Vote count:
0
Good day!
Today am working on comment section for my site. I know that its not so hard to make working comment section but i want to make it safe and prevent sql injection.
What are your suggestions, how i should make it and what should I watch out for ?
I will post here my idea so you can tell me which part is unsafe .
Lets suppose u need to be registered and logged in to comment.
<html>
<head>
require 'connect.inc.php';
require 'function.php';
</head>
<body>
<?php
if(loggedin()){
$id = $_SESSION['user_id']; //loggedin function check if user is logged in
if(isset($_POST['comment_button'])){
$comment = $_POST['comment'];
mysql_query("INSERT INTO comments VALUES('','$id','$comment')");
}
?>
<form>
Comment:<br>
<textarea name='comment'></textarea>
<input type="submit" name="comment_button" value="Login"/>
</form>
<?php
}else{header('location: index.php');
} ?>
</body>
</html>
This is some basic idea , please note that am novice in all of this so dont be surprised if u see something bad in this code above . Thanks for ur help.
asked 24 secs ago
Aucun commentaire:
Enregistrer un commentaire