8 Replies - 1179 Views - Last Post: 30 September 2011 - 03:52 AM Rate Topic: -----

#1 musicgrain1  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 24-September 11

Perfecting my php mysql form code so I don't get hacked.

Posted 24 September 2011 - 04:42 AM

I want to prefect my php MySQL form code, so it might be smaller and not be open to attack or being hacked. Any help is greatly appreciated
------------------------------------------------------------------------------------------------------------------------
"index.php"
------------------------------------------------------------------------------------------------------------------------
<html>
<head>
<title>Peoples Info</title>
<script>	
	  function isEmpty(str) {
      // Check whether string is empty.
      for (var intLoop = 0; intLoop
< str.length; intLoop++)
      if (" " != str.charAt(intLoop))
      return false;
      return true;
 }

      function checkRequired(f) {
      var strError = "";
      for (var intLoop = 0; intLoop < f.elements.length; intLoop++)
      if (null!=f.elements[intLoop].getAttribute("required")) 
      if (isEmpty(f.elements[intLoop].value))
      strError += "  " + f.elements[intLoop].name + "\n";
      if ("" != strError) {
      alert("Required data is missing:\n" + strError);
      return false;
    } else
  return true       
 }
    </script>
	<script language="javascript">
      window.onload=function ()
      {
       var now=new Date();
       
       document.forms[document.forms.length-1].rcf_date.value = now;
      }
    </script>

</head>
<body bgcolor="#FDD017">

<center>
<p style="color:#F62217;font-size:15pt;font-family:Comic Sans MS,Arial,Helveta">
    Help Me Create An Address Book!</p>
</center>

<center>	
<p style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
    By providing your info you help me create a personal address book. <br>* Required Field</p>
</center>
	
<form action="insert.php" method="post" onsubmit="return checkRequired(this)">
                         <input type="hidden" name="ipaddress" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />
   
<center>
<table border="0">
<tr>
    <td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Firstname:
	</td>
    <td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
		                 <input type="text" name="firstname" value="" size="25" maxlength="25" required>
              * Lastname:<input type="text" name="lastname" value="" size="25" maxlength="25" required>
              * Birthday:
				    Month<input type="text" name="month" value="" size="1" maxlength="2" required>
			          Day<input type="text" name="day" value="" size="1" maxlength="2" required>
                     Year<input type="text" name="year" value="" size="2" maxlength="4" required>
	</td>
</tr>
<tr>
	<td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Street Address:
	</td>
	<td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">          
					     <input type="text" name="address" value="" size="45" maxlength="40" required>
			       Unit#:<input type="text" name="unit" value="" size="3" maxlength="6">
                  * City:<input type="text" name="city" value="" size="14" maxlength="15" required>
			     * State:<select name="state" required>
				         <option value="">Choose One</option>
						 <option value="AK">Alaska</option>
                         <option value="AL">Alabama</option>
                         <option value="AR">Arkansas</option>
                         <option value="AZ">Arizona</option>
                         <option value="CA">California</option>
                         <option value="CO">Colorado</option>
                         <option value="CT">Connecticut</option>
                         <option value="DC">District of Columbia</option>
                         <option value="DE">Delaware</option>
                         <option value="FL">Florida</option>
                         <option value="GA">Georgia</option>
                         <option value="HI">Hawaii</option>
                         <option value="IA">Iowa</option>
                         <option value="ID">Idaho</option>
                         <option value="IL">Illinois</option>
                         <option value="IN">Indiana</option>
                         <option value="KS">Kansas</option>
                         <option value="KY">Kentucky</option>
                         <option value="LA">Louisiana</option>
                         <option value="MA">Massachusetts</option>
                         <option value="MD">Maryland</option>
                         <option value="ME">Maine</option>
                         <option value="MI">Michigan</option>
                         <option value="MN">Minnesota</option>
                         <option value="MO">Missouri</option>
                         <option value="MS">Mississippi</option>
                         <option value="MT">Montana</option>
                         <option value="NC">North Carolina</option>
                         <option value="ND">North Dakota</option>
                         <option value="NE">Nebraska</option>
                         <option value="NH">New Hampshire</option>
                         <option value="NJ">New Jersey</option>
                         <option value="NM">New Mexico</option>
                         <option value="NV">Nevada</option>
                         <option value="NY">New York</option>
                         <option value="OH">Ohio</option>
                         <option value="OK">Oklahoma</option>
                         <option value="OR">Oregon</option>
                         <option value="PA">Pennsylvania</option>
                         <option value="PR">Puerto Rico</option>
                         <option value="RI">Rhode Island</option>
                         <option value="SC">South Carolina</option>
                         <option value="SD">South Dakota</option>
                         <option value="TN">Tennessee</option>
                         <option value="TX">Texas</option>
                         <option value="UT">Utah</option>
                         <option value="VA">Virginia</option>
                         <option value="VT">Vermont</option>
                         <option value="WA">Washington</option>
                         <option value="WI">Wisconsin</option>
                         <option value="WV">West Virginia</option>
                         <option value="WY">Wyoming</option>
                         </select>
	</td>
</tr>
<tr>
	<td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Zip:
	</td>
	<td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
	                     <input type="text" name="zip" value="" size="3" maxlength="6" required>
	            * E-Mail:<input type="text" name="email" value="" size="55" maxlength="50" required>
                  * Cell:
                         <input type="text" name="cell1" value="" size="1" maxlength="3" required>
			             <input type="text" name="cell2" value="" size="1" maxlength="3" required>
                         <input type="text" name="cell3" value="" size="2" maxlength="4" required>
	</td>
</tr>
</table>
<table border="0">
			 <br>
<tr>
    <td><center style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Comments:</center>
	</td>
</tr>
<tr>
	<td><textarea rows="2" cols="80" name="comments" maxlength="164" required></textarea>
	</td>
</tr>
</table>
<table border="0">
<tr>
	<td>&nbsp;</td>
</tr>
<tr>
	<td>
                 <center><input type="submit" name="Submit" value="Submit" /><input type="reset" value="Reset"></center>
    </td>
</tr>
</table>
</form>
</center>
<?php require_once('view.php'); ?>
</body>
</html>


