php - Simple way to change mysql_query() to MySQLi or PDO or more secure method? -


this question has answer here:

i'm pretty new php , trying learn more in area of making forms secure db more difficult mess via sql injection , such. current web programmer/php guy @ our company quit short notice boss has placed me in php programmers position temporarily single week of training under previous programmer (i lots of html , css work, no php prior), until can find real replacement.

anyways, read using mysql_query() depreciated function , should avoided because method vulnerable. see 2 options use pdo or mysqli. being new php, i'm having trouble figuring out need convert code using (which sends info request quote form on site , stores in database incase of email troubles) more secure method of sending data database via pdo or mysqli.

the current line of code i'm using is:

    $query = mysql_query("insert request_for_quote(rfq_company_name, rfq_name, rfq_email, rfq_phone, rfq_end_user) values ('$rfqcompanyname', '$rfqname', '$rfqemail', '$rfqphone', '$rfqenduser')");

which powered $_post variables.

                $rfqname = mysql_real_escape_string($_post['rfq_name']);                 $rfqemail = filter_var($_post['rfq_email'], filter_validate_email);                 $rfqphone = mysql_real_escape_string($_post['rfq_phone']);                 $rfqcompanyname = mysql_real_escape_string($_post['rfq_company_name']);                 $rfqenduser = mysql_real_escape_string($_post['rfq_end_user']);

now, code need to, seems extremely vulnerable database attacks, , want learn how fix that, seems examples i'm finding online aren't using setup of "insert x,y, , z variables table columns values a, b, c".

are there simple changes make database submission query more secure?

i had written answer form of similar question few (6) months ago can't find of now.

  • search , replace.

find mysql_ , replace mysqli_, replace ("select... , insert after bracket ($dblinkidentifier, "select... $var connection db. procedural mysqli,

the initial link $dblinkidentifier mysqli_connect() construction because can identify several database connections each own $var.

this procedural mysqli format/layout. if want move oo mysqli that's little more complex structurally, better overall.


-

Comments

Post a Comment

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

using textpath within symbol doesn't render in firefox. renders fine in latest chrome , ie, when try reference symbol, svg text doesn't render in firefox (37.0.1) - first box appears empty. code below (no external dependencies), there should 2 boxes word test flowing vertically in centre of each. edit: thought issue somehow involved flexbox layout, until paul pointed out issue exists without flexbox layout. the html is: <div> <svg id="not_working" viewbox="0 0 250 1200" preserveaspectratio="xmidymid meet"> <symbol id="test_symbol1" preserveaspectratio="xmidymid meet" viewbox="0 0 250 1200"> <path id="test_symbol_path" d="m 100 1200 l 100 0" /> <text font-size="100" fill="red"> <textpath text-anchor="middle" startoffset="50%" xlink:href="#test_symbol_path&q
Read more

Java 8 + Maven Javadoc plugin: Error fetching URL -

i attempting generate javadoc links javadoc dependencies. have tried various means generate javadoc not produce qualified class names references classes dependencies. wanted links java doc simplified class names. however, java api classnames, no links , have qualified class names. working java 8. have following configuration: <plugin> <groupid>org.apache.maven.plugins</groupid> <artifactid>maven-javadoc-plugin</artifactid> <version>2.10.2</version> <configuration> <reportoutputdirectory>${project.basedir}/target</reportoutputdirectory> <destdir>javadoc</destdir> <windowtitle>epiphany</windowtitle> <doctitle>epiphany</doctitle> <show>private</show> <detectlinks>false</detectlinks> <detectoffline
Read more

node.js - How to abort query on demand using Neo4j drivers -

i making search engine application using node.js , neo4j allows users submit graph traversal query via web-based user interface. want give users option cancel query after has been submitted (i.e. if user decides change query parameters). thus, need way abort query using either command node.js-to-neo4j driver or via cypher query. after few hours of searching, haven't been able find way using of node.js-to-neo4j drivers. can't seem find cypher query allows killing of query. overlooking something, or not possible neo4j? using neo4j 2.0.4, willing upgrade newer version of neo4j if has query killing capabilities. starting neo4j version 2.2.0, it's possible kill queries ui , via rest interface. don't know if existing nodejs drivers support feature, if not can still achieve same functionality making http request rest interface. if run query in browser in version 2.2.x or later, notice there (x) close link @ top-right corner of area queries executed , displayed
Read more