YetAnotherForum (YAF — pronounce “laugh”) is a forum package based on ASP.NET (C#) and Microsoft SQL Server. It has tons of features and functionality, and it use my , but when tasked with customizing it… well, that can be not quite so easy.
(more…)
I am learning ASP and ASP.NET for my new job, and today I was working on manipulating a Microsoft SQL database (SCUD) when I ran into a roadblock. I knew I had to use my own user credentials to connect to the secret through ASP.NET, something I thought would be a very simple matter. Well after fifteen minutes of attempting to work out why I couldn’t connect with my username and password (trying variations of the domain/myusername) I finally discovered the MSDN page I needed. Yes, it already exists there, but the fact that it took me so long to find what I needed means it can’t hurt to refer to it and reinforce it’s presence on the web.
A few days ago I launch, for the first time, ZombieAttackPlans.com. The site is for users to submit their plans for surviving the zombie apocalypse. If you have some idea of what you want to do, come post it! If you don’t, come and read others’ plans. Leave feedback, rate plans, vote in the Poll of the Week, and read the Tip of the Day (updated daily, as per the name).
Please check it out and leave me some feedback on the site. I want to know how I can make it better. What do you like? And more importantly, what don’t you like?
Sometimes you want to let your users express themselves and style their input—whether it be comments, stories, or whatever else—with a few HTML tags. The trick is doing this without letting through all sorts of bad mojo. Now there are many ways to do this, some more complicated than others. I’ve devised a fool-proof accomplish this. While this can work with any tag, (i.e. making [b] into <b>), in this example I’ll be selectively letting through actual HTML tags, rather than aliases. I like to think that by letting users use real HTML tags I might one day help a computer semi-literate learn the fundamentals of HTML. Who knows?
(more…)
Input sensitization can be a tricky thing. None (or too little) and you can find yourself a victim of the notorious SQL injection attack. Databases wiped out, system penetrated… that is not the place you want to see yourself, as you data is highly valuable and any leak can represent a major catastrophy–and possibly even lead to you losing your precious job. Too little and you’ll be faced with over-slashing, where escaped characters get escaped a second time, along with that escaping slash. It looks messy and poorly-coded.
that's cool – Original input
that\'s cool – First sensitization (single apostrophe escaped)
that\\\'s cool – Second sanitization (single apostrophe and backslash both escaped)
It only gets worse from here.
Doing input sensitization on a per-line basis is sloppy and inefficient. It is asking for you to slip up and forget to sanitize. After all, you are only human. So why not save yourself the trouble and do a universal sensitization of all user input at the beginning of your code? Use this follow PHP code at the very beginning of your script to save yourself a lot of trouble.
(more…)