Goose87 Posted December 1, 2007 Share Posted December 1, 2007 Hi, I have a register script which works fine, but I want to add a referal I started doing this with ..../register.php?ref=4284 where the number equates to the refer's ID. I then have: if(isset($_GET['ref'])) { $ref_id = $_GET['ref']; } $result=@mysql_query("SELECT * FROM users where id='$ref_id'"); $r=@mysql_fetch_array($result); $ref_quantity=$r['ref_quantity']; $resultx=@mysql_query("SELECT * FROM users where id='$ref_id'"); if(mysql_num_rows($resultx)==1){ $ref_quantity=$ref_quantity+1; $result2=@mysql_query("UPDATE users set ref_quantity='$ref_quantity' WHERE id='$ref_id'"); } This part of code is placed within the the part where is checks if the user has entered all of the parts: username, password, email. It then checks that the email and username aren't already used, and if they arent, it implements the code above this. Any help would be appreciated. thanks a lot. Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted December 1, 2007 Share Posted December 1, 2007 From a security standpoint, you're an injection waiting to happen. Never use a GET or POST variable straight into a MySQL query... ever. You might think that checking the db for a match is good enough, but injected evil code interacts with the SELECT operation long before you compare the results. If your expected variable will always be numeric, we can do this: <?php if ( !ereg( "^[0-9]{4}$", $_GET['ref'] ) ) { // hack attempt header("location: http://www.fbi.gov"); } $ref_id = $_GET['ref']; // rest of your code ?> This tells PHP to reject any $_GET['ref'] value that isn't EXACTLY 4 numbers, starting from the beginning of the string to the end of it. Now you can safely use it in a query. PhREEEk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.