Could you direct me towards any good resources on general security with
php/mysql?
http://phpsec.org/library/
Make sure to read these:
- data filtering
- sql injection
. . .and all the others in time. =)
Richard Davey wrote:
?
$connect = mysql_connect(, , )
or die(could not connect);
$db = mysql_select_db()
or die(could not select db);
if (isset($HTTP_GET_VARS['projTitle']))
{
$SQLQuery = SELECT * FROM project WHERE
projTitle =
Paul Jinks wrote:
$SQLQuery = SELECT * FROM project WHERE
projTitle = .$HTTP_GET_VARS['projTitle']
or die(SQLQuery 1 failed);
$SQLQuery = SELECT * FROM project WHERE projTitle = ' .
$HTTP_GET_VARS['projTitle'] . ';
Not sure why you've got the or die() there.
On 16 Dec 2005, at 12:30, Paul Jinks wrote:
I have a site where users can search study projects. I'd like to be
able to clicks on a project title which passes a variable to this
page, which then displays all the data on that project in a table.
Cool - and to a noob like me, actually pretty
David Grant wrote:
$SQLQuery = SELECT * FROM project WHERE projTitle = ' .
$HTTP_GET_VARS['projTitle'] . ';
Yep, that fixed it. Thanks. I had a feeling there was a mix up with the
s and 's. What's with the . s?
Not sure why you've got the or die() there.
I had the idea that you could
Richard Davey wrote:
($HTTP_GET_VARS), because lots do not. I would suggest replacing
$HTTP_GET_VARS with $_GET (in all instances), because the long format
will eventually vanish and your script will cease to work.
Cheers Rich, will sort this out.
I assume you removed the MySQL details
Paul,
Paul Jinks wrote:
David Grant wrote:
$SQLQuery = SELECT * FROM project WHERE projTitle = ' .
$HTTP_GET_VARS['projTitle'] . ';
Yep, that fixed it. Thanks. I had a feeling there was a mix up with the
s and 's. What's with the . s?
The . is a concatenation operator, i.e. it joins two
@lists.php.net
Subject: Re: [PHP] PHP/MySQL noob rides again.. into trouble
David Grant wrote:
$SQLQuery = SELECT * FROM project WHERE projTitle = ' .
$HTTP_GET_VARS['projTitle'] . ';
Yep, that fixed it. Thanks. I had a feeling there was a mix
up with the s and 's. What's with the . s
8 matches
Mail list logo