We have a table vehicle and a simple php form. Before entering data, I check that the vehicle registration number is present but some customers can enter the PC duplicate entries. Below is the code snippet, and what could be the reason? The other possibility is only the user's fault, for example the gap space ( $ Vehicle Registration Note = $ _ POST ['Vehicle Registration Number']; $ SelectQuery1 = "Select vehicle vehicle registration where vehicle vehicle registration number = ''. $ Vehicle registration number."; "; $ Result1 = mysqli_query ($ link, $ selectQuery1); $ Row1 = mysqli_fetch_array ($ Result 1, MYSQL_ASSOC); $ N1 = mysqli_num_rows ($ Result 1); If ($ n1> 0) {$ status =" & Lt; Span class = \ "statusFailed \" & gt; Vehicle "$ Vehicle Registration Number." Already exists. & Lt; All the codes are weak for the SQL injection.This check can be left by submitting some code like
XYZ0001 'and 1 =' 0 or more malicious values. To prevent this, instead of string combination Use the statement and the ultimate binding.
"XYZ001"! = "XYZ0001" ), DB It is difficult to spot the first look at ad records. Before you check your existence in DB, you should check with PHP if the submitted price contains only characters with permission and it is free of common mistakes.
No comments:
Post a Comment