Any PHP coders around here? - Page 2

kaiowas · 08-02-2009, 22:40

I know it's not the issue you've asked about but from quickly looking at your login code I suggest you go and read about SQL injection. Putting user inputted strings straight into a query without sanitizing them first is just asking for trouble.

Mark · 08-02-2009, 22:53

Ooh, good point - well spotted. Leaving SQL un-sanitized is asking for your entire database to be downloaded, tampered with, or just deleted, depending on the mood of the hacker at the time.

jmc41 · 09-02-2009, 00:17

Might want to go down the $db->query route

All about OO then you can amend the connection string in a global class. Plus you can set it up to log execution time and stuff. My 2 cents anyway I've got a feeling I'm about to be flamed for some reason.

Joe 90 · 09-02-2009, 09:49

ta.

I'd of liked to do it OO but i've never written OOPHP so just kept it procedural.
Too late now to change. deadline is today. :/

suarve · 09-02-2009, 14:55

Quote:

Originally Posted by |Show|

ta.

I'd of liked to do it OO but i've never written OOPHP so just kept it procedural.
Too late now to change. deadline is today. :/

You should have made a simple php or include file with your connection string/details in, that you include at the top of every page.

Joe 90 · 09-02-2009, 16:07

now that is one thing i did have, and always have.

two include files; dbparams and functions_main (connect & db_select)

08-02-2009, 22:40	#11
kaiowas The Stig Join Date: Jul 2006 Location: Fightertown USA Posts: 1,458	I know it's not the issue you've asked about but from quickly looking at your login code I suggest you go and read about SQL injection. Putting user inputted strings straight into a query without sanitizing them first is just asking for trouble. __________________ Anal Fish Porn

09-02-2009, 09:49	#14
Joe 90 Absinthe Join Date: Jan 2007 Location: Chester Posts: 2,345	ta. I'd of liked to do it OO but i've never written OOPHP so just kept it procedural. Too late now to change. deadline is today. :/ __________________ 360 Blog \| Join GiffGaff \| Twitter

09-02-2009, 16:07	#16
Joe 90 Absinthe Join Date: Jan 2007 Location: Chester Posts: 2,345	now that is one thing i did have, and always have. two include files; dbparams and functions_main (connect & db_select) __________________ 360 Blog \| Join GiffGaff \| Twitter

08-02-2009, 22:53	#12
Mark Screaming Orgasm Join Date: Jul 2006 Location: Newbury Posts: 15,194	Ooh, good point - well spotted. Leaving SQL un-sanitized is asking for your entire database to be downloaded, tampered with, or just deleted, depending on the mood of the hacker at the time.

09-02-2009, 00:17	#13
jmc41 Absinthe Join Date: Mar 2007 Posts: 1,070	Might want to go down the $db->query route All about OO then you can amend the connection string in a global class. Plus you can set it up to log execution time and stuff. My 2 cents anyway I've got a feeling I'm about to be flamed for some reason.