15,918,889 members
Sign in
Sign in
Email
Password
Forgot your password?
Sign in with
home
articles
Browse Topics
>
Latest Articles
Top Articles
Posting/Update Guidelines
Article Help Forum
Submit an article or tip
Import GitHub Project
Import your Blog
quick answers
Q&A
Ask a Question
View Unanswered Questions
View All Questions
View C# questions
View C++ questions
View Javascript questions
View Visual Basic questions
View Python questions
discussions
forums
CodeProject.AI Server
All Message Boards...
Application Lifecycle
>
Running a Business
Sales / Marketing
Collaboration / Beta Testing
Work Issues
Design and Architecture
Artificial Intelligence
ASP.NET
JavaScript
Internet of Things
C / C++ / MFC
>
ATL / WTL / STL
Managed C++/CLI
C#
Free Tools
Objective-C and Swift
Database
Hardware & Devices
>
System Admin
Hosting and Servers
Java
Linux Programming
Python
.NET (Core and Framework)
Android
iOS
Mobile
WPF
Visual Basic
Web Development
Site Bugs / Suggestions
Spam and Abuse Watch
features
features
Competitions
News
The Insider Newsletter
The Daily Build Newsletter
Newsletter archive
Surveys
CodeProject Stuff
community
lounge
Who's Who
Most Valuable Professionals
The Lounge
The CodeProject Blog
Where I Am: Member Photos
The Insider News
The Weird & The Wonderful
help
?
What is 'CodeProject'?
General FAQ
Ask a Question
Bugs and Suggestions
Article Help Forum
About Us
Search within:
Articles
Quick Answers
Messages
Comments by School Shan (Top 5 by date)
School Shan
28-Sep-22 9:59am
View
Oh yes the tutorial also used the password hashing but I didn't I actually wanted to see the passwords that I put on the phpmyadmin thingy. Well that is my excuse.
School Shan
28-Sep-22 9:44am
View
Hmm I guess you are right with the there will always be someone hacking just for the lolz. But as I mentioned, I really just need to show the working website not a secure website.
However, from what you said, I am curious how people can hack something only available in my local network. Does local network mean like connected to the same wifi/internet connection?
Also, I know it is a good practice/habit to always write the 'real' secure codes, but at this moment with this project it will hurt me if it will take me too long to do so since due date.
That said, I do have a code from the tutorial I mentioned. Will this fix the problem I am having right now?
$sql = "INSERT INTO users2 (facId, name, username, password) VALUES (?, ?, ?, ?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("location: ../signup.php?error=stmtfailed");
exit();
}
mysqli_stmt_bind_param($stmt, "isss", $facid, $name, $username, $pwd);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
header("location: ../signup.php?error=none");
exit();
And other than pointing out that my code is not secure, do you have a solution to my problem?
School Shan
28-Sep-22 9:23am
View
I do see a lot of people conserned with SQL injection but from what I read it's what hackers/attackers do to extract data or something. I do understand that that is a big problem but for my use there will never be a hacker/attacker so is it still important for me to be concern about it? Is there other reason for me to be worry about it? Other than it is important for me to make a good practice or something. Because from a Youtube tutorial I followed to make it secure from SQL Injection, it makes the code longer and more complicated for me to understand what is happening.
This is only for my school project, I just need to show working website and that's it. It will never be published online. Well I won't and if someone from the school wants to use my code(which I highly doubt they ever will) then I think they can deal with making it more secure.
School Shan
21-Sep-22 4:35am
View
"UPDATE users2 SET name = \"$name\" WHERE userId = $userid;";
Thank you, this works for me and I will give the MySQL site a read.
For the name I understand that commas and spaces could be a problem but how about the error for the username? I only tried 4 alphabets like abcd or shan. The error message says something about column in 'field list'. What does that mean? \"$username\" makes it work as I wanted too but since it has the different error so I was curious.
School Shan
21-Sep-22 4:13am
View
The name column in my database is a varchar type and it is already holding full names of the faculty members with commas separating the last name, first name and I was able to add that data with my createUser() function which is almost identical to the updateFacName() function.
I have $name which is supposed to be a full real name and $username for the username like abc123.
Both of these are varchar type in my database and I have nothing that check if the input is a valid name/username or not.
I just tried editing a name as Shan Min but it still gives me error. Could the space be the error?
I didn't quite understand your first sentence. Where do I need to put the quotes? Quotes as in '' and/or "" , right?