Re: [PHP-DB] Complicated Question (maybe)?
Turning off 'Update' privileges in the DB will work but it's ugly. REVOKE UPDATE ON your table.column - or - * for all FROM the web user http://dev.mysql.com/doc/mysql/en/GRANT.html for documentation Now when someone tries to update this they will get an error and unless you have different logins fro every user UPDATE will not work for anyone over the web. I have two other ideas, although each is more work: -Make a second table like the first address table but add a timestamp column, do not use auto increment (you will set the ID to the ID in the original table). In your PHP when you do an update you will first INSERT the original record and the current time into the new table then allow the UPDATE to the original table. This will not break your app but will preserve the data. -Add a column 'vaild' to the original table and when someone tries to update the table find the original record and set valid to 0; then insert a new record. This may not work if you are joining off of the ID (all related records will still point to the old record). You could also remove of disable all the UPDATE code from your PHP pages, no? Good luck, Frank On Jan 11, 2005, at 9:39 AM, [EMAIL PROTECTED] wrote: From: Chris As long as I'm understanding you correctly, this is able to be done with the mysql privileges. Just create a user that isn't allowed to update that column, then use that user in your PHP code. The wording of your message makes it look like you're using a webform to specify a columnname-value combination to update int he database. This is inherently insecure. Chris JeRRy wrote: Hi, I want to BLOCK any possible updates from a webform or php page to the address field. Or even halt any sort of update/modification from mysql to that column but have it possible to unblock by admin. Is this possible? Sure I could refuse an mysql update to do this but I want to lock out everyone to ensure no sneaky activity or changes are made. Is it possible or am I talking too much? J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com
[PHP-DB] Complicated Question (maybe)?
Hi, I have my reasons in asking this. But instead of going on about it I'll make it quick. Is there a way to BLOCK an update to a column in a databasefrom a webform or php page? What I mean is this. A user registers for a site. They enter details like their address, username and etc. I want to BLOCK any possible updates from a webform or php page to the address field. Or even halt any sort of update/modification from mysql to that column but have it possible to unblock by admin. Is this possible? Sure I could refuse an mysql update to do this but I want to lock out everyone to ensure no sneaky activity or changes are made. Is it possible or am I talking too much? J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Complicated Question (maybe)?
As long as I'm understanding you correctly, this is able to be done with the mysql privileges. Just create a user that isn't allowed to update that column, then use that user in your PHP code. The wording of your message makes it look like you're using a webform to specify a columnname-value combination to update int he database. This is inherently insecure. Chris JeRRy wrote: Hi, I have my reasons in asking this. But instead of going on about it I'll make it quick. Is there a way to BLOCK an update to a column in a databasefrom a webform or php page? What I mean is this. A user registers for a site. They enter details like their address, username and etc. I want to BLOCK any possible updates from a webform or php page to the address field. Or even halt any sort of update/modification from mysql to that column but have it possible to unblock by admin. Is this possible? Sure I could refuse an mysql update to do this but I want to lock out everyone to ensure no sneaky activity or changes are made. Is it possible or am I talking too much? J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
