YetAnotherForum (YAF — pronounce “laugh”) is a forum package based on ASP.NET (C#) and Microsoft SQL Server. It has tons of features and functionality, and it use my , but when tasked with customizing it… well, that can be not quite so easy.
(more…)
I am learning ASP and ASP.NET for my new job, and today I was working on manipulating a Microsoft SQL database (SCUD) when I ran into a roadblock. I knew I had to use my own user credentials to connect to the secret through ASP.NET, something I thought would be a very simple matter. Well after fifteen minutes of attempting to work out why I couldn’t connect with my username and password (trying variations of the domain/myusername) I finally discovered the MSDN page I needed. Yes, it already exists there, but the fact that it took me so long to find what I needed means it can’t hurt to refer to it and reinforce it’s presence on the web.
Sometimes you want to let your users express themselves and style their input—whether it be comments, stories, or whatever else—with a few HTML tags. The trick is doing this without letting through all sorts of bad mojo. Now there are many ways to do this, some more complicated than others. I’ve devised a fool-proof accomplish this. While this can work with any tag, (i.e. making [b] into <b>), in this example I’ll be selectively letting through actual HTML tags, rather than aliases. I like to think that by letting users use real HTML tags I might one day help a computer semi-literate learn the fundamentals of HTML. Who knows?
(more…)
Input sensitization can be a tricky thing. None (or too little) and you can find yourself a victim of the notorious SQL injection attack. Databases wiped out, system penetrated… that is not the place you want to see yourself, as you data is highly valuable and any leak can represent a major catastrophy–and possibly even lead to you losing your precious job. Too little and you’ll be faced with over-slashing, where escaped characters get escaped a second time, along with that escaping slash. It looks messy and poorly-coded.
that's cool – Original input
that\'s cool – First sensitization (single apostrophe escaped)
that\\\'s cool – Second sanitization (single apostrophe and backslash both escaped)
It only gets worse from here.
Doing input sensitization on a per-line basis is sloppy and inefficient. It is asking for you to slip up and forget to sanitize. After all, you are only human. So why not save yourself the trouble and do a universal sensitization of all user input at the beginning of your code? Use this follow PHP code at the very beginning of your script to save yourself a lot of trouble.
(more…)
Have you ever been frustrated with your site’s inability to break free of the line? By the very nature of HTML, most themes are prone to being reduced to a series of horizontal and vertical lines with no overlap. It’s nice and orderly but boring—nothing ever stands out. Many rely on large images to break the monotony but it’s simple to do it with small PNG images and a bit of CSS using positioning!
Learn how to do this in two minutes following my near-light speed tutorial. (more…)