|
Posted by Mike Willbanks on 09/20/05 04:45
Mikey P:
> hi all i'm having issues with this returned function. I can get it to
> delete a database but i really want it to grab the stateselect
> extention and grab all the cities related to that state. I wanted to
> contain this on one page instead of going over multiple pages which i
> can do. Sorry if this doesn't make much sense i'm a newbie.. below is
> the code. the isset($_get is where i have the issues. any help would
> be appreciated.
First off I wanted to suggest you do some reading on PHP Security as
your application falls victim to an input validation failure. Anytime
you get data from a user IE: $_GET, $_POST, $_COOKIE, $_REQUEST,
$_SERVER you need to check that the data you are getting is right...
Read the PHP Security Guide: http://phpsec.org/projects/guide/
Also your code is quite ugly... Work on formatting and not hiding
errors. Fix them first not hide them. In production you should log
your errors instead of allowing them to be displayed to the browser.
Also you only need to select the database once, and you should reuse
variables when they make sense to.
When inserting data into mysql use mysql_real_escape_string
Now onto fixing your code:
http://pastebin.com/368628
--
Mike Willbanks
Zend Certified Engineer
http://www.digitalstruct.com
Navigation:
[Reply to this message]
|