| Re: PHP mysql_excape but need to search for those items [message #178363 is a reply to message #178362] |
Mon, 11 June 2012 17:54   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/11/2012 1:01 PM, mrgushi wrote:
> Jerry,
> This is what I'm working with so far.
>
> not sure if I've escaped everything I needed too.
>
> $ENG = mysql_real_escape_string($ENG);
> $result = mysql_query("SELECT * FROM br_test WHERE ENG LIKE '$ENG' ");
> $row = mysql_fetch_array( $result );
>
> The $ENG is the input from the search form..
> The JS problem is valid but then again it will be in a locked down iOS
> app using PhoneGAp. An I'll be using a HTTPs tunnel to the PHP
> scripts.. use some sort of cookie with a SSL flag to lock it down. So
> someone could JailBreak an iOS app and dig down in my settings and
> figure out the JS but I don't think that likely but ur right I want to
> take every precaution.
>
> -dw
Yes, that will work very nicely (although it's not considered good form
to use SELECT * - rather select the individual columns. It will save
you heartache later).
There are more ways than just jailbreaking the IPhone. There is no
guarantee that the request even came from your app on an IPhone. The
request can easily be faked in any number of ways. And there's no
guaranteed way to "lock it down" and be sure, unless you don't make it
ever available via the internet.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]