PHP Tutorial - 32 - Email Confirmation for PHP Game
Loading...
Loading...
28,271
Link to this comment:
Share to:
Loading...
35 videos
PHP Programming Tutorials- 3:48MySQL Database Tutorial - 33 - Final Video!by thenewboston2,207 views
- 8:49MySQL Database Tutorial - 32 - Viewsby thenewboston287 views
- 6:05MySQL Database Tutorial - 31 - ALTER / DROP / R...by thenewboston185 views
- 7:07MySQL Database Tutorial - 30 - NOT NULL & AUTO ...by thenewboston2,134 views
- 9:32PHP Tutorial: Professional Login System v2 (Par...by phpclass21,605 views
- 4:50PHP Tutorial - 13 - Arrays with Loopsby thenewboston43,305 views
- 10:03PHP Tutorial - 27 - Creating a Computer Gameby thenewboston64,510 views
- 0:11Prayabout Confirmation Codeby payfone16,425 views
- 7:08PHP Tutorial - 2 - Basic Output and Variablesby thenewboston132,499 views
- 5:42PHP Tutorial - 18 - Beginning Formsby thenewboston63,872 views
- 3:52PHP Tutorial - 5 - if/elseif/elseby thenewboston69,653 views
- 4:06PHP Tutorial - 4 - If Else Statementsby thenewboston76,050 views
- 4:54PHP Tutorial - 6 - Switch statementby thenewboston62,483 views
- 2:47PHP Tutorial - 9 - For Loopby thenewboston46,527 views
- 3:43PHP Tutorial - 3 - Basic Math Functionsby thenewboston98,215 views
- 7:02PHP Tutorial - 23 - Adding Tables to MySQL Data...by thenewboston94,485 views
- 3:24PHP Tutorial - 7 - While Loopby thenewboston55,467 views
- 26:27Send Emails with a Web Form: PHP Scriptingby tutvid293,683 views
- 5:39PHP Tutorial - 1 - Installing PHPby thenewboston266,199 views
1:22 connect.oho
B1KMusic 3 weeks ago
your code is vunerable to sql injection attacks. just sayin.
123456789robbie 3 months ago
where did that passkey came from?
manasume 4 months ago
*Looks through 80 lines of code*
*1/2 hour later*
"OH! I put 'pass' not 'password'!"
JKTCGMV13 5 months ago
@SCARHExtendedMags Or you could name it something useful and sanitize the input, eliminating the risk altogether.
dandymcgee 7 months ago
@dandymcgee You could name the temp table someting stupidly long, then it would be unlikely to guess.
SCARHExtendedMags 7 months ago
@moufpuncha How hard is that to guess though? Far more often than not I come across tables named "Customers", "Employees", "Payroll". Don't every rely on security through obscurity, I know a hundred people who will tell you a false sense of security is better than no security because it's easier to forget about it.
dandymcgee 8 months ago
@dandymcgee yeah but wouldn't you have to know the name of the table or database?
moufpuncha 9 months ago
First off, great beginner tutorial. You're really good at explaining tough concepts.
To anyone watching, just keep in mind what could happen if a user browses to:
?passkey=whocares'; DROP TABLE temp; --
ALL user input should be sanitized on arrival, and especially before performing a SQL query.
dandymcgee 10 months ago
$sql -> Lame query...
True query should be: INSERT INTO temp (code,username) values ('$confirm_code','$name')
LordOfCa 10 months ago