- Where Developers Learn, Share, & Build Careers


I am trying to work with PDO for the first time and I want to know what I am doing, how safe is it I

, I'm also new to PHP.

I have a question that when a user passes my page, the page takes a variable using GET and then runs.

With PHP, I've always used mysql_real_escape to get my varietates sanitized.

Can anyone see security flaws with this?

// Get the person ID $ User ID = $ _GET ['userID']; // People $$ sql = "Select * Individuals with ID = $ userID"; $ Q = $ conn- & gt; Query ($ sql) or die ($ conn- & gt; error ()); While ($ r = $ q- & gt; Fetch (PDO :: FETCH_LAZY)) {echo '

Do not use the query, prepare:

$ userID = $ _GET ['userID']; $ Sql ​​= "People from WHOE ID =: userid"; $ Q = $ conn- & gt; Ready ($ sql) $ q- & gt; Execute (Arrays (': userid' = & gt; $ userID)); While ($ r = $ q- & gt; Fetch (PDO :: FETCH_ASSOC)) {echo '& lt; Div class = "mis-per" & gt; '; Echo '& lt; Span class = "date-submitted" & gt; . $ R ['date_submitted'] '& lt; / Span & gt; '; // more STUF echo & lt; / Div & gt; '; }

The SQL statement can include the zero or more named (: name) or question mark (?) Parameter markers, for which the actual value is replaced when the statement is executed .


Comments

Post a Comment

Popular posts from this blog

Python SQLAlchemy:AttributeError: Neither 'Column' object nor 'Comparator' object has an attribute 'schema' -

I tried to create a new database in my project, but when I run the script, I get this error, I have another project, this type of definition worked before, but now it gets a single error. I am using Python 2.7.8 and the version of SQLAlchemy module is 0.9.8. By the way, using a project flask- SQLAlchemy, it works well, I'm confused. Traceback information is as follows: Traceback (most recent call final): File "D: / Projects / IOM / db_create.py", line 4, & lt; Module & gt; From the models the base file "D: \ Projects \ OO-IM \ models.py", in line 15, in the & lt; Module & gt; Column ( 'followed_id', int (), ForeignKey ( 'user.id')) file "C: \ Python27 \ lib \ site-packages \ SQLAlchemy \ SQL \ schema.py", line 369, __new__ schema = metadata. Schema file "C: \ Python27 \ lib \ site-packages \ SQLAlchemy \ SQL \ elements.py", line 662, AttributeError in __getattr__ key): Neither 'column' object nor ...
Read more

java - How not to audit a join table and related entities using Hibernate Envers? -

I use Eners to be hibernate to audit my institutions. I have an audit entity, Foo , which includes a list & lt; Bars & gt; However, I do not want to audit the bar institutions, in the form of properties, I have written that: @inti @edicated public class Foo {@JoinTable (name = "T_FOO_BAR", joinColumns = @JoinColumn (name = "FOO_ID"), inverseJoinColumns = @JoinColumn (Name = "BAR_ID")) @ManyToMany (Cascade = Persist) @ Indited (targetAuditMode = RelationTargetAuditMode.NOT_AUDITED ) Public listing & lt; Bars & gt; GetBars () {Return bars; }} Now, I want to retrieve an amendment of foo : AuditReader reader = AuditReaderFactory.get (GetEntityManager ()); FU modification = (FU) reader.CreativeTeA () .entensEtrevision (Foo Class, 42) .getSingleResult (); Unfortunately, when I want to retrieve all the data (i.e. when it loads lazy times ), error me ORA-00942: table or view is not present , because Tried to query this: Sel...
Read more

mongodb - CakePHP paginator ignoring order, but only for certain values -

While pagging my user model in kppp, I can sort with some values, but not others. For example, I can order results from created or email , for example, but username or reputation seems to come back order by arbitrary command for example with a list of users: $ this-> paginate = array ('condition' => array ( 'User.is_active' = & gt; true), 'border' => 24, 'order' => array ('User.created' => DESC)); Works as expected, but $ this - & gt; Paged = array ('conditions' = & gt; array (' user.isIactive '= & gt; true),' border '= & gt; 24,' command '= & gt; array (' user repeats' = ' & Gt; DESC ')); No, no. I first thought that this could be a database issue, but when I search the database directly, sorted as expected. Note: I am using Mangodebi with the Mongo DB plugin of Ichikawa for the KPPHP; Pagnetizing users are used to work properl...
Read more