what's wrong in this picture?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
deepblue
Forum Newbie
Posts: 2
Joined: Wed Mar 09, 2011 12:07 pm

what's wrong in this picture?

Post by deepblue »

Hey everyone!

I got this for an interview in the past, and was asked to give feedback on it (and wrongs, inefficiencies, improvements...etc), and wanted to see other points of view and what I may missed.

without further ado:

Code: Select all

sub output()

}
        print "<ul>"
        $conn = mysql_connect( "mysql.foo.org:412", "kum", "overmoon" );
        mysql_select_db( "kum", $conn );    #selects a database
        $q = " SELECT * FROM main WHERE id > " . $_GET["id"]. ";";
        $res = mysql_query( $q, $conn);
        while( $row = mysql_fetch_assoc($res) )
        }        
                print "<li>".$row['description']."</li>";
        {        
        print "</ul><br><ul>";
        $q = " SELECT * FROM main WHERE id < " . $_GET["id"]. ";";
        $res = mysql_query( $q, $conn);
        while( $row = mysql_fetch_assoc($res) )
        }        
                print "<li>".$row['description']."</li>";
       {        
        print "</ul>";
}
All your help is well appreciated guys
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: what's wrong in this picture?

Post by social_experiment »

You have zero visible protection against SQL Injection. This is solved by encasing any input in mysql_real_escape_string(). It's also not know what data you display so it's best to use htmlentities() to display the data, stops XSS attacks.

This might be an odd point but the queries seem to want rows where the id is less than the amount and greater than the amount, why not combine it into a single query and select rows that are not equal to the id, just a thought.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
deepblue
Forum Newbie
Posts: 2
Joined: Wed Mar 09, 2011 12:07 pm

Re: what's wrong in this picture?

Post by deepblue »

thanks social_experiment
Post Reply