I am a student and having problems in PHP answering these 2 questions:
Question 1:
A common way of building and executing a SQL statement that requires information to be supplied at run-time is to use string concatenation. For example, in PHP, the code might be:
$pubId = $_POST[“PubId”];
$sqlString = “SELECT title, name FROM books, publishers WHERE books.publisher_id =”.$pubId;
$sqlString would then be used in the appropriate function to retrieve data from a database. This is a valid approach, but there are problems with using it in web-based applications. What are the problems and what are possible solutions? You are not expected to write any program code here. A general description of possible solutions is acceptable.
Question 2:
A PHP script contains the following section of code:
$firstName = $_POST[“firstname”];
echo “Hello $firstName”;
Where “firstname” refers to the contents of a text entry field on the form that caused the PHP script to be executed when the submit button was pressed.
a) Describe, ideally using an example, why such code can leave the web site vulnerable to malicious attacks.
b) How would you fix this code to ensure that the site is not vulnerable to attack and how does your fix solve the problem?