NYCPHP Meetup

[mikesz at qualityadvantages.com]

Hello Tom,

Tuesday, August 26, 2008, 11:05:46 PM, you wrote:

Thanks for the reply.

Yes, I can send data manually its an IP address and an Email Address.
The weird thing is that its random, sometimes it logs correctly
sometimes not but I ALWAYS get the data in the email message it send
me.

> Can you log the actual query that is sent to the database?  Is is
> valid, meaning, if you run it by hand does it populate those fields
> correctly?  Are they really blank or are there spaces or non-printable
> characters in the query?

I will check for characters and, no, they are never blank, as I said
above, I do get the data in the email report it sends me.

>Well, congrats on your success rate, but, what you describe is
>"security through obscurity", my friend.  When moving towards your OO
>version of this, you may want to reconsider your algorithm/checks so
>it depends less on "I know something you don't" and more on "I know
>you are doing something bad because...".

Actually, I am doing both to cover instances that I don't know for
sure and the hidden field catches the brainless bots that I might
because it has a footprint I haven't seen before, for example. All of
my conditionals are in the "I know you are doing something bad"
category.

Thanks again for the reply.
-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com