Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 25
Members Online: 1

Registered Members: 82852
Newest Member: sockpuppets
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Page 2 of 3 < 1 2 3 >
Author

RE: mysql/php

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 20-07-09 18:59
Oh yeah, most programming errors are usually just forgetting a ; or a ' or mixing up a 1 with a l.
You can't really get bored with a programming language unless you just learn the syntax and then nothing else. You need a nice project. For example, make a text-based rpg in python. Make it so it loads a map, has menus, new character, you can switch items, fight creeps, get quests, etc. I've been working on one in C++ for a while (well, last time was around 9 months ago Pfft)


Wisdom spared is wisdom squared.
Author

RE: mysql/php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-09 19:09
Demons Halo wrote:
haha I love chocolate, I even married it once!

Damn it, I suspected that bitch was cheating on me, but with you of all people?


Just to be 100% clear... I HATE BUILDING WEBB BASED PROGRAMMING.

w00t? You just wasted one hundred poor little percentages, have you no shame?

I joined this community so that I could learn a bit about computer languages (and thnx to ynouri7 I started with python).

Oi! Respect the man who teaches you and get his name right, you even did an edit and left it the same.


yesterday I got bored so I thought that maybe it's time to start with something else like PHP/MySQL Pfft and so fast everything seems easy and fun =D

So, now for my actual point from previously which from what I managed to understand from what you wrote, you had some issue with or something.
If you dislike "BUILDING WEBB BASED PROGRAMMING" then know that http is just a protocol. (http <-- see the p?)
My reason for saying that it would be best to learn some basic http is that you will get a general understanding of how a request for a page looks like and how it's expected to be processed. Which will then make it easier to actually deal with things over the net if you ever have to program something that deals directly with these things. Furthermore you'll recognize the different parts of http when you learn PHP and remember what the hell they are and it'll be easier to understand what exactly PHP is expecting to do with it and how it'll work.
The basics in http isn't very much even, I'm just saying do yourself a favour, it's good to know.
Now if you'll excuse me I'm going to go try and talk to my chocolate about where our relationship is currently, and we were going to have children next year too Sad

P.S.
If you still don't get it I can shout at you some in Swedish too.


Author

RE: mysql/php

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 20-07-09 19:19
I've never really looked up http to understand how its basics work, as COM said. I started PHP in 6th grade and I was fine. Come on. You can't get it?


Wisdom spared is wisdom squared.
Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 20-07-09 20:51
COM wrote:
Damn it, I suspected that bitch was cheating on me, but with you of all people?

don't understimate me...

Oi! Respect the man who teaches you and get his name right, you even did an edit and left it the same.

dude... since when do I spell shit right? read through my previous posts and you'll see.


So, now for my actual point from previously which from what I managed to understand from what you wrote, you had some issue with or something.
If you dislike "BUILDING WEBB BASED PROGRAMMING" then know that http is just a protocol. (http <-- see the p?)
My reason for saying that it would be best to learn some basic http is that you will get a general understanding of how a request for a page looks like and how it's expected to be processed. Which will then make it easier to actually deal with things over the net if you ever have to program something that deals directly with these things. Furthermore you'll recognize the different parts of http when you learn PHP and remember what the hell they are and it'll be easier to understand what exactly PHP is expecting to do with it and how it'll work.
The basics in http isn't very much even, I'm just saying do yourself a favour, it's good to know.
Now if you'll excuse me I'm going to go try and talk to my chocolate about where our relationship is currently, and we were going to have children next year too Sad

P.S.
If you still don't get it I can shout at you some in Swedish too.


lol XD sure I'll check it out right now. And hey, I know what http stands for x_X

http://en.wikiped. . .r_Protocol
nothing really new there. I read about that shit while doing programming challenges!






Edited by Demons Halo on 20-07-09 21:14
base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 20-07-09 20:55
ranma wrote:
Oh yeah, most programming errors are usually just forgetting a ; or a ' or mixing up a 1 with a l.
You can't really get bored with a programming language unless you just learn the syntax and then nothing else. You need a nice project. For example, make a text-based rpg in python. Make it so it loads a map, has menus, new character, you can switch items, fight creeps, get quests, etc. I've been working on one in C++ for a while (well, last time was around 9 months ago Pfft)


I'm working ona game right now using python/pygame. It's fun but I need a break from all that shit Pfft


base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 20-07-09 22:55
MoshBat wrote:
Rather than include(), use require().
Include only gives a warning if a file is not found, but require halts the program.


