This is very helpful. Thanks. I'm going to have to go over it a few hundred times as a noob, but I like your pacing. A lot of online tuts are painfully slow and repetitive.
@derekbanas Derek at 4:33 you said something was unsafe. What did you mean? I don't recall you saying anything about it in later videos. Were you referring to checking if the form was submitted and doing that way was unsafe? if so what's the safe way?
@ZagreosTheUndead Basing a submissions safety off of values in hidden fields isn't safe. I cover how to eliminate the need to do this in later tutorials. I create a unique token key that changes each time a user changes the page.
Why can't you just hard code the host, username, and password into the mysql_connect function, instead of using constants? If you write mysql_connect('host','username','password') how would a hacker be able to change the values?
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values(worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
@jakaradee If you need to use data in anyway just use it in you php code on the server. It's safe to do anything on the server as long as their is no way to access that information using JavaScript.
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely?
@ethanmaher2010 You should always store security related functions in a hidden configuration file if you can. Sometimes I'm forced to cram functions into one file for these tutorials, but it's definitely best to break up the content.
1.is it still safe and possible to include those preg_ match functions in another function in configdb? so for example you have
function preg (_POST['value'],min,max,type) where min is minimum character max is maximum character and type is the type (e.g. email,address,general). if ok , it will go to escape_data otherwise it will exit
2. in GET,is using the above function and str_replace to replace dangerous regular expressions with a space instead ok?
@jakaradee Yes that is actually how I do it. I always separate my code into outside utility files. I just find it hard to work with numerous files in tutorials. You should definitely set everything up in the way you described
Hmm, just curious couldn't you use a .ini file outside the main directory of the website and then using a class parse that file to get your important information, especially if you do need to change the data further down the lines? If this makes sense at all.
@AtrianArk Yes you could hard wire the database and then eliminate the need to have the database access file all together. That would actually be best for security and it is what I normally do in the real world.
hi Derek just wondering about where should I put the regular expression code exactly? Should I put in the config file, or in my main index.php file? thanks
The best short explanation of regex if have seen so far. Just watched this first part. I'm developing my own CMS in PHP and am particularly interested in session security since there's an admin panel which allows users to maintain there website.
@sie85 I cover session security in my web design and programmin tutorial pt 20 - 24. Glad you like the videos. Your English is great. Mine isn't perfect either because I'm from the u.s. ;)
Is there any difference between doing like you do:
"require_once("../connect.php")" and "include("../connect.php")"
and if so, what is the difference?
MIDIS0NG 6 days ago in playlist Php kolla
@MIDIS0NG require_once checks if the file has already been included, and if so, won't include it again
derekbanas 6 days ago
This is very helpful. Thanks. I'm going to have to go over it a few hundred times as a noob, but I like your pacing. A lot of online tuts are painfully slow and repetitive.
yesanded 2 months ago
@yesanded Thank you. That's why I make all of my videos quick. The slow tutorials always drove me mad as well :)
derekbanas 2 months ago
@derekbanas Derek at 4:33 you said something was unsafe. What did you mean? I don't recall you saying anything about it in later videos. Were you referring to checking if the form was submitted and doing that way was unsafe? if so what's the safe way?
ZagreosTheUndead 5 months ago
@ZagreosTheUndead Basing a submissions safety off of values in hidden fields isn't safe. I cover how to eliminate the need to do this in later tutorials. I create a unique token key that changes each time a user changes the page.
derekbanas 5 months ago
@derekbanas I see, I must have over looked it. Thank you.
ZagreosTheUndead 5 months ago
This is complete and utter shit
therealnod 6 months ago
Did you said this is not safe ? Why is not ?
lordzzcabe 8 months ago
@lordzzcabe I point out a bunch of security holes in PHP in this tutorial series. I then show you how to close them
derekbanas 8 months ago
Why can't you just hard code the host, username, and password into the mysql_connect function, instead of using constants? If you write mysql_connect('host','username','password') how would a hacker be able to change the values?
MikeEBrady 9 months ago
@MikeEBrady You could and that is what I do whenever I don't plan to have many databases. Good point :)
derekbanas 9 months ago
This has been flagged as spam show
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values(worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
jakaradee 10 months ago
This has been flagged as spam show
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
jakaradee 10 months ago
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely
jakaradee 10 months ago
@jakaradee If you need to use data in anyway just use it in you php code on the server. It's safe to do anything on the server as long as their is no way to access that information using JavaScript.
derekbanas 10 months ago
hi again. sorry to ask again but seems like you are the best person to ask regarding security questions!
basically at a moment, im having trouble storing dangerous user input into my mysql tables before i make it pass the exit function. so for example. if (not pass) {insert into errortable error(worderror) values($worderror)} however, since i want to see the raw data , its dangerous to do that right? since its now prone to all the hacking method? so howdo i stor dangeruser input data safely?
jakaradee 10 months ago
hi derek.great video.just wondering where should I store the regular expression cod e in the config file or in my index.php file? Thanks
ethanmaher2010 10 months ago
@ethanmaher2010 You should always store security related functions in a hidden configuration file if you can. Sometimes I'm forced to cram functions into one file for these tutorials, but it's definitely best to break up the content.
derekbanas 10 months ago
Comment removed
ethanmaher2010 10 months ago
1.is it still safe and possible to include those preg_ match functions in another function in configdb? so for example you have
function preg (_POST['value'],min,max,type) where min is minimum character max is maximum character and type is the type (e.g. email,address,general). if ok , it will go to escape_data otherwise it will exit
2. in GET,is using the above function and str_replace to replace dangerous regular expressions with a space instead ok?
jakaradee 10 months ago
@jakaradee Yes that is actually how I do it. I always separate my code into outside utility files. I just find it hard to work with numerous files in tutorials. You should definitely set everything up in the way you described
derekbanas 10 months ago
*Presses the Like button*
Remi1115 11 months ago
@Remi1115 I'm glad you liked it
derekbanas 11 months ago
nice tutorial keep it up
janebbdou06 11 months ago
@janebbdou06 I'm glad you liked it. I did many more as I dove deeper into the hacker underground
derekbanas 11 months ago
Hmm, just curious couldn't you use a .ini file outside the main directory of the website and then using a class parse that file to get your important information, especially if you do need to change the data further down the lines? If this makes sense at all.
AtrianArk 11 months ago
@AtrianArk Yes you could hard wire the database and then eliminate the need to have the database access file all together. That would actually be best for security and it is what I normally do in the real world.
derekbanas 11 months ago
Comment removed
ethanmaher2010 10 months ago
This has been flagged as spam show
hi Derek just wondering about where should I put the regular expression code exactly? Should I put in the config file, or in my main index.php file? thanks
ethanmaher2010 10 months ago
This has been flagged as spam show
I can not wait for more PHP / MySQL security tutorials. Thank you for all your work
monofono2006 1 year ago
The best short explanation of regex if have seen so far. Just watched this first part. I'm developing my own CMS in PHP and am particularly interested in session security since there's an admin panel which allows users to maintain there website.
Sorry for possible bad English (I'm dutch)
sie85 1 year ago
@sie85 I cover session security in my web design and programmin tutorial pt 20 - 24. Glad you like the videos. Your English is great. Mine isn't perfect either because I'm from the u.s. ;)
derekbanas 1 year ago
I can not wait for more PHP / MySQL security tutorials. Thank you for all your work
pioneerx01 1 year ago 2
@pioneerx01 More is coming. I'll start with the basics being SQL injection and move on to all of the other nasty techniques and how to stop them.
derekbanas 1 year ago