FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » GUI designer in html
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PS Re: GUI designer in html [message #182481 is a reply to message #182467] Wed, 07 August 2013 16:51 Go to previous messageGo to previous message
bill is currently offline  bill
Messages: 310
Registered: October 2010
Karma:
Senior Member
On 2013-08-05 7:32 PM, The Natural Philosopher wrote:
....

>>>
>>> The MySQL server allows having statements that do return result sets and
>>> statements that do not return result sets in one multiple statement.
>>> "
>>>
>>
>> You need to scroll down to the middle of the page and read
>> *Security considerations* and *Example #2*.
>>
>>
> Furthermore the manual for mysql_query (as opposed to mysqli_query)
> actually states:
>
> "*mysql_query()* sends a unique query *(multiple queries are not
> supported)* to the currently active database on the server that's
> associated with the specified /|link_identifier|/. "

Yes, that's true. As a relative newcomer to PHP and the fact that MYSQL
is being deprecated, as long as mysqli is available on my servers;
wouldn't it be wise to go in the mysqlI direction?

I've no intention of making multiple queries currently but ... I
haven't used "i" yet either so I'm far from guru; I can only go by what
I read and the MYSQL reference to mysqli for multiple queries, should
the occasion arise. In fact, I've only ever experimented with MYSQL
itself; though I am using it on one of my own sites.

To me, it simply seems like the right way to go. Do you disagree
with that?


> so it would seem that this actual sql injection method is an urban myth.

Well, I've seen a few exploits and how they're done, and I've used one
of them, and I did successfully trash my database. So, not so sure
that's 100% the case; perhaps it's just you're good at writing
sanitize/validate code?

>
> From PHP anyway.
>
> ISTR I actually tried it once to see if my code was robust. I failed to
> destroy the database or indeed any data, at all.
>

Interesting observations/experiment; thanks for the info. Don't you
think it's actually due to your own code? Just curious, mostly.

Good post,

Twayne`
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: GD Function help
Next Topic: Help with PHP BD imaging functionality
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 09 12:09:55 GMT 2024

Total time taken to generate the page: 0.03969 seconds