PHP Programming Tips

Posts Tagged ‘Site’

I understand that if I put up a password dialog in my php / mySQL website that I open the site up to security hazards like SQL injection in which a skillful vandal could actually change a great deal of data or erase data in my mySQL database.

How can you secure a website that uses PHP / mySQL?
————–
Thanks to everyone for all of the answers.

Do I understand correctly that I should call the following function on all input before making it a part of my SQL query and that this function will take care of any SQL injection problems?

mysql_real_escape_string()

Is this all that I need to do is call this function on all user input?

http://uk3.php.net/mysql_real_escape_string

Ok so I signed up on a site to be a shadow shopper. Anyway I got an e-mail from one fo the companies involved and I called the number and they said that the oppurtunity at my zipcode was just taken, but gave me other options which i declined because they were too far for me to drive(have to borrow a freinds car). She told me to see about signing up on their website which I went to do but realized that they wanted my Social Security #. Now obviously I’m not giving it to them since I don’t know who they are, but I have three real questions. Has anyone heard of Apex (http://www.athpoweronline.com/index.norm.php)? Are they the real deal? And why exactly is it a bad idea to give out ur SSN? I’ve always been told not to, but never really given specific reasons so i want to know all the facts. Thanks to anyone who helps

Yahoo! Mail gives members random cash prizes. Today, your account is randomly selected as the one of 12 top winners accounts who will get cash prizes from us. Please click the link below and follow instructions on our web site. Your money will be paid directly to your e-gold, PayPal, StormPay or MoneyBookers account.

Click here to get your prize:

http://www.yahoo.com/lottery/prizes.php?sid=a3n92dj2d3&rd=us&id=23018392384378&uid=2e5a4h43u2r3u5y1c3&id=28403934224345345

Still learning about Network security and web page development. Currently Learning PHP and MySQL. Other than that, I am pretty much an HTML, JScript amatuer web designer. On my web site, I would like to be able to record and log the IP address of people who visit my site. Is this accomplished through code on a page, or by adding software to the server? And While I have you here reading, what programming is best for log in abilities (creating user names and passwords)? As I said, still learning, so any help is appreciated. Any references to tutorial sites, or books is also appreciated. I would like to learn as much as possible about web development, network security, and intrusion detection and prevention.
Thank you! ( And yes, I give best answer)

When you make a login form and then process the password and user name with a php script thats called by the form. Do you have to encrypt the data somehow before the form is submitted to the php script? I notice with a packet sniffer on my web site, to try and find out what will show, my password and username is clearly shown in the http header. Can anyone get that packet or is this transmition just between me the site? If not how can I encrypt it first? Can you show me an example, or a web page somewhere on this?