Balderick

Members
  • Content count

    61
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Balderick

  • Rank
    Newbie

Recent Profile Visitors

3,648 profile views
  1. Sorry people here I have asked this before, so its a bit embarassing to me. But .... I have the following question. Its about using a function inside an if condition. The thing is that when I make a function with 2 returns in this case $data and $alternative I receive them both back. I ask this for grasping how a function acts inside an if condition. So my question is: how does the php engine ‘reason’? Is the outcome of the return ONLY POSSIBLE if you return 1 value inside an if condition; so either true or false ? Example: <?php function valid_someting($data){ global $alternative; $count=''; $count = strlen($data); if ( ($count < 8 && ($count > 4) ) ) { $data = preg_replace('/[^a-zA-Z0-9!@#$%^&*()\-_=+{};:,<.>]/', '', $data ); // $data = ltrim($data); $data = rtrim($data); return $data; } $alternative = $data; return $alternative; } $data = 'abcdabcdabcd'; if (valid_someting($data)) { echo 'color input field green'; } else if ($alternative == TRUE) { echo 'color input field RED'; } ?>
  2. oh wait. I figure out that the length of the hashed value is always 60 when you use password_bcrypt. I thought it would be doubling or exponential growing, but it is a fixed outcome, whether you choose a 5 letter password or a 160 chars long. this solves the database storage problem for setting the size of the column.
  3. Oh sorry I didnt mention I used bcrypt. If bcrypt only hashes that's okay. reading more at OWASP I discovered that the max password length they recommend is 160 chars. is there a way to calculate the size of the string stored after hashing it with bcrypt // password_hash // cost 11 ?
  4. I have a security question. Though I have gone through OWASP docs I still need to place specific things in the right perspective. It is actually quite brief regarding examples. But regarding security, I have to admit that I dont know much about how hackers are operating. What I know is that javascript can be included and mysql injection can be done if you don't escape well. I have a piece of regex to allow as much characters as possible for password input. So also the <> the dot . and the semi-colon ; and the string. After forcing the user to use the right characters the password is encrypted with blowfish. Im actually not sure what happens, because if you encrypt malicious code, you can finally make it work again when you decrypt it. Probably its naive to ask online for hacking examples, because then you inform hackers. Maybe if you cant make up any risky situation, you can give a recommendation for which characters should be avoided for a password input. All input is encryted with password_verify / Blowfish. Then prepared OOP queries store the variable in the database. regex: $var='/[!@#$%^&*()\-_=+{};:,<.>]/'; then the preg_replace does: if(preg_match_all($var,$pas_inp, $o)<2) { echo '<br><br>input should contain at least 2 special chars , try again'; return FALSE; } How risky (in which possible situations) is the use of: < > . ; $ & regarding javascript, mysql injection and other possible hacks. (sorry it is a very open question, but to avoid problems I have to start somewhere)
  5. [SOLVED]
  6. I guess I solved this by using amongst others str_replace for the unwished input and I found a regex online that replaced all except the % $url = preg_replace("/([^a-zA-Z0-9+&@#?=~_|!:,.;]+)/","",$url);
  7. Hi all, I have a problem for sanitizing / validating a web address input. My personal favor is doing it with regex. I made a simple example with preg_replace <?php if (!empty($_POST['wbddrss']) ) { $wbddrss = $_POST['wbddrss']; $wbddrss = trim($wbddrss); var_dump($wbddrss); $validate = preg_replace('/<>/' , '', $wbddrss); var_dump($validate); } ?> But I would like to replace all chars that do not meet what is allowed. I guess the best solution would be to replace everything with a caret to negate. But it seems I cant find the right delimiters. This is the range of characters I would like to allow: A-Za-z0-9+&@#/%?=~_|!:,.;\(\) how is this done in a preg_replace function?
  8. sorry, I have not been able to solve it already. i got results and the output was that related to 3 different fields in table one; the record in table 2 was printed 3 times. When I added a record to table 2 this one was also 3 times printed so I bascially got six results. Is it possible anyway to have 1 columns like a unique number (unique_nr) in both tables and then as a result have f.i. multiple records for table 1 and only 1 for table 2? And is JOIN the right query or should I use something different. or (as I'm getting a bit impatient) should I just select the unique number first in table 2 and then use a second separate query to find the record values of table 1?
  9. Is it necessary to open the 2 different databases or not? How is this done in 1) phpmyadmin, 2) mysql console, 3) php script? with select database() in the console only 1 database is shown.
  10. I get an error message (error message 1054) : unknown column w.title in field list. What should I do to open 2 databases? I work now in the mysql console, but I'm not sure wether it is possible or not.
  11. Its not clear what is meant with the w and the c. Are this the tables? And what is client then in database1.client or writers in database2.writers? Is that also a table?
  12. Hi all, I have a question about join or inner join; not sure in what way it should be used. I now use 2 queries in 2 different databases (made in phpmyadmin). SELECT `title` FROM `writers` WHERE id ='qwert58efedd1979f'; SELECT `name`, `lastname`, `str`, `nr`,` place` FROM `client` WHERE id ='qwert58efedd1979f'; I would like to make one mysql query and use join to search in 2 tables in 2 different databases. Can anyone tell how mysql does this?
  13. Wait ................ I saw the light after adding brackets to $array_of_val1 thanks for the help .
  14. I added this code in the loop : while ($stmt->fetch()) { $array_of_val1 = array($val1); var_dump($array_of_val); } but the result is that the both the offsets appear to be 0 and not 0 and 1 .
  15. why should the output be called from within the function?