login | register | shoutbox

 What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Who knows something about SQL and PHP

Who knows something about SQL and PHP
Author: Message:
surfichris
Former Admin
*****

Avatar

Posts: 2365
Reputation: 81
Joined: Mar 2002
RE: Who knows something about SQL and PHP
Not on the flash side of things, but I wanted to point out a major vulnerability your script has: SQL Injection.

You don't sanitize any quotes or anything before you insert raw data in to the database.

Add the following before your insert query..
code:
$name = mysql_real_escape_string($_POST['name']);
$shout = mysql_real_escape_string($_POST['shout']);
01-05-2008 10:07 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Who knows something about SQL and PHP - by Exca on 01-05-2008 at 04:31 PM
RE: Who knows something about SQL and PHP - by NanaFreak on 01-05-2008 at 04:40 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 04:42 PM
RE: Who knows something about SQL and PHP - by NanaFreak on 01-05-2008 at 04:43 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 04:45 PM
RE: Who knows something about SQL and PHP - by NanaFreak on 01-05-2008 at 04:48 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 04:53 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 04:57 PM
RE: Who knows something about SQL and PHP - by NanaFreak on 01-05-2008 at 05:00 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 05:04 PM
RE: Who knows something about SQL and PHP - by surfichris on 01-05-2008 at 10:07 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 10:33 PM
RE: Who knows something about SQL and PHP - by Tochjo on 01-05-2008 at 10:35 PM
RE: Who knows something about SQL and PHP - by Exca on 01-05-2008 at 10:42 PM
RE: Who knows something about SQL and PHP - by surfichris on 01-06-2008 at 11:35 AM
RE: Who knows something about SQL and PHP - by Exca on 01-06-2008 at 12:43 PM
RE: Who knows something about SQL and PHP - by Volv on 01-09-2008 at 11:36 AM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts 		HTML is Off
myCode is On
Smilies are On
[img] Code is On