Comments on: azPHP August meeting wrap up: Beginners Guide to PHP + a Short Introduction to PEAR

By: Joshua Eichorn

Joshua Eichorn — Thu, 25 Aug 2005 21:11:11 +0000

Were in Phoenix actually, but I understand the problem. The Boston PHP users group wanted me to talk about AJAX and I can’t go there. One option of course is to do remote presentations. I did one for the Frankfurt PHP users group, and it works ok, but I don’t think its near as nice as being there in person.

By: penizillin

penizillin — Thu, 25 Aug 2005 21:09:03 +0000

i would sincerely like to share my experience on that topic or just discuss with other interested developers about such issues, but it’s not easy to fly over from cologne to boston just in order to take part in one of these meetings.

By: Joshua Eichorn

Joshua Eichorn — Thu, 25 Aug 2005 20:51:17 +0000

penizillin:
Thats a good point, there are lots of security considerations in even simple software, and its something we didn’t get into at all. Hopefully we can get some security presentations on the menu. We just need to get someone to commit to doing one.

By: penizillin

penizillin — Thu, 25 Aug 2005 20:35:21 +0000

the php-tags were killed by the blog software.

alex used $_SERVER['PHP_SELF'] in order to address the form. just wanted to quote him.

the prepared link won’t work because of the curly quotes (they deserve to suffer in hell).

By: penizillin

penizillin — Thu, 25 Aug 2005 20:31:42 +0000

just took a look at alex’ presentation (especially mysql_demo.phps) and wanted to tell the readers to be careful by using the attribute

action=”"

within the form tags due to the possible xss vulnerabilty. just look at http://www.deanspot.org/introtophp/mysql_demo.php/“>screwed%20up

you may want to use getenv(’SCRIPT_NAME’) instead?
or (a little bit dirty) just action=”?”