$query = mysqli_query($mysqli, "select * from `products` where userid='$id'") Īnd yes, as you speculated in a comment, you would have to do these in each file unless you rework things so as to make them happen automatically. however, last option is offtopic here, stackoverflow is for programming, not code search. you can either learn PHP and write your own or download some free application, there are plenty of open-source ones. it's just regular web application, much like any other. $query=mysqli_query($mysqli,"select * from `products` where userid='$id'") Ĭould become something like $id = mysqli_real_escape_string($mysqli, $_GET) there is nothing particular in calendars. So on Stack Overflow, this question would be a duplicate of both How can I prevent SQL injection in PHP? and How to prevent XSS with HTML/PHP? Your code is vulnerable to both SQL injection and HTML injection. These are as follows:ģ php scripts do the work adding/updating and deleting information from the table (add.php, update.php and delete.php).Īny suggestions and guidance would be greatly appreciated.īonus: For some reason there is a significant delay in the table being updated? Not sure why this is? This is accompanied by another page that acts as an edit form for rows submitted forming part of the table (edit.php). I have a standard form page which submits the data to the table (testing.php). I have the following code which is working fine, however I am concerned around the security of this code and considering I am relatively new to php I was wondering whether the below code is secure?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |