Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

get id from url security question

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

get id from url security question

Postby jonnyboy22 » Sat Sep 08, 2012 12:57 pm

Hello, I'm creating a basic blog and I'm using the following code. Its collecting the id (always a number) from the url and before I use it live I wonder if anyone could check the security of the code and let me know if its ok? Really don't want any injections etc want to keep it as secure as possible.

Code: Select all
<?php
if(is_numeric($_GET['id']) && $_GET['id'] > 0){

include("connectionfile.php");


$ia = intval($_GET['id']);
$ib = mysql_real_escape_string($ia);
$ic = strip_tags($ib);

$qProfile = "SELECT * FROM #### WHERE id='$ic'  ";
$rsProfile = mysql_query($qProfile);
$row = mysql_fetch_array($rsProfile);
extract($row);
$title = trim($title);
$post = trim($post);
$date = trim($date);
mysql_close();

}else{
   echo 'hack error here';

}


?>



think this is secure but feedback is appreciated :)
jonnyboy22
New php-forum User
New php-forum User
 
Posts: 1
Joined: Thu Sep 06, 2012 6:10 am

Re: get id from url security question

Postby johnj » Sun Sep 09, 2012 6:04 am

use require_once so that php stops execution if the file is not found.

do not use $_GET() directly. use isset() to get if it has a value.

after you have executed a sql query, check if the return value is not false.
johnj
php-forum Super User
php-forum Super User
 
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron