h4r00n Posted August 26, 2009 Share Posted August 26, 2009 Hi, below is my coding for my search.php. I am aware that it is exposed to risks, I am new to PHP and was hoping that somebody could help me with the coding to reduce these risks? Thanks <?php //get data $button = (isset($_GET['submit'])) ? $_GET['submit'] : "default_value"; $search = (isset($_GET['search'])) ? $_GET['search'] : "default_value"; if (!$button) { echo "You didn't submit a keyword."; } else { if (strlen($search)<=2) { echo "Search term too short."; } else { echo "You searched for <b>$search</b><hr size='1'>"; //connect to our database mysql_connect("localhost","root",""); mysql_select_db("jobjar"); //explode our search term $search_exploded = explode(" ",$search); foreach($search_exploded as $search_each) { //construct query $x = 0; $construct = ""; $x++; if ($x==1) { $construct .= " Keywords LIKE '%$search_each%'"; } else { $construct .= " OR Keywords LIKE '%$search_each%'"; } } //echo out construct $construct = "SELECT * FROM jobs WHERE $construct"; $run = mysql_query($construct); $foundnum = mysql_num_rows($run); if ($foundnum==0) { echo "No jobs found."; } else { echo "$foundnum found!<p><br>"; while ($runrows = mysql_fetch_assoc($run)) { //get data $Title = $runrows['Title']; $Location = $runrows['Location']; $Salary = $runrows['Salary']; $Sector = $runrows['Sector']; $JobType = $runrows['Job Type']; $Duration = $runrows['Duration']; $JobRef = $runrows['Job Ref']; $Description = $runrows['Description']; echo "<b>Title:</b> $Title<br> <b>Location:</b> $Location<br> <b>Salary:</b> $Salary<br> <b>Sector:</b> $Sector<br> <b>Job Type:</b> $JobType<br> <b>Duration:</b> $Duration<br> <b>Job Ref:</b> $JobRef<br> <b>Description:</b> $Description<p><br>"; } } } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/ Share on other sites More sharing options...
Asheeown Posted August 26, 2009 Share Posted August 26, 2009 First of all make a designated mysql user for that project/database you are using. I am assuming though for now you're using root for development purposes. Use "mysql_real_escape_string($Variable);" for all the variables that come from user input. http://us2.php.net/manual/en/function.mysql-real-escape-string.php Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906846 Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 if (!$button) is never true because it's either the value of $_GET['submit'] or the default_value. Use instead: $button = (isset($_GET['submit'])) ? $_GET['submit'] : null; To secure your application validate the input apply what you know for example if search may only contain alphabetic characters use: if (!ctype_alpha($search)) {//invalid does contain characters not found in the alphabet Search must contain a certain length? if (!isset($search[5])) {//invalid must be atleast 6 characters long (strings are zero-based if you wonder why 5) Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906851 Share on other sites More sharing options...
h4r00n Posted August 26, 2009 Author Share Posted August 26, 2009 First of all make a designated mysql user for that project/database you are using. I am assuming though for now you're using root for development purposes. Use "mysql_real_escape_string($Variable);" for all the variables that come from user input. http://us2.php.net/manual/en/function.mysql-real-escape-string.php So where would I insert that code? Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906855 Share on other sites More sharing options...
Asheeown Posted August 26, 2009 Share Posted August 26, 2009 <?php //get data $button = (isset($_GET['submit'])) ? $_GET['submit'] : "default_value"; $search = (isset($_GET['search'])) ? $_GET['search'] : "default_value"; if (!$button) { echo "You didn't submit a keyword."; } else { if (strlen($search)<=2) { echo "Search term too short."; } else { echo "You searched for <b>$search</b><hr size='1'>"; //connect to our database mysql_connect("localhost","root",""); mysql_select_db("jobjar"); $button = mysql_real_escape_string($button); $search = mysql_real_escape_string($search); //explode our search term $search_exploded = explode(" ",$search); foreach($search_exploded as $search_each) { //construct query $x = 0; $construct = ""; $x++; if ($x==1) { $construct .= " Keywords LIKE '%$search_each%'"; } else { $construct .= " OR Keywords LIKE '%$search_each%'"; } } //echo out construct $construct = "SELECT * FROM jobs WHERE $construct"; $run = mysql_query($construct); $foundnum = mysql_num_rows($run); if ($foundnum==0) { echo "No jobs found."; } else { echo "$foundnum found!<p><br>"; while ($runrows = mysql_fetch_assoc($run)) { //get data $Title = $runrows['Title']; $Location = $runrows['Location']; $Salary = $runrows['Salary']; $Sector = $runrows['Sector']; $JobType = $runrows['Job Type']; $Duration = $runrows['Duration']; $JobRef = $runrows['Job Ref']; $Description = $runrows['Description']; echo "<b>Title:</b> $Title<br> <b>Location:</b> $Location<br> <b>Salary:</b> $Salary<br> <b>Sector:</b> $Sector<br> <b>Job Type:</b> $JobType<br> <b>Duration:</b> $Duration<br> <b>Job Ref:</b> $JobRef<br> <b>Description:</b> $Description<p><br>"; } } } } ?> As far as I see by glancing at it, only $button and $search are from GET so I did it right under the mysql connect. Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906860 Share on other sites More sharing options...
h4r00n Posted August 26, 2009 Author Share Posted August 26, 2009 Thanks. I will create a password protected user when this goes online, just trial mode at the moment Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906908 Share on other sites More sharing options...
Asheeown Posted August 26, 2009 Share Posted August 26, 2009 Make sure you give root a nice bulky password too Quote Link to comment https://forums.phpfreaks.com/topic/171985-solved-php-coding-exposed-to-risks/#findComment-906912 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.