Prev: Sharing happiness!!
Next: Problem with php and MySQL: inserting strings into database
From: James Crow on 22 Apr 2010 11:27
On 04/14/2010 08:48 PM, Jacob Kruger wrote:
> Thanks.
>
> Will be honest, and while have played around with PHP etc., have never
> really done much with it in terms of going into production as such
> anyway, so, yes, will need to learn/figure out how to do things the
> best way, etc.
>
> Stay well
>
> Jacob Kruger
> Blind Biker
> Skype: BlindZA
> '...fate had broken his body, but not his spirit...'
And while you are trying to learn good habits look at SQL Injection
attacks. Using something like $_REQUEST['id'] in a query is just asking
for it. Many of the PHP and MySQL tutorials I have seen barely mention
this problem, if at all.

Consider if someone had sent your script a URL like this:
scipt.php?id='';DELETE FROM table tblLinks;
If the user running the mysql_query() function had the rights to delete
rows on the tblLinks table, the tblLinks table would be empty.

Cheers,
James
 | 
Pages: 1
Prev: Sharing happiness!!
Next: Problem with php and MySQL: inserting strings into database