PHP Programming Tips

Posts Tagged ‘database’

I have this php database that uses sql. no i tried creatingpop ups to view the information. my database is on book titles, price, description. when i view the descriptions, i lose the text format. it all becomes a single line of info. now i used the n to
function, but tht simply does wat it says. i lose things like double spaces as my tab in the description. how do i not lose that tab? or how do i maintain the original format? any ideas? php.net/manual doesnt really have the answer i think.

You have at least 3 registered users in the MySQL database.
ID. Name Email
1. John john@john_com
2. Mark mark@mark_edu
3. Peter peter38@peter3_edu

To visit member’s area on the web-site, they have to enter login and password.

Is it secure that their $_session['id'] is the number they received during the registration in the MySQL database (1,2,3,… etc) ? Or, $_session['id'] should be a unique, but a long string like a crypted password?
I have no idea, if $_session['id'] can be stolen and hackers can use $_session['id'] (without password) to crack the account?

So, $_session['id']=’3′ – is that OK? Or, $_session['id'] should be unique, but at least 32+ bits?

P.S. ID of every user is not the password and the password is encrypted properly.

One guy told me there is no sense to worry about $_session['id'], because even if a bad guy knows your $_session['id'], he can’t use it to access your account (because the web-brower has some kind of smart connection with a server and you can’t duplicate it from another computer). I’m not sure if he’s right.

Any ideas with explanations are highly appreciated. Please experts only. Thank you.

Hi there, I’m working on a piece of my website that reads info from the database, and displays it. It works great. So now I want to see what happens when a database connection error occurs, so I stop the mysql service. What happens, is a message is printed to the screen saying it can’t connect (auto mysql message), but my entire php script stops parsing.

How can I get it to keep going, just not display the database results?

Thanks.

At the moment, i have a program that searches for books in a database, and then returns links to the matching title found having the keyword. How would i set it up such that i can have every keyword for in the result highlighted? For instance when book title are found, links are returned. The linked basically open up a window using some javascript. Kinda like a popup window. Now does anyone know how i would highlight (or color) every keyword found within that pop up window? it could be highlited, colored or bolded. anyone? im guess i would have to read every word in the document. should i put everything as a string? then match it? help.
Actually it all on my server.. the database is on my server..
does that make it easier?

In terms of prevalence, 6 in 10 web applications that connect to a database server are vulnerable to SQL injection. This statistic is based upon the number of new applications that were found to be vulnerable
when performing security assessments for clients over 2003/2004. This is shockingly high.SQL injection is vendor agnostic: it doesn’t matter whether the application is running Oracle, SQL Server,
DB2, MySQL or Informix on Active/Java Server Pages, Cold Fusion Management, PHP or Perl – it can be
vulnerable to SQL injection – though, as we’ll see later, some are more at risk that others.