Forums > Promotion Project

PichulaNET (beta)

<< < (3/3)

lolicon-guy:
Hm, what kind of things should I keep in consideration when writing PHP code? I'm "relatively new" to it, let alone web development at all, and I don't know where/who to ask. I've programmed for years, but what mattered was optimization; security I don't have much idea.

In the example given, how can it inject SQL at all if only the WHERE clause gets affected?
EDIT: An attacker can close the remaining of the request and insert new commands this way, got it

MonkeyIsland:
ANY time there's user input, that input should be verified thoroughly. You should always think about how things could go wrong and start closing those gaps.


--- Code: ---if(isset($_GET['Channel'])){
$channel = $con->real_escape_string($_GET['Channel']);

--- End code ---

https://www.php.net/manual/en/mysqli.real-escape-string.php

lolicon-guy:
Fixed, download links updated

nizikawa:
.

lolicon-guy:
Updated all references to $_GET.

Navigation

[0] Message Index

[*] Previous page