Ray Hauge wrote: > On Thursday 20 July 2006 07:23, John Nichel wrote: >> Yeah, one of my earliest thoughts on this was to have them write >> something simple like connecting to a db, selecting multiple rows, >> parsing our the result, and displaying it in some fashion. > > Don't forget making it secure. Here is one of my questions people can use if > they like. Feel free to re-word it. I'm a programmer, not a writer ;) > > What change(s) would you make to the following code to make it more secure? > > $id = $_GET['id']; > mysql_query(“DELETE FROM myTbl WHERE id = $id”);
/* // removed security flaw $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); //*/ ;-) > > I like this question, because they have to know at least the fundamentals of > PHP security. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
