View Full Version : How safe is js and mysql?

04-29-2008, 11:13 PM
I'm intermediate with php, but noob with mysql and javascript.

I want to write a voting script for the posts on my site. If users want to give the post a pat on the back, they can click a little button and up pops a messagebox that says something like, if you liked this post, click 'yes', or click 'no' to cancel.

And then if they clicked 'yes', then into the post's column in my database goes: time of day and ip address, and the current count gets incremented by 1.

My question: what do I need to do to protect my db from malicious users?

Of course, I don't want anyone to be able to do anything to the db, but I also do not want a bot to come along and vote for every single post, or for a bot to vote for one post a million times. And of course, I don't want someone to manipulate the code to do or access other things inside my server.

I'm not asking for specific bits of code, just the general concepts.


04-30-2008, 01:30 AM
Js is virtually unprotectable. There are various character-encoders and compressers like this one (http://dean.edwards.name/packer/) which will might put off the casual hacker, but a determined individual could get around this, ie by going to that website and and decrypting/decompressing it.

Sql has a bit more security. The most basic thing that you want to watch out for is SQL injection attacks, which generally occurs when the hacker inputs into a field (which would be later used in a database) some sql code. I probably didn't explain that very well, but wikipedia has a good article (http://en.wikipedia.org/wiki/SQL_injection) on the topic, or you could just google it (http://www.google.com/search?hl=en&q=sql+injection&btnG=Google+Search).