Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Portal
  Question regarding SQL injection
Posted by: El Forum - 11-07-2008, 08:41 AM - Replies (8)

[eluser]Comanche[/eluser]
Hi there,

I'm currently checking my current project for security against sql injection.

I use query bindings most of the time but I'm not sure if I understand the whole thing right.

For example I have the follwing code fragment:

Code:
$query = array( $data['name'],
                $data['passwd'],
                $data['kid']);
              
$sql = "UPDATE customers SET
            name=?,
            passwd=?
        WHERE
            kid=?";
                          
$this->db->query($sql, $query);


All the data is passed via POST to the page and at this point I already checked the values, so I know for sure, that kid will be a positive integer.
My problem is the 'passwd'-field, since I want to allow all characters to make brute force attacks less efficient (makes about 95 possible characters per position, at least 6 characters per password -> 95^6 possible passwords). That means that I check 'passwd' for [:graph:] with preg_match.
But that means also that I can type any possible mysql command into the password field. So one could type
Quote:0 WHERE kid=%; #
which would result in this query
Code:
UPDATE customers SET name=xyz, passwd=0 WHERE kid=%; # WHERE kid=abc;

I'm wondering if query bindings really escape everything which means that the injection from above would result in
Code:
UPDATE customers SET name='xyz', passwd='0 WHERE kid=%; #' WHERE kid='abc';

Edit: Ok, this example isn't perfect since I don't allow whitespaces within the password. But the basic problem would remain the same for a password like

Quote:0;####
which would result in

Code:
UPDATE customers SET name=xyz, passwd=0;#### WHERE kid=abc;

I'm also wondering what happens to double and single quotes within the password.


  Upload problem
Posted by: El Forum - 11-07-2008, 08:38 AM - Replies (1)

[eluser]bastones[/eluser]
Basically I can't get data for the uploaded file such as ['file_name'], etc.

Controller:

Code:
<?php
    class Upload extends Controller {
        public function Upload() {
            parent::Controller();
            $this->load->helper('form');
            $this->load->helper('url');
        }
        public function index() {
            $this->load->view('upload_view');
        }
        public function upload_now() {
            $config['upload_path']="uploads";
            $config['allowed_types']="jpg|jpeg|png|gif";
            $config['max_size']="5120";
            $config['overwrite']=TRUE;
            $this->load->library('upload',$config);
            if($this->upload->do_upload()) {
                $data=array('upload_data'=>$this->upload->data);
                $this->load->view('upload_success_view',$data);
            }
            else {
                $data=array('error'=>$this->upload->display_errors());
                $this->load->view('upload_view',$data);
            }
        }
    }
?>

upload success:
Code:
<?php
        echo "Uploaded successfully!<br />";
        foreach($upload_data as $d => $a) {
            echo $d.':'.$a;
        }
?&gt;

nothing is outputted on upload success. I tried on both localhost and server to no avail?


  Routing and refresh data
Posted by: El Forum - 11-07-2008, 08:20 AM - No Replies

[eluser]Unknown[/eluser]
Hi,

at first, I would like to apologize for my english. I am new to CI and I encounter a problem when i develop small web site. I use routing for show items from category and subcategory. Like that...

Code:
$route['instruments/(:any)/(:any)/(:any)'] = "instruments/produkt_detail/$1/$2/$3";
$route['instruments/(:any)/(:any)'] = "instruments/model/$1/$2";
$route['instruments/(:any)'] = "instruments/category/$1";

I do it like this, because i want to have url for example like this "http://example.com/instruments/guitar/classic/1-classic-vocal".

And now where is the problem. It is working fine, but when I change data (insert new product to database), it shows new inserted data after 2 or 3 refresh, and I must do refresh in every category or subcategory separately.

Can you help me?? any suggestion??
I hope that's clear and you understand my english :-)

Thank you


  Another View Hurdle
Posted by: El Forum - 11-07-2008, 07:52 AM - Replies (2)

[eluser]escape[/eluser]
I've been, for some time, trying to find a good way to integrate standard web page designs into the CI view hierarchy. For the most part I had to resort to various hacks to make web pages display correctly without breaking links to assets within the page. Although I've got a process to make this work I'm hoping others in the CI community can recommend a better approach.

Here is the workflow I'm faced with. A web designer creates a set of pages which will represent the look and feel of the application I wish to create with CI. The designer, who doesn't know anything about CI, creates the pages with relative references to all assets. I copy the pages to the CI view directory where they will be used in conjunction with CI's template parser class.

Without any modification CI will display the assigned template pages however all asset links will be broken. This situation can be overcome by inserting the html base tag in the head of the template page

Code:
&lt;base href="{base_url}" /&gt;

where {base_url} ($config['base_url'] = "http://127.0.0.1/CI/";) is assigned in my controller (mycontroller.php) as follows:
Code:
function index() {
$data = array(
    'base_url' => base_url() . 'system/application/views/',
    'content' => 'Some Content I wish to display'
    );
$this->parser->parse('mypage.htm', $data);
}

This arrangment appears to work fine until I need to call a function within my controller. For example my page may have a form where the action references a controller function like:

Code:
&lt;form action="mycontroller/a_function" method="post"&gt;

When I submit this form CI routes the post to:
http://127.0.0.1/CI/system/application/v...a_function
which throws the Object not found! error because CI is looking for the controller in the views directory.

