...

View Full Version : Correct coding syntax



muscrat
01-14-2010, 06:55 AM
I have used the code below with success. However, it has been some time since I did any coding and now this piece of code does not work. I believe it is because Register Globals are now by default set to off???

Can anyone show me the correct way to write this now

Many thanks for the help


<?
include ('config.php');
$sql = "SELECT * FROM pages WHERE page_href = '$page_name' order by page_id";
$class = mysql_query($sql, $conn);
while($row = mysql_fetch_object($class))
{
$page_id=$row->page_id;
$page_name=$row->page_name;
$page_type=$row->page_type;
$page_image=$row->page_image;
$page_details=$row->page_details;
$page_image2=$row->page_image2;
$page_details2=$row->page_details2;
$page_href=$row->page_href;
$temptype=$row->temptype;

$sql8 = "SELECT * FROM templates where tmp_code='$temptype'";
$class8 = mysql_query($sql8, $conn);
list($tmplt_id,$template,$tmp_code)=mysql_fetch_row($class8);

include ("$template");


}

?>

_Aerospace_Eng_
01-14-2010, 07:21 AM
Change this

<?
to this

<?php
and where is $page_name coming from? Is it something like index.php?page_name=blah

If that is the case you have a major security hole in your code. It is open to sql injection.

muscrat
01-14-2010, 07:23 AM
$page_name is a field name from the database table. So yes, it is like index.php?page_name=

kar2905
01-14-2010, 10:21 AM
You should never do that because then you are open to MySQL Injection .. Google it for more info .

It is basically a method where hackers could take control of your site

Instead, you should use
mysql_real_escape_string();

JAY6390
01-14-2010, 12:02 PM
I wouldn't recommend it but you could just use the extract function with $_REQUEST to extract all the data how register globals did. I would seriously recommend that you do some research into SQL injection and prevention methods. Take a look at the added bytes website for information on php security
http://www.addedbytes.com/



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum