JohnGato Posted July 22, 2013 Share Posted July 22, 2013 Good Job HD Sorry to say this, but this module is broken beyond recognition. Some examples You are displaying cost of 2 credits for xanax, where when you go forward, it says 2 credits, and the sql says 1. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Displaying bad request twice? Why? Opening 2 tables without closing them? Without content either? WHY? I was initially going to re-code it, but then i thought.. Perhaps you should read some books first and then try create modules. Or expect to see me often pointing out your flaws. Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 your escape functions are doing properly sanitize and validate ??? and what are you doing for xss ? as per my view it is very important part of programming and i am not expert in these but little bit aware about these problem as per my view it is doesn't matter that you handle values by db or hard code so please try to escape your values properly, this is my point. Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 your escape functions are doing properly sanitize and validate ??? and what are you doing for xss ? as per my view it is very important part of programming and i am not expert in these but little bit aware about these problem as per my view it is doesn't matter that you handle values by db or hard code so please try to escape your values properly, this is my point. can you show me what is the problem guy's you need to show me your examples Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 can you show me what is the problem guy's you need to show me your examples please see the Alan and !Angel Post on this page "http://makewebgames.io/showthread.php/43753-Boolean-Given?p=294236#post294236" epically $_GET value validation by ctype_digit() Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 please see the Alan and !Angel Post on this page "http://makewebgames.io/showthread.php/43753-Boolean-Given?p=294236#post294236" epically $_GET value validation by ctype_digit() i just took a look but seriously in my case i don't need to use sprint f or ctype_digit() Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted July 22, 2013 Share Posted July 22, 2013 i just took a look but seriously in my case i don't need to use sprint f or ctype_digit() but you can use ctype_alnum Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ? - - - Updated - - - but you can use ctype_alnum am wrong on this point HD ? Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ? - - - Updated - - - am wrong on this point HD ? ctype_alnum checks if all the characters in your desired string are alphanumeric while ctype_digit() checks for numeric characters Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted July 22, 2013 Share Posted July 22, 2013 if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ? - - - Updated - - - am wrong on this point HD ? You can check this out: http://www.php.net/manual/en/ref.ctype.php It will show you all the ctype functions. All of these can be used with great benefit to type checking. Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 You can check this out: http://www.php.net/manual/en/ref.ctype.php It will show you all the ctype functions. All of these can be used with great benefit to type checking. HauntedDawg i have to say well done you have proved me wrong with all my respect sorry for acting like a dickhead :) maybe we can be friends? Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 my point was only safety nothing else friend ,that was just an example for validating you can use preg_match too and many more so please make it safe bcz get is non hide thing Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 my point was only safety nothing else friend ,that was just an example for validating you can use preg_match too and many more so please make it safe bcz get is non hide thing Cheers! m8 Quote Link to comment Share on other sites More sharing options...
Dominion Posted July 22, 2013 Share Posted July 22, 2013 my point was only safety nothing else friend ,that was just an example for validating you can use preg_match too and many more so please make it safe bcz get is non hide thing I'm actually going to challenge you to point out everything wrong (security wise) with this modification. Right now all of your posts are coming across as someone who is just throwing out random functions he thinks are linked to security, but has no idea why. BTW - please no one else come along and make a list before he answers. I'm trying to make a point to Rockwood... Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 I'm actually going to challenge you to point out everything wrong (security wise) with this modification. Right now all of your posts are coming across as someone who is just throwing out random functions he thinks are linked to security, but has no idea why. BTW - please no one else come along and make a list before he answers. I'm trying to make a point to Rockwood... Dominion you should check posts chain, i tried to improve his code and he told me escaping is wrong on $_GET variable the question from his side, not from mine and i am trying to explain him about xss attacks and what is wrong in it ?? Quote Link to comment Share on other sites More sharing options...
jcvenom Posted July 22, 2013 Author Share Posted July 22, 2013 Dominion you should check posts chain, i tried to improve his code and he told me escaping is wrong on $_GET variable the question from his side, not from mine and i am trying to explain him about xss attacks and what is wrong in it ?? AS my friend venom said this mod is not vulnerable to XSS attacks Quote Link to comment Share on other sites More sharing options...
rockwood Posted July 22, 2013 Share Posted July 22, 2013 i am leaving this thread. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.