Nathan-Srivi · August 29, 2015 14:16
diff --git a/Task1.php b/Task1.php
 function output()

 {

 // Check authorization

 if(is_authorized())

 {

 }

 echo "<ul>"

 $conn = mysql_connect( "mysql.foo.org:412", "kum", "overmoon" );

 mysql_select_db( "kum", $conn ); // selects a database

 $q = " SELECT * FROM main WHERE id > " . $_GET["id"]. ";";

 $res = mysql_query( $q, $conn);

 while( $row = mysql_fetch_assoc( $res ) )

 {

 }

 echo "</ul><br><ul>";

 $q = " SELECT * FROM main WHERE id < " . $_GET["id"]. ";";

 $res = mysql_query( $q, $conn);

 while( $row = mysql_fetch_assoc( $res ) )

 {

 }

 echo "</ul>";

 }


 /*My thought about that code

 1. Database credentials should not be hard-coded in that script. Include them from a file that's in a secure location (not in htdocs / www folder). Preferably, encrypt them.

 2. Don't concatenate user-defined variables directly into this SQL statements. It makes vulnerable to SQL injection attacks. Sanitize the inputs, prepare SQL statements with placeholders, then bind the variables to them.

 3. This code don't try to catch any errors. What if the database server is unreachable? What if the database is missing? What if the table is missing?

 4. This code seem to pick single or double quotes at random. Use double quotes when you need PHP to process a contained variable ...

 $str = "Sample Color is $color.";

 ... and use single quotes otherwise ...

 $str = 'Hello, world.';

 5. Don't use $_REQUEST['module']. Use either get, post, or cookie. It should know which over which method the data is coming.

 6. Disconnect your database handle once you're done with it. 

 */
	function output()

	{

	// Check authorization

	if(is_authorized())

	{

	}

	echo "<ul>"

	$conn = mysql_connect( "mysql.foo.org:412", "kum", "overmoon" );

	mysql_select_db( "kum", $conn ); // selects a database

	$q = " SELECT * FROM main WHERE id > " . $_GET["id"]. ";";

	$res = mysql_query( $q, $conn);

	while( $row = mysql_fetch_assoc( $res ) )

	{

	}

	echo "</ul><br><ul>";

	$q = " SELECT * FROM main WHERE id < " . $_GET["id"]. ";";

	$res = mysql_query( $q, $conn);

	while( $row = mysql_fetch_assoc( $res ) )

	{

	}

	echo "</ul>";

	}


	/*My thought about that code

	1. Database credentials should not be hard-coded in that script. Include them from a file that's in a secure location (not in htdocs / www folder). Preferably, encrypt them.

	2. Don't concatenate user-defined variables directly into this SQL statements. It makes vulnerable to SQL injection attacks. Sanitize the inputs, prepare SQL statements with placeholders, then bind the variables to them.

	3. This code don't try to catch any errors. What if the database server is unreachable? What if the database is missing? What if the table is missing?

	4. This code seem to pick single or double quotes at random. Use double quotes when you need PHP to process a contained variable ...

	$str = "Sample Color is $color.";

	... and use single quotes otherwise ...

	$str = 'Hello, world.';

	5. Don't use $_REQUEST['module']. Use either get, post, or cookie. It should know which over which method the data is coming.

	6. Disconnect your database handle once you're done with it.

	*/