[thelist] PHP/SQL

Raymond Camden rcamden at allaire.com
Thu Jan 25 12:04:31 CST 2001


I'm not sure what your app is doing, but shouldn't you encrypt the username?
What if someone sent a request to your site where username was
'administrator' or some such? Of course, your just getting names here, but
that could be a mild security risk. I could write a script to dig up
people's real names.

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Allaire

Email   : jedimaster at allaire.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Jay Fitzgerald
> Sent: Thursday, January 25, 2001 11:32 AM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] PHP/SQL
>
>
> nevermind....i found a solution....
>
> <tip name = \"wake up\">
> luckily i had originally set a cookie for the username on the
> original page:
>
>  --> setcookie("id","$username","","/","moss.bayou.com",0);
>
> I then called the cookie on the page that i wanted to echo the variables
>
> --> $id = $HTTP_COOKIE_VARS["id"];
>
> .....and changed my select statement on that same page to:
>
> --> $sql = "select firstname, lastname from users where username = '$id'";
>
> now when i echo "my name is $firstname $lastname" i see "my name is Jay
> Fitzgerald" on the page via the web.....
> </tip>
>
> I almost "went to sleep" on this one....
>





More information about the thelist mailing list