------------------------------------------------------------------------------------------------------------------------
"insert.php"
------------------------------------------------------------------------------------------------------------------------
<?php
$con = mysql_connect("MysqlLink","personupdate","Password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("personupdate", $con);

$sql="INSERT INTO Persons (Ipaddress, Firstname, Lastname, Month, Day, Year, Address, Unit, City, State, Zip, Email, Cell1, Cell2, Cell3, Comments)
VALUES
(
'".(mysql_real_escape_string($_POST[ipaddress]))."',
'".ucwords(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[firstname])))))."',
'".ucwords(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[lastname])))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[month]))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[day]))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[year]))))."',
'".ucwords(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[address])))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[unit]))))."',
'".ucwords(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[city])))))."',
'".(stripslashes(mysql_real_escape_string($_POST[state])))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[zip]))))."',
'".(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[email])))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[cell1]))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[cell2]))))."',
'".(trim(stripslashes(mysql_real_escape_string($_POST[cell3]))))."',
'".ucwords(strtolower(trim(stripslashes(mysql_real_escape_string($_POST[comments])))))."'
)";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  {
header("Location: finished.php");
  }

mysql_close($con)
?>


------------------------------------------------------------------------------------------------------------------------
"view.php"
------------------------------------------------------------------------------------------------------------------------
<?php
$con = mysql_connect("MysqlLink","personupdate","Password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("personupdate", $con);

$result = mysql_query("SELECT * FROM Persons");

echo "<center><table border='1'>
<tr>
<th>Firstname</th>
<th>Birthday</th>
<th>City</th>
<th>State</th>
<th>Comments</th>
</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['Firstname'] . "</td>";
  echo "<td>" . $row['Month'] . "/" . $row['Day'] . "/" . $row['Year'] . "</td>";
  echo "<td>" . $row['City'] . "</td>";
  echo "<td>" . $row['State'] . "</td>";
  echo "<td>" . $row['Comments'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>


------------------------------------------------------------------------------------------------------------------------
"myview.php"
------------------------------------------------------------------------------------------------------------------------
<html>
<head>
<title>Peoples Info</title>
</head>
<body bgcolor="#FDD017">
<?php
$con = mysql_connect("MysqlLink","personupdate","Password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("personupdate", $con);

