Reply to Re: [PHP] PHP/MySQL noob rides again.. into trouble

Your name:

Reply:


Posted by Paul Jinks on 12/18/05 22:37

Richard Davey wrote:

>> <?
>> $connect = mysql_connect("", "", "")
>> or die("could not connect");
>> $db = mysql_select_db("")
>> or die("could not select db");
>> if (isset($HTTP_GET_VARS['projTitle']))
>> {
>> $SQLQuery = "SELECT * FROM project WHERE
>> projTitle = ".$HTTP_GET_VARS['projTitle']
>> or die("SQLQuery 1 failed");
>> }
>> else
>> {
>> $SQLQuery = "SELECT*FROM project ORDER BY projTitle"
>> or die("SQLQuery 2 failed");
>> }
>> $result = mysql_query($SQLQuery,$connect)
>> or die("couldn't set value of result");
>>

> There are various issues re: SQL injection and lack of filtering going
> on here, but perhaps not best to dwell on those -just yet-, as long as
> you are aware that your script is lacking in all forms of security?
> Then you can address that once you've got it working.
>

Hi Richard

Think I've got everything more or less working now and need to look at
security issues. Thanks for the tip about SQL injection - had no idea
what this was, but googling it proved very interesting - scary stuff!

Could you direct me towards any good resources on general security with
php/mysql?

Thanks again

Paul.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация