On 04/14/2010 08:48 PM, Jacob Kruger wrote:
Thanks.
Will be honest, and while have played around with PHP etc., have never
really done much with it in terms of going into production as such
anyway, so, yes, will need to learn/figure out how to do things the
best way, etc.
Stay well
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
And while you are trying to learn good habits look at SQL Injection
attacks. Using something like $_REQUEST['id'] in a query is just asking
for it. Many of the PHP and MySQL tutorials I have seen barely mention
this problem, if at all.
Consider if someone had sent your script a URL like this:
scipt.php?id='';DELETE FROM table tblLinks;
If the user running the mysql_query() function had the rights to delete
rows on the tblLinks table, the tblLinks table would be empty.
Cheers,
James
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
