[Wolves] PHP Sql select losing a row
David Goodwin
david at codepoets.co.uk
Wed Jul 10 12:08:46 UTC 2013
On 10 Jul 2013, at 12:54, Wayne Morris <waynelists at machx.co.uk> wrote:
> On 09/07/2013 19:08, John Green wrote:
>> yes i was going to mention those variable names lol
>>
> What was wrong with the variable names?
Variable names should be readable and hopefully spelt correctly.
Why not just write 'results' and 'query' - they're easy to read and descriptive.
Sticking a 'z' on the end has not added anything (if anything it's more typing). I certainly find spelling mistakes in code distracting.
(To me, it also looks childish, but perhaps I'm just becoming old and grumpy!)
> Its for an intranet with users logged in - so either we trust them enough to amend/delete etc all records on the system,
> or we don't trust them to do anything - an sql injection is far too complicated enough for our grade of user ;-)
>
So - someone searches for "it's" and it breaks?
That doesn't give the end user much confidence in the app. It's good practice to try and code securely.
It may only be an intranet thing for now - but software has a habit of evolving and being adapted. $futureBoss could easily request a subset of the functionality be opened up to the world….
alternatively, what if you're infected by some sort of network worm/virus which infects vulnerable web apps through SQL Injection?
David.
More information about the Wolves
mailing list