Re: [newbie] Keeping it all in one page?
- From: Gilles Ganault <nospam@xxxxxxxxxx>
- Date: Wed, 30 Jan 2008 04:28:52 +0100
On Tue, 29 Jan 2008 20:53:29 -0500, Jerry Stuckle
<jstucklex@xxxxxxxxxxxxx> wrote:
And adding a checkbox isn't hard at all. But don't just use
the primary key id in the checkbox unless you have some other way
to protect your page from hackers.
The definitive wrong way to do things:
============
<?php
switch ($status) {
case "delete":
foreach ($item as $bit) {
$query = "DELETE FROM " . $table . " WHERE id=" . $bit;
$result = mysql_query($query) or die("Query failed: " .
mysql_error());
}
break;
default:
echo "<form method=post>";
echo "<input type=checkbox name=item[] value=1>"
echo "<input type=checkbox name=item[] value=2>"
echo "<input type=hidden name=status value=delete>";
echo "<input type=submit value=Delete>";
echo "</form>";
}
?>
============
BTW, is there some book like "The 50 pitfalls of writing web apps in
PHP" that would take real-life newbie errors like the above, explain
why they're wrong, and the safe way to rewrite them?
Thanks.
.
- Follow-Ups:
- Re: [newbie] Keeping it all in one page?
- From: Jerry Stuckle
- Re: [newbie] Keeping it all in one page?
- References:
- [newbie] Keeping it all in one page?
- From: Gilles Ganault
- Re: [newbie] Keeping it all in one page?
- From: The Natural Philosopher
- Re: [newbie] Keeping it all in one page?
- From: Gilles Ganault
- Re: [newbie] Keeping it all in one page?
- From: Jerry Stuckle
- [newbie] Keeping it all in one page?
- Prev by Date: Re: [newbie] Keeping it all in one page?
- Next by Date: Statistics for SHOW TABLE
- Previous by thread: Re: [newbie] Keeping it all in one page?
- Next by thread: Re: [newbie] Keeping it all in one page?
- Index(es):
Relevant Pages
|
