php Programming Glossary: unsafe

How to prevent code injection attacks in PHP?

http://stackoverflow.com/questions/1205889/how-to-prevent-code-injection-attacks-in-php

b strip_tags can leave certain tags in there . this is unsafe too so better use some full blown library against xss addslashes..

How to access PHP variables in JavaScript or jQuery rather than <?php echo $variable ?>

http://stackoverflow.com/questions/1808108/how-to-access-php-variables-in-javascript-or-jquery-rather-than-php-echo-vari

you should use Ajax. Using cookies for this is a very unsafe and unreliable way as they are stored clientside and therefore..

How to conduct buffer overflow in PHP/Python?

http://stackoverflow.com/questions/2081281/how-to-conduct-buffer-overflow-in-php-python

be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact using Pythons ctypes module..

Where to use mysql_real_escape_string to prevent SQL Injection?

http://stackoverflow.com/questions/2312051/where-to-use-mysql-real-escape-string-to-prevent-sql-injection

improve this question Basically each time you use some unsafe data user input value from a database a file or an external..

How should I choose an authentication library for CodeIgniter?

http://stackoverflow.com/questions/346980/how-should-i-choose-an-authentication-library-for-codeigniter

for 'temp' users ambiguous and redundant Uses potentially unsafe md5 hashing Failed login attempts only stored by IP not by username.. Failed login attempts only stored by IP not by username unsafe Autologin key not hashed in the database practically as unsafe.. Autologin key not hashed in the database practically as unsafe as storing passwords in cleartext Role system is a complete..

Secure hash and salt for PHP passwords

http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords

PHP passwords It is currently said that MD5 is partially unsafe. Taking this into consideration I'd like to know which mechanism.. one using SHA for example Would it make it safer or unsafer In case I wasn't clear enough I want to know which hashing..

Using mysql_real_escape_string with PDO (no connection to localhost server)

http://stackoverflow.com/questions/6191801/using-mysql-real-escape-string-with-pdo-no-connection-to-localhost-server

database libraries like this is a bad idea and potentially unsafe. mysql_real_escape_string needs an existing classic mysql_connect..

Which $_SERVER variables are safe?

http://stackoverflow.com/questions/6474783/which-server-variables-are-safe

of an attack. This is called a tainted variable and is unsafe. When using _SERVER many of the variables can be controlled... improve this question There's no such thing as safe or unsafe values as such. There are only values that the server controls.. regardless of HOST header this should be considered unsafe as well. See How safe is _SERVER �HTTP_HOST �] . Also see http..

Authenticate user for socket.io/nodejs

http://stackoverflow.com/questions/6502031/authenticate-user-for-socket-io-nodejs

even another password which is probably is going to be unsafe. I would advice you to have a look at openID via Google for..

How to determine wheter a file is still being transferred via ftp

http://stackoverflow.com/questions/7241978/how-to-determine-wheter-a-file-is-still-being-transferred-via-ftp

that. Anything based on polling the file size is racy and unsafe. Another scheme that also requires cooperation from the uploader..

Replacing mysql_* functions with PDO and prepared statements

http://stackoverflow.com/questions/8061185/replacing-mysql-functions-with-pdo-and-prepared-statements

typedata yes it's useless . But not because it is somewhat unsafe but just because of improper use. As for the displaying data..

Execute root commands via PHP

http://stackoverflow.com/questions/8532304/execute-root-commands-via-php

across a few solutions run apache with root user really unsafe. I do not want to do that. apache ALL NOPASSWD sbin service..

when is eval evil in php?

http://stackoverflow.com/questions/951373/when-is-eval-evil-in-php

PHP see below . The main problems with eval are Potential unsafe input. Passing an untrusted parameter is a way to fail. It is..

• unknown
• unless
• unlike
• unlikely
• unlimited
• unlink
• unload
• unlock
• unlocked
• unnecessarily
• unnecessary
• unordered
• unpack
• unpredictable
• unquoted
• unread
• unreadable
• unrelated
• unreliable
• unrepresentable
• unsafe
• unsecure
• unserialize
• unserialized
• unserialize_callback_func
• unserializing
• unset
• unsetting
• unsigned
• unsuccessful
• unsuccessfully
• unsupported
• unsure
• untested
• until
• untill
• untitled
• untouched
• untrusted
• unusable
• unused
• unusual
• unwanted
• unwieldy
• unzip
• up
• upcoming
• update
• update.php
• update2
• updated
• updated_at
• updated_post
• updates
• update_post_meta
• update_progress
• updating
• upgrade
• upgraded
• upgrades
• upgrading
• upload
• upload.php
• upload.wikimedia.org
• uploaddir
• uploaded
• uploadedfile
• uploaded_file
• uploader
• uploadfile