PHP/MySQL Authentication
Snippet Menu
ranking 
|
date 
|
member
|
date
|
member
9
Fri. Oct. 14th, 2005 5:06 PM
Get a List of Folders and/or Files
23
Get the Size of a Folde
5
Random String
28
Create a Thumbnail
21
Proper Paragraphs
7
Using the extract() Functio
-7
I use this method for keeping my sql templates away from my code.
You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.
Things to note here:
The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.
vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.
The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.
Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).
You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.
Things to note here:
The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.
vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.
The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.
Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).
11
This only seems appropriate, we were fighting with a similar issue this morning.
11
From RSA Security's website:
"RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10^100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure."
This implementation encodes the byte stream to be encrypted "in-place".
Example:
"RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10^100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure."
This implementation encodes the byte stream to be encrypted "in-place".
Example:
Byte[] Key = new Byte[5] { 12, 34, 22, 12, 32 };
Byte[] B = new Byte[10] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
// Examine B array before and after this next call.
RC4(ref B, Key);
// Examine B array before and after this next call.
RC4(ref B, Key);
8
Fixed missing $ sign.
