Securety leaks in PHP/MySQL??

Anon

Just wandered if anyone knew of any security-holes in PHP/MySQL when you take input straight from a <form input ...>and send it into the mysql-database, and on another page displays the data again...

I use like: "INSERT INTO table(name) VALUES
('$nam')"... Is this good enough security?

Markus

Anon

You mean your worried that someone unauthorized might be inserting data? That needs to be addressed by restricting access to the form. Then in the script that actually does the updating, you should check $HTTP_REFERER to make sure the data is coming from the proper place.

Anon

HTTP_REFERER can't be used to increase security. The value is solely defined by the HTTP user agent, and it's rather trivial to write code (PHP-code, for example) which stes arbitrary HTTP_REFERER headers.

Anon

INSERTs are not dangerous. Still, it's always a good idea to run addslashes() on data coming from the outside before passing it on to the database. Unless PHP's magic_quotes_gpc feature (I'd call it a mis-feature*) is turned on.

A suggestion for a code improvement:
$SQLnam=addslashes($nam);
$SQL="
INSERT INTO table(name)
VALUES ('$SQLnam')
";

*Note:
The magic_quotes_gpc feature is good for new PHP-programmers because they tend to forget to use addslashes(). However, in my opinion, the 'feature' is a source of frustration: I want my outside variables /as is/; I don't want PHP to change the data; but then I also have to take the responsibility to make proper conversions when needed.

To find out if magic_quotes is turned on: Look at the output from a phpinfo() call.