Jump to content

[SOLVED] php coding exposed to risks

h4r00n

By h4r00n
in PHP Coding Help

 Share

Recommended Posts

h4r00n Member

h4r00n

Posted
Posted

Hi, below is my coding for my search.php. I am aware that it is exposed to risks, I am new to PHP and was hoping that somebody could help me with the coding to reduce these risks?

 

Thanks

 

<?php

//get data
$button = (isset($_GET['submit'])) ? $_GET['submit'] : "default_value";
$search = (isset($_GET['search'])) ? $_GET['search'] : "default_value";

if (!$button)
{
   echo "You didn't submit a keyword.";
}
else
{
   if (strlen($search)<=2)
   {
      echo "Search term too short.";
   }
   else
   {
      echo "You searched for <b>$search</b><hr size='1'>";
      //connect to our database
      mysql_connect("localhost","root","");
      mysql_select_db("jobjar");
      //explode our search term
      $search_exploded = explode(" ",$search);

      foreach($search_exploded as $search_each)
      {
         //construct query
	 $x = 0;
$construct = "";
         $x++;
         if ($x==1)            
         {
            $construct .= " Keywords LIKE '%$search_each%'";
         }
         else
         {
            $construct .= " OR Keywords LIKE '%$search_each%'";
         }
      }
   
      //echo out construct
      $construct = "SELECT * FROM jobs WHERE $construct";
      $run = mysql_query($construct);
      $foundnum = mysql_num_rows($run);

      if ($foundnum==0)
      {
         echo "No jobs found.";
      }
      else
      {
         echo "$foundnum found!<p><br>";
   
         while ($runrows = mysql_fetch_assoc($run))
         {
            //get data
            $Title = $runrows['Title'];
            $Location = $runrows['Location'];
            $Salary = $runrows['Salary'];
            $Sector = $runrows['Sector'];
            $JobType = $runrows['Job Type'];
            $Duration = $runrows['Duration'];
            $JobRef = $runrows['Job Ref'];
            $Description = $runrows['Description'];
      
            echo "<b>Title:</b> $Title<br> 
            <b>Location:</b> $Location<br> 
            <b>Salary:</b> $Salary<br>
            <b>Sector:</b> $Sector<br>
            <b>Job Type:</b> $JobType<br>
            <b>Duration:</b> $Duration<br>
            <b>Job Ref:</b> $JobRef<br>
            <b>Description:</b> $Description<p><br>";
         }
      }
   }
}


?>

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

if (!$button) is never true because it's either the value of $_GET['submit'] or the default_value. Use instead:

 

$button = (isset($_GET['submit'])) ? $_GET['submit'] : null;

 

To secure your application validate the input apply what you know for example if search may only contain alphabetic characters use:

 

if (!ctype_alpha($search)) {//invalid does contain characters not found in the alphabet

 

Search must contain a certain length?

 

if (!isset($search[5])) {//invalid must be atleast 6 characters long (strings are zero-based if you wonder why 5)

Link to comment
Share on other sites
h4r00n Member

h4r00n

Posted
  • Author
Posted

First of all make a designated mysql user for that project/database you are using.  I am assuming though for now you're using root for development purposes.

 

Use "mysql_real_escape_string($Variable);" for all the variables that come from user input.

 

http://us2.php.net/manual/en/function.mysql-real-escape-string.php

 

So where would I insert that code?

Link to comment
Share on other sites
Asheeown Regular Member

Asheeown

Posted
Posted 

<?php

//get data
$button = (isset($_GET['submit'])) ? $_GET['submit'] : "default_value";
$search = (isset($_GET['search'])) ? $_GET['search'] : "default_value";

if (!$button)
{
   echo "You didn't submit a keyword.";
}
else
{
   if (strlen($search)<=2)
   {
      echo "Search term too short.";
   }
   else
   {
      echo "You searched for <b>$search</b><hr size='1'>";
      //connect to our database
      mysql_connect("localhost","root","");
      mysql_select_db("jobjar");
      
      $button = mysql_real_escape_string($button);
      $search = mysql_real_escape_string($search);


      //explode our search term
      $search_exploded = explode(" ",$search);

      foreach($search_exploded as $search_each)
      {
         //construct query
       $x = 0;
$construct = "";
         $x++;
         if ($x==1)            
         {
            $construct .= " Keywords LIKE '%$search_each%'";
         }
         else
         {
            $construct .= " OR Keywords LIKE '%$search_each%'";
         }
      }
   
      //echo out construct
      $construct = "SELECT * FROM jobs WHERE $construct";
      $run = mysql_query($construct);
      $foundnum = mysql_num_rows($run);

      if ($foundnum==0)
      {
         echo "No jobs found.";
      }
      else
      {
         echo "$foundnum found!<p><br>";
   
         while ($runrows = mysql_fetch_assoc($run))
         {
            //get data
            $Title = $runrows['Title'];
            $Location = $runrows['Location'];
            $Salary = $runrows['Salary'];
            $Sector = $runrows['Sector'];
            $JobType = $runrows['Job Type'];
            $Duration = $runrows['Duration'];
            $JobRef = $runrows['Job Ref'];
            $Description = $runrows['Description'];
      
            echo "<b>Title:</b> $Title<br> 
            <b>Location:</b> $Location<br> 
            <b>Salary:</b> $Salary<br>
            <b>Sector:</b> $Sector<br>
            <b>Job Type:</b> $JobType<br>
            <b>Duration:</b> $Duration<br>
            <b>Job Ref:</b> $JobRef<br>
            <b>Description:</b> $Description<p><br>";
         }
      }
   }
}
?>

 

As far as I see by glancing at it, only $button and $search are from GET so I did it right under the mysql connect.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.