|
I'm having a problem with telling if my function to negate SQL injections is working correctly or not. The point of it is to get rid of the slashes that end the query and then replace them back because this is a dictionary application and I'd like to accept all characters. This is what my functions to clean the input look like: and here's my queries to input a word and definition look like: I ran this add_word function with and without cleaning and I got two results. The first circled row is with the clean function but I cannot tell if it's still possible to harm my database or not. I'm assuming the second row is a unwanted result, but I'm not really sure. How do SQL injections even work? I really don't understand them that well. teen phone cutie fucked around with this message at 05:18 on Nov 25, 2015 |
# ¿ Nov 25, 2015 04:57 |
|
|
# ¿ May 15, 2024 17:38 |
|
PHP newbie here. I'm trying to make a form that submits data to a database. I have the database set up fine, got it connected and disconnected properly. And I can even get the data submitting. The only problem is I'm trying to create functions to make the process easier and I'm having issues. My index page: code:
code:
Also, I know extract with $_POST is bad practice, but I'm just practicing.
|
# ¿ Dec 29, 2016 22:19 |
|
Okay. I tried fixing that stuff:code:
code:
|
# ¿ Dec 29, 2016 22:40 |
|
Okay. It's working and I got the clean function going as well. PHP is weird, man. I miss JQuery right now Also, will that clean function protect me from every SQL injection? Is there better ways of doing it or is real escape string efficient enough? teen phone cutie fucked around with this message at 23:11 on Dec 29, 2016 |
# ¿ Dec 29, 2016 23:09 |
|
Luxury Communism posted:old post but, yeah I ended up fixing that. I was just watching Lynda tutorials at work bc I was bored and was trying to make a simple CRUD. The only time I ever worked in PHP was while I was still in school, and never really got the chance to wrap my brain around it. I'm wondering if it's even worth learning or if it's more valuable to learn Node js as a server-side language, as I'm mainly working with Javascript at work.
|
# ¿ Feb 14, 2017 23:50 |
|
EDIT: Post about a delete function. I ended up making unique pages for each row in my table and then adding a delete button on each page. I originally wanted to list them all and have a delete button next to each item in the list, but I decided that was over my head, so I did it this way instead. Hey! I'm getting better at PHP CRUD! PHP code:
teen phone cutie fucked around with this message at 20:42 on Feb 15, 2017 |
# ¿ Feb 15, 2017 16:28 |
|
rt4 posted:The most important thing about that code sample is that it takes user in put from $_GET['id'] and sticks it directly into a query. You need to use a parameterized query to prevent a malicious user from carrying out an SQL injection attack. So something like this? I don't need to fetch or bind my results since I'm deleting, correct? I kinda understand, but the documentation isn't doing a great job of explaining why this is protecting against malicious attacks. e: I'll probably get around to playing with PDO after I complete this CRUD app. Just wanna get some basic understanding down first. PHP code:
teen phone cutie fucked around with this message at 22:35 on Feb 20, 2017 |
# ¿ Feb 20, 2017 22:22 |
|
McGlockenshire posted:Yes, only you also need to check that the query executed successfully. mysqli_stmt_execute returns a boolean. So is this as simple as wrapping mysqli_stmt_execute in an "if" statement? McGlockenshire posted:Imagine a world where id = '1 OR 1 = 1'. If you were doing plain old string concat, your query would end up being DELETE FROM words WHERE id =1 OR 1 = 1. The "OR 1=1" clause will match every single row in the table. Thanks. This is super helpful. I have never been able to wrap my head around SQL injections teen phone cutie fucked around with this message at 18:09 on Feb 21, 2017 |
# ¿ Feb 21, 2017 16:29 |
|
This might be a longshot, but has anyone used curl in PHP to connect to the BigCommerce API?
|
# ¿ Mar 16, 2017 19:18 |
|
Yup. That's the exact documentation I've been staring at for an hour. Been trying to connect to this loving API through PHP with no luck. e: Got it to connect through Curl. gently caress PHP man teen phone cutie fucked around with this message at 22:30 on Mar 16, 2017 |
# ¿ Mar 16, 2017 22:06 |
|
What are some good resources for learning how to connect to rest APIs with OAuth? The specific one i want to work with has some instructions to connect with curl but I'd like to lean how to work with APIs in either PHP or node js This is coming from someone who has a pretty small amount of experience with the backend.
|
# ¿ Jun 8, 2017 23:35 |
|
Does anyone have any recommendations for beginner PHP tutorials for creating REST APIs?
teen phone cutie fucked around with this message at 19:24 on Dec 7, 2017 |
# ¿ Dec 7, 2017 16:29 |
|
Well i guess the reason I want to learn REST practices in PHP is mostly because we use PHP at work on our apps. And i’ve been making my best attempt to be more of a full stack developer, as I’ve pretty much been doing frontend through my career. But I’ll be sure to read through the docs of these frameworks and see what i like!
|
# ¿ Jan 12, 2018 14:24 |
|
|
# ¿ May 15, 2024 17:38 |
|
We built our own, but it implements alot of the same ideas as Laravel, from what i’ve been told
|
# ¿ Jan 12, 2018 14:43 |