$result = mysql_query("SELECT * FROM Persons");
echo ("<center><font size=\"6\" color=\"green\" face=\"Arial\">Your Info Has Been Added!</font>");

echo "<center><table border='1'>
<tr>
<th>IP Address</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Birthday</th>
<th>Address</th>
<th>Unit</th>
<th>City</th>
<th>State</th>
<th>Zip</th>
<th>Email</th>
<th>Cell</th>
<th>Comments</th>
</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['Ipaddress'] . "</td>";
  echo "<td>" . $row['Firstname'] . "</td>";
  echo "<td>" . $row['Lastname'] . "</td>";
  echo "<td>" . $row['Month'] . "/" . $row['Day'] . "/" . $row['Year'] . "</td>";
  echo "<td>" . $row['Address'] . "</td>";
  echo "<td>" . $row['Unit'] . "</td>";
  echo "<td>" . $row['City'] . "</td>";
  echo "<td>" . $row['State'] . "</td>";
  echo "<td>" . $row['Zip'] . "</td>";
  echo "<td>" . $row['Email'] . "</td>";
  echo "<td>" . $row['Cell1'] . "-" . $row['Cell2'] . "-" . $row['Cell3'] . "</td>";
  echo "<td>" . $row['Comments'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>
</body>
</html>


------------------------------------------------------------------------------------------------------------------------
"finished.php"
------------------------------------------------------------------------------------------------------------------------
<html>
<head>
<title>Peoples Info</title>
<script>	
	  function isEmpty(str) {
      // Check whether string is empty.
      for (var intLoop = 0; intLoop
< str.length; intLoop++)
      if (" " != str.charAt(intLoop))
      return false;
      return true;
 }

      function checkRequired(f) {
      var strError = "";
      for (var intLoop = 0; intLoop < f.elements.length; intLoop++)
      if (null!=f.elements[intLoop].getAttribute("required")) 
      if (isEmpty(f.elements[intLoop].value))
      strError += "  " + f.elements[intLoop].name + "\n";
      if ("" != strError) {
      alert("Required data is missing:\n" + strError);
      return false;
    } else
  return true       
 }
    </script>
	<script language="javascript">
      window.onload=function ()
      {
       var now=new Date();
       
       document.forms[document.forms.length-1].rcf_date.value = now;
      }
    </script>

</head>
<body bgcolor="#FDD017">

<center>
<p style="color:#F62217;font-size:15pt;font-family:Comic Sans MS,Arial,Helveta">
    Help Me Create An Address Book!</p>
</center>

<center>	
<p style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
    By providing your info you help me create a personal address book. <br>* Required Field</p>
</center>
	
<form action="<?php echo $PHP_SELF;?>" method="post" onsubmit="return checkRequired(this)">
                         <input type="hidden" name="ipaddress" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />
   
