creating polls (huge security hole?)

    Date: 12/15/06 (WebDesign)    Keywords: php, mysql, sql, web

    So I'm reading a tutorial on creating polls using MySQL and PHP, and this is the php side of it.

    Is it me, or is this extremely bad to put on a webpage, what with it requiring a usename and password? Am I just not reading it properly?

    $host = 'localhost';
    $user = 'user';
    $pass = 'pass';
    $db = 'polls';
    print "\n";
    print "\n";
    print "Grand Old Opera Poll\n";
    print "\n";
    print "\n";
    print "
    \n";
    print "

    Which of these activities do you most enjoy?

    \n";
    $dbcon = mysql_connect($host, $user, $pass)
    or die('Unable to connect to server ' . $host);
    mysql_select_db($db) or die('Unable to find database ' . $db);
    $form_query = 'SELECT * FROM poll_answers';
    if($result = mysql_query($form_query)) {
    while($row = mysql_fetch_array($result)) {
    print "". $row['activity'] . "
    \n";
    }
    }
    print "\n";
    print "
    \n";
    print "

    See vote totals

    \n"
    ;
    print "    \n";
    print "    \n";
    ?>

    Source: http://community.livejournal.com/webdesign/1195771.html

« dropdown menu + dreamweaver... || html email »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home