Form security. PHP MYSQL -

-

ok have user form has values submitted database.

my values follows,

$type = $_post['type']; $username = mysql_real_escape_string($_post['username']); $gender = $_post['gender']; $email = mysql_real_escape_string($_post['email']); $password = mysql_real_escape_string($_post['password']);

i insert them, follows,

mysql_query("insert accounts (username, email, password, gender, type) values ('$username', '$email', '$password', '$gender', '$type')");

now totally fine research, , called bobby tables gets me worried security, find out mysql_real_escape_string should used radio buttons well, , find out need define if input value integer , check it?? has got me worried site thought secure, not, can please explain bobby tables , how secure more using standard real escape?

thanks

it's concept of sanitizing data, especially unpredictable inputs public facing.


Comments

Post a Comment

Popular posts from this blog

how to build hyperlink for query string in php -

-
i have question, how can add variable in current url book.php?action=addressbook i want add book.php?action=addressbook&page=2 how generate hyperlink this, have tried using $_server['php_self'] query string not included in url showing that book.php?page=2 i want append other variables query string please you can use http_build_query(); append more params url $params = $_get; $params["item"] = 45; $new_query_string = http_build_query($params); for instance: $data = array('page'=> 34, 'item' => 45); echo http_build_query($data); //page=34&item=45 or include amp echo http_build_query($data, '', '&'); //page=34&&item=45
Read more

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more