|
|
Posted by noone on 02/25/06 03:17
Mark wrote:
> Peter Fox wrote:
>
>>You /have/ taken precautions to avoid SQL injection?
>
>
> Not yet, but thanks. I forgot what the term for that kind of attack
> was, I'll do some research on it.
>
> Erwin Moller wrote:
>
>>One simple way to 'fix' this (because nothing is wrong) is:
>>page1.php contains form
>>set the action to page1_process.php
>>
>>page1_process.php
>>receives the form, does its stuff like databaseinserts.
>>Do not create ANY output.
>
>
> ah... excellent. this gets rid of that annoying "resend information"
> message on refresh too.
>
> noone wrote:
>
>>alter table comments add constraint pk_comments (name,email,comment,id);
>
>
> so this will make it so that ALL those values together can't be
> identical with any other comment?
correct. the INSERT will fail.
>
> i was wondering how I might do this. I figured out how do put "unique"
> on a single column, but that doesn't help me much.
>
As I stated, you can also create unique indexes - the difference is the
error generated at the time of the failure - and how your code handles it.
Not knowing what other fields exist in this table makes the
recommendation of what to use a bit more difficult.
>
>
> thanks a lot for your help guys! this is great.
>
any time.
Navigation:
[Reply to this message]
|