Re: To check for existing user in database

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Butera wrote:
$result = mysql_query($query) or die(mysql_error());

You know guys, after seeing all this talk of sql injection over the
past few days, I'd also like to point out or die is pretty bad too.
Especially when coupled with mysql_error().  It can expose sensitive
system info (security vuln) when a simple if (!$result) { show error
page } would have worked.  I know I laugh and leave whenever I see
such an error on some site I stumble across.

yay - well said eric :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux