDO Prepared Param - Different Results

Thanks. I get the string vs int thing when doing a WHERE but if I were to use it set as 3' or just 3 in the static query it works differently. My question is why does a prepared bind param change the behavior compared to a static query? This is not a good real world example just found it weird that ...
by dinoroger
Mon Feb 20, 2017 2:20 pm
Forum: PHP General
Topic: PDO Prepared Param - Different Results
Replies: 5
Views: 1637

PDO Prepared Param - Different Results

Below is a test example of the problem I was able to reproduce using prepared statements for a MySQL query. When using a static query it works fine but as soon as I attempt a prepared param the results change. It has something to do with the column schema type I know. See the 2nd code section for mo...