and the one some use to reduce the amount of code:
list($rid, $name, $url) = $db->sql_fetchrow($result);[pP]>nortan 2004
In the first method results are returned in the format $row['value']
in the second method they are returned in the format $value
since one of the values is a number we add a php function to make sure only
numbers
are used, in this case we use intval(), in values
that return emails & urls we can
use another function, in this case stripslashes(),
they would now change to:
The one i suggest using:
$row = $db->sql_fetchrow($result);
$rid = intval($row['rid']);
$name = $row['name'];
$url = stripslashes($row['url']);[pP]>nortan 2004
and the one some use to reduce the amount of code:
list($rid, $name, $url) = $db->sql_fetchrow($result);
$rid = intval($rid);
$url = stripslashes($url);[pP]>nortan 2004
There are many more functions one can use to check what gets
passed through a
variable but these should help make the files more secure, anyway here's one
more:
Let's say that from our example we know $name will have a maximum allowed
character limit of 12, we can make sure that limit is not exceeded in one
of several ways, in this case we'll use substr()
so the above will now be:
The one i suggest using:
$row = $db->sql_fetchrow($result);
$rid = intval($row['rid']);
$name = substr("$row['name']",
0,12);
$url = stripslashes($row['url']);[pP]>nortan 2004
and the one some use to reduce the amount of code:
list($rid, $name, $url) = $db->sql_fetchrow($result);
$rid = intval($rid);
$name = substr("$name",
0,12);
$url = stripslashes($url);[pP]>nortan 2004
Results are returned in the format $value since one of the values
is a number we add a
php function to make sure only numbers are used, in this case we use intval(),
in values
that return emails & urls we can use another function, in this case stripslashes(),
they would now change to:
while(list($rid, $name, $url) = sql_fetch_row($result,
$dbi)) {
$rid = intval($rid);
$url = stripslashes($url);[pP]>nortan 2004
There are many more functions one can use to check what gets
passed through a
variable but these should help make the files more secure, anyway here's one
more:
Let's say that from our example we know $name will have a maximum allowed
character limit of 12, we can make sure that limit is not exceeded in one
of several ways, in this case we'll use substr()
so the above will now be:
while(list($rid, $name, $url) = sql_fetch_row($result,
$dbi)) {
$rid = intval($rid);
$name = substr("$name",
0,12);
$url = stripslashes($url);[pP]>nortan 2004
The result line of each query will vary, some will be like:
list($topicid, $topicname) = sql_fetch_array($result,
$dbi);
and others will be like:
while(list($topicid, $topicname) = sql_fetch_array($result,
$dbi)) {
You would change these to:[pP]>nortan 2004
The method i suggest using:
$row = $db->sql_fetchrow($result);
$topicid = intval($row['topicid']);
$topicname = $row['topicname'];
and the second line to:
while($row = $db->sql_fetchrow($result)) {
$topicid = intval($row['topicid']);
$topicname = $row['topicname'];[pP]>nortan 2004
and the alternate method:
list($topicid, $topicname) = $db->sql_fetchrow($result);
$topicid = intval($topicid);
and the second line to:
while(list($topicid, $topicname) = $db->sql_fetchrow($result))
{
$topicid = intval($topicid);
[pP]>nortan 2004
The following are some of the variables that deal with numerical values so you could secure them with the intval() function.[pP]>nortan 2004
Database Table Name
|
Variable(s)
|
nuke_access
|
$access_id
|
nuke_authors
|
$counter
$radminarticle $radmintopic $radminuser $radminsurvey $radminsection $radminlink $radminephem $radminfaq $radmindownload $radminforum $radmincontent $radminency $radminreviews $radminnewsletter $radminsuper |
nuke_autonews
|
$anid
$catid $ihome |
nuke_banner
|
$bid
$cid $imptotal $impmade $clicks $active |
nuke_bannerclient
|
$cid
|
nuke_blocks
|
$bid
$weight $active $refresh $view |
nuke_catagories
|
$cat_id
|
nuke_comments
|
$tid
$pid $sid |
nuke_config
|
$anonpost
$commentlimit $minpass $pollcomm $articlecomm $broadcast_msg $my_headlines $top $storyhome $user_news $oldnum $ultramode $banners $multilingual $useflags $notify $email_send $attachments $attachments_view $singleaccount $filter_forward $moderate $admingraphic $httpref $httprefmax |
nuke_contactbook
|
$uid
$contactid |
nuke_counter
|
$count
|
nuke_downloads_categories
|
$cid
$parentid |
nuke_downloads_downloads
|
$lid
$cid $sid $hits $totalvotes $totalcomments |
nuke_downloads_editorials
|
$downloadid
|
nuke_downloads_modrequest
|
$requestid
$lid $cid $sid $brokendownload |
nuke_downloads_newdownload
|
$lid
$cid $sid |
nuke_downloads_votedata
|
$ratingdbid
$ratinglid $rating |
nuke_encyclopedia
|
$eid
$active |
nuke_encyclopedia_text
|
$tid
$eid |
nuke_ephem
|
$eid
$did $mid $yid |
nuke_faqAnswer
|
$id
$id_cat |
nuke_faqCategories
|
$id_cat
|
nuke_headlines
|
$hid
|
nuke_journal
|
$jid
|
nuke_journal_comments
|
$cid
|
nuke_journal_stats
|
$id
|
nuke_links_categories
|
$cid
$parentid |
nuke_links_editorials
|
$linkid
|
nuke_links_links
|
$lid
$cid $sid |
nuke_links_modrequest
|
$requestid
$lid $cid $sid $brokenlink |
nuke_links_newlink
|
$lid
$cid $sid |
nuke_links_votedata
|
$ratingdbid
$ratinglid $rating |
nuke_message
|
$mid
$expire $active $view |
nuke_modules
|
$mid
$active $view $inmenu |
nuke_pages
|
$pid
$cid $active $counter |
nuke_pages_categories
|
$cid
|
nuke_poll_check
|
$pollID
|
nuke_poll_data
|
$pollID
$optionCount $voteID |
nuke_poll_desc
|
$pollID
$voters $artid |
nuke_pollcomments
|
$tid
$pid $pollID |
nuke_public_messages
|
$mid
|
nuke_queue
|
$qid
$uid |
nuke_referer
|
$rid
|
nuke_related
|
$rid
$tid |
nuke_reviews
|
$id
$score $hits |
nuke_reviews_add
|
$id
$score |
nuke_reviews_comments
|
$cid
$rid $score |
nuke_seccont
|
$artid
$secid $counter |
nuke_sections
|
$secid
|
nuke_stories
|
$sid
$catid $comments $counter $topic $ihome $acomm $haspoll $pollID $score $ratings |
nuke_stories_cat
|
$catid
|
nuke_topics
|
$topicid
|
nuke_users
|
$user_id
$storynum $uorder $noscore $ublockon $commentmax $counter $newsletter $user_posts $user_attachsig $user_rank $user_level $broadcast $popmeson $user_active $user_session_time $user_session_page $user_lastvisit $user_new_privmsg $user_unread_privmsg $user_last_privmsg $user_allowhtml $user_allowbbcode $user_allowsmile $user_allowavatar $user_allow_pm $user_allow_viewonline $user_notify $user_notify_pm $user_popup_pm $user_avatar_type |
nuke_users_temp
|
$user_id
|
[pP]>nortan 2004