Jump to content

Search the Community

Showing results for tags 'sql injections'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 1 result

  1. Hi guys I've been working on a project for a while now, after getting everything functional so far, i decided its time to start locking the system down, and my first task is SQL injection prevention I really am having a hard time understand the whole sql injection thing, im pretty sure it where someone can manipulate the query so they can steal information from the Database? I followed a guide but i want to be sure for my first query, Is this SQL injection proof? <?php //This section is for adding a new user if (isset($_POST['NewUserSubmit'])){ //lets get the POST information $firstname = $_POST['FName']; $LastName = $_POST['LName']; $email = $_POST['EmailAddress']; $password = $_POST['Password']; $ContactNo = $_POST['ContactNumber']; $userLevel = $_POST['userLevel']; $userName = $firstname.".".$LastName; //change the password to MD5 $password = md5($password); // okay lets see if the user exists $selectUserName = "SELECT * FROM MC_users WHERE username='".$userName."'"; $selectResult = $pdo->prepare($selectUserName); $selectResult->execute(); //is this username already exists tell them! if ($selectResult->rowCount() > 0){ echo "<div class='alert alert-danger fade in'><strong> This user Already Exists please try a different user First and Last Name</strong><button class='close' data-dismiss='alert' aria-label='dismiss'</button>dismiss</div>"; } else {//else create the user // This worked so lets place the variables into the pdo query using an array $insertUserQuery = "INSERT INTO MC_users (firstname,lastname,username,secret,userLevel,email,contact) VALUES (:firstname,:LastName,:userName,:password,:userLevel,:email,:ContactNo)"; $Result = $pdo->prepare($insertUserQuery); if ($Result->execute(array(':firstname'=>$firstname, ':LastName'=>$LastName, ':userName'=>$userName, ':password'=>$password, ':userLevel'=>$userLevel, ':email'=>$email, ':ContactNo'=>$ContactNo ))){ echo "<div class='alert alert-success fade in'><strong>User ".$userName." has been created</strong><button class='close' data-dismiss='alert' aria-label='dismiss'</button>dismiss</div>"; } } } ?> any help is greatly appreciated And i thank everyone in advance for your help. Mooseh Man
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.