SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    Technically, a bit dim macdan's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Security Questions

    Macdan has finally seen the light and is starting to some learn php and Mysql. Looks like I'll be asking a lot of inane questions in this forum over the next few months!!

    I have a couple of questions regarding security:

    I'm putting my mysql_pconnect command in an include which is stored above root. Is this the safest way to hide username and password details? Could somebody still get at it?

    Also, users will be able to write information into my database (like a very simple bulletin board) - could they potentially write information that would damage the database / execute a malicious command and how can I go about preventing this - would the use of addslashes() be sufficient to comment out any bad stuff?

    Thanks for any help.
    gorillaweb is a small London based digital design agency.

  2. #2
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The answer to both is yes

    1) Could possibly be accessed by other people hosting on the same server if host is not very security aware

    2) Do not trust any data that comes from a user, check everything!

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  3. #3
    Technically, a bit dim macdan's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that Seanf.

    I reckon the host is fairly secure so hopefully no problems there.

    With regards to checking the data that users have entered, do you mean manually - or by using functions like addslashes() ? - would there be any other other functions you'd recommend for this procedure.

    Thanks again..
    gorillaweb is a small London based digital design agency.

  4. #4
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Take a look at strip_tags()
    http://uk.php.net/manual/en/function.strip-tags.php

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •