Re: form definitions in mysql — PHP Programming Language

You are here: Re: form definitions in mysql « PHP Programming Language « IT news, forums, messages

Posted by masterGaurav on 11/19/06 11:46

This is definitely a way to do the things quickly and with less code.

However, I, personally, would suggest not to directly map against
database tables.

If so, do some encoding on it. The reason is obvious. If you are not
checking against the actual fields in the database, SQL-Injection may
be possible by custom-data creation.

What if I hand-craft the data and send it. If you blindly execute the
SQL against the names / values from the forms... things may be
problematic.

Can't give an example for keys being SQL-injected... but I think that
should very much be possible.

--
Cheers,
Gaurav Vaish
http://mastergaurav.org
---------------------------

Navigation:

Next in forum: Re: Error 444 Script or Action Blocked
Prev in forum: Re: I am looking fo ropen source package for "appointment package" for Doctors
Thread view: Re: form definitions in mysql

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация