DB To XML > Any security concerns???
Posted: Sat Aug 18, 2007 12:26 pm
I am using the following code to extract data from database and convert it to xml format. I am concerned if anything extra which i would be required to do before displaying the data. Any security issues with the code? Because to input data to db we use sql/xss prevention so is there anything similar or different that must be done to prevent any kind of attack.
Code: Select all
<?php
$hostname_conn = "localhost";
$database_conn = "mysql";
$username_conn = "root";
$password_conn = "";
$conn = mysql_pconnect($hostname_conn, $username_conn, $password_conn) or trigger_error(mysql_error(),E_USER_ERROR);
?><?php
mysql_select_db($database_conn, $conn);
[b]$query_rsAll = "SELECT * FROM phpnews_news";[/b]
$rsAll = mysql_query($query_rsAll, $conn) or die(mysql_error());
$row_rsAll = mysql_fetch_assoc($rsAll);
$totalRows_rsAll = mysql_num_rows($rsAll);
header('Content-type: text/xml');
header('Pragma: public');
header('Cache-control: private');
header('Expires: -1');
?><?php echo('<?xml version="1.0" encoding="utf-8"?>'); ?><root><?php if ($totalRows_rsAll > 0) { ?><?php do { ?><row><?php foreach ($row_rsAll as $column=>$value) { ?> <<?php echo $column; ?>><![CDATA[<?php echo $row_rsAll[$column]; ?>]]></<?php echo $column; ?>> <?php } ?></row><?php } while ($row_rsAll = mysql_fetch_assoc($rsAll)); ?><?php } ?></root><?php
mysql_free_result($rsAll);
?>