Beautifully written tutorial, thankyou for showing the in leads into AJAX. Although I think an error for duplicate addresses would be useful addition to the script. My next step I think will be to come up with a unsubscribe system.
Is it easy to prevent SQL injection attacks or is there no need? I don’t know anything about Ajax but i want to learn.
I think check for duplicate email addresses shouldn’t be to difficult…just got to check the databse before the insert and if email address exists display an error message
Is there any need to prevent against SQL injection attacks? I have been doing some reading about security and wandered if a malicious user could gain access to my database
I have been looking at MySQL injection attacks and found a function on w3schools.
Would this be good for preventing SQL injection attacks with this form?
<?php
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}$con = mysql_connect("localhost", "peter", "abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}// Make a safe SQL
$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = "SELECT * FROM users WHERE
user=$user AND password=$pwd";mysql_query($sql);mysql_close($con);
?>
$user = mysql_real_escape_string($_POST[‘user’]);
$pass = mysql_real_escape_string($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=‘$user’ AND password=‘$pass’”;
// Or use the quoteSmart() method from PEAR::DB
$user = $db->quoteSmart($_POST[‘user’]);
$pass = $db->quoteSmart($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=$user AND password=$pass”;
/* Note that the quoteSmart() method automatically
adds quotes around the value when it is needed,
so you do not need to put them directory into your
query. */
Well, I am just sharing my thoughts regarding this matter. Bye for now I am going to fix first a <a href=“http://www.discounthonparts.com/honda-axle-assembly/”>Honda axle assembly</a> for my car for the next race. I’ll visit this site daily and put to bookmark.
$user = mysql_real_escape_string($_POST[‘user’]);
$pass = mysql_real_escape_string($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=‘$user’ AND password=‘$pass’”;
// Or use the quoteSmart() method from PEAR::DB
$user = $db->quoteSmart($_POST[‘user’]);
$pass = $db->quoteSmart($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=$user AND password=$pass”;
/* Note that the quoteSmart() method automatically
adds quotes around the value when it is needed,
so you do not need to put them directory into your
query. */
Well, I am just sharing my thoughts regarding this matter. Bye for now I am going to fix first a <a href=“http://www.discounthonparts.com/honda-axle-assembly/”>Honda axle assembly</a> for my car for the next race. I’ll visit this site daily.
$user = mysql_real_escape_string($_POST[‘user’]);
$pass = mysql_real_escape_string($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=‘$user’ AND password=‘$pass’”;
// Or use the quoteSmart() method from PEAR::DB
$user = $db->quoteSmart($_POST[‘user’]);
$pass = $db->quoteSmart($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=$user AND password=$pass”;
/* Note that the quoteSmart() method automatically
adds quotes around the value when it is needed,
so you do not need to put them directory into your
query. */
Well, I am just sharing my thoughts regarding this matter. Bye for now I am going to fix first a <a href=“http://www.discounthonparts.com/honda-axle-assembly/”>Honda axle assembly</a> for my car for the next race. I’ll visit this site daily.
$user = mysql_real_escape_string($_POST[‘user’]);
$pass = mysql_real_escape_string($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=‘$user’ AND password=‘$pass’”;
// Or use the quoteSmart() method from PEAR::DB
$user = $db->quoteSmart($_POST[‘user’]);
$pass = $db->quoteSmart($_POST[‘pass’]);
$sql = “SELECT * FROM user WHERE username=$user AND password=$pass”;
/* Note that the quoteSmart() method automatically
adds quotes around the value when it is needed,
so you do not need to put them directory into your
query. */
Well, I am just sharing my thoughts regarding this matter. Bye for now I am going to fix first a Honda axle assembly for my car for the next race. I’ll visit this site daily.
Pasquala - it’s not a good idea to use text links to submit forms as search engine spiders will trigger the form submission when crawling your site. Stick with form elements (button or input type=“submit”) then use CSS to style it as you like.