Hi Paul,
You've gotten some good answers on your actual question, so I won't
repeat them. But as an important side note, watch out what you copy
from the books. This line is terribly risky:
$rs1 = @mysql_query( $_REQUEST['db'] );
If, for example, I requested
http://example.com/create_db.php?db=drop+database+mysql%3B the script as
it is would attempt to drop the mysql database (and hopefully you're not
connecting to mysql as a user who could actually do that...)
See this great article from Chris Shiflett on why user input should
always be filtered and escaped: http://shiflett.org/articles/sql-injection
I realize you copied most of this code out of the book, and that's no
shame -- learning by example is one of the best ways to do it. It's a
shame that the author has published code examples like this.
- Allen
PaulCheung wrote:
Using Mike McGrath's book "PHP 5 in easy steps" ... and the
example from the www.ineasysteps.com website
<!-- example for PHP 5.0.0 final release -->
<?php
$conn = @mysql_connect( "localhost", "paul", "enter" )
or die( "Sorry - could not connect to MySQL" );
$rs1 = @mysql_query( $_REQUEST['db'] );
$rs2= @mysql_list_dbs($conn);
--
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
