On Thu, 2006-07-20 at 09:19, Jochem Maas wrote: > Ray Hauge wrote: > > On Thursday 20 July 2006 07:23, John Nichel wrote: > >> Yeah, one of my earliest thoughts on this was to have them write > >> something simple like connecting to a db, selecting multiple rows, > >> parsing our the result, and displaying it in some fashion. > > > > Don't forget making it secure. Here is one of my questions people can use if > > they like. Feel free to re-word it. I'm a programmer, not a writer ;) > > > > What change(s) would you make to the following code to make it more secure? > > > > $id = $_GET['id']; > > mysql_query(“DELETE FROM myTbl WHERE id = $id”); > > /* > // removed security flaw > $id = $_GET['id']; > mysql_query(“DELETE FROM myTbl WHERE id = $id”); > //*/ > > ;-) You removed a lot more than the security flaw. No job for U! Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
