php-windows Digest 22 Apr 2010 15:27:42 -0000 Issue 3794

Thu, 22 Apr 2010 08:28:45 -0700 

php-windows Digest 22 Apr 2010 15:27:42 -0000 Issue 3794

Topics (messages 30040 through 30041):

Re: [PHP-DB] Sharing happiness!!
        30040 by: Chaitanya Yanamadala

Re: Trouble running a select query against a database, when I know the 
connection is working, and the data is there
        30041 by: James Crow

Administrivia:

To subscribe to the digest, e-mail:
        php-windows-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-windows-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-wind...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
Are promotional messages a part of the PHP-DB


Chaitanya

"A man can get discouraged many times but he is not a failure until he stops
trying..."

"The difference between 'involvement' and 'commitment' is like an
eggs-and-ham breakfast: the chicken was 'involved' - the pig was
'committed'."




On Thu, Apr 22, 2010 at 3:18 AM, nagendra prasad
<nagendra802...@gmail.com>wrote:

> Dear friend,
> I get good news. rictrade now has a big promotion. Every day the first
> 100 customers will be offered 50%  discount for its all products.
> Besides, they accept payment via credit cards for customers’
> convenience. It  is very nice, isn’t it? Let’s have a look at
> www.rictrade.org
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--- End Message ---
--- Begin Message --- 
On 04/14/2010 08:48 PM, Jacob Kruger wrote:

Thanks.
Will be honest, and while have played around with PHP etc., have never really done much with it in terms of going into production as such anyway, so, yes, will need to learn/figure out how to do things the best way, etc. 

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
And while you are trying to learn good habits look at SQL Injection attacks. Using something like $_REQUEST['id'] in a query is just asking for it. Many of the PHP and MySQL tutorials I have seen barely mention this problem, if at all. 

Consider if someone had sent your script a URL like this:
scipt.php?id='';DELETE FROM table tblLinks;
If the user running the mysql_query() function had the rights to delete rows on the tblLinks table, the tblLinks table would be empty. 

Cheers,
James

--- End Message ---

Reply via email to