Please help me secure my script
Posted: Mon Sep 12, 2011 11:42 pm
Hello
I have some good understanding of PHP mysql sanitization but really want to know if what im currently doing is the best possible security.
Data is coming from a form then passed via ajax to a php file for uploading to mysql. Currently zero sanitization.
What would you do?
I have some good understanding of PHP mysql sanitization but really want to know if what im currently doing is the best possible security.
Data is coming from a form then passed via ajax to a php file for uploading to mysql. Currently zero sanitization.
Code: Select all
$data1 = $_GET["data1"];
$data = array();
$data = explode("|", $data1);
foreach ($data as $value) {
$data2 = explode(":", $value);
$data[$data2[0]] = $data2[1];
}
$query = "INSERT INTO transactions SET
date=now(),
firstname='".$card_data['Firstname']."',
lastname='".$card_data['Lastname']."',
address='".$card_data['Address']."',
suburb='".$card_data['Suburb']."',
city='".$card_data['City']."',
phone='".$card_data['Phone']."',
email='".$card_data['Email']."',
amount='".$card_data['Amount']."'
";
mysql_query($query) or die (mysql_error());