Giving my service

[xFusion]

well hi am new to this forum and this topic is about me giving my service ill be securing files and alot more

secure per file - £2.00

Bug/error fixing per file - £0.50(depends on the bugs if it big or small.)

ALOT MORE but these are for now

i have seen a post from some one called Ben and want to seperate confusion don't think i am him i just thought ill help people out...

and also i accept only via paypal please dont PM or anything saying i will pay this/that via a different Source..

Edited June 26, 2011 by xFusion

[W3Theory || Peter]

The problem here, is that I don't think anyone knows you and to trust you right away on your knowledge of php,mysql or any other language would be not smart. Do you have examples you can post to show us some work you have done? It is strange that you came on right away after Ben posted and jumped to that conclusion without being on this community.

[Dominion]

Examples of your work in order to judge quality of "secure code" etc?

[xFusion]

Okay i will make a quick something for you to judge on

 

//Securing the $_GET vars (btw just made it for numeric style now securing the number )

$_GET['ID'] = ( isset($_GET['ID'])&&is_numeric($_GET['ID']) )?abs(intval($_GET['ID'])):'';
    if ( empty($_GET['ID']) ) {
  echo 'error message here';
  die($h->endpage());

//Securing $_POST (Numeric Style securing the Numbers)

$_POST['blah'] = ( isset($_POST['blah'])&&is_numeric($_POST['blah']) )?abs(intval($_POST['blah'])):'';

 

This is just $_POST and $_GET vars

this is another example

$_POST['blah'] = mysql_real_escape_string($_POST['blah']);

$_POST['blah'] = mysql_real_escape_string($_POST['blah']);

should be enough for you to judge on :P

Edited June 26, 2011 by Dominion
Changed to php tags

[xFusion]

well W3 i jumped on this thought its a decent community will get something for my self and can build up my repititon i know people wount trust me right away but i have to make a start somewhere or another to be able to build up

[Dominion]

well W3 i jumped on this thought its a decent community will get something for my self and can build up my repititon i know people wount trust me right away but i have to make a start somewhere or another to be able to build up

Well no you Didn’t “just jump onto this community” now did you? I will pm about this.

That aside, no it's not enough. Do you have any past works you can post?

[W3Theory || Peter]

Huh I wonder what you mean by that though Dominion? Is he another past account that is hiding? or a multi?

[Dominion]

Huh I wonder what you mean by that though Dominion? Is he another past account that is hiding? or a multi?

Same ip as “scorpiic venom” (http://makewebgames.io/member.php/66700-scorpiic-venom), but he claims they are college friends, and they are both on dynamic ips, so for now I am just going to keep in eye on it. Yes I did ask permission to post this fact.

[xFusion]

Dominon is right so now don't get it confused it 2 people on same Ip..

[seinkalar]

I prefer some mod check my pm box.

[Kieran-R]

Ha! I knew these guys were multis... Dominon, don't fall for it. They talk the same, they act the same.. There colledge friends? My arse they are...

[bluegman991]

his quick security mock up seems it could be 1 of the few things

1. He looked at a previous post and copy/pasted

2. Everyone checks if isset and is_numeric then wraps it in abs(intval())

3. I am wrong or that is how he was taught

4. I am completely wrong

Reason why i say this is because in most security posts or mods that claim to be secure i see the same code

$_GET['varhere']=isset($_GET['varhere']) && is_numeric($_GET['varhere']) ? abs(intval($_GET['varhere'])) : '';

lol its like its burned into my brain

anyway if i am wrong a few tips

1. You should leave abs() off not sure if you know what it does but it returns the absolute value of a number.

--- So I would leave it up to the owner if they wanted positive or negative numbers only.

--- You could screw something up in their database a wrong value is inserted because the number was positive and they were looking for negative.

2. Change the '' to NULL

--- Because you are setting the variable if you have it as '' which will cause isset($_GET['varhere']) to return true in all code after that. And the owner may check later to see if its set.

Edited June 28, 2011 by bluegman991

[W3Theory || Peter]

I prefer some mod check my pm box.

 

What do you mean by that?

[seinkalar]

Sorry...

Mod = Moderator

[Dominion]

Sorry...

Mod = Moderator

So you mean you want someone to check your pm's due to a problem or what? If there is a problem use the "report" button. It's a small triangle with the exclamation mark in.