RE: [PHP] Looking for help with forms/variables and an array!
- From: Brads@xxxxxxxxx ("BSumrall")
- Date: Tue, 12 Jun 2007 17:31:03 -0400
I, I, sir!
I changed it back!
:o)
Point noted!
-----Original Message-----
From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
Sent: Tuesday, June 12, 2007 1:24 PM
To: BSumrall
Cc: php-general@xxxxxxxxxxxxx
Subject: RE: [PHP] Looking for help with forms/variables and an array!
On Tue, 2007-06-12 at 13:02 -0400, BSumrall wrote:
The purpose for register_globals is for testing and functionality purposes
only.
Every single example on the internet is for register_globals = on.
That's no excuse... and you're wrong.
I am very aware of the security risk of it.
Ok... and magic_quotes? You don't seem to be escaping your data that
goes into the query either. You don't seem very "aware of the security
risk".
Get it working and then change it back. There is plenty of literature onhow
to edit existing working code once you disable it.
Why do it twice? Why risk forgetting something after the fact? Coding
securely requires that you practice coding securely and not just hope
you can apply a coat of armorall afterwards.
Just working with the tools I have!
The same tools I have, if not then you have more.
As far as _tbl instead of table, I picked that one up in the military,just
a preference.working
As far as the brackets, I tried with or without;
price_range='[$select1]'";
price_range='$select1'";
price_range=select1";
All the same miserable error!
Any suggestions on how to get select1 -> price_range= would truly
be appreciated, and if your suggestion it more secure than what I am
with. This would be the icing on the cake!
I gave you an example at the bottom of my post. Are you passing the
$query string directly to the mysql_query() function? Maybe do the
following just before running the query:
echo $query."\n";
Then check it to see that it's what you expect.
Cheers,
Rob.
--
..------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
.
- References:
- RE: [PHP] Looking for help with forms/variables and an array!
- From: Robert Cummings
- RE: [PHP] Looking for help with forms/variables and an array!
- Prev by Date: Re: [PHP] Re: any security problems with this?
- Next by Date: Re: [PHP] Going from simple to super CAPTCHA
- Previous by thread: RE: [PHP] Looking for help with forms/variables and an array!
- Next by thread: Re: [PHP] Looking for help with forms/variables and an array!
- Index(es):
