Is this secure?

Status
Not open for further replies.
Kristopher

Kristopher

Photographer
Dec 25, 2010
803
68
<?php
$sql = "SELECT * FROM users";

$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
echo $row["username"];
}

?>
 
Sort by date Sort by votes
Markshall

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,639
2,397
Yes it is, you're not allowing the user to input anything in to the database, you're just echoing an output.

Just make sure that you sanitize the inputs to the database when the user is signing up. If, for example when they are signing up and they choose the username '<script type="text/javascript">alert('hi');</script>', and you don't sanitize it, it will enter that whole JavaScript code into the database, then when you come to echo out the username from the database, it will process that code and render a JavaScript alert dialog box saying "hi".
 
Upvote 0 Downvote
RastaLulz

RastaLulz

fight teh power
Staff member
May 3, 2010
3,935
3,936
You shouldn't sanitize data that is being put in your database, you should sanitize the data coming out of the database. That way your data is pure, and not messed up because your script doesn't take care of it.
 
Upvote 0 Downvote
Markshall

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,639
2,397
RastaLulz said:
You shouldn't sanitize data that is being put in your database, you should sanitize the data coming out of the database. That way your data is pure, and not messed up because your script doesn't take care of it.
Click to expand...
Yeah exactly, I meant that but got mixed up. :p

A nice way I like to sanitize my data from databases is this:
PHP: 
public function Arr($sql) {
    $query = @mysql_fetch_array($sql);
    if (!$query) {
        die("Query failed");
    }
    return array_map("stripslashes", $query);
}

You can add more functions to the array_map function by just creating an array of functions inside the first parameter,
You must be registered for see links
 
Upvote 0 Downvote
Markshall

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,639
2,397
It depends how you check if a user is logged in.

Download
You must be registered for see links
and have a look how I did it if you like.
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
803
68
m0nsta. said:
It depends how you check if a user is logged in.

Download
You must be registered for see links
and have a look how I did it if you like.
Click to expand...
Well its RevCMS, I'm attempting to make a better homes then what is already released.. But It won't be release its just to better my skills..
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top