6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

PHP question involving variables?

by leppozdrav
5 replies
  • WEB DESIGN
    • |
Say I have this code for a form:
$sql="INSERT INTO content (category)
VALUES
('$_POST[category]');
and somewhere else I want the variable $data['category'] to be what was just posted in the form. What would $data['category'] have to equal for this to be true?
#involving #php #question #variables
  • Profile picture of the author Cwantwm
    Could clarify the question a little more.

    To start with NEVER actaully run the code you posted above

    doing so opens you up to SQL injection attacks from the use of unsanitized user input in an SQL query.
    {{ DiscussionBoard.errors[4412444].message }}
  • Profile picture of the author Jonas B
    $data['category'] = $_POST['category'];

    ?
    Signature
    Proud owner of the most flexible mobile app builder. Check it out at http://bit.ly/hybrica!
    Mobile Web Expert & Android Developer
    {{ DiscussionBoard.errors[4412675].message }}
  • Profile picture of the author leppozdrav
    To start with NEVER actaully run the code you posted above

    doing so opens you up to SQL injection attacks from the use of unsanitized user input in an SQL query.
    I cant get it, Can you please explain me what that attack is all about?
    Signature
    www.seorockstars.net
    {{ DiscussionBoard.errors[4416924].message }}
  • Profile picture of the author Cwantwm
    Hi, the problem is with $_POST[category], it contains input received by posting a form and the data in it is not escaped. Therefore if i were to visit your site and post the following string at your form.

    Code:
    x'; DROP TABLE members;
    depending on write access your database would be deleted

    or using something like this i could create an account for free.....

    Code:
    x';
        INSERT INTO members ('email','passwd','login_id','full_name') 
        VALUES ('my@email.com','test','fakeuser','A Name');--
    The possibilites are endless for hackers.... the answer is to always escape any untrusted input before it goes anywhere near the database.
    {{ DiscussionBoard.errors[4417151].message }}
  • Profile picture of the author leppozdrav
    Hi Cwantwm,

    the answer is to always escape any untrusted input before it goes anywhere near the database.
    Which means I should filter the special characters before inserting data into my table?
    Signature
    www.seorockstars.net
    {{ DiscussionBoard.errors[4424362].message }}

Trending Topics