Recent changes to bugs

#15 encoding seems to be wrong

TheSatinKnight — Mon, 01 Aug 2016 18:41:01 -0000

status: open --> closed

#15 encoding seems to be wrong

TheSatinKnight — Mon, 01 Aug 2016 17:39:01 -0000

Ya lost me. Are you saying that after you made these changes, mysqli (which is a stock php function series) still does not recognize your character set? In which case, that would not be a bug in phpmysqlezedit, but in mysqli ...?

encoding seems to be wrong

Hancas — Mon, 01 Aug 2016 09:09:56 -0000

mysqli has no clue when setting to utf8. I can only see ? in cyrilis letters, same for latvian, lithuanian. Norwegian, swedish and danish letters are fine. What's wrong? I don't want to update whole record and mess up my other languages.
I used to :

    mysql_query('SET NAMES utf8');
    mysql_query('SET CHARACTER SET utf8');
    mysql_query('SET character_set_connection = utf8');

and it worked fine, but this mysqli thing..

encoding seems to be wrong

Hancas — Mon, 01 Aug 2016 09:09:56 -0000

Ticket 15 has been modified: encoding seems to be wrong
Edited By: TheSatinKnight (williamconley)
Status updated: u'open' => u'closed'

#11 stop robots from indexing

TheSatinKnight — Wed, 24 Feb 2016 22:22:50 -0000

status: open --> wont-fix

#11 stop robots from indexing

TheSatinKnight — Wed, 24 Feb 2016 22:22:09 -0000

They would not have the ACCESS=??? parameter. Unless you put a link to it somewhere that is indexed. By the same token, if you put a user/password into a link (bob:god@website.com), they will index that. Avoid putting the access code in a searchable link.

Also: If you tell robots not to search it, then the "follow the rules" robots won't search it. But the bad guys will. So you'll NOT see your ACCESS code on google, but it will be "out there" invisibly. I'd prefer it be visible. Easily added by those who are security conscious.

This security system is not really meant to be used anyway: It's just a way to change a value to TRUE if access should be granted. Any other method (from LDAP to simple DB lookup or even Facebook OpenID) will work.

Sorry: Not going to add nobots as a universal thing to a page that should never be visible. If someone puts this on a public website where robotting will happen ... I have to assume they want public access for the DB link. Could be useful as a viewer.

#12 HTML badly formed

TheSatinKnight — Wed, 24 Feb 2016 22:17:21 -0000

ew. Thanks for the note. I think we inherited that piece from the old project code. And just never cleaned it.

#13 SQL injection (security vulnerability)

TheSatinKnight — Wed, 24 Feb 2016 22:16:10 -0000

Yep. Our later applications include variable cleansing. When the upgrade for this (to mysqli, among other things) comes up, we'll likely also clean it for injection. In theory, however, this is mostly used for "the boss wants to be able to edit this table ... but we don't want her to have access to the entire system ... so here's a simple way to allow her access to this one table/DB only". Avoiding phpMyAdmin access for the boss. 8-)

#14 mysql_connect removed in PHP 7

TheSatinKnight — Wed, 24 Feb 2016 22:13:44 -0000

We had already planned to move to mysqli from mysql. So this will be resolved with the upgrade.

mysql_connect removed in PHP 7

Andrew Ziem — Wed, 24 Feb 2016 21:45:56 -0000

SVN r17 uses mysql_connect()

This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used.

https://secure.php.net/manual/en/function.mysql-query.php