Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!
Moderators: macek, egami, gesf
by jonnyboy22 » Sat Sep 08, 2012 12:57 pm
Hello, I'm creating a basic blog and I'm using the following code. Its collecting the id (always a number) from the url and before I use it live I wonder if anyone could check the security of the code and let me know if its ok? Really don't want any injections etc want to keep it as secure as possible.
- Code: Select all
<?php
if(is_numeric($_GET['id']) && $_GET['id'] > 0){
include("connectionfile.php");
$ia = intval($_GET['id']);
$ib = mysql_real_escape_string($ia);
$ic = strip_tags($ib);
$qProfile = "SELECT * FROM #### WHERE id='$ic' ";
$rsProfile = mysql_query($qProfile);
$row = mysql_fetch_array($rsProfile);
extract($row);
$title = trim($title);
$post = trim($post);
$date = trim($date);
mysql_close();
}else{
echo 'hack error here';
}
?>
think this is secure but feedback is appreciated
-
jonnyboy22
- New php-forum User
-
- Posts: 1
- Joined: Thu Sep 06, 2012 6:10 am
by johnj » Sun Sep 09, 2012 6:04 am
use require_once so that php stops execution if the file is not found.
do not use $_GET() directly. use isset() to get if it has a value.
after you have executed a sql query, check if the return value is not false.
-
johnj
- php-forum Super User
-
- Posts: 1475
- Joined: Thu Mar 10, 2011 5:07 pm
Return to PHP & MySQL Security
Who is online
Users browsing this forum: No registered users and 1 guest
