Search the Community
Showing results for tags 'php security'.
-
if i use code as follows, This is a safe way to take the value of the form ? <html> <head></head> <body> <form method='post'> <input type='text' name='name' value='akli'> <input type='submit' name ='view' value='view'> </form> </body> </html> <?php extract($_POST); if($view) echo $name; ?> please healp me
-
Hi friends, Another security issue but this time its regarding outputting data from a DB to a browser. Please have a look at the code below which displays some output fetched from a DB and sends it to a browser. 1. If I just wish to display this output on a screen and not provide the user with any buttons or hyperlinks to interact with the information, would I still need to sanitize the output before echoing it to the screen ? 2. If I was to make at least one of the fields a hyperlink, so that I could then display some related information on another webpage, what security concerns would I need to address in my code? 3. If I was to add a button against each of these records, on each row, and then select some related information on another webpage after processing the button handler, what would be the security concerns that I should address for the code below. Thanks very much. <table> <tr> <th> S.No. </th> <th> Name </th> <th> Age </th> <th> City </th> <th> Cell </th> <th> Email</th> </tr> <?php $cnt = 1; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { echo "<tr>"; echo "<td>".$cnt++."</td>"; echo "<td>".$row['Name']. "</td>"; echo "<td>".$row['Age']. "</td>"; echo "<td>".$row['City']. "</td>"; echo "<td>".$row['Cell']. "</td>"; echo "<td>".$row['Email']. "</td>"; echo "</tr>"; } ?> </table>
- 5 replies
-
- ajoo
- output to a browser
-
(and 2 more)
Tagged with: