Page 2 of 2 First 12
  • Jump to page:
    #16
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    677
    Rep Power
    7
    @engrmudasir: If he did that, it would execute his submission of the item being added, which he DOES NOT want, to avoid duplicates. If there is one in there, another is not to be submitted.
  2. #17
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Location
    Pakistan
    Posts
    3
    Rep Power
    0
    Originally Posted by Triple_Nothing
    @engrmudasir: If he did that, it would execute his submission of the item being added, which he DOES NOT want, to avoid duplicates. If there is one in there, another is not to be submitted.
    Owh sorry!
    Just do this if(Count>0) then do this else Do this. But i thin the scenario of using ==0 will not work fine.
  4. #18
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    Originally Posted by s-p-n
    That is a mysql injection waiting to happen.
    Hi s-p-n

    is there a more secure way of writing it?
  6. #19
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    Originally Posted by eropsy
    is there a more secure way of writing it?
    First of all, get rid of the ancient MySQL extension (if possible). It's obsolete since almost 10 years, and it's officially deprecated in PHP 5.5, meaning you'll get an E_DEPRECATED error for every mysql_connect, mysql_query etc.

    The only reason that extension is still alive is because the Internet is still full of 15-year-old PHP tutorials, and people still learn from them.

    So if possible, jump into the 21. century and choose one of the two "new" database extensions. Each of them supports prepared statements, which allow you to safely pass values to queries. Check the link in my URL for a concrete example:

    http://forums.devshed.com/php-develo...ml#post2852089
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #20
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    Originally Posted by engrmudasir
    Owh sorry!
    Just do this if(Count>0) then do this else Do this. But i thin the scenario of using ==0 will not work fine.
    Actually, it does work, engrmudasir.

    But I'm going to go down the path Jaques1 advised about moving into the 21st century and get to learning this "prepared statements" stuff, the latest PHP, and the new data base extensions.

    Which means everything I've taught myself in the past 6 months online may end up being only slimly useful if I want to write secure codes.

    Since I'm still a newbie, I might as well learn the most up to date stuff.

    Thanks everyone!
  10. #21
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    677
    Rep Power
    7
    Excellent goal. There won't be much of a loss, though. Not TOO much has changed with PHP overall... Tis mostly just the MySQL interactions. Won't be hard.
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo