|
|
Posted by Jerry Stuckle on 07/05/06 11:51
Dodger wrote:
> Sandman wrote:
>
>>In article <1152094733.815375.105700@a14g2000cwb.googlegroups.com>,
>> "Dodger" <el.dodgero@gmail.com> wrote:
>
>
>>I've not used "mysqli", but doing the above in mysql:
>>
>><?
>> $db = mysql_connect("host", "user", "password");
>>
>> $q = mysql_query("select * from cities where country = 'USA'");
>> while ($r = mysql_fetch_assoc()){
>> $cities[] = $r["city"];
>> }
>>
>> foreach ($cities as $city){
>> # Do stuff
>> }
>>?>
>
>
> Well, I do need bind variables. In the non-mysqli example up there, the
> country is hardcoded into the statement. Even if I filled that in with
> a variable, what if it was a variable that was passed in by a user? It
> would be too easy to hack and would end up either potentially crippling
> things or with an arms race between me and some l33+ haxcsore wanker
> whi thinks he's clever.
>
Proper escaping of the string will prevent sql injection attacks. Bind
variables are not required. See mysql_real_escape().
>
>>Why the extra foreach? Just "do stuff" in the mysql while loop.
>
>
> Could be plenty of reasons. In the example up top, I am populating the
> environment (%ENV in Perl, $_ENV in PHP) with my special session
> variables (and yes, I know PHP has session handling systems, but I'm
> not gonna use them because I want stuff to work in *both* Perl and PHP
> CGIs* -- I might be populating some other SESSION_* environment
> variables elsewhere, for instance.
>
You're really trying to make things complicated, aren't you?
> But it was an illustration of having a populated data structure,
> mostly.
>
>
> --
> Dodger
>
>
> *Yes, both are CGIs. Both use Common Gateway Interface. <-- Pet Peeve
> when people think CGI is, like, a language or something. It's just a
> protocol for handing off variables, and *all* web stuff uses it by
> default (yeah some weird stuff takes it by rewriting other things,
> but...)
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|