Groups

    PHP Programing security

    Hello,
    I paid a student to write me a PHP script for my website however he hasnt added any security at all. Any one here a PHP programer and maybe give me some advice on how to make it secure? The script basically adds information to a database.

    Thank you


    include ("./includes/config.php");

    $action=$_GET[action];

    if($action == 'addnew'){

    $title= $_POST['title'];
    $desc= $_POST['desc'];
    $link= $_POST['link'];

    if (empty($tite) && empty($desc) && empty($link)){
    print "No title, description or link was added. Please go back and submit again.
    ";
    print "Back";
    }
    elseif (empty($link)){
    print "Your forgot to add the youtube link. Please go back and try again.
    ";
    print "Back";
    }
    elseif (empty($desc)){
    print "No description was added. Please go back and try again.
    ";
    print "Back";
    }
    elseif (empty($title)){
    print "No title was added. Please go back and try again.
    ";
    print "Back";
    }
    else{
    $query = "INSERT INTO video VALUES ('','$title','$desc','$link')";

    mysql_query($query);

    echo mysql_error();

    print "File Added. Add Another?
    ";
    print "Yes | View Videos";
    }

    } else {

    ?>









    Title:
    Description:
    @
      Text
      Top Discussions
      1. Surprise! The HUKD Summer Flamedeer Hunt 2017 **OFFICIAL THREAD** (trading …4672205
      2. What is there free to do in your town?2544
      3. Back to school: what's your views on your kids uniform and piercing rules e…27121
      4. Sky Fibre Max44

      See more discussions