SIR YES SIR! I'm using include atm, I'll replace it asap!

next question:
I've created several tables, one for each sub-site (downloads, projects, gallery, etc.). In every site (downloads.php, peojects.php, etc.) I use the mysql_connect function to connect to the mysql server.
Is this the right way of doing what I'm doing, or is there a better way? like connecting to the mysql and have the connection established all the time?


base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-09 22:57
ranma wrote:
Oh yeah, most programming errors are usually just forgetting a ; or a ' or mixing up a 1 with a l.


It is in those times that it's good to have a smart compiler that says "hey, you forgot a ';' at the end of line 69." or "possible misspelling: 'wanka' instead of 'wanker' at line 96.".


Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 20-07-09 23:03
c4p_sl0ck wrote:
ranma wrote:
Oh yeah, most programming errors are usually just forgetting a ; or a ' or mixing up a 1 with a l.


It is in those times that it's good to have a smart compiler that says "hey, you forgot a ';' at the end of line 69." or "possible misspelling: 'wanka' instead of 'wanker' at line 96.".


any recommendations? I want a compiler that can help me with python/php & (C/C++ soon enough Pfft)


base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 09:31
Well, for PHP I don't know any. I was just pointing out that a downside of not compiling is that you can't have a smart compiler.
Use an editor which color-codes and indents your code automatically and it'll be easy to spot syntax errors.


Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 21-07-09 12:09
c4p_sl0ck wrote:
Well, for PHP I don't know any. I was just pointing out that a downside of not compiling is that you can't have a smart compiler.
Use an editor which color-codes and indents your code automatically and it'll be easy to spot syntax errors.


and that's what I meant by "compiler" Pfft (Editor), and yes I know the difference -_-

ah Notepad++ was the name of the editor, thnx pikabat!




Edited by Demons Halo on 21-07-09 12:20
base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 15:20
Demons Halo wrote:
and that's what I meant by "compiler" Pfft (Editor), and yes I know the difference -_-


(thumbs up)
I think that the ConTEXT editor is good. http://www.contex. . .


Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 22-07-09 12:56
thnx sweety =D I'll check that one out as well =D

Now I've got a question... How about security? especially when it comes to avoiding sql injections, any tips?


base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php

pimpim
Member



Posts: 45
Location: Reading your /etc/shadow
Joined: 26.10.08
Rank:
Newbie
Posted on 22-07-09 13:42
Demons Halo wrote:
thnx sweety =D I'll check that one out as well =D

Now I've got a question... How about security? especially when it comes to avoiding sql injections, any tips?


Use addslashes() or (preferably) mysql_real_escape_string() to avoid SQL-Injections.

http://fi.php.net. . .string.php
http://fi.php.net. . .lashes.php






www.hellboundhackers.org/sig/c/34966/blow me.png
sa.backman@hotmail.com
Author

RE: mysql/php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-09 16:02
pimpim wrote:
Demons Halo wrote:
thnx sweety =D I'll check that one out as well =D

Now I've got a question... How about security? especially when it comes to avoiding sql injections, any tips?


Use addslashes() or (preferably) mysql_real_escape_string() to avoid SQL-Injections.

http://fi.php.net. . .string.php
http://fi.php.net. . .lashes.php





Yeah, definitly mysql_real_escape_string, it's the shizzle :ninja:


Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 23-07-09 14:13
ooookay =D

here is what I'm doing:

First I'm passing a lot of values in between pages with
Code

<a href='music-viewer.php?genre=bootleg'>whatever</a>





after that I grab the values & edit them in the music-viewer.php using
Code

$genre = $_GET['genre'];
$genre = mysql_real_escape_string($genre);





after that I connect using the following query
Code

$result =  mysql_query("SELECT * FROM music WHERE ggenre='$genre' ORDER BY date");





The code above does what it's suppose to do, although is it enough to prevent sql injections? I've been reading about real_escape_string and how it works (the escape backslash thingy). The method seems awesome, yet there are few people out there that keep yapping about needing more than that o prevent sql injections.


Edit:
http://www.rohita. . .t9626.html
This must be basics for some of you, yet I'm a bit concerned. using the '?xxx=yyy' extension to pass values in between pages seems a little risky. I'm using that sort of extension a lot atm --> passing values between pages --> values gets inserted in mysql_query statement.