<center>
<table border="0">
<tr>
    <td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Firstname:
	</td>
    <td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
		                 <input type="text" name="firstname" value="" size="25" maxlength="25" required>
              * Lastname:<input type="text" name="lastname" value="" size="25" maxlength="25" required>
              * Birthday:
				    Month<input type="text" name="month" value="" size="1" maxlength="2" required>
			          Day<input type="text" name="day" value="" size="1" maxlength="2" required>
                     Year<input type="text" name="year" value="" size="2" maxlength="4" required>
	</td>
</tr>
<tr>
	<td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Street Address:
	</td>
	<td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">          
					     <input type="text" name="address" value="" size="45" maxlength="40" required>
			       Unit#:<input type="text" name="unit" value="" size="3" maxlength="6">
                  * City:<input type="text" name="city" value="" size="14" maxlength="15" required>
			     * State:<select name="state" required>
				         <option value="">Choose One</option>
						 <option value="AK">Alaska</option>
                         <option value="AL">Alabama</option>
                         <option value="AR">Arkansas</option>
                         <option value="AZ">Arizona</option>
                         <option value="CA">California</option>
                         <option value="CO">Colorado</option>
                         <option value="CT">Connecticut</option>
                         <option value="DC">District of Columbia</option>
                         <option value="DE">Delaware</option>
                         <option value="FL">Florida</option>
                         <option value="GA">Georgia</option>
                         <option value="HI">Hawaii</option>
                         <option value="IA">Iowa</option>
                         <option value="ID">Idaho</option>
                         <option value="IL">Illinois</option>
                         <option value="IN">Indiana</option>
                         <option value="KS">Kansas</option>
                         <option value="KY">Kentucky</option>
                         <option value="LA">Louisiana</option>
                         <option value="MA">Massachusetts</option>
                         <option value="MD">Maryland</option>
                         <option value="ME">Maine</option>
                         <option value="MI">Michigan</option>
                         <option value="MN">Minnesota</option>
                         <option value="MO">Missouri</option>
                         <option value="MS">Mississippi</option>
                         <option value="MT">Montana</option>
                         <option value="NC">North Carolina</option>
                         <option value="ND">North Dakota</option>
                         <option value="NE">Nebraska</option>
                         <option value="NH">New Hampshire</option>
                         <option value="NJ">New Jersey</option>
                         <option value="NM">New Mexico</option>
                         <option value="NV">Nevada</option>
                         <option value="NY">New York</option>
                         <option value="OH">Ohio</option>
                         <option value="OK">Oklahoma</option>
                         <option value="OR">Oregon</option>
                         <option value="PA">Pennsylvania</option>
                         <option value="PR">Puerto Rico</option>
                         <option value="RI">Rhode Island</option>
                         <option value="SC">South Carolina</option>
                         <option value="SD">South Dakota</option>
                         <option value="TN">Tennessee</option>
                         <option value="TX">Texas</option>
                         <option value="UT">Utah</option>
                         <option value="VA">Virginia</option>
                         <option value="VT">Vermont</option>
                         <option value="WA">Washington</option>
                         <option value="WI">Wisconsin</option>
                         <option value="WV">West Virginia</option>
                         <option value="WY">Wyoming</option>
                         </select>
	</td>
</tr>
<tr>
	<td align="right" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Zip:
	</td>
	<td align="left" style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">
	                     <input type="text" name="zip" value="" size="3" maxlength="6" required>
	            * E-Mail:<input type="text" name="email" value="" size="55" maxlength="50" required>
                  * Cell:
                         <input type="text" name="cell1" value="" size="1" maxlength="3" required>
			             <input type="text" name="cell2" value="" size="1" maxlength="3" required>
                         <input type="text" name="cell3" value="" size="2" maxlength="4" required>
	</td>
</tr>
</table>
<table border="0">
			 <br>
<tr>
    <td><center style="color:#990066;font-size:14pt;font-family:Comic Sans MS,Arial,Helveta">* Comments:</center>
	</td>
</tr>
<tr>
	<td><textarea rows="2" cols="80" name="comments" maxlength="164" required></textarea>
	</td>
</tr>
</table>
<table border="0">
<tr>
	<td>&nbsp;</td>
</tr>
<tr>
	<td>
                 <center><input type="submit" name="Submit" value="Submit" /><input type="reset" value="Reset"></center>
    </td>
</tr>
</table>
</form>
</center>
<?php echo ("<center><font size=\"6\" color=\"green\" face=\"Arial\">Your Info Has Been Added!</font>"); ?>
<?php require_once('view.php'); ?>
</body>
</html>

This post has been edited by RudiVisser: 24 September 2011 - 04:44 AM
Reason for edit:: Please use code tags!


Is This A Good Question/Topic? 0
  • +

Replies To: Perfecting my php mysql form code so I don't get hacked.

