Thanks.
Would you test drive a car without the driver ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
iEYEARECAAYFAkwQ1gcACgkQE++2Zdc7Etd5jgCfdD8AIWL4YDBL+BZWq5Cxv6Vd
BmsAoJHTWUy6hvrxBtVk/p+xfQNOEhAK
=u84G
-----END PGP SIGNATURE-----
No.
Yes. It's called "Intelligence". The major prereq is "Brain". Other
prereqs include "Knowledge" and "Understanding".
In short - there is no application which will check for vulnerabilities
or bugs, in PHP or any other language. About all such a program can do
is flag common syntax mistakes like "if ($a=3)" (using "=" instead of "==".
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================
Yes, it's called IIS. Enable IIS, and install PHP and MySQL. Then you
can do your testing/hacking on your local server.
As far as MySQL injection, the most important thing to remember is not
to trust anything coming from the client. Validate ALL input from the
client, where from a form or a querystring. Try not to do dynamic
queries, use parameterized queries or use stored procedures. Use
mysql_real_escape_string where applicable.
--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share
> Yes, it's called IIS. Enable IIS, and install PHP and MySQL. Then
> you can do your testing/hacking on your local server.
WAMP or XAMPP is easier... ;-)
--
-bts
-Four wheels carry the body; two wheels move the soul
>Gazing into my crystal ball I observed "astral"
><ast...@news.eternal-september.org> writing in
>news:huqkiu$f1s$1...@news.eternal-september.org:
>
>> Is there Windows32 application for offline testing PHP files for
>> potential vulnerabilities and bugs (mysql injection, etc), without
>> installing PHP.
>>
>> Thanks.
>>
>
>Yes, it's called IIS. Enable IIS, and install PHP and MySQL. Then you
>can do your testing/hacking on your local server.
>
The question was *without* installing PHP :-)
BTW any webserver can be used ... not only IIS ...
You need PHP to validate the PHP code, there aren't any tool that will check
bad coding and warn you when you do something stupid. Let someone else review
your code.
There are some frameworks that adds some checking into the code which can be
used to doe some checking, take a look for "PHP Assertion Unit Framework", but
then you need to install LAMP/WAMP/MAMP, I do recommend the first one.
> Yes, it's called IIS. Enable IIS, and install PHP and MySQL. Then you
> can do your testing/hacking on your local server.
As majority of todays web-servers running Apache, it can bee a poor solution
to use iis, which don't work as well with php as Apache.
As Raymond wrote, you still need to install PHP, which was the criteria.
> As far as MySQL injection, the most important thing to remember is not
> to trust anything coming from the client. Validate ALL input from the
> client, where from a form or a querystring. Try not to do dynamic
> queries, use parameterized queries or use stored procedures. Use
> mysql_real_escape_string where applicable.
Even better to use mysqli.
--
//Aho