To rectify this I must re-factor the form action to:
&lt;form action="../../../index.php/mycontroller/a_function" method="post"&gt;
I don't know if this is appropriate or if I will run into other problems in the future. I'm hoping other more experienced CI developers will be able to advise me on a better approach.


  php date mktime related question
Posted by: El Forum - 11-07-2008, 07:49 AM - Replies (2)

[eluser]quasiperfect[/eluser]
hi

can anyone spot the bug in this code because i'm going nuts.
thanks a lot

Code:
function to_timestamp($str) {
$segmente = explode(" ",$str);
$data = explode("-",$segmente[0]);
$timp = explode(":",$segmente[1]);
$timestamp = mktime($timp[0], $timp[1], $timp[2], $data[1], $data[2], $data[0]);
return $timestamp;
}
$str="2008-11-07 10:02:00";
$timestamp = to_timestamp($str);
echo 'this script should return '.$str.' insted is returning '.date("Y-m-d H:m:s",$timestamp).'<br />';

for
Code:
$str="2008-10-07 13:02:40"
this script should return 2008-10-07 13:02:40 insted is returning 2008-10-07 13:10:40

after some random testing i observed that the month is passed to the minutes
change the month to any month and see the result at minutes


  Why should I write a library rather than a helper?
Posted by: El Forum - 11-07-2008, 07:18 AM - Replies (3)

[eluser]surfgatinho[/eluser]
I have a few functions that I need to call from various controllers. I have previously written helper for such functions, e.g. to create a dynamic menu.

Now I'm wondering what reasons I'd want to write a library rather than a helper (except to keep the code more OO)?


  How can i load a library file in a helper file?
Posted by: El Forum - 11-07-2008, 06:48 AM - Replies (8)

[eluser]haraldo[/eluser]
Hi there,

Newbi question.

How can i load a library file in a helper file?

I've tryed loading the library but i get the error:

PHP Fatal error: Using $this when not in object context in...

I'm aware of what the error means. I could probably hack it but how in codeigniter can i do it nicely?!

Thanks


  CodeIgniter license
Posted by: El Forum - 11-07-2008, 06:28 AM - Replies (3)

[eluser]Hannes Nevalainen[/eluser]
Hello, I'm wondering about the license of CI. Does it allow me to use some of their libraries in my own framework?


  Sending mails failing
Posted by: El Forum - 11-07-2008, 05:39 AM - Replies (10)

[eluser]bhakti.thakkar[/eluser]
hi all,

i am trying to send mails once the required details and validations are done

Code in Controller: register.php

Code:
$this->load->library('email');

$email_body = " Relation ID SI: ".$Relation_ID." has requested for a username and password <br> Kindly do the needful. ";
$config['mailtype'] = 'html';
$this->email->initialize($config);
$senderInfo = " MY COMPANY ";
$this->email->to("[email protected]");
$this->email->from("[email protected]", "Bhakti Thakkar");
$this->email->subject("New registration request");
$this->email->message($email_body);
$this->email->send();

But somehow my mails are not sent. i have yet changed anything in config/Email.php. this is just a test mail which i am trying to do. where is my code failing


  Can't load an XML File
Posted by: El Forum - 11-07-2008, 05:37 AM - Replies (1)

[eluser]donkey_[/eluser]
Hi it's me again


I have this question ... currently i work on a project where i'm late well .. it's only a simple PHP site
so i used Codeigniter to build the website ... my costumer don't have any Databases ... so I must use SIMPLE XML .... i tried it ... but that doesn't Work

Code:
class Page extends Controller {

    public function view($id)
    {
        $output=array();
        if(file_exists("content.xml"))
        {
        $xmlFile=simplexml_load_file("content.xml");
        foreach($xmlFile->content as $output['content'])
            {
                echo $output['content']->id;
            }
        }else{
            echo "Can't find any file";
        }

    }
}


and so i put the file in
Code:
system/application/controller/page.php
and i put my "content.xml" also
in
Code:
system/application/controller/content.xml

but my script sayes that he can't find my file

why? I'm asking because normaly that works


Best regards - donkey_

[EDIT]
remember my script is at all not finished ... it's currently only my file problem .. the rest i will eleminate the rest of my errors :-D
[/EDIT]


Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

Latest Threads
Codeigniter Shield Bannin...
by kenjis
1 hour ago
SQL server connection not...
by kenjis
1 hour ago
Best way to create micros...
by kenjis
3 hours ago
How to use Codeigniter wi...
by kenjis
3 hours ago
Getting supportedLocales ...
by kcs
9 hours ago
Component help
by FlashMaster
Today, 01:41 AM
Show logo in email inbox
by WiParson
Today, 12:48 AM
CI 4.5.1 CSRF - The actio...
by jackvaughn03
Yesterday, 10:17 PM
Limiting Stack Trace Erro...
by byrallier
Yesterday, 02:21 PM
Bug with sessions CI 4.5....
by ALTITUDE_DEV
Yesterday, 01:36 PM

Forum Statistics
» Members: 85,228
» Latest member: 789club15vip
» Forum threads: 77,577
» Forum posts: 375,977

Full Statistics

Search Forums

(Advanced Search)


Theme © iAndrew 2016 - Forum software by © MyBB