It's been over 20 years but actually, I remember my c64 days still. When files are deleted, only the first byte would be removed from Track 18 where the directory contents are stored. The subsequent bytes would translate to the physical location by Track and Sector, followed by the filename, and the first several byte of each disk sector would give you the location of the following sector in that file. Following this, you can manually find contents of deleted files and so forth. There was a bunch of disk utilities that allowed you to inspect raw disk data. Qwikcopy comes to mind, but it's been decades, not years so I'm not entirely sure. There's also Disk Nibbler utilities that would allow you to clone disks bit by bit. I even remember the transfer rate of one side of a 5 1/4 disk over a 300bps pocket modem would be 6 hours. Painful.
SYS64738!
I was just demonstrating, with one line, that it's quite simple to traverse through the array and make the user input safe, as there was a comment about having to remember all the user variables you are assigning. Whether you want to use htmlspecialchars or str_replace to do some regex, it's up to you and the options are endless. And to answer, if you want the plain text of what was suppied, you can run the variables through the html_entities_decode function. These are specifically what these functions were built for. And your second comment, right, the option ENT_QUOTES should only be used.
There's a simple and painless way to validate all form input in php with one line of code. Since they are stored as an array, just run it through a foreach loop with the htmlspecialchars function sanatizing the variables like this.. (you can also flag the ENT_NOQUOTES or the ENT_QUOTES switch to prevent against sql injection too)
Slashdot Mirror
What I want to know is, HOW in the world did this comment ever score a 5 for interesting?
triber?
We have similar issues up here in Toronto but I solved this the easy way. I took a magnet to my drivers license.
It's been over 20 years but actually, I remember my c64 days still. When files are deleted, only the first byte would be removed from Track 18 where the directory contents are stored. The subsequent bytes would translate to the physical location by Track and Sector, followed by the filename, and the first several byte of each disk sector would give you the location of the following sector in that file. Following this, you can manually find contents of deleted files and so forth. There was a bunch of disk utilities that allowed you to inspect raw disk data. Qwikcopy comes to mind, but it's been decades, not years so I'm not entirely sure. There's also Disk Nibbler utilities that would allow you to clone disks bit by bit. I even remember the transfer rate of one side of a 5 1/4 disk over a 300bps pocket modem would be 6 hours. Painful. SYS64738!
I was just demonstrating, with one line, that it's quite simple to traverse through the array and make the user input safe, as there was a comment about having to remember all the user variables you are assigning. Whether you want to use htmlspecialchars or str_replace to do some regex, it's up to you and the options are endless. And to answer, if you want the plain text of what was suppied, you can run the variables through the html_entities_decode function. These are specifically what these functions were built for. And your second comment, right, the option ENT_QUOTES should only be used.
Also, I agree that this article is a bit alarmist, but it's always a good exerise to think about application security.
after reading this, why does this story remind me of this -> http://video.google.com/videoplay?docid=6880888700 625496919