HomeDesigning Your WebsiteHTML, CSS, and Javascript

Just a quick security check...

DarkLight posted this at 19:52 — 3rd February 2008.

DarkLight's picture

He has: 287 posts

Joined: Oct 2007

Hi, by now most of you probably know I am a pathetic coder, so I really cannot embarass myself anymore...

I have just created a small script (in PHP) to display on a custom Block on the navigation panel. It displays the number of users with public chat rooms (on my ajaxim chat.) I just wanted to make sure it is secure before I integrate it into the website... Here it is...

<?php
$dbhost = 'localhost';
$dbuser = 'USERNAME';
$dbpass = 'PASSWORD';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to mysql');
$dbname = 'pcgenius_ajaxim';
mysql_select_db($dbname);
$result = mysql_query(\"SELECT * FROM ajaxim_chats\");
$num_rows = mysql_num_rows($result);
echo \"There are <b>$num_rows</b> public chat rooms currently open on PGC v4.0\n\";

<br />
<b>>>> <a href=\"http://www.chat.pcgeniusproductions.com/\">Join  Chat</a> <<<</b>
?>

If you find any potential risks in this script, can you inform me please?
Thanks in advance.

PS: Your PHP quote display is faulty.

All the best news here: https://newsbotnet.com

JeevesBond posted this at 02:04 — 4th February 2008.

JeevesBond's picture

He has: 3,956 posts

Joined: Jun 2002

There aren't any security issues here. What you have to worry about is input from outside, everything here is internal to your script.

Couple of side notes (not really what was asked for, but hey-ho)
Are you adding this to a block in Drupal? You should really use the Drupal API if that's the case, although as the chat stuff is in a different database it might not be worth the bother. Plain Also, <b> tags are evil, presentation belongs in the CSS you see, in place of <b> you should use <strong>. Smiling

a Padded Cell our articles site!

DarkLight posted this at 14:14 — 4th February 2008.

DarkLight's picture

He has: 287 posts

Joined: Oct 2007

ahh, OK. I have just added the API module a few days ago. I shall check it out. So far, I have not used it directly, it is just required by other modules.

I also noticed, that it takes a while to refresh, and display new status, even if you click reload/refresh in ur browser. It aint really a great deal, but it is slightly annoying.

BTW, I have copied your site. I have deisgned my own version of JS random text display. I coded it all in an external JS, and then called it from da Block.

Take a look:

http://www.pcgeniusproductions.com/

Only, mine uses Famous Quotes...

All the best news here: https://newsbotnet.com

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.