Edited by Demons Halo on 23-07-09 19:24
base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 24-07-09 12:22
MoshBat wrote:
Demons Halo wrote:
ooookay =D

here is what I'm doing:

First I'm passing a lot of values in between pages with
Code

<a href='music-viewer.php?genre=bootleg'>whatever</a>





after that I grab the values & edit them in the music-viewer.php using
Code

$genre = $_GET['genre'];
$genre = mysql_real_escape_string($genre);





after that I connect using the following query
Code

$result =  mysql_query("SELECT * FROM music WHERE ggenre='$genre' ORDER BY date");





The code above does what it's suppose to do, although is it enough to prevent sql injections? I've been reading about real_escape_string and how it works (the escape backslash thingy). The method seems awesome, yet there are few people out there that keep yapping about needing more than that o prevent sql injections.


Edit:
http://www.rohita. . .t9626.html
This must be basics for some of you, yet I'm a bit concerned. using the '?xxx=yyy' extension to pass values in between pages seems a little risky. I'm using that sort of extension a lot atm --> passing values between pages --> values gets inserted in mysql_query statement.

It should do just fine.
Also:
$genre = mysql_real_escape_string($_GET['genre']);

Much simpler.


Although you may get a "Notice" from PHP if the script is accessed directly, as $genre will create a null reference.

Try:

Code

<?php

if( isset( $_GET['genre'] ) )
{
  $genre = mysql_real_escape_string( $_GET['genre'] );
 
  /* rest of code here */

}
else
  header( "Location: index.php" );

?>






img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: mysql/php

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 24-07-09 12:57
MoshBat wrote:
The one thing I forgot.
Though, to my defence, it was quite early in the morning.

EDIT:
Actually, System, this one is easier, though essentially the same, it depends on if the else is needed:
Code
<?php
if(!isset($_GET['genre'])){
   header( "Location: index.php" );
}
//else may be needed, it depends on what file you're using this in
$genre = mysql_real_escape_string($_GET['genre'])
?>




Yeah they both do the same thing practically. However, you don't need the braces on the if when it's just a one liner.

Code

if( !isset( $_GET['genre'] ) )
   header( "Location: index.php" );





Would do fine.

However the reason I chose to do it differently, is maybe there are multiple arguments, so it could check if genre exists, then do some code, then check if "subgenre" exists as well, in the same code block.

Code

<?php

if( isset( $_GET['genre'] ) )
{
  $genre = mysql_real_escape_string( $_GET['genre'] );

  if( !isset( $_GET['subgenre'] ) )
  {
     /* list subgenres */
  }
  else
  {
     /* do something */
  }
}
else
  header( "Location: index.php" );

?>






img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: mysql/php

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 24-07-09 14:57
Student vs. Master?

Give up already, Mosh Pfft



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 24-07-09 15:15
@ mosh indeed, using $genre is unnecessary -_-

@ spy how about me pawning both of them with my super duper script?

Code

$ggenre = mysql_real_escape_string($_GET['ggenre']);
$genre = mysql_real_escape_string($_GET['genre']);
            
if($ggenre != NULL){
   $result =  mysql_query("SELECT * FROM music WHERE ggenre='$ggenre' ORDER BY date");
}
else{
   $result = mysql_query("SELECT * FROM music WHERE genre='$genre' ORDER BY date");
}








Edited by Demons Halo on 24-07-09 15:15
base_dropper@hotmail.com www.demonshalo.com
Author

RE: mysql/php

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 24-07-09 23:13
MoshBat wrote:
Demons Halo wrote:
Code

$ggenre = mysql_real_escape_string($_GET['ggenre']);
$genre = mysql_real_escape_string($_GET['genre']);
            
if($ggenre != NULL){
   $result =  mysql_query("SELECT * FROM music WHERE ggenre='$ggenre' ORDER BY date");
}
else{
   $result = mysql_query("SELECT * FROM music WHERE genre='$genre' ORDER BY date");
}






Code
<?php
if($_GET['ggenre'] != NULL)
   $genre = mysql_real_escape_string($_GET['ggenre']);
else
   $genre = mysql_real_escape_string($_GET['genre']);

$result = mysql_query("SELECT * FROM music WHERE genre = '$genre' ORDER BY date");
?>






same shit different colors =D
Although I had an important question. I'm using mysql_connect in every php file without closing the connection at the end of the file.
Is this the right way or should I close the mysql connection after receiving the data?

This is how I'm doing it right now...

file1 (home.php):
Code

mysql_connect = ("localhost", "we", "we");

CODE GOES HERE





file 2 (gallery.php):
Code

mysql_connect = ("localhost", "we", "we");

CODE GOES HERE






base_dropper@hotmail.com www.demonshalo.com
Page 2 of 3 < 1 2 3 >