Raised This Month: $ Target: $400
 0% 

is there anyone skilled in php


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Alahmoh
Member
Join Date: Jun 2018
Old 08-11-2022 , 06:20   Re: is there anyone skilled in php
Reply With Quote #1

Quote:
Originally Posted by fysiks View Post
FYI, you have an SQL Injection security vulnerability in your code. You need to use prepared queries.

While I commend you for posting your code, you should also have the list or errors that you get when you run your code.

I noticed a couple things in your code after looking at it briefly. 1) You have a SQL Injection vulnerability and you should switch to prepared queries to resolve it. 2) You're hard coding your database connection info in the PDO constructor instead of using your $GLOBALS variable. This is how I do it:

PHP Code:
new PDO(sprintf("mysql:host=%s;dbname=%s;charset=utf8"$dbconfig['host'], $dbconfig['dbname']), $dbconfig['user'], $dbconfig['pass']); 
P.S. If the data in your $GLOBALS variable is your real data, you need to change them. If you write your PDO constructor arguments like I've shown, you'll never need to post the $GLOBALS variable when asking for help.

Some other tips: get the actual query string and test it in your database using something like phpMyAdmin to make sure that it works. It looks like it should work but you should verify the actual string that gets passed (i.e. your $_GET parameter might not be what you're expecting).
my bad the error im getting is :[Error] Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`Id' at line 1
Alahmoh is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 15:34.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode