n00b at security, need help securing script
Posted: Wed Jul 26, 2006 10:00 pm
Hello. 
I'm not that good with security first and formost. Typically I let everything submitted go straight to the Database without any triming or any of the fancy security stuff...
Example...
Obviously the code is screaming hack me so I want to prevent that. I know about trim(); and Mysql_real_escape_string(though, not sure how to use it), but I want to enploy more security meausres that wont bog the script down like trim and Mysql_real_escape_string can.
Thanks!
I'm not that good with security first and formost. Typically I let everything submitted go straight to the Database without any triming or any of the fancy security stuff...
Example...
Code: Select all
if(session_is_registered('ub2')){
mysql_query("UPDATE colors SET `bodybg`='".$bodybknd."', `bodybgimage`='".$bodybgimage."', `fontfamily`='".$bodyfontfamily."', `fontsize`='".$bodyfontsize."', `font`='".$bodyfontcolor."', `link`='".$link."', `visitedlink`='".$visitedlink."', `activelink`='".$activelink."', `hoverlink`='".$hoverlink."', `titlebg`='".$titlebg."', `titlebgimage`='".$titlebgimage."', `titlefont`='".$titlefont."', `titlefontsize`='".$titlefontsize."', `titlefontfamily`='".$titlefontfamily."', `windowbg`='".$windowbg."', `windowbgimage`='".$windowbgimage."', `windowfontfamily`='".$windowfontfamily."', `windowfontsize`='".$windowfontsize."', `windowfont`='".$windowfont."', `window2bg`='".$window2bg."', `window2bgimage`='".$window2bgimage."', `window2fontfamily`='".$window2fontfamily."', `window2fontsize`='".$window2fontsize."', `window2font`='".$window2font."', `border`='".$border."'") or print(mysql_error());
success('Colors saved Successfully! Click <a href="?action=admin">here</a> to return to the admin area.');
} else {
error('You do not have permission to view this page because:<br>
<b>You are not logged in</b>');
}Thanks!