Hey everyone, I am looking for some ideas or opinions on how well my secure my scripting is.
Should a query come from GET, POST, or any other means...
I always do this in the queries.
PHP Code:
$_GET['group_id'] = isset($_GET['group_id']) ? (int)$_GET['group_id'] : 0;
$_POST['username'] = isset($_POST['username']) ? $_POST['username'] : '';
SELECT account_id, username, account_group
FROM users
WHERE belongs_to_group = '" . $_GET['group_id'] . "' AND
username = '" . mysql_real_escape_string($_POST['username']) . "'
I know the query doesn't really make sense... it doesn't need too. Display purposes only.
As well, the username value would have validation from the form (overflow, and proper regex validation against the username).
I let the query fail should a user enter a string through proper handling though as it (atleast to my understanding) will be looking for '0' if anything but an integer is entered.
so, since no rows were found...
PHP Code:
if (mysql_num_rows($query) > 0)
{
// bla hbal hbalh do stuff
}
else
{
$this->throwError('Invalid account information supplied');
}
Also, my form class (everytime form input is sent in, all values are automatically trim'ed and strip_slashed for redisplay (if form error) / processing (if passed form validation).
Thoughts? Ideas? Suggestions to better protect myself? I am just getting ready to start another project and want to get even tighter security implemented if possible.
Join the friendly bunch on IRC...
SQL Injection
Threaded Mode
