[PHP/MySQL]Minor MySQL 'features'
Hello :D
I decided to kick off the Java studying for a while and focus on web design and scripting, so after about one hour on studying and scripting I've come up with this:
http://nasu.dk/test.php
It took me 5 minutes to figgure out why it showed up errors when I tried to submit colors..
Also made a submittion page, just for the fun of it, to sumbit some details into test.php
Submitting details were put off cus of this:
http://nasu.dk/proof.jpg
Sadly cause I only posted information about the site on RZ..
I like it! This is just a sort of training for me, I will study on and such :)
Re: [PHP/MySQL]Minor MySQL 'features'
Use mysql_real_escape_String
Re: [PHP/MySQL]Minor MySQL 'features'
Quote:
Originally Posted by
x000x01
Use mysql_real_escape_String
Explain yourself, I am not following..
Re: [PHP/MySQL]Minor MySQL 'features'
Quote:
Originally Posted by
mindblaster7
Explain yourself, I am not following..
Okey, I will try.
If you are using MySQL and PHP there is a possibility that people will inject something in your MySQL database. For instance drop table 'users' and so on... The mysql_real_escape_String will not allow symbols like ' or such to go through which will prevent your site from MySQL Injection. But of course there are thousands of other options how to inject. That's why most people use their own written scripts to prevent it and include ("them.php"). I hope that you understood it.
PHP Code:
<?php
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
?>
Code:
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
More here: http://lv.php.net/manual/en/function...ape-string.php
Edit:
Quote:
submit details were taking off due to some idiot who tried to mysql inject just after i uploaded it...
See? That "idiot" was me. I'm not so good at MySQL so I was unable to do that. But believe me, there are some "idiots" around who can do much damage f you have no protection.
And just for the record. I am not an idiot. :D:
Re: [PHP/MySQL]Minor MySQL 'features'
Thanks for the explanation
Uh oh! I'll better remove that :P
Seems like your not one! Haha..
