ansaurus

Question

Answer 1

+4 A:

You are missing curly brackets {}:

<?php

if ($checkid == $customerid) {echo 'You cannot post any more entries, you have already created one';}

else
{

$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
}

?>

Sarfraz 2010-05-27 17:38:36

+1 Beat me to it!

Seb 2010-05-27 17:39:36

Don't forget to also fix your if() statement as that's an asignment and will always evaluate to true (mentioned by thetaiko)

Matt S 2010-05-27 17:48:25

Answer 2

A:

Re: sql injection - any time you trust data from your users you're vulnerable. Take your INSERT statement and sanitize it.

$sql = sprintf("INSERT INTO content (customerid, weburl, title, description) VALUES ('%d','%s','%s','%s')",
    $_POST['customerid'], //forced as digit
    mysql_real_escape_string($_POST['webaddress']),
    mysql_real_escape_string($_POST['pagetitle']),
    mysql_real_escape_string($_POST['pagedescription']) );

Also, you should use apostrophes in your array keys. In double quotes, that'd be:

echo "Post data webpage title is {$_POST['pagetitle']}";

Dan Heberden 2010-05-27 17:41:45

Answer 3

+3 A:

To answer the second part of your question: yes, you're very vulnerable to SQL injection:

$sql="INSERT INTO content (customerid, ...) VALUES ('$_POST[customerid]', ...)";
                                                     ^

This article explains SQL Injection and how to avoid the vulnerability in PHP.

Dolph 2010-05-27 17:42:04

Answer 4

A:

$_SESSION will clear when the browser is closed out. Therefore, I'd suggest using Cookies for a definite way.

I've updated your code as follows:

include '../login/dbc.php';
page_protect();

$customerid = $_COOKIE['user_id'];

$checkid = "SELECT customerid FROM content WHERE customerid = $customerid";

if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}else{

$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";

if (!mysql_query($sql))
  die('Error: ' . mysql_error());
else
  echo "1 record added";
}

If you are worried about injection add this tidbit prior to your insert query:

foreach($_POST as $key=>$value){
  $_POST[$key] = addslashes($value);
}

bradenkeith 2010-05-27 17:44:04

For the record, this is not how I would protect against injection attacks, but it is a quick patch for your script.

bradenkeith 2010-05-27 17:44:48

The session would only be lost when the browser is closed if it used a query variable and not cookies (both options for native PHP sessions), AND if the cookie expiration was not set correctly.Furthermore, your cookie method can be altered by the user with some simple javascript and thus is open to injection, even after applying the tidbit.

Kurucu 2010-05-27 18:36:55

Answer 5

+1 A:

In addition to the missing curly braces mentioned previously it looks like you're assigning in the if statement, which will cause the statement to always evaluate to true:

if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}

Should be:

if ($checkid == $customerid) {echo 'You cannot post any more entries, you have already created one';}

Also, $checkid contains an SQL query string. I assume you intend to actually run the query and populate $checkid with something comparable to a $customerid before actually getting to the comparison.

thetaiko 2010-05-27 17:47:02

Answer 6

A:

In addition to the SQL injections (man, read a book/tutorial about that before you start!) and the missing braces after the else, you have two errors in there: First, you don't execute the $checkid query, secondly, you only have one = in the if (so you assign the value of $customerid to $checkid.

It is also probable that there is an sql injection vulnerability too.

Why "is possible"? Don't you see that yourself? Don't you write your code in a way that you avoid such issues in the first place?

Marian 2010-05-27 22:52:51

ansaurus

tags:

views:

answers:

Stopping users posting more than once

related questions