xc0n Posted August 7, 2011 Share Posted August 7, 2011 hey i have a basic bit of code ill post below, at the moment it works fine, but im sure it is very unsecure, what i need to know is how to apply the PDO function to it so its a safe script and also if there are any other things i can do to tidy it up / make it more secure please let me know. <?php require ("auth.php"); // Checks to see if user is valid // If User is valid then below will function // Connect To Database $dbhost = 'localhost'; $dbuser = ''; $dbpass = ''; $dbname = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error Connecting to MYSQL'); mysql_select_db($dbname); // End //Get Data $sql = mysql_query("SELECT * FROM `allowed_ips` WHERE `host_noip` = '$host_noip' limit 0, 30"); $result = mysql_fetch_assoc($sql); //End // Show Companys key $show_secKey = $result['company_secKey']; echo "<form method='post' action=''>enter key here: <input name='secKey' type='text'> <input type='submit' value='Submit'></form>"; $checksecKey = $_POST['secKey']; if($checksecKey == $show_secKey) { mysql_query("UPDATE allowed_ips SET ip_address = '$ip' WHERE host_noip = '$host_noip'"); mysql_query("UPDATE allowed_ips SET ip_host = '$ip_host' WHERE host_noip = '$host_noip'"); $result = mysql_query; if($result) { echo "<meta HTTP-EQUIV='REFRESH' content='0; url=index.php'>"; }} else { echo 'Error Wrong Key'; } ?> Ive tryed to apply the PDO myself but cant seem to get it to work! thanks in advance Link to comment https://forums.phpfreaks.com/topic/244132-convert-to-pdo-mysql-connection-to-prevent-sql-injection/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.