[Chugalug] Newbie question

Stephen Haywood stephen at averagesecurityguy.info
Sat Aug 17 01:25:04 UTC 2013


I second learning the PDO stuff. You should NEVER UNDER ANY CIRCUMSTANCE put user controlled data in a SQL or eval statement of any kind ever.
--
Stephen Haywood
Owner, ASG Consulting
CISSP, GSEC, OSCP
423.305.3700
stephen at averagesecurityguy.info




On Aug 16, 2013, at 8:18 PM, Randy Yates <lpcustom at gmail.com> wrote:

> Tyler, your SQL statement may be failing. Have you tried that statement manually in mysql? You may need to add VALUES like so:
> 	• INSERT INTO sedan ( year, make, model, color, price) values('{$_POST['year']}','{$_POST['make']}', '{$_POST['model']}', '{$_POST['color']}', '{$_POST['price']}')";
> 
> 
> On Fri, Aug 16, 2013 at 8:11 PM, Dan Lyke <danlyke at flutterby.com> wrote:
> On Fri, Aug 16, 2013 at 5:04 PM, Tyler Mittan
> <flashbatmanquestion at gmail.com> wrote:
> > Sure:
> > http://pastebin.com/VjBfUdtF
> 
> A potential "gotcha": I believe that mysql has two connection methods
> for the local machine, TCP/IP via "localhost", and local filesystem
> accessible sockets. Does:
> 
> mysql --host=localhost --user=root --password=root inventory
> 
> connect correctly?
> 
> Dan
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> 
> 
> 
> -- 
> Google reads my email!
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130816/c3c38d14/attachment.pgp>


More information about the Chugalug mailing list