|  | | 
03-09-2009, 02:27 PM
|
#11 (permalink)
|
Bake a Pretty Cake! Join Date: Jun 2008 Location: Madison, WI Posts: 718
|  Re: My PHP Video Tutorials
well since I don't know the syntax, the actual code was a bit over my head cuz you went pretty fast... but I can just go back and pause to look at it, so that's not a problem
basically had more trouble understanding the general setup of the whole thing... i think i just need to read up a bit, np | 
|  | |
03-09-2009, 03:08 PM
|
#12 (permalink)
|
Join Date: Dec 2006 Posts: 19,769
| Re: My PHP Video Tutorials
I subscribed to this.. I need this  | |
| | |
03-09-2009, 07:03 PM
|
#13 (permalink)
|
Join Date: Jul 2005 Location: England Posts: 2,035
| Re: My PHP Video Tutorials
Good tutorials there but it looks like login.php is vulnerable to SQL injection.
__________________ MSI P43 Neo|Enermax Pro82+ 425W|E5200|silent 8500GT|250GB Samsung spinpoint F1|Samsung SATA DVD RW|4GB Corsair|Antec SOLO|openSUSE11  
There are in order of increasing severity: lies, darn lies, statistics, and computer benchmarks. - diskinfo man page | |
| | |
03-09-2009, 10:32 PM
|
#14 (permalink)
|
Wizard Techie Join Date: Feb 2006 Location: Maine Posts: 3,681
| Re: My PHP Video Tutorials
Quote:
Originally Posted by kmote  Good tutorials there but it looks like login.php is vulnerable to SQL injection. | As it is only a basic tutorial, I didn't do much with security. However, mysql_escape_strings will pretty much eliminate SQL injection, by escaping any illegal characters. If you wanted to take it a bit further, you could use some regex to custom filter the data before you do any queries.
__________________  Need website help? PM me! | 
| | |
03-10-2009, 09:07 AM
|
#15 (permalink)
|
Join Date: Jul 2005 Location: England Posts: 2,035
| Re: My PHP Video Tutorials
I just checked again and actually I now think you are safe with what you have. I should think then type lol.
__________________ MSI P43 Neo|Enermax Pro82+ 425W|E5200|silent 8500GT|250GB Samsung spinpoint F1|Samsung SATA DVD RW|4GB Corsair|Antec SOLO|openSUSE11
There are in order of increasing severity: lies, darn lies, statistics, and computer benchmarks. - diskinfo man page | |
| | |
03-10-2009, 06:26 PM
|
#16 (permalink)
|
Bake a Pretty Cake! Join Date: Jun 2008 Location: Madison, WI Posts: 718
| Re: My PHP Video Tutorials
Do you have to pay for the MySQL stuff?
| |
| | |
03-10-2009, 06:56 PM
|
#17 (permalink)
|
Join Date: Jul 2005 Location: England Posts: 2,035
| Re: My PHP Video Tutorials
Nope, nor do you have to pay for apache or PHP.
__________________ MSI P43 Neo|Enermax Pro82+ 425W|E5200|silent 8500GT|250GB Samsung spinpoint F1|Samsung SATA DVD RW|4GB Corsair|Antec SOLO|openSUSE11
There are in order of increasing severity: lies, darn lies, statistics, and computer benchmarks. - diskinfo man page | |
| | |
03-10-2009, 07:20 PM
|
#18 (permalink)
|
Bake a Pretty Cake! Join Date: Jun 2008 Location: Madison, WI Posts: 718
| Re: My PHP Video Tutorials
what do I need to download? I found some things that said 30-day trial, which made me ask that question.
| |
| | |
03-10-2009, 10:08 PM
|
#19 (permalink)
|
It's all just 1s and 0s Join Date: Jan 2004 Location: in the lab Posts: 4,389
| Re: My PHP Video Tutorials
Quote:
Originally Posted by CrazeD As it is only a basic tutorial, I didn't do much with security. However, mysql_escape_strings will pretty much eliminate SQL injection, by escaping any illegal characters. If you wanted to take it a bit further, you could use some regex to custom filter the data before you do any queries. | i did a quick search and found the following thread. The posters say mysql_real_escape_strings is more secure.
I'm wondering if it would be possible to run subqueries. i think you need parathenses. PHP Code - Help Needed - Dev Shed
edit - here's a read for ya Reviewing Code for SQL Injection - OWASP
Last edited by office politics; 03-10-2009 at 10:15 PM.
| |
| | |
03-10-2009, 10:25 PM
|
#20 (permalink)
|
Wizard Techie Join Date: Feb 2006 Location: Maine Posts: 3,681
| Re: My PHP Video Tutorials
Quote:
Originally Posted by Spit-wad what do I need to download? I found some things that said 30-day trial, which made me ask that question. | A Guide to Installing Apache, PHP, MySQL, and PHPMyAdmin on Windows
Here you go.
@ office_politics:
mysql_real_escape_string doesn't make a difference for the standard latin1 character set. Its only difference is that it escapes for more character sets.
Also, by subqueries, do you mean multiple queries? You need to use PHP's mysqli for that.
__________________ Need website help? PM me! | |
| | | |
| Thread Tools | | | | Display Modes |  Linear Mode |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | |
| |
or 
under my avatar; it helps me know that my advice actually helped you. 
