[PHP-DB] Re: [PHP-WIN] A measre of security

2007-02-17 Thread bedul 
cmiiw
- Original Message -
From: Gustav Wiberg [EMAIL PROTECTED]
To: php-windows@lists.php.net
Sent: Wednesday, February 14, 2007 6:39 PM
Subject: [PHP-WIN] A measre of security


Hi!

This is a kind of security-question

I'm starting up a system, where several customers should be able to login
with there own information.
Each company I give unique identity with hard-coding and each company has
its own folder...


Harding-coding, something like:
$company - setIDCompany(1);
$company - setIDCompany(2);
$company - setIDCompany(3);

[bedul]
you should not try hardcoding by your self.. is suffer your health.. hehehe
why don't you use an id.. if you enter this using db.. every new record or
company will given a new id..
like you enter new comp anda the new will have 4 and soon
but if this not what you wanted.. just created a random var like this

i enter new comp.. where the var given = a4s43.. this comp will have id
a4s43 and have folder named a4s43
=
Diffrent folders:
customers/company1
customers/company2
customers/company3

and so on...


This isn't complicated, but when I add a new company...I must be
200% sure that the IDCompany is set correct (There is a chance of setting
the wrong ID for a new company or forgetting to change it)
[bedul]
to search what your id entered .. try use
int mysql_insert_id ( [resource link_identifier] )


Retrieves the ID generated for an AUTO_INCREMENT column by the previous
INSERT query.

===

The companys ARE NOT ALLOWED to see each others information.
[bedul]

try above suggestion.. use random var for folder.. how to get em??

$idFromTable=mysql_insert_id ($handle);

$rndNum=rand(2100);

$randomID=a.$idFromTable.s.$rndNum;


Is there any good way of solving this with some sort of
comparision-mechanism or something like that? Any thoughts?
[bedul]

interesting. can u explain more about 'sort of comparision-mechanism'??

 ===

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] mysql_real_escape_string

2007-02-17 Thread OKi98 

Ron Piggott wrote:

I am creating a form where I am using 


$web_site_#

for the various fields.  At the present time there are 11 fields I am
asking the user to key in.  I am wondering if there is a slick way to
use the mysql_real_escape_string command with this so

$web_site_1 = mysql_real_escape_string($web_site_1);
$web_site_2 = mysql_real_escape_string($web_site_2);
$web_site_3 = mysql_real_escape_string($web_site_3);
...
$web_site_11 = mysql_real_escape_string($web_site_11);

would be replaced by some type of loop
 

for ($i=1;$i=11;$i++) 
${web_site_$i}=mysql_real_escape_string(${web_site_$i}};


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Re: mysql_real_escape_string

2007-02-17 Thread Michael Weaver 

Hi Ron,

One thing that you could do is name the variables as an array as  
opposed to creating a series of like-named variables.


Instead of:

input  name=web_site_1 type=sometype ../
input  name=web_site_2 type=sometype ../
input  name=web_site_3 type=sometype ../
...
input  name=web_site_11 type=sometype ../

Which would give:

$web_site_1
$web_site_2
$web_site_3
...
$web_site_11

You could set up the variables as:

input name=web_site[1] type=sometype.../
input name=web_site[2] type=sometype.../
input name=web_site[3] type=sometype.../
...
input name=web_site[11] type=sometype.../


This would give you a $web_site array which could then be looped  
through:


for($i = 0; $i  count($web_site);$i++)
{
$web_site[$i] = mysql_real_escape_string($web_site[$i]);
}

Hope this helps and is what you are looking for

Best regards,

Mike Weaver

--
Michael Weaver
Founder/Chief Facilitator
Dynamic Insight
Enhancing Professional Awareness   Communication
Tel: 1.814.574.4871
Email: [EMAIL PROTECTED]

The information in this email and subsequent attachments may contain
confidential information that is intended solely for the attention  
and use of
the named addressee(s). This message or any part thereof must not be  
disclosed,
copied, distributed or retained by any person without authorization  
from the
addressee. If you are not the intended recipient, please contact the  
sender by

reply email and destroy all copies of the original message.