[svlug] PHP database code not...

Scottix scottix at gmail.com
Thu Nov 13 11:05:22 PST 2014


Yes definitely lots of potential errors here as explained in the previous post.

One thing not listed here is making sure you are connected to the
right database. If it is not the same, everything else will be
irrelevant.

Another thing is we don't know if the computer_name is unique or not,
potentially there could be more rows.

On Thu, Nov 13, 2014 at 2:04 AM, Ivan Sergio Borgonovo
<mail at webthatworks.it> wrote:
> On 11/13/2014 05:51 AM, Michael Robinson wrote:
>
> Scary!
> Read about input validation.
>
>> foreach ( $_POST['computers'] as $setcomp )
>> {
>>           chop ($setcomp);
>>
>>           $query =  "SELECT * FROM computers WHERE computer_name ";
>
> Scary!
> Read about SQL injection that if I remember right represent 20% of the
> intrusion vector in applications.
>
>>           $query .= "= '$setcomp';";
>>
>>           echo "$query";
>>
>>           $result = pg_query($db,$query);
>
> pg_fetch_row — Get a row as an enumerated array.
> pg_fetch_row() fetches *one* row of data from the result associated with
> the specified result resource.
>
>>           $compid = pg_fetch_row($result);
>
> It looks like this line have to be *in* the loop.
>
>>           foreach ( $compid as $element )
>>           { echo "<P>$element</P>"; }
>>
>>           ...
>> }
>
>
> --
> Ivan Sergio Borgonovo
> http://www.webthatworks.it
>
>
> --
> Ivan Sergio Borgonovo
> http://www.webthatworks.it
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug



-- 
Follow Me: @Taijutsun
Scottix at Gmail.com




More information about the svlug mailing list