PHP Programing security - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

PHP Programing security

razta Avatar
8y, 10m agoPosted 8 years, 10 months ago
Hello,
I paid a student to write me a PHP script for my website however he hasnt added any security at all. Any one here a PHP programer and maybe give me some advice on how to make it secure? The script basically adds information to a database.

Thank you


include ("./includes/config.php");

$action=$_GET[action];

if($action == 'addnew'){

$title= $_POST['title'];
$desc= $_POST['desc'];
$link= $_POST['link'];

if (empty($tite) && empty($desc) && empty($link)){
print "No title, description or link was added. Please go back and submit again.
";
print "Back";
}
elseif (empty($link)){
print "Your forgot to add the youtube link. Please go back and try again.
";
print "Back";
}
elseif (empty($desc)){
print "No description was added. Please go back and try again.
";
print "Back";
}
elseif (empty($title)){
print "No title was added. Please go back and try again.
";
print "Back";
}
else{
$query = "INSERT INTO video VALUES ('','$title','$desc','$link')";

mysql_query($query);

echo mysql_error();

print "File Added. Add Another?
";
print "Yes | View Videos";
}

} else {

?>

















Title:
Description:
Video Embed Link:



}
?>
razta Avatar
8y, 10m agoPosted 8 years, 10 months ago
Options

All Comments

(3) Jump to unreadPost a comment
Comments/page:
#1
if (empty($tite) && empty($desc) && empty($link)){

error there for a start should be

if (empty($title) && empty($desc) && empty($link)){

what security do you want adding??
#2
LOL I should have looked through it more thouroly, looking for something to protect against SQL injection and limit what the users can add to the database. I guess im gona have to learn PHP and then look at it again. Thanks for pointing out the spelling mistake.:thumbsup:
#3
try this quick start class to prevent sql injection.

http://www.webkami.com/programming/php/php-secure-class-to-avoid-xss/php-secure-class-to-avoid-xss-1-0-2.php

Just copy the top code and then see the "Usage" at bottom.
This will clean up your code to prevent attacks.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!