Re: Newbie help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The recommendation (which was only made as of v.4.2.0) is there to prevent poor
coding resulting in insecure applications.  As PHP is a loosely-typed language,
this can be a great concern, especially to new or inexperienced programmers.
Personally, I feel it better to code with register_globals = On as it forces me
to be that much more careful with my work.

Edward Dudlik
Becoming Digital
www.becomingdigital.com


----- Original Message -----
From: "Andy Green" <_agreen@bellsouth.net>
To: "Becoming Digital" <info@becomingdigital.com>; <admin@adept-hosting.net>;
"Php-DB (E-mail)" <php-db@lists.php.net>
Sent: Wednesday, 07 May, 2003 20:51
Subject: RE:  Newbie help


edward, what you are saying is indeed true.  it is easier to just turn the
register_globals on, but php recommends against doing this for security
reasons.

green

-----Original Message-----
From: Becoming Digital [mailto:info@becomingdigital.com]
Sent: Wednesday, May 07, 2003 8:36 PM
To: _agreen@bellsouth.net; admin@adept-hosting.net; Php-DB (E-mail)
Subject: Re:  Newbie help


> 2 - forego use of the assignment to variables, and plug the POST variables
> directly into the sql statement instead.

This is even easier if register_globals = On.  Such a setup just eliminates
the
middle man.

Edward Dudlik
Becoming Digital
www.becomingdigital.com


----- Original Message -----
From: "Andy Green" <_agreen@bellsouth.net>
To: <admin@adept-hosting.net>; "Php-DB (E-mail)" <php-db@lists.php.net>
Sent: Wednesday, 07 May, 2003 00:43
Subject: RE:  Newbie help


ken, it looks like there's a problem with this section of code

[CODE]
//Assign contents of form to variables
#$userid = $_POST['userid'];
#$passwd = $_POST['passwd'];

$sql = "INSERT INTO users (userid, passwd) VALUES (userid = 'userid',
passwd = 'passwd')";

[/CODE]

i'd recommend one of two things:

1 - uncomment out the assignment of the POST variables, and change your sql
statement to this:
$sql = "INSERT INTO users(userid,passwd) VALUES ('$userid','$passwd')";

2 - forego use of the assignment to variables, and plug the POST variables
directly into the sql statement instead.

in either event, i would recommend printing out the statement to the screen
so that you can be sure that the sql syntax is correct, and comment out the
insert command.  when you're sure the syntax is correct, remove the print
statement and uncomment the insert command.

hope this helps

green


-----Original Message-----
From: Ken Larkman [mailto:admin@adept-hosting.net]
Sent: Wednesday, May 07, 2003 12:31 AM
To: Php-DB (E-mail)
Subject:  Newbie help


Hello,

I am new to working with PHP and MySQL so I'm sure my mistake(s) are simple
enough. Basically, I'm trying to write a script(s) to add a row to a MySQL
database. I took the scripts below off a website and have been trying to
tweak them to do what i want. Unfortunately, the script usually gives me an
error message (the one defined in the script) and very occassionally inserts
a blank row in the database.

Any clues or advice on what I am doing wrong would be greatly appreciated.
Unfortunately, I have not found the solution on the web or MySQL site
(probably because I have no idea what I'm doing).

Thanks!

- Ken

<HTML>
<form name="mailadmin" method=POST action="test2.php">
userid: <input type="text" name="userid"><br>
passwd: <input type="text" name="passwd"><br>
<input type="submit" name="submit" value="submit">
</form>
</HTML>

<?PHP
//Our PHP/MYSQL page.
//This script takes the data from the form
//fields and adds them to specified parts
//parts of the database
//MySQL Variables. Edit where necessary

session_start();

$host = "localhost";
$login_name = "root";
$password = "ronin0567*";

//Connecting to MYSQL
MySQL_connect("$host","$login_name","$password");

//Select the database we want to use
MySQL_select_db("dbmail") or die("Could not select database");

//Assign contents of form to variables
#$userid = $_POST['userid'];
#$passwd = $_POST['passwd'];

$sql = "INSERT INTO users (userid, passwd) VALUES (userid = 'userid',
passwd = 'passwd')";

$result = mysql_query($sql);

//Code to check if statement executed properly and display message
if ($result) {
echo("userid and passwd successully added");
} else {
echo("An error occured");
}

//Close connection with MySQL
mysql_close();

?>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux