secure

galaxyAbstractor · Feb 6, 2009

Is this secure enough?

PHP:

<?php
require_once('includes/config.php');
require_once('includes/functions/func.global.php');
require_once('includes/classes/class.template_engine.php');
require_once('includes/lang/lang_'.$config['lang'].'.php');

db_connect($config);

if($_GET['id']) {
    $id = mysql_real_escape_string($_GET['id']);
    
    $query = "SELECT story_url FROM dug_stories WHERE `story_id` = '$id'";
    $query_result = mysql_query ($query) OR die(mysql_error());
    $info = mysql_num_rows($query_result);
    
    if ($info >0){
    $info = mysql_fetch_row($query_result);
    
    mysql_query("UPDATE dug_stories SET story_hits = story_hits+1 WHERE `story_id` = '$id'");
    header("Location: ". $info['0']);
    } elseif ($info == 0) {
        header("Location: /index.php");
    }
    
    
} else {
    
header("Location: index.php");
}

?>

mattura · Feb 6, 2009

Looks ok at first glance.
If story_id is unique, you need only test for "if ($info==1)" not >0
Also, you don't need "elseif ($info==0)", just "else"

galaxyAbstractor · Feb 6, 2009

mattura said:
Looks ok at first glance.
If story_id is unique, you need only test for "if ($info==1)" not >0
Also, you don't need "elseif ($info==0)", just "else"

story_id is unique and is using mySQLs auto_increment

xav0989 · Feb 7, 2009

you should add a line in all the files you include, for instance :

PHP:

if (!defined('SECURITY_CHECK')) {
    echo 'Can\'t hack me!';
    exit;
}

and then add :

PHP:

define('SECURITY_CHECK', 'ok');

at the top of every of you file (not included)

secure

galaxyAbstractor

Community Advocate

mattura

Member

galaxyAbstractor

Community Advocate

xav0989

Community Public Relation

Free Web Hosting

Our Community

Legal