[Wolves] PHP Sql select losing a row
waynelists at machx.co.uk
Wed Jul 10 12:42:27 UTC 2013
On 10/07/2013 13:08, David Goodwin wrote:
> to mention those variable names lol
>> What was wrong with the variable names?
> Variable names should be readable and hopefully spelt correctly.
> Why not just write 'results' and 'query' - they're easy to read and descriptive.
> Sticking a 'z' on the end has not added anything (if anything it's more typing). I certainly find spelling mistakes in code distracting.
> (To me, it also looks childish, but perhaps I'm just becoming old and grumpy!)
AHHH, I thought you were having a go about using words like 'postcode'
The 'z' was just a fault finding suffix to show me that that particular
query was all part of the same query ( I've got 4 separate queries on
and was concerned that the result from one might be getting used in the
results from another so used result1- result3 and then got bored with
and tagged it with a z lol
>> Its for an intranet with users logged in - so either we trust them enough to amend/delete etc all records on the system,
>> or we don't trust them to do anything - an sql injection is far too complicated enough for our grade of user ;-)
> So - someone searches for "it's" and it breaks?
> That doesn't give the end user much confidence in the app. It's good practice to try and code securely.
I do those checks on user input sections - this particular section just
uses the postcode of a particular existing record, then searches for
records in the same subpostcode to display. But point taken on secure
> It may only be an intranet thing for now - but software has a habit of evolving and being adapted. $futureBoss could easily request a subset of the functionality be opened up to the world….
> alternatively, what if you're infected by some sort of network worm/virus which infects vulnerable web apps through SQL Injection?
More information about the Wolves