#2 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 948
  • View blog
  • Posts: 2,357
  • Joined: 15-February 11

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 24 September 2011 - 05:17 AM

Perfection in security is process. In simple terms use Prepared Statements which are offered in MySQLi and PDO. Prepared Statements if used properly are immune to SQL injections. Drop MySQL because it's basically becoming a legacy API.
Was This Post Helpful? 3
  • +
  • -

#3 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3105
  • Posts: 10,903
  • Joined: 08-August 08

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 24 September 2011 - 07:18 AM

If you want your code to be secure you first need to make it easy to read and edit. The easier it is to read the more likely you are to find security issues before a hacker does. You can start by placing all HTML in .html files, all Javascript in .js files, and all PHP in .php files. *Reading one language at a time is easier than three or four. Next you'll want to refactor all of your repetitive code. Repetition cries out for loops. As an example, here's how I'd do your select state code:
$states = array("AL"=>"Alabama", "AR"=>"Arkansas", "AZ"=>"Arizona", "CA"=>"California", "CO"=>"Colorado", "CT"=>"Connecticut", "DC"=>"District of Columbia", "DE"=>"Delaware", "FL"=>"Florida", "GA"=>"Georgia", "HI"=>"Hawaii", "IA"=>"Iowa", "ID"=>"Idaho", "IL"=>"Illinois", "IN"=>"Indiana", "KS"=>"Kansas", "KY"=>"Kentucky", "LA"=>"Louisiana", "MA"=>"Massachusetts", "MD"=>"Maryland", "ME"=>"Maine", "MI"=>"Michigan", "MN"=>"Minnesota", "MO"=>"Missouri", "MS"=>"Mississippi", "MT"=>"Montana", "NC"=>"North Carolina", "ND"=>"North Dakota", "NE"=>"Nebraska", "NH"=>"New Hampshire", "NJ"=>"New Jersey", "NM"=>"New Mexico", "NV"=>"Nevada", "NY"=>"New York", "OH"=>"Ohio", "OK"=>"Oklahoma", "OR"=>"Oregon", "PA"=>"Pennsylvania", "PR"=>"Puerto Rico", "RI"=>"Rhode Island", "SC"=>"South Carolina", "SD"=>"South Dakota", "TN"=>"Tennessee", "TX"=>"Texas", "UT"=>"Utah", "VA"=>"Virginia", "VT"=>"Vermont", "WA"=>"Washington", "WI"=>"Wisconsin", "WV"=>"West Virginia", "WY"=>"Wyoming");

echo '* State:<select name="state" required>
<option value="">Choose One</option>';
foreach($states as $abrev => $name) {
	echo '<option value="'.$abrev.'">'.$name.'</option>';
}
echo '</select>';


If it were a list that might change frequently I'd read in the array from a text file so that a designer could modify the list without needing to touch the PHP code.

Of course you'll want to start using prepared statements as well. Hopefully that will keep you from using constants as key values. PHP will let you get away with it, but if any of those constants have been defined you're going to get strange errors that will be very difficult to debug.

* While you're at it you can get rid of tables and start using .css files.
Was This Post Helpful? 2
  • +
  • -

#4 musicgrain1  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 24-September 11

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 24 September 2011 - 03:43 PM

View PostCTphpnwb, on 24 September 2011 - 07:18 AM, said:

If you want your code to be secure you first need to make it easy to read and edit. The easier it is to read the more likely you are to find security issues before a hacker does. You can start by placing all HTML in .html files, all Javascript in .js files, and all PHP in .php files. *Reading one language at a time is easier than three or four. Next you'll want to refactor all of your repetitive code. Repetition cries out for loops. As an example, here's how I'd do your select state code:
$states = array("AL"=>"Alabama", "AR"=>"Arkansas", "AZ"=>"Arizona", "CA"=>"California", "CO"=>"Colorado", "CT"=>"Connecticut", "DC"=>"District of Columbia", "DE"=>"Delaware", "FL"=>"Florida", "GA"=>"Georgia", "HI"=>"Hawaii", "IA"=>"Iowa", "ID"=>"Idaho", "IL"=>"Illinois", "IN"=>"Indiana", "KS"=>"Kansas", "KY"=>"Kentucky", "LA"=>"Louisiana", "MA"=>"Massachusetts", "MD"=>"Maryland", "ME"=>"Maine", "MI"=>"Michigan", "MN"=>"Minnesota", "MO"=>"Missouri", "MS"=>"Mississippi", "MT"=>"Montana", "NC"=>"North Carolina", "ND"=>"North Dakota", "NE"=>"Nebraska", "NH"=>"New Hampshire", "NJ"=>"New Jersey", "NM"=>"New Mexico", "NV"=>"Nevada", "NY"=>"New York", "OH"=>"Ohio", "OK"=>"Oklahoma", "OR"=>"Oregon", "PA"=>"Pennsylvania", "PR"=>"Puerto Rico", "RI"=>"Rhode Island", "SC"=>"South Carolina", "SD"=>"South Dakota", "TN"=>"Tennessee", "TX"=>"Texas", "UT"=>"Utah", "VA"=>"Virginia", "VT"=>"Vermont", "WA"=>"Washington", "WI"=>"Wisconsin", "WV"=>"West Virginia", "WY"=>"Wyoming");

