No, but you are because you can't read.

Here, read.... http://us3.php.net/security.cgi-bin


Your php is most likely running as cgi on the server yet you claim that
php is somehow better than cgi. :1orglaugh:1orglaugh:1orglaugh

I made no such claims, tardo.

I think everyone here at GFY is totally cool with ya....theres always gonna be a few script kiddies with mental issues. Just shake it off & continue selling your product bro :thumbsup

So wait...he didn't know about battling against simple sql injection??? That's unbelievable.

Please say it 'aint so mang. :(

Thanks pr0. I've updated about 200 sites today with the fixes and there is still about 220 to do. But we're get there. Another issue is, because the front end is raw code webmasters have changed their code so much that those fixes are no longer required. However 1 of them is a must and they have all done this themselves. Other webmasters who haven't changed the code at all really need to get this updated.

As a developer, it saddens me to see people using the raw mysql* calls from PHP when you can use an abstraction layer that makes it DIFFICULT to allow SQL injection.

:2 cents:

You mean like whats packaged in PEAR? the problem is on scripts like this you're stuck using some pretty basic things at times.

I think its kind of pushing things to ask people for extras like FFMPEG but if you want the really cool features you really do need some extras.

Holy shit, that's worse than wordpress code.
I'm scared by the coding 'proficency' of people here.
Zorg: unless you're sanitising those strings further up, that's a nasty hole. And even if you are, not escaping is scary.

If you wanted to be banned alll you had to do was ask. Good Bye

Eric at the Helm again, go baby go

teksonline
So Fucking Banned

Leason to everyone. Do NOT blackmail anyone in public.

Thanks Eric.

http://blackmonsters.com/backfire.jpg


More expedient tools are in development :

http://blackmonsters.com/GunBackfire.gif

TEVS ... I guess it's kind of a cute little script. :1orglaugh:1orglaugh:1orglaugh

I hope if anything good comes out of this thread is that Zorg works on securing TEVS. I just bought the script and am clueless on coding, but don't exactly feel comfortable installing the script based on some of the accusations in this script.

Looks like you don't know the difference between "to" "too" & "two".

You don't "give two shits". :thumbsup

For every charlatan who had a smart word in this thread; just wait until you're spewing forth the same contempt as some script kiddie sodomises your cookie cutter tube site.

I guess when mr. exit said "php combined with mysql is known for this," what he probably meant was "php / mysql developers are known to develop abhorrent code like this." Which is absolutely true.

Make no mistake, there are time-honoured patterns and practises to avoid this exact situation. They exist for a reason. Does TEVS adhere to any of them? I sincerely doubt it. (no, inline mysql_real_whatever doesn't count)

That said, TEVS might well be the best commercial script out there. That's just the way most of these scripts are.

But by all means, persist with the usual webmaster antics, semantics and disputes. The objective truth of the matter will be waiting to shaft you and your pride though.

:2 cents:

Concise version follows

Whatever dude.

You need to develope a sense of humor or either you don't read worth a shit.

And by the fucking way I'm that one who made the php/sql comment.

The fact is that if someone programs in php it's because the can't fucking learn PERL or C.

Php is basically a cgi script written in C to make things easier to program.
It's only "needed" by idiots.

And a load of idiots don't even know that php runs as cgi and claim php
will replace cgi. :1orglaugh:1orglaugh:1orglaugh:1orglaugh


Here read this : http://en.wikipedia.org/wiki/Php

I know you made the comment, sortie = French for exit. I didn't catch your humor, no. Can't help but look at these issues in dismay.

I'm won't risk affirming anything you said in detail, just incase I miss more humor :)
Suffice to say it is all true and causes ongoing problems.

Sortie, I hope you didn't take the backfire quote as a personal retort.

The inference was a double irony for any complacent individuals, just incase anyone / everyone else missed it.

Watching self-glorified engineers spank their own meat in on an adult message board in the name of "their practice" sucks. Go back to slashdot, you fucktards.

I find it funny someone posts "if someone can't (doesn't) program in perl or c"... blah blah blah. WTF? Does someone who posts something like that not respect some javascript? How about a savage combination of HTML and CSS that's easily integrated into a template system that works across browsers and is pretty much plug-n'-play?

Sanitizing database inputs (prepared statements) is necessary regardless of what you code / script in. Ripping on people's abilities because they don't code in some language is retarded.

