php / mysql sorting issue and form sanitizing? -

-

i'm pretty new scripting i've been following code logic pretty well. i've got 2 working scripts (posted below,) 1 posts form mysql database , pulls information on same page in table. i'm having trouble finding on following things want accomplish.

1.) sanitizing form, i've been told it's open injection/other. people submit text, , i'd them able post html links called , clickable second script.

2.) want callback script sort information recent post on top. (can create new mysql column alongside category , contents called "date" auto detects date/time , uses sorting? i'd love see example code of that.

here's submit form

<html> <div style="width:  330px;  height:  130px;  overflow:  auto;"> <form style="color: #f4d468;" action="send_post.php" method="post">      category: <select style="color: #919191; font-family: veranda; font-weight: bold; font-size: 10px; background-color: #000000;" name="category"> <option value="category 1">category 1</option> <option value="category 2">category 2</option> <option value="category 3">category 3</option> <option value="other">other</option> </select> <br>      <textarea overflow: scroll; rows="4" cols="60" style="color: #919191; font-family: veranda; font-weight: bold; font-size: 10px; background-color: #000000; width:300px; height:80px; margin:0; padding:0;" name="contents"></textarea><br>     <input type="submit" style="color: #919191; font-family: veranda; font-weight: bold; font-size: 10px; background-color: #000000;" value="create log"> </form> </div> </html>

sendpost.php

<?php //connecting sql db. $connect=mysqli_connect("localhost","myuser","mypassword","mydb");  header("location: http://mywebsite.com/myhomepage.php");  if (mysqli_connect_errno()) { echo "fail"; } else { echo "success"; }  //sending form data sql db. mysqli_query($connect,"insert mydbtable (category, contents) values ('$_post[category]', '$_post[contents]')");  ?>

and php call on page

<?php $con=mysqli_connect("localhost","myuser","mypassword","mydb"); // check connection if (mysqli_connect_errno())   {   echo "failed connect mysql: " . mysqli_connect_error();   }  $result = mysqli_query($con,"select * mydbtable");  echo "<table border='1'> <tr> <th>category</th> <th>contents</th> </tr>";  while($row = mysqli_fetch_array($result))   {   echo "<tr>";   echo "<td>" . $row['category'] . "</td>";   echo "<td>" . $row['contents'] . "</td>";   echo "</tr>";   } echo "</table>";  mysqli_close($con); ?>

also in cases of connecting $con=mysqli_connect command in 2 of scripts, exposed? can't php , see information?

i appreciate help, willing read , learn right way things!

these 2 questions you.

  1. how can prevent sql injection in php?

  2. how can specify sql sort order in sql query

    select * mydbtable order date

and having db passwords , connections in open... typically people include php file (even though doesn't make safer). however, if have root access filing systems, put in high enough directory above htdocs, , won't accessible url.

dbconnect.php

$con=mysqli_connect("localhost","myuser","mypassword","mydb"); // check connection if (mysqli_connect_errno())   {   echo "failed connect mysql: " . mysqli_connect_error();   }

index.php

include 'dbconnect.php';

however, doesn't make safer, convenient won't accidentally post code password.


Comments

Post a Comment

Popular posts from this blog

c# - How Configure Devart dotConnect for SQLite Code First? -

-
can configure following sample code ? when run following code, error : no entity framework provider found ado.net provider invariant name 'devart.data.sqlite' setting in machine.config <system.data> <dbproviderfactories> <add name="dotconnect sqlite" invariant="devart.data.sqlite" description="devart dotconnect sqlite" type="devart.data.sqlite.sqliteproviderfactory, devart.data.sqlite, version=4.6.287.0, culture=neutral, publickeytoken=09af7300eec23701" /> </dbproviderfactories> </system.data> after add below block code in app.config <?xml version="1.0"?> <configuration>   <configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="entityframework" type="system.data.entity.internal.configfile.entityframeworksection, entit...
Read more

java - Copying object fields -

-
what best way of copying classes when need have 2 independent variables? have simple class: public class myclass { boolean = false; string b= "not empty"; } do need make method : assign(myclass data ) { a= data.a; b= data.b; } is there automatic method copy (duplicate) objects in java? do need make method : pretty close. instead of making method, should make constructor. such constructors called copy constructor , , create them this: myclass(myclass data) { = data.a; b = data.b; } and create copy of instance, use constructor this: myclass obj1 = new myclass(); myclass obj2 = new myclass(obj1); copy constructor can tedious : using copy constructor create deep-copy can tedious, when class has mutable fields. in case, assignment create copy of reference, , not object itself. have create copy of fields (if want deep copy). can go recursive. a better way create deep copy serialize , deserialize object. why not use clone()? ...
Read more

c++ - Clear the memory after returning a vector in a function -

-
i have function processes , stores lot of data in , returns results vector of class. amount of data stored in function tremendous , want clear storage memory of function after finished job. necessary (does function automatically clear memory) or should clear memory function? update: vector<customers> process(char* const *filename, vector<int> id) { vector<customers> list_of_customers; (perform actions) return list_of_customers; } variables defined locally within function automatically released @ end of function scope. destructors objects called, should free memory allocated objects (if objects coded correctly). example of such object std::vector . anything you've allocated new must have corresponding delete release storage. try avoid doing own allocation , use raii instead, i.e. containers or smart pointers.
Read more