In PHP you can initializes a connection with cURL: PHP: curl_init - Manual
If the connection is successful, it will return true - else it will return false.
In PHP you can initializes a connection with cURL: PHP: curl_init - Manual
If the connection is successful, it will return true - else it will return false.
Hey there,
I believe I may have the correct code for a solution for URL validation.
The output below is correct:
Page Found
Page Not Found
Domain Not Found
However, sometimes there is no output. For instance, check the following:
No Output
I am just wondering why there is no output for this site?
Here is my PHP code for the URL validation checker:
This was a modification of the code on the following site:Code:<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_GET['url']);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
$data = curl_exec($ch);
curl_close($ch);
preg_match_all("/HTTP\/1\.[1|0]\s(\d{3})/",$data,$matches);
$code = end($matches[1]);
if(!$data)
{
echo "Domain Not Found";
}
else
{
if($code==200)
{
echo "Page Found";
}
elseif($code==404)
{
echo "Page Not Found";
}
}
?>
URL Validation Code Reference
Thanks again for any advice. You guys are great!
Sincerely,
Travis Walters
admin@codebuyers.com
Because the website is replying with a 403 code!
Look here:
Ben's HTTP header viewer
Maybe that is the problem.HTTP Headers received for / on server www.toasterleavings.com
HTTP/1.1 403 Forbidden
Date: Mon, 14 Jan 2008 06:03:07 GMT
Server: Apache/2.0.52
Accept-Ranges: bytes
Content-Length: 5044
Connection: close
Content-Type: text/html
Hello again,
Thanks for the great responses guys.
My webpages are now only displaying links that are valid!
However, I have been reading about another type of attack people use to hack websites. It is called SQL Injection.
It appears that hackers manipulate the URL string in an attempt to manipulate query strings to the database.
Would htmlspecialchars() and / or htmlentities() take care of the SQL Injection attack type?
Lastly, besides SQL Injection and Cross site scripting (XSS), are there are other types of attacks that I should be taking into consideration to make my website more secure?
Thanks in advance for anymore information you can provide me with. It is truly greatly appreciated.
Sincerely,
Travis Walters
admin@codebuyers.com
Well there are and always will be other methods. Anyways for the SQL injections why not reading this:PHP: SQL Injections
It might help you to understand better.
Hey there,
That was a great article you had.
I will definately look at that anytime I do anything with PHP.
I am a hardcore coldfusion programmer so I have spent a few hours looking into coldfusion SQL injection prevention.
I learned a lot reading Ben Forta's article below:
Ben Forta's SQL Injection Prevention Article for Coldfusion
According to his article, he recommends using cfqueryparam and that was something I was already doing for the most part.Code:<cfquery name="END_USER" datasource="DSN_NAME"> SELECT ID, USERNAME, PASSWORD, TYPE_ID FROM MEMBERS WHERE USERNAME = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#FORM.USERNAME#"> AND PASSWORD = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#FORM.PASSWORD#"> </cfquery>
However, something I was not doing was including the type attribute with cfparam. For example, the following might be done towards the beginning of a page:
<cfparam name="URL.CustID" type="integer">
I will have to spend a few hours and make sure everything is secure with this but I am close already.
Then, I will look into that other type of attack you mentioned.
Thanks again for the help. You guys are great. I am sure I will add to this thread later on if I find anything else related to it.
Sincerely,
Travis Walters
admin@codebuyers.com
Hey guys,
I have been looking into remote file injections like you mentioned.
I came across the following information:
Source: Top 10 Reasons Websites Get Hacked3. Malicious file execution
The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.
Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.
How to protect users: Don't use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.
I never allow executable files to be uploading to my website unless it is in a ZIP folder. In fact, I have the majority of files in a ZIP folder except images.
I am wondering if people can inject special characters into the name of a JPEG image much like the SQL Injection or XSS Insertion?
On my windows machine, it does allow the characters { /,\, :, *, ?, ", <, >, | }. However, I am not sure about Linux or MAC.
I guess the solution here regardless is to rename files randomly among uploading them.
Sincerely,
Travis Walters
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks
Algorithms and Data Structures
Java tutorials
Algorithms Forum