Post ProjectBuyersProgrammersFAQForumContactRSS
      MEMBER LOGIN
      SERVICES & FEATURES
  • Post a Project
  • Signup
  • Job Listings
  • Featured Projects
  • Certified Members
  • Top Programmers
  • Affiliate Program
  • RSS Feeds
    •    THE 20 LATEST PROJECTS
    Cubecart Expert Needed
    Populate My Oscommerce Site 2
    Create 8 Web Forms In Joomla
    Opengts Compiling On Windows 2
    C++ Mortgage Payment Calculato
    Wordpress Expert Needed
    Simple Submit Form/subscribe 2
    Stylist Website Needed
    Fix Html Forms In Joomla
    Psd To Html/css
    Registeration Process
    Need A Ubot Pogrammer (easy)
    Twitter Web App For Iphone
    Clone (article Site)
    Week Writing Project
    Need Someone To Download Video
    Red5 Configuration
    Digital Access Pass Setup
    Viral Marketing Script (php)
    Business Logo Design
     
       POPULAR NEW PROJECTS
    Article Writing
    Content Submission
    Landing Pages
    Conversions
    Twitter
    iPhone Applications
     
    Project: prevent sql injection & clean
    ID: 1257661726    		 Bookmark and Share Post Similar ProjectManage Your Project

    PROJECT DETAILS
    		Comments (0)
    Status: Closed (Chosen Programmer: coolguyinus2004; Paid + bonus; Rated 10 out of 10)
    Budget: Minimum $10
    Created: 11/8/2009 at 1:28 EST
    Closed: 11/9/2009 at 1:38 EST
    Project Creator:
    weddingmuseum
    Rating: 10.00/10 (7 reviews)
    Rated 10 out of 10 for this project.
    Description: I have a project to "better code" a page when data is entered by a visitor into a guestbook comment and then into a db. I want to make sure the info is not html and will prevent any sql injection.

    The guestbook comment does use a capatcha. I have created a badwords filter for the comments section. A sampling code reworked a bit - written is below. The whole file will be given to the programmer selected.

    $v1=mysql_real_escape_string(stripslashes($_POST['name']));
    $v2=mysql_real_escape_string(stripslashes($_POST['comment']));
    $v3=$_POST['sdate'];
    $v4=$_POST['value'];
    $v5=date("F j, Y");

    $sql="SELECT * FROM table where value2=\"$value\" AND gname=\"$v1\" AND value8=\"$v3\"";
    $result = mysql_query($sql,$connection) or die("Couldn't connect to members database at this time from member_thank_you. Sorry for the inconvenience. Please try again later.<br>");
    $num=mysql_numrows($result);
    if($num !=0)
    {$er=$er+1;
    echo "<center><font size='-1' color='red'>You have already left a comment.</font></center><br>";}

    if (trim($name)==NULL)
    {$er=$er+1;
    echo "<center><font size='-1' color='red'>You must enter your name.</font></center><br>";}

    if (trim($comments)==NULL)
    {$er=$er+1;
    echo "<center><font size='-1' color='red'>You must enter your comments.</font></center><br>";}

    if (strlen($comments)>499)
    {$er=$er+1;
    echo "<center><font size='-1' color='red'>Your comments must be less than 500 characters.</font><br></center>";}

    $insert=mysql_query("INSERT INTO table values (\"\", '$v1', '$v2', '$todaydate', '$v3')") or die ("Could not insert data because of error");

    * You must complete the work within 48 hours upon agreement.
    * You must be able to do and complete the work and page must function as described above..

    Tags: PHP, MySQL, SQL


    View Message Board for this Project Messages Posted: 17


    PROJECT BIDS
    Programmers Bid Delivery Time Time of Bid Rating  

    (8 bids have been placed. weddingmuseum has chosen to keep all bids for this project hidden.)


    Related Projects:
    Prevent Craigs List Flagging Clean BG Noise MP3 Voice Files CMS SurfTheChannel Clone SQL Content Management System SQL Sql Database query BI program
    		More...


    Copyright © 2001 - 2010
    ScriptLance is a trade-mark of
    R3N3 International Inc
    Bookmark and Share
    Site MapRSSPrivacy PolicyTermsReport ViolationsAffiliatesFAQForumContact Support
    Graphic Design by: Graphicsguru.com