*** Edit:
I have no edit.
Just my opinion.

Hey, I didn't say anyting about javascript or CSS or HTML,
But it's just a fact that those things don't have jack shit to do with backend
programming to run a website.

It's "fluff" for the front end. PHP was design to handle "fluff" to the frontend
with a little extra data retrieval functions.

The guy who wrote PHP was trying to make an easier way to show his
resume. :1orglaugh He wasn't making a search engine.

It's fucking fluff and Yahoo or google aint ever going to be developed as
a php application. They might make a few cool pages with it but that's it.

GFY is done in PHP and mySQL. So...how many times did you have to click to get this fucking page to load. :1orglaugh

I can see the sql tables wobbling and straining everytime I click this site.
Thank god GFY isn't serving up video too. This shit would be dead already.

Don't mind me much. I like talking shit so don't be offended.

I agree with you about the ones running the script that acted like the
orignal poster was an idiot; but he acted like an idiot so it went both ways.

Like I said, the usual webmaster antics, semantics and disputes.

Point being, the quality in many of these products leaves MUCH to be desired.

Furthermore, without being too petty, most of these abominations do come from a certain demographic. Choose to ignore at your own despair.

I learned perl way before I learned PHP. When I was learning web programming it was AFTER the usual rounds of Visual Basic and later C.

I will admit that one of the biggest reasons why I dropped perl right about the time PHP4 came out is because of how EASY it is to do about anything you can think of.

What I use perl for:
+ Many server side tools, it is simply more powerfull than PHP

What does PHP have a huge edge in?
1) Rapid development
2) Handles high traffic sites a LOT better than perl, there is simply no comparison. As a Server Side language for high traffic sites there is simply no comparison!
3) Easy to find a programmer for mods
4) Anything using a DB such as MySQL perl's DBI is a bad joke.

When developing a script if you can make basically every page a flatfile then by all means perl is a viable option. but of course this is basically comparing SHTML pages using SSI's to a normal .php page just using include('/path/to/file');

When developing scripts that you know will take a LOT of CPU power and you don't need to have many users perl is better.

You're retarded if you use a blanket statement like PHP is better or Perl is better or even more retarded if you say that a PHP programmer only uses it because he can't learn PERL or C.

Coming from somebody who has completely made his living off of the web for 10 years and been a programmer and server builder/administrator this whole time too I bet that sortie isn't smart enough to make even a basic tube script in PHP/MySQL.

THIS IS A CHALLENGE, you think you're smart, I am preparing to release a free tube script which I did 90% of it in a single day... Make something at least as good as that by time I release mine and hell even sell it for $5 or give it away and you'll have nothing but respect from me and plenty of others if you put your time/money where that bigass mouth of yours is.

:1orglaugh

You quit PERL because you suck at at thinking.

You thought PHP would make things easy for you but it only made things
easy for hackers and that says all that needs to be said about your thinking.

Good luck patching your shit while I'm at the bar fucking chicks. :1orglaugh

fat bar skanks aren't even fun.... any of the ones that will fuck AT the bar I'd pass on...

Your script sales won't buy the ladies many drinks thats for sure ;) I honestly don't think I've seen a single person say they've bought your script and are actually HAPPY with it LMAO massive numbers of happy customers are about all that matter.

Not a programmer, but I would suggest that PHP is more lucrative than PERL these days.

I wish I could find a decent PERL programmer.

That's kinda funny you think like that. Do you know what PHP is coded in?? Take a wild guess.

It's kind of funny that I already posted that PHP is a CGI script written
in C but you didn't bother to read that and think you are making a point.

%00;ls -la

Nobody wants to program for you because you talk too much shit.

Lots of people are looking for PHP programmers, that is true.
But the reason they are looking is beacause they are cheaper than
PERL or C programmers.

And they get what they pay for.

Just for the record.

TEVS has been fixed of this security issue. We're in the process of finishing the last of the domains using TEVS -- which atm is over 400 domains.

open(A,"<.......

open(A,">.......

I started ignoring teksonline threads after he accused 2bet.com of being rigged because I knocked him out of a tournament...

dozey is not only well spoken, he may possibly be psychic as well.
Enough said?

Gawd.. the Very Hungry Caterpillar.. haven't seen that in a few decades.

Just wondering if it was is such a shitty script why you bought multiple licenses of it?