Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules
Author Message
selectric
Regular
Regular


Joined: Aug 06, 2008
Posts: 65

PostPosted: Mon Feb 02, 2009 10:52 am Reply with quote

Hi, thanks for your time!

I understand SOME about securing info given from the sql (intval, stripslashes, check_html, etc..) But I need advice / help about this.

I am wondering about the following chunk of code I am using, related to the news articles. It doesnt have any of the above security functions. Is it secure enough to use on my site? If not, how would I secure it? Thanks!

Code:
$time = $myrow['time'];

formatTimestamp($time);
setlocale(LC_TIME, $locale);
ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime2);
$datetime2 = strftime(""._DATESTRING2."", mktime($datetime2[4],$datetime2[5],$datetime2[6],$datetime2[2],$datetime2[3],$datetime2[1]));
$datetime2 = ucfirst($datetime2);

echo 'Published on ' .$datetime2. '';


Also, if someone could help me secure the following time code:

Code:
$date = date("F j, Y, g:i a");


and ip collector code:
Code:
 $ip = $_SERVER['REMOTE_ADDR'];


Thanks again.
 
View user's profile Send private message
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Mon Feb 02, 2009 11:32 am Reply with quote

There is nothing there to secure.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
selectric
PostPosted: Mon Feb 02, 2009 12:47 pm Reply with quote

Hi, That's good to hear. Thanks!
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Feb 02, 2009 7:39 pm Reply with quote

Assuming the initial entry wasn't already injected with some bad code
Code:


$myrow['time']

I don't think there is anything to worry about. Even if it is, it is likely that your datetime code would give you a warning of an invalid parameter - not security issue.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©