Re: [nyphp-talk] MySQL table updating

Daniel Convissor Thu, 06 Dec 2007 07:35:02 -0800

Paul:

Several issues, including basic logic and security matters.


* calling mysql_query() without setting $sql.
* setting $query without ever calling mysql_query().
* not using mysql_real_escape_string() on values you're putting in the 
SQL string.
* echoing input out as HTML without using htmlspecialchars().
* you're setting all sorts of variables with values from other 
pre-existing variables.  This wastes time and makes things harder to 
follow.
* learn about XHTML rather than the old-world HTML.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

Re: [nyphp-talk] MySQL table updating

Reply via email to