Constructing the tool - MySQLIf you are a web developer, you are undoubtedly aware that there are constant threats to your site. SQL injections are one type of threat that you must be aware of and make every attempt to prevent.
print this article SEARCH DEV SHED |
This tool should take a very simple approach. It should display a form where you can enter all of the required information for your database. When the form is submitted, it should connect to the database and make the necessary changes. That seems simple enough, wouldn’t you say? Please take into consideration that this is designed to be a single use tool. This file should not be left on your web server after use to prevent malicious behavior. However, we’ll attempt to add a little security just in case it is. <html> <head> <title>MySQL Table Prefix Changer</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head>
<body> <?php // Check for POST data $action = isset($_REQUEST['action'])?$_REQUEST['action']:false;
if (!$action) { ?> The code begins quite simply by creating a page. This is pretty standard for any PHP utility. After setting up the HTML page, we do a quick check for POST data. This lets us know whether we should display the form itself, or process its data. Here we’re using a pretty standard POST data check. Then we move into a conditional statement. The first block of code should be displayed if no post data was found. That means that we should be displaying our HTML form. <form name="form1" method="post" action="prefix.php"> <table width="75%" border="0" cellspacing="2" cellpadding="2"> <tr> <td>Enter database name:</td> <td><input name="d" type="text" id="d" size="50"></td> </tr> <tr> <td>Enter database user</td> <td><input name="u" type="text" id="u" size="50"</td> </tr> <tr> <td>Enter database password:</td> <td><input name="p" type="password" id="p" size="50"></td> </tr> <tr> <td>Enter New Prefix:</td> <td><input name="n" type="text" id="n" size="50" value="(Do not include </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td colspan="2" align="center"><input name="action" type="hidden" <input type="submit" name="Submit" value="Change Table </tr> </table> </form> Here we have a simple form with a few input boxes for the necessary information. There’s certainly nothing fancy here and I’ve even elected not to include any type of validation. Since this should only be used by you, the site administrator, it’s safe to assume the user would know what is going on, but you could certainly add some validation if you wished. The important thing to note here is the addition of the hidden “action” field. This is used by our POST data check. If this field is omitted, the script will not function and will continually display this form no matter how many times you choose to submit it. You should also note that the form’s action is set back to this script.
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 24 
