[PHP-DB] Re: [PHP-WIN] A measre of security
cmiiw - Original Message - From: Gustav Wiberg [EMAIL PROTECTED] To: php-windows@lists.php.net Sent: Wednesday, February 14, 2007 6:39 PM Subject: [PHP-WIN] A measre of security Hi! This is a kind of security-question I'm starting up a system, where several customers should be able to login with there own information. Each company I give unique identity with hard-coding and each company has its own folder... Harding-coding, something like: $company - setIDCompany(1); $company - setIDCompany(2); $company - setIDCompany(3); [bedul] you should not try hardcoding by your self.. is suffer your health.. hehehe why don't you use an id.. if you enter this using db.. every new record or company will given a new id.. like you enter new comp anda the new will have 4 and soon but if this not what you wanted.. just created a random var like this i enter new comp.. where the var given = a4s43.. this comp will have id a4s43 and have folder named a4s43 = Diffrent folders: customers/company1 customers/company2 customers/company3 and so on... This isn't complicated, but when I add a new company...I must be 200% sure that the IDCompany is set correct (There is a chance of setting the wrong ID for a new company or forgetting to change it) [bedul] to search what your id entered .. try use int mysql_insert_id ( [resource link_identifier] ) Retrieves the ID generated for an AUTO_INCREMENT column by the previous INSERT query. === The companys ARE NOT ALLOWED to see each others information. [bedul] try above suggestion.. use random var for folder.. how to get em?? $idFromTable=mysql_insert_id ($handle); $rndNum=rand(2100); $randomID=a.$idFromTable.s.$rndNum; Is there any good way of solving this with some sort of comparision-mechanism or something like that? Any thoughts? [bedul] interesting. can u explain more about 'sort of comparision-mechanism'?? === -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql_real_escape_string
Ron Piggott wrote: I am creating a form where I am using $web_site_# for the various fields. At the present time there are 11 fields I am asking the user to key in. I am wondering if there is a slick way to use the mysql_real_escape_string command with this so $web_site_1 = mysql_real_escape_string($web_site_1); $web_site_2 = mysql_real_escape_string($web_site_2); $web_site_3 = mysql_real_escape_string($web_site_3); ... $web_site_11 = mysql_real_escape_string($web_site_11); would be replaced by some type of loop for ($i=1;$i=11;$i++) ${web_site_$i}=mysql_real_escape_string(${web_site_$i}}; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: mysql_real_escape_string
Hi Ron, One thing that you could do is name the variables as an array as opposed to creating a series of like-named variables. Instead of: input name=web_site_1 type=sometype ../ input name=web_site_2 type=sometype ../ input name=web_site_3 type=sometype ../ ... input name=web_site_11 type=sometype ../ Which would give: $web_site_1 $web_site_2 $web_site_3 ... $web_site_11 You could set up the variables as: input name=web_site[1] type=sometype.../ input name=web_site[2] type=sometype.../ input name=web_site[3] type=sometype.../ ... input name=web_site[11] type=sometype.../ This would give you a $web_site array which could then be looped through: for($i = 0; $i count($web_site);$i++) { $web_site[$i] = mysql_real_escape_string($web_site[$i]); } Hope this helps and is what you are looking for Best regards, Mike Weaver -- Michael Weaver Founder/Chief Facilitator Dynamic Insight Enhancing Professional Awareness Communication Tel: 1.814.574.4871 Email: [EMAIL PROTECTED] The information in this email and subsequent attachments may contain confidential information that is intended solely for the attention and use of the named addressee(s). This message or any part thereof must not be disclosed, copied, distributed or retained by any person without authorization from the addressee. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.