In PHP if some variables are taken from query string and used inside one mysql query then the variables are to be sanitized ( checked ) first before using.
When we don't expect any thing other than a numeric value then why not to check the variable by using is_numeric PHP function and terminate the program if data is not a number. Here is a sample code for this.$cat_id=$_GET['pc_id'];
if(!is_numeric($pc_id)){
echo "Data Error";
exit;
}$start=$_GET['start'];
if(strlen($start) > 0 and !is_numeric($start)){
echo "Data Error";
exit;
}
If we expect only alphanumeric characters then we can use ctype_alnumfunction.if(!ctype_alnum($var)){
echo "Data Error";
exit;
}
Tuesday, June 29, 2010
enchance SQL security
Posted by AG at 6:59 PM 0 comments
Wednesday, June 23, 2010
Connect MySQL
without using password
run cmd command
cd C:\Program Files\xampp\mysql
cd bin
mysql.exe -uroot mysql
use [databaseFolderName]
If you wan connect with password:-
change mysql -uroot mysql to mysql -u[accountName]
Posted by AG at 6:22 PM 0 comments
Monday, June 21, 2010
Subscribe to:
Posts (Atom)
