Forums > Promotion Project
PichulaNET (beta)
lolicon-guy:
Hm, what kind of things should I keep in consideration when writing PHP code? I'm "relatively new" to it, let alone web development at all, and I don't know where/who to ask. I've programmed for years, but what mattered was optimization; security I don't have much idea.
In the example given, how can it inject SQL at all if only the WHERE clause gets affected?
EDIT: An attacker can close the remaining of the request and insert new commands this way, got it
MonkeyIsland:
ANY time there's user input, that input should be verified thoroughly. You should always think about how things could go wrong and start closing those gaps.
--- Code: ---if(isset($_GET['Channel'])){
$channel = $con->real_escape_string($_GET['Channel']);
--- End code ---
https://www.php.net/manual/en/mysqli.real-escape-string.php
lolicon-guy:
Fixed, download links updated
nizikawa:
.
lolicon-guy:
Updated all references to $_GET.
Navigation
[0] Message Index
[*] Previous page
Go to full version