Reply to Re: Feedback?

Your name:

Reply:


Posted by grossespinne on 10/20/07 17:59

Hi, just one hint:
This statement:

> $heading = mysql_query("SELECT links_categories.category,
> links_categories.cat_id FROM links_categories WHERE $_POST[dropdown] =
> links_categories.cat_id") or die('Error, Heading select failed');

might be a security risk because it could allow mysql injection into
your database.
I mean an attacker could change the value of $_POST[dropdown] to be
some valid
mysql code and thus manipulate your databse. To fix this you should
use
mysql_real_escape_string() on each variable that holds input from the
user.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация