[nycphp-talk] MySQL table updating
Daniel Convissor
danielc at analysisandsolutions.com
Thu Dec 6 10:33:20 EST 2007
Paul:
Several issues, including basic logic and security matters.
* calling mysql_query() without setting $sql.
* setting $query without ever calling mysql_query().
* not using mysql_real_escape_string() on values you're putting in the
SQL string.
* echoing input out as HTML without using htmlspecialchars().
* you're setting all sorts of variables with values from other
pre-existing variables. This wastes time and makes things harder to
follow.
* learn about XHTML rather than the old-world HTML.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list