echo '* State:<select name="state" required>
<option value="">Choose One</option>';
foreach($states as $abrev => $name) {
	echo '<option value="'.$abrev.'">'.$name.'</option>';
}
echo '</select>';


If it were a list that might change frequently I'd read in the array from a text file so that a designer could modify the list without needing to touch the PHP code.

Of course you'll want to start using prepared statements as well. Hopefully that will keep you from using constants as key values. PHP will let you get away with it, but if any of those constants have been defined you're going to get strange errors that will be very difficult to debug.

* While you're at it you can get rid of tables and start using .css files.


Do you know how I can conceal incert.php so people can't find it and go to it directly?
Was This Post Helpful? 0
  • +
  • -

#5 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 948
  • View blog
  • Posts: 2,357
  • Joined: 15-February 11

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 24 September 2011 - 04:25 PM

Every server has a public folder that's available to the public or the internet. Most times it's named public_html. Move your script one level up and users won't be able to access it via a URL.
Was This Post Helpful? 0
  • +
  • -

#6 musicgrain1  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 24-September 11

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 25 September 2011 - 12:21 AM

View Postcodeprada, on 24 September 2011 - 04:25 PM, said:

Every server has a public folder that's available to the public or the internet. Most times it's named public_html. Move your script one level up and users won't be able to access it via a URL.


The WWW folder is the Root, so hiding the "incert.php" is not going to be as easy as leveling up. Is there another way I can do it some other way?
Was This Post Helpful? 0
  • +
  • -

#7 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3105
  • Posts: 10,903
  • Joined: 08-August 08

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 25 September 2011 - 02:35 AM

You might set a constant or a variable in the file that includes/requires incert.php and then test for that value in the file.
index.php or other php file:
<?php
define("OKTORUN","the insert.php file");
include("insert.php");
?>

incert.php:
<?php
if(defined("OKTORUN") && OKTORUN == "the insert.php file") {
	// execute code
} else {
	// redirect to an error page.
}
?>

Was This Post Helpful? 0
  • +
  • -

#8 musicgrain1  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 24-September 11

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 30 September 2011 - 03:16 AM

View PostCTphpnwb, on 25 September 2011 - 02:35 AM, said:

You might set a constant or a variable in the file that includes/requires incert.php and then test for that value in the file.
index.php or other php file:
<?php
define("OKTORUN","the insert.php file");
include("insert.php");
?>

incert.php:
<?php
if(defined("OKTORUN") && OKTORUN == "the insert.php file") {
	// execute code
} else {
	// redirect to an error page.
}
?>


I'm kind of a noob when it comes to php!
How do I implement that code into mine?
Thanks in advance!
Was This Post Helpful? 0
  • +
  • -

#9 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: Perfecting my php mysql form code so I don't get hacked.

Posted 30 September 2011 - 03:52 AM

View Postmusicgrain1, on 24 September 2011 - 10:43 PM, said:

Do you know how I can conceal incert.php so people can't find it and go to it directly?

If you just make sure the file doesn't actually *do* anything, there won't be any need for such precautions.

By that I mean: only use the included file to define functions or classes to be executed in your main code, but don't execute anything in the global scope of the included file. That way, even if some crafty user finds your include file and opens it in a browser, he'll just get an empty page.


If you'd still rather hide stuff, you can always try telling your HTTP server to just not serve the file. If you are running an Apache server, you can often put your include files in their own directory, create a file called .htaccess in that directory, and put deny from all into that file. This tells Apache nobody is supposed to view the